converted secret to scalar

abstract/cipher.go

@@ -8,7 +8,7 @@ import (
 )
 
 // CipherState defines an interface to an abstract symmetric message cipher.
-// The cipher embodies a secret that may be used to encrypt/decrypt data
+// The cipher embodies a scalar that may be used to encrypt/decrypt data
 // as well as to generate cryptographically random bits.
 // The Cipher can also cryptographically absorb data or key material,
 // updating its state to produce cryptographic hashes and authenticators.
@@ -138,7 +138,7 @@ var NoKey = []byte{}
 var RandomKey []byte = nil
 
 // Cipher represents a general-purpose symmetric message cipher.
-// A Cipher instance embodies a secret that may be used to encrypt/decrypt data
+// A Cipher instance embodies a scalar that may be used to encrypt/decrypt data
 // as well as to generate cryptographically random bits.
 // The Cipher can also cryptographically absorb data or key material,
 // updating its state to produce cryptographic hashes and authenticators.

abstract/group.go

@@ -5,7 +5,7 @@ import (
 )
 
 /*
-A Scalar abstractly represents a secret value by which
+A Scalar abstractly represents a scalar value by which
 a Point (group element) may be encrypted to produce another Point.
 This is an exponent in DSA-style groups,
 in which security is based on the Discrete Logarithm assumption,
@@ -26,30 +26,30 @@ type Scalar interface {
 	// Set to the additive identity (0)
 	Zero() Scalar
 
-	// Set to the modular sum of secrets a and b
+	// Set to the modular sum of scalars a and b
 	Add(a, b Scalar) Scalar
 
 	// Set to the modular difference a - b
 	Sub(a, b Scalar) Scalar
 
-	// Set to the modular negation of secret a
+	// Set to the modular negation of scalar a
 	Neg(a Scalar) Scalar
 
 	// Set to the multiplicative identity (1)
 	One() Scalar
 
-	// Set to the modular product of secrets a and b
+	// Set to the modular product of scalars a and b
 	Mul(a, b Scalar) Scalar
 
-	// Set to the modular division of secret a by secret b
+	// Set to the modular division of scalar a by scalar b
 	Div(a, b Scalar) Scalar
 
-	// Set to the modular inverse of secret a
+	// Set to the modular inverse of scalar a
 	Inv(a Scalar) Scalar
 
-	// Set to a fresh random or pseudo-random secret
+	// Set to a fresh random or pseudo-random scalar
 	Pick(rand cipher.Stream) Scalar
-	// SetBytes will take bytes and create a secret out of it
+	// SetBytes will take bytes and create a scalar out of it
 	SetBytes([]byte) Scalar
 
 	// Bytes returns the raw internal representation
@@ -90,16 +90,16 @@ type Point interface {
 	// Returns an error if doesn't represent valid embedded data.
 	Data() ([]byte, error)
 
-	// Add points so that their secrets add homomorphically
+	// Add points so that their scalars add homomorphically
 	Add(a, b Point) Point
 
-	// Subtract points so that their secrets subtract homomorphically
+	// Subtract points so that their scalars subtract homomorphically
 	Sub(a, b Point) Point
 
 	// Set to the negation of point a
 	Neg(a Point) Point
 
-	// Encrypt point p by multiplying with secret s.
+	// Encrypt point p by multiplying with scalar s.
 	// If p == nil, encrypt the standard base point Base().
 	Mul(p Point, s Scalar) Point
 }
@@ -141,8 +141,8 @@ XXX should probably delete the somewhat redundant ...Len() methods.
 type Group interface {
 	String() string
 
-	ScalarLen() int // Max len of secrets in bytes
-	Scalar() Scalar // Create new secret
+	ScalarLen() int // Max len of scalars in bytes
+	Scalar() Scalar // Create new scalar
 
 	PointLen() int // Max len of point in bytes
 	Point() Point  // Create new point

anon/enc.go

@@ -35,7 +35,7 @@ func header(suite abstract.Suite, X abstract.Point, x abstract.Scalar,
 	//fmt.Printf("Xb %s\nxb %s\n",
 	//		hex.EncodeToString(Xb),hex.EncodeToString(xb))
 
-	// Encrypt the master secret key with each public key in the set
+	// Encrypt the master scalar key with each public key in the set
 	S := suite.Point()
 	hdr := Xb
 	for i := range anonymitySet {

cosi/cosi.go

@@ -10,7 +10,7 @@ The CoSi-protocol has 4 stages:
 of the start of this round down through the spanning tree,
 optionally including the statement S to be signed.
 
-2. Commitment: Each node i picks a random secret vi and
+2. Commitment: Each node i picks a random scalar vi and
 computes its individual commit Vi = Gvi . In a bottom-up
 process, each node i waits for an aggregate commit Vˆj from
 each immediate child j, if any. Node i then computes its
@@ -148,7 +148,7 @@ func (c *CoSi) CreateChallenge(msg []byte) (abstract.Scalar, error) {
 	hash.Write(msg)
 	chalBuff := hash.Sum(nil)
 	// reducing the challenge
-	c.challenge = c.suite.Secret().SetBytes(chalBuff)
+	c.challenge = c.suite.Scalar().SetBytes(chalBuff)
 	c.message = msg
 	return c.challenge, nil
 }
@@ -174,7 +174,7 @@ func (c *CoSi) Response(responses []abstract.Scalar) (abstract.Scalar, error) {
 		return nil, err
 	}
 	// Add our own
-	c.aggregateResponse = c.suite.Secret().Set(c.response)
+	c.aggregateResponse = c.suite.Scalar().Set(c.response)
 	for _, resp := range responses {
 		// add responses of child
 		c.aggregateResponse.Add(c.aggregateResponse, resp)
@@ -236,7 +236,7 @@ func VerifySignature(suite abstract.Suite, publics []abstract.Point, message, si
 		panic(err)
 	}
 	sigBuff := sig[32:64]
-	sigInt := suite.Secret().SetBytes(sigBuff)
+	sigInt := suite.Scalar().SetBytes(sigBuff)
 	maskBuff := sig[64:]
 	mask := newMask(suite, publics)
 	mask.SetMask(maskBuff)
@@ -251,7 +251,7 @@ func VerifySignature(suite abstract.Suite, publics []abstract.Point, message, si
 	hash.Write(aggPublicMarshal)
 	hash.Write(message)
 	buff := hash.Sum(nil)
-	k := suite.Secret().SetBytes(buff)
+	k := suite.Scalar().SetBytes(buff)
 
 	// k * -aggPublic + s * B = k*-A + s*B
 	// from s = k * a + r => s * B = k * a * B + r * B <=> s*B = k*A + r*B
@@ -284,14 +284,14 @@ func (c *CoSi) GetCommitment() abstract.Point {
 	return c.commitment
 }
 
-// genCommit generates a random secret vi and computes its individual commit
+// genCommit generates a random scalar vi and computes its individual commit
 // Vi = G^vi
 func (c *CoSi) genCommit(s cipher.Stream) {
 	var stream = s
 	if s == nil {
 		stream = random.Stream
 	}
-	c.random = c.suite.Secret().Pick(stream)
+	c.random = c.suite.Scalar().Pick(stream)
 	c.commitment = c.suite.Point().Mul(nil, c.random)
 	c.aggregateCommitment = c.commitment
 }
@@ -302,15 +302,15 @@ func (c *CoSi) genResponse() error {
 		return errors.New("No private key given in this cosi")
 	}
 	if c.random == nil {
-		return errors.New("No random secret computed in this cosi")
+		return errors.New("No random scalar computed in this cosi")
 	}
 	if c.challenge == nil {
 		return errors.New("No challenge computed in this cosi")
 	}
 
 	// resp = random - challenge * privatekey
 	// i.e. ri = vi + c * xi
-	resp := c.suite.Secret().Mul(c.private, c.challenge)
+	resp := c.suite.Scalar().Mul(c.private, c.challenge)
 	c.response = resp.Add(c.random, resp)
 	// no aggregation here
 	c.aggregateResponse = c.response

cosi/cosi_test.go

@@ -62,7 +62,7 @@ func TestCosiResponse(t *testing.T) {
 	var responses []abstract.Scalar
 
 	// for verification later
-	aggResponse := testSuite.Secret().Zero()
+	aggResponse := testSuite.Scalar().Zero()
 	for _, ch := range children {
 		// generate the response of each children
 		r, err := ch.CreateResponse()

doc.go

@@ -18,7 +18,7 @@ exactly what kind of group,
 let alone which precise security parameters or elliptic curves,
 are being used.
 The abstract group interface supports the standard algebraic
-operations on group elements and secrets that nontrivial
+operations on group elements and scalars that nontrivial
 public-key algorithms tend to rely on.
 The interface uses additive group terminology typical for elliptic curves,
 such that point addition is homomorphically equivalent to

ed25519/ge.go

@@ -568,7 +568,7 @@ func geScalarMultVartime(h *extendedGroupElement, a *[32]byte,
 	var r projectiveGroupElement
 	var i int
 
-	// Slide through the secret exponent clumping sequences of bits,
+	// Slide through the scalar exponent clumping sequences of bits,
 	// resulting in only zero or odd multipliers between -15 and 15.
 	slide(&aSlide, a)
 

ed25519/suite.go

@@ -53,7 +53,7 @@ func (s *suiteEd25519) NewKey(stream cipher.Stream) abstract.Scalar {
 	scalar[31] &= 0x3f
 	scalar[31] |= 0x40
 
-	secret := s.Secret().SetBytes(scalar[:32])
+	secret := s.Scalar().SetBytes(scalar[:32])
 	return secret
 }
 

eddsa/eddsa.go

@@ -38,7 +38,7 @@ func NewEdDSA(stream cipher.Stream) *EdDSA {
 	scalar[31] &= 0x3f
 	scalar[31] |= 0x40
 
-	secret := suite.Secret().SetBytes(scalar[:32])
+	secret := suite.Scalar().SetBytes(scalar[:32])
 	public := suite.Point().Mul(nil, secret)
 
 	return &EdDSA{
@@ -79,7 +79,7 @@ func (e *EdDSA) UnmarshalBinary(buff []byte) error {
 
 	e.seed = buff[:32]
 	e.prefix = buff[32:64]
-	e.Secret = suite.Secret().SetBytes(e.seed)
+	e.Secret = suite.Scalar().SetBytes(e.seed)
 	e.Public = suite.Point().Mul(nil, e.Secret)
 	return nil
 }
@@ -93,7 +93,7 @@ func (e *EdDSA) Sign(msg []byte) ([]byte, error) {
 	hash.Write(msg)
 
 	// deterministic random secret and its commit
-	r := suite.Secret().SetBytes(hash.Sum(nil))
+	r := suite.Scalar().SetBytes(hash.Sum(nil))
 	R := suite.Point().Mul(nil, r)
 
 	// challenge
@@ -112,11 +112,11 @@ func (e *EdDSA) Sign(msg []byte) ([]byte, error) {
 	hash.Write(Abuff)
 	hash.Write(msg)
 
-	h := suite.Secret().SetBytes(hash.Sum(nil))
+	h := suite.Scalar().SetBytes(hash.Sum(nil))
 
 	// response
 	// s = r + h * s
-	s := suite.Secret().Mul(e.Secret, h)
+	s := suite.Scalar().Mul(e.Secret, h)
 	s.Add(r, s)
 
 	sBuff, err := s.MarshalBinary()
@@ -148,7 +148,7 @@ func Verify(public abstract.Point, msg, sig []byte) error {
 		return fmt.Errorf("R invalid point: %s", err)
 	}
 
-	s := suite.Secret()
+	s := suite.Scalar()
 	s.UnmarshalBinary(sig[32:])
 
 	// reconstruct h = H(R || Public || Msg)
@@ -161,7 +161,7 @@ func Verify(public abstract.Point, msg, sig []byte) error {
 	hash.Write(Pbuff)
 	hash.Write(msg)
 
-	h := suite.Secret().SetBytes(hash.Sum(nil))
+	h := suite.Scalar().SetBytes(hash.Sum(nil))
 	// reconstruct S == k*A + R
 	S := suite.Point().Mul(nil, s)
 	hA := suite.Point().Mul(public, h)

edwards/basic.go

@@ -147,7 +147,7 @@ func (P *basicPoint) double() abstract.Point {
 	return P.Add(P, P)
 }
 
-// Subtract points so that their secrets subtract homomorphically
+// Subtract points so that their scalars subtract homomorphically
 func (P *basicPoint) Sub(A, B abstract.Point) abstract.Point {
 	var nB basicPoint
 	return P.Add(A, nB.Neg(B))

edwards/curve.go

@@ -86,12 +86,12 @@ func (c *curve) init(self abstract.Group, p *Param, fullGroup bool,
 	// Cofactor
 	c.cofact.Init64(int64(p.R), &c.P)
 
-	// Determine the modulus for secrets on this curve.
+	// Determine the modulus for scalars on this curve.
 	// Note that we do NOT initialize c.order with Init(),
 	// as that would normalize to the modulus, resulting in zero.
 	// Just to be sure it's never used, we leave c.order.M set to nil.
 	// We want it to be in a ModInt so we can pass it to P.Mul(),
-	// but the secret's modulus isn't needed for point multiplication.
+	// but the scalar's modulus isn't needed for point multiplication.
 	if fullGroup {
 		// Scalar modulus is prime-order times the ccofactor
 		c.order.V.SetInt64(int64(p.R)).Mul(&c.order.V, &p.Q)
@@ -208,7 +208,7 @@ func (c *curve) encodePoint(x, y *nist.Int) []byte {
 // ensure that none of these other subgroups are small
 // other than the tiny ones represented by the cofactor;
 // hence Diffie-Hellman exchange can be done without subgroup checking
-// without exposing more than the least-significant bits of the secret.
+// without exposing more than the least-significant bits of the scalar.
 func (c *curve) decodePoint(bb []byte, x, y *nist.Int) error {
 
 	// Convert from little-endian

edwards/proj.go

@@ -150,7 +150,7 @@ func (P *projPoint) Add(CP1, CP2 abstract.Point) abstract.Point {
 	return P
 }
 
-// Subtract points so that their secrets subtract homomorphically
+// Subtract points so that their scalars subtract homomorphically
 func (P *projPoint) Sub(CP1, CP2 abstract.Point) abstract.Point {
 	P1 := CP1.(*projPoint)
 	P2 := CP2.(*projPoint)

edwards/suite.go

@@ -45,7 +45,7 @@ func (s *suiteEd25519) NewKey(rand cipher.Stream) abstract.Scalar {
 	if rand == nil {
 		rand = random.Stream
 	}
-	return s.Secret().Pick(rand)
+	return s.Scalar().Pick(rand)
 }
 
 // Ciphersuite based on AES-128, SHA-256, and the Ed25519 curve.

openssl/curve.go

@@ -195,7 +195,7 @@ func (p *point) Neg(ca abstract.Point) abstract.Point {
 }
 
 func (p *point) Mul(cb abstract.Point, cs abstract.Scalar) abstract.Point {
-	s := cs.(*secret)
+	s := cs.(*scalar)
 	if cb == nil { // multiply standard generator
 		if C.EC_POINT_mul(p.c.g, p.p, s.bignum.bn, nil, nil,
 			p.c.ctx) == 0 {