net.i2p.crypto.eddsa.math.ed25519

Class Ed25519ScalarOps

java.lang.Object

net.i2p.crypto.eddsa.math.ed25519.Ed25519ScalarOps

All Implemented Interfaces:

ScalarOps

public class Ed25519ScalarOps
extends Object
implements ScalarOps

Class for reducing a huge integer modulo the group order q and doing a combined multiply plus add plus reduce operation.

$q = 2^{252} + 27742317777372353535851937790883648493$.

Reviewed/commented by Bloody Rookie (nemproject@gmx.de)

Constructor Summary

Constructors

Constructor and Description
Ed25519ScalarOps()

Method Summary

Modifier and Type	Method and Description
byte[]	multiplyAndAdd(byte[] a, byte[] b, byte[] c) $(ab+c) \bmod q$
byte[]	reduce(byte[] s) Reduction modulo the group order $q$.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Ed25519ScalarOps

public Ed25519ScalarOps()

Method Detail

reduce

public byte[] reduce(byte[] s)

Reduction modulo the group order $q$.

Input: $s[0]+256*s[1]+\dots+256^{63}*s[63] = s$

Output: $s[0]+256*s[1]+\dots+256^{31}*s[31] = s \bmod q$ where $q = 2^{252} + 27742317777372353535851937790883648493$.

Specified by:

reduce in interface ScalarOps

Parameters:

s - the scalar to reduce

Returns:

$s \bmod l$

multiplyAndAdd

public byte[] multiplyAndAdd(byte[] a,
                             byte[] b,
                             byte[] c)

$(ab+c) \bmod q$

Input:

• $a[0]+256*a[1]+\dots+256^{31}*a[31] = a$
• $b[0]+256*b[1]+\dots+256^{31}*b[31] = b$
• $c[0]+256*c[1]+\dots+256^{31}*c[31] = c$

Output: $result[0]+256*result[1]+\dots+256^{31}*result[31] = (ab+c) \bmod q$ where $q = 2^{252} + 27742317777372353535851937790883648493$.

See the comments in reduce(byte[]) for an explanation of the algorithm.

Specified by:

multiplyAndAdd in interface ScalarOps

Parameters:

a - a scalar

b - a scalar

c - a scalar

Returns:

$(a*b + c) \bmod l$