CompressPoint reduces an ExtendedGroupElement Ed25519 curve point representation and reduces it to its 32-byte compressed canonical binary representation.

DecompressPoint expands the 32-byte compressed canonical binary representation of an Ed25519 curve point into an ExtendedGroupElement.

Replace (f,g) with (g,g) if b == 1; replace (f,g) with (f,g) if b == 0.

FeMul calculates h = f * g Can overlap h with f or g.

FeNeg sets h = -f Preconditions: |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.

FeSquare calculates h = f*f.

FeSquare2 sets h = 2 * f * f Can overlap h with f.

FeToBytes marshals h to s.

GeDoubleScalarMultVartime sets r = a*A + b*B where a = a[0]+256*a[1]+...+256^31 a[31].

GeScalarMultBase computes h = a*B, where a = a[0]+256*a[1]+...+256^31 a[31] B is the Ed25519 base point (x,4/5) with x positive.

Hash any byte array into a valid Ed25519 curve point, which is in the same subgroup as the Ed25519 base point.

PointAdd is a helper function to perform the curve point operation P + Q.

PointClearCofactor is a utility which multiplies a curve point by Ed25519's "cofactor", which is 8.

PointCopy duplicates the data of the input Point into a new Point object.

PointEqual compares whether two points are equal.

PointIdentity is a helper function to "zero" an ExtendedGroupElement curve point representation.

PointNeg flips the x-axis of an ExtendedGroupElement, such that P' = -P.

PointSub works the same way as PointAdd, using the ref10-based function "geSub", in order to compute P - Q.

PublicFromKey is a helper function which takes the 32-byte canonical Ed25519 public key string and converts it into a working form.

ScalarMultBase is a wrapper function around the ref10-based implementation's "GeScalarMultBase" function, which takes a Scalar value s, and the implicit Ed25519 base point B, and computes s * B.

ScalarMultPointVartime performs a "variable-time" multiplication of a scalar with an arbitrary curve point, resulting in a new curve point.

ScalarMultScalar performs the scalar operation (a * b).

ScalarMultScalarAddScalar is a wrapper for the ref10-based function "ScMulAdd", an optimized implementation of the scalar operation: (ab + c).

ScalarReduce512 takes a 64-byte buffer and "reduces" it "mod q", producing a valid scalar value.

ScMinimal returns true if the given scalar is less than the order of the curve.

Input: a[0]+256*a[1]+...+256^31*a[31] = a b[0]+256*b[1]+...+256^31*b[31] = b c[0]+256*c[1]+...+256^31*c[31] = c Output: s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l where l = 2^252 + 27742317777372353535851937790883648493.

Input: s[0]+256*s[1]+...+256^63*s[63] = s Output: s[0]+256*s[1]+...+256^31*s[31] = s mod l where l = 2^252 + 27742317777372353535851937790883648493.

SecretFromKey is a helper function which builds a working form of the Secret Key from its 64-byte serialized form.

SecretFromSeed is a helper function which derives a working form of the Secret Key from a 32-byte seed by the original Ed25519 algorithm.

TODO: Understand this function better.

A is a constant in the Montgomery-form of curve25519.

SqrtM1 is the square-root of -1 in the field.

Public is the working form of an Ed25519 public key.

Secret is the workinig form of an Ed25519 priivte key.

Buffer256 is syntax sugar for a generic 32-byte (256-bit) buffer.

Buffer512 is syntax sugar for a generic 64-byte (512-bit) buffer.

FieldElement represents an element of the field GF(2^255 - 19).

Point is syntax sugar for an ExtendedGroupElement object, one of the more flexible curve point representations in Golang's ref10-based implementation.

Scalar is syntax sugar for a 32-byte buffer, used to inidicate that it contains a "scalar" with maximum size of the group order of Ed25519.

Signature is syntax sugar for a 64-byte buffer, used in the code to indicate it is intended to contain an Ed25519 signature.

VrfProof is syntax sugar for a 96-byte buffer, used to indicate that the buffer is a "proof" string generated by calling VrfEval, which can be used with VrfVerify to re-generate the VrfResult.

VrfResult is syntax sugar for a 32-byte buffer, used to indicate that a buffer is the output pseudo-random result of a VRF evaluation or proof.