Ristretto255

Swift implementation of ristretto255 (Internet-Draft). Mostly a port of curve25519-dalek. Experimental, do not use.

Usage

Key exchange

Alice:

let secretAlice = Scalar.random()
let publicAlice = Element(generatorTimes: secretAlice)

let sharedSecret = secretAlice * publicBob

Bob:

let secretBob = Scalar.random()
let publicBob = Element(generatorTimes: secretBob)

let sharedSecret = secretBob * publicAlice

Schnorr signature

Alice:

let secretStatic = Scalar.random()
let publicStatic = Element(generatorTimes: secretStatic)

let secretEphemeral = Scalar.random()
let publicEphemeral = Element(generatorTimes: secretEphemeral)

let c = Scalar(fromUniformBytes: hash(publicStatic.encoded(), publicEphemeral.encoded(), message))
let t = secretEphemeral + c * secretStatic

Bob:

let c = Scalar(fromUniformBytes: hash(publicStatic.encoded(), publicEphemeral.encoded(), message))

let lhs = Element(generatorTimes: t)
let rhs = c * publicStatic + publicEphemeral

assert(lhs == rhs) // true

nixberg/ristretto255-swift

Ristretto255

Usage

Key exchange

Alice:

Bob:

Schnorr signature

Alice:

Bob: