1. 17 Mar, 2018 1 commit
    • mrolinek's avatar
      windows_compatibility · 69308cbf
      mrolinek authored
      windows_testing
      
      windows_testing
      
      windows_testing
      
      windows_testing
      
      windows_testing
      
      windows_testing
      
      windows_testing
      
      windows_testing
      
      windows_testing
      
      windows_testing
      
      windows_testing
      
      windows_testing
      
      windows_testing
      
      windows_testing
      
      windows_testing
      
      windows_testing
      
      windows_testing
      
      windows_testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      windows testing
      
      Revert "windows testing"
      
      This reverts commit 4b1047d433142d039951605a33a1f426197b7ead.
      
      Revert "windows testing"
      
      This reverts commit 4deaad7796e426f7eaf582c14ad8db5937faf981.
      
      Revert "windows testing"
      
      This reverts commit ce1af72cd1c70eb5ff5aec6eff41d6d5801042a6.
      
      windows testing
      69308cbf
  2. 23 Apr, 2017 2 commits
  3. 10 Mar, 2016 1 commit
  4. 09 Mar, 2016 2 commits
  5. 02 Mar, 2016 1 commit
    • Andrew Bennett's avatar
      x86_64/i386 and illumos/solaris/SunOS compatibility fixes. · c558c0ec
      Andrew Bennett authored
       * SunOS linker doesn't support --gc-sections
       * Add portable_endian.h with __sun version of htole64 and le64toh
         * Replace portable endian code in shake.c with inclusion of portable_endian.h
         * Replace portable endian code in word.h with inclusion of portable_endian.h
       * Add explicit extern reference to word.h for posix_memalign when __sun defined
       * Replace references to u_int*_t with uint*_t
       * rdtsc call in shake.c was only working on 32-bit i386
       * rdtsc call in bench_decaf.cxx was inaccurate on 64-bit x86_64 when clang absent
       * Fix two signed/unsigned comparison errors in test_decaf.cxx
      c558c0ec
  6. 01 Mar, 2016 1 commit
  7. 29 Feb, 2016 1 commit
  8. 26 Feb, 2016 1 commit
  9. 28 Jan, 2016 1 commit
  10. 26 Jan, 2016 1 commit
  11. 25 Jan, 2016 1 commit
  12. 12 Jan, 2016 1 commit
  13. 09 Jan, 2016 1 commit
  14. 08 Jan, 2016 1 commit
  15. 25 Nov, 2015 3 commits
  16. 24 Nov, 2015 1 commit
  17. 19 Nov, 2015 1 commit
  18. 24 Aug, 2015 1 commit
  19. 21 Jul, 2015 2 commits
  20. 20 Jul, 2015 1 commit
  21. 19 Jul, 2015 1 commit
  22. 15 Jul, 2015 1 commit
  23. 10 Jul, 2015 1 commit
  24. 09 Jul, 2015 1 commit
  25. 19 Jun, 2015 1 commit
  26. 20 May, 2015 1 commit
    • Michael Hamburg's avatar
      Create functions for inverting Elligator. · 0241632a
      Michael Hamburg authored
      I'm kind of torn about this change, because it adds a bunch of
      fairly complex code that's only needed for esoteric use cases,
      and it makes Elligator more complex, if mostly only for testing
      purposes.  Basically, this is because Elligator is approximately
      ~8-to-1 when its domain is 56 bytes: 2 because it's [0..p+small]
      instead of [0..(p-1)/2], and 4 for cofactor removal.  So when you
      call the inverse on a point, you need to say which inverse you want,
      i.e. a "hint".
      
      Of course, the inverse fails with probability 1/2.
      
      To make round-tripping a possibility (I'm not sure why you'd need this),
      the Elligator functions now return an unsigned char hint.  This means
      that you can call Elligator, and then invert it with the hint you gave,
      and get the same buffer back out.  This adds a bunch of complexity to
      Elligator, which didn't previously need to compute hints.  The hinting is
      reasonably well tested, but it is known not to work for inputs which are
      very "large", i.e. end ~28 0xFF's (FIXME.  Or roll back hinting...).
      
      There's also a significant chance that I'll revise the hinting mechanism.
      
      Create functions:
          decaf_448_invert_elligator_nonuniform
          decaf_448_invert_elligator_uniform
          decaf::Ed448::Point::invert_elligator
          decaf::Ed448::Point::steg_encode
      
      for inverting Elligator.  This last one encodes to Point::STEG_BYTES = 64
      bytes in a way which is supposed to be indistinguishable from random, so
      long as your point is random on the curve.
      
      Inverting Elligator costs about 2 square roots for nonuniform.  For
      uniform, it's just Elligator -> diff -> invert, so it's 3 square roots.
      Stegging fails about half the time, and so costs about twice that, but
      the benchmark underreports it because it ignores outliers.
      
      The code is tested, but I haven't checked over the indistinguishability
      from random (I've only proved it correct...).  There could well be a way
      to break the steg even without taking advantage of "very large" inputs
      or similar.
      0241632a
  27. 05 May, 2015 1 commit
  28. 01 May, 2015 2 commits
  29. 19 Apr, 2015 1 commit
  30. 02 Apr, 2015 3 commits
  31. 01 Apr, 2015 2 commits