p package:crypton

Must satisfy r * p < 2^30

Apply some pad to a bytearray

Add points on a curve

Multiply a scalar with the curve base point

Negate a curve point

Scalar Multiplication on a curve

Multiply the point p with s2 and add a lifted to curve value s1

Add two points.

Deserialize a 32-byte array as a point, ensuring the point is valid on edwards25519. WARNING: variable time

Add a point to itself.

pointDouble p = pointAdd p p

Serialize a point to a 32-byte array. Format is binary compatible with PublicKey from module Crypto.PubKey.Ed25519.

Test whether a point belongs to the prime-order subgroup generated by the base point. Result is True for the identity point.

pointHasPrimeOrder p = pointNegate p == pointMul l_minus_one p

Scalar multiplication over curve edwards25519. Note: when the scalar had reduction modulo L and the input point has a torsion component, the output point may not be in the expected subgroup.

Multiply a point by h = 8.

pointMulByCofactor p = pointMul scalar_8 p

Negate a point.

Multiply the point p with s2 and add a lifted to curve value s1.

pointsMulVarTime s1 s2 p = pointAdd (toPoint s1) (pointMul s2 p)

WARNING: variable time

PRF for PBKDF2 using HMAC with the hash algorithm as parameter

Exponentiation in F₂m by computing a^b mod fx. This implements an exponentiation by squaring based solution. It inherits the same restrictions as squareF2m. Negative exponents are disallowed.

Probabilitic Test using Fermat primility test. Beware of Carmichael numbers that are Fermat liars, i.e. this test is useless for them. always combines with some other test.

Miller Rabin algorithm return if the number is probably prime or composite. the tries parameter is the number of recursion, that determines the accuracy of the test.

Test naively is integer is prime. while naive, we skip even number and stop iteration at i > sqrt(n)

Try to build a public key from a bytearray