Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make sgn0 definition per-suite ; improve descriptions of sgn0 and sqrt functions #176

Merged
merged 13 commits into from
Oct 30, 2019
Merged

make sgn0 definition per-suite ; improve descriptions of sgn0 and sqrt functions #176

merged 13 commits into from
Oct 30, 2019

Conversation

kwantam
Copy link
Collaborator

@kwantam kwantam commented Oct 26, 2019

This patch does three (roughly) related things:

  1. It defines two variants of sgn0, "little endian" (LE) and "big endian" (BE).

  • LE is a generalization of IEEE P1363a-2004 Section 5.5.6.1.1, ANSI X9.62-1998, Section 4.2.1, and SEC 1 Section 2.3.3. (All three of these use the same notion of sign: the value of the least significant bit.)

    This is the notion of sign used by most widely-deployed curves. For example, it's the one specified in RFC 8032 (Sections 5.1.3 and 5.2.3) and the one used in TLS (per RFC 4492, Section 5.1.2).

  • BE is equivalent to the method given in IEEE P1363a-2004, Section 5.5.6.1.2.

    This is the form used by BLS12-381, and is the same as what we used to call sgn0.

  1. It adds a sgn0 parameter to each suite that specifies which sgn0 function to use. All suites use sgn0_le except BLS12-381, which corresponds with widely-used notions of sign for each curve.

  2. It clarifies the sqrt functions and gives a constant-time version of Tonelli-Shanks (which works for any p) due to Sean Bowe, Jack Grigg, Eirik Ogilvie-Wigley, and Michael Scott. It also moves these to the appendix, since we treat sqrt as non-normative (in particular, we don't care about how implementors compute the sign).

@kwantam kwantam mentioned this pull request Oct 26, 2019
Closed
23 tasks
@kwantam kwantam force-pushed the sqrt_sgn0_variants branch from 4a5566f to 24e1fd0 Compare October 26, 2019 21:22
chris-wood
chris-wood requested changes Oct 26, 2019
View reviewed changes
@kwantam kwantam force-pushed the sqrt_sgn0_variants branch from eb99c63 to 475a598 Compare October 27, 2019 02:19
@kwantam
Copy link
Collaborator Author

kwantam commented Oct 27, 2019

(Rebased on new master)

@kwantam kwantam force-pushed the sqrt_sgn0_variants branch from 475a598 to 28961d5 Compare October 27, 2019 05:52
@kwantam
Copy link
Collaborator Author

kwantam commented Oct 27, 2019

Rebased again. Phew!

@chris-wood chris-wood merged commit 46cecc5 into cfrg:master Oct 30, 2019
@kwantam kwantam deleted the sqrt_sgn0_variants branch October 30, 2019 21:29
@mratsim mratsim mentioned this pull request Dec 11, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chris-wood chris-wood chris-wood approved these changes

@armfazh armfazh Awaiting requested review from armfazh

@samscott89 samscott89 Awaiting requested review from samscott89

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kwantam @chris-wood