# curve1174

curve1174 is a Go library implementing operations on Curve1174. It’s Edwards curve with equation

`x^2+y^2 = 1-1174x^2y^2`

over finite field `Fp, p=2^251-9`

. It was introduced by

Bernstein, Hamburg, Krasnova, and Lange in 2013

## Installation

curve1174 is compatible with modern Go releases in module mode, with Go installed:

`go get github.com/probakowski/curve1174`

will resolve and add the package to the current development module, along with its dependencies.

Alternatively the same can be achieved if you use import in a package:

`import "github.com/probakowski/curve1174"`

and run `go get`

without parameters.

Finally, to use the top-of-trunk version of this repo, use the following command:

`go get github.com/probakowski/[email protected]`

## Usage

Each point on curve is represented by `curve1174.Point`

object. Base point is provided in `curve1174.Base`

,

identity element of the curve (`x=0, y=1`

) is `curve1174.E`

.

API is similar to `math/big`

package. The receiver denotes result and the method arguments are operation’s operands.

For instance, given three `*Point`

values a,b and c, the invocation

`c.Add(a,b)`

computes the sum a + b and stores the result in c, overwriting whatever value was held in c before.

Operations permit aliasing of parameters, so it is perfectly ok to write

`sum.Add(sum, x)`

to accumulate values x in a sum.

(By always passing in a result value via the receiver, memory use can be much better controlled. Instead of having to

allocate new memory for each result, an operation can reuse the space allocated for the result value, and overwrite

that value with the new result in the process.)

Methods usually return the incoming receiver as well, to enable simple call chaining.

Operations on curve return point in extended coordinates. To get simple x/y value they have to be converted to affine

coordinates with `(*Point).ToAffine`

method. This call is expensive so be sure to avoid it for

intermediate values if possible.

All operations (both in the underlying field and on the curve) are designed to be constant time

(time doesn’t depend on points/elements selected).

On amd64 there’s specialized assembler code to speed up operations, you can disable it with tag `curve1174_purego`

.

The code is generated in from `gen/asm.go`

using avo.

Base point multiplication on the curve uses precomputed table that greatly speeds up computation in common cases (like

generating public key). It costs ~131kB of heap, you can disable it with tag `curve1174_no_precompute`

. If you can spend

more heap you can use tag `curve1174_precompute_big`

which is even faster but eats up 1MB of heap.

Finally, `*Point`

and `*FieldElement`

satisfy fmt package’s Formatter interface for formatted printing.