Curve renaming (#528)

* BREAKING API change: Refactored curve packages nist -> p256
* BREAKING API change: Changed names from 25519 to ed25519

---------

Co-authored-by: Yolan Romailler <anomalroil@users.noreply.github.com>

encrypt/ecies/ecies_test.go

@@ -6,9 +6,9 @@ import (
 
 	"github.com/stretchr/testify/require"
 	"go.dedis.ch/kyber/v4"
-	"go.dedis.ch/kyber/v4/group/curve25519"
 	"go.dedis.ch/kyber/v4/group/edwards25519"
-	"go.dedis.ch/kyber/v4/group/nist"
+	"go.dedis.ch/kyber/v4/group/p256"
+	"go.dedis.ch/kyber/v4/group/var_ed25519"
 	"go.dedis.ch/kyber/v4/util/random"
 )
 
@@ -54,10 +54,10 @@ func BenchmarkECIES(b *testing.B) {
 		kyber.Group
 	}{
 		{edwards25519.NewBlakeSHA256Ed25519()},
-		{curve25519.NewBlakeSHA256Curve25519(false)},
-		{curve25519.NewBlakeSHA256Curve25519(true)},
-		{nist.NewBlakeSHA256P256()},
-		{nist.NewBlakeSHA256QR512()},
+		{var_ed25519.NewBlakeSHA256Ed25519(false)},
+		{var_ed25519.NewBlakeSHA256Ed25519(true)},
+		{p256.NewBlakeSHA256P256()},
+		{p256.NewBlakeSHA256QR512()},
 	}
 
 	message := make([]byte, 100_000)

group/nist/curve.go → group/p256/curve.go

@@ -1,4 +1,4 @@
-package nist
+package p256
 
 import (
 	"crypto/cipher"

group/p256/doc.go

@@ -0,0 +1,3 @@
+// Package p256 implements the P-256 elliptic curve
+// based on the NIST standard.
+package p256

group/nist/group_test.go → group/p256/group_test.go

@@ -1,4 +1,4 @@
-package nist
+package p256
 
 import (
 	"testing"

group/nist/p256.go → group/p256/p256.go

@@ -1,4 +1,4 @@
-package nist
+package p256
 
 import (
 	"crypto/elliptic"

group/nist/qrsuite.go → group/p256/qrsuite.go

@@ -1,4 +1,4 @@
-package nist
+package p256
 
 import (
 	"crypto/cipher"

group/nist/residue.go → group/p256/residue.go

@@ -1,4 +1,4 @@
-package nist
+package p256
 
 import (
 	"crypto/cipher"

group/nist/suite.go → group/p256/suite.go

@@ -1,4 +1,4 @@
-package nist
+package p256
 
 import (
 	"crypto/cipher"

group/curve25519/basic.go → group/var_ed25519/basic.go

@@ -1,7 +1,7 @@
 //go:build experimental
 // +build experimental
 
-package curve25519
+package var_ed25519
 
 import (
 	"crypto/cipher"

group/curve25519/basic_test.go → group/var_ed25519/basic_test.go

@@ -1,7 +1,7 @@
 //go:build experimental
 // +build experimental
 
-package curve25519
+package var_ed25519
 
 import (
 	"testing"

group/curve25519/curve.go → group/var_ed25519/curve.go

@@ -1,4 +1,4 @@
-package curve25519
+package var_ed25519
 
 import (
 	"crypto/cipher"
@@ -67,7 +67,7 @@ func (c *curve) PointLen() int {
 	return (c.P.BitLen() + 7 + 1) / 8
 }
 
-// NewKey returns a formatted curve25519 key (avoiding subgroup attack by requiring
+// NewKey returns a formatted, clamped scalar (avoiding subgroup attack by requiring
 // it to be a multiple of 8). NewKey implements the kyber/util/key.Generator interface.
 func (c *curve) NewKey(stream cipher.Stream) kyber.Scalar {
 	var buffer [32]byte

group/curve25519/curve_test.go → group/var_ed25519/curve_test.go

@@ -1,4 +1,4 @@
-package curve25519
+package var_ed25519
 
 import (
 	"testing"
@@ -7,16 +7,16 @@ import (
 	"go.dedis.ch/kyber/v4/util/test"
 )
 
-var testSuite = NewBlakeSHA256Curve25519(false)
+var testSuite = NewBlakeSHA256Ed25519(false)
 
 // Test each curve implementation of the Ed25519 curve.
 
 func TestProjective25519(t *testing.T) {
-	test.GroupTest(t, new(ProjectiveCurve).Init(Param25519(), false))
+	test.GroupTest(t, new(ProjectiveCurve).Init(ParamEd25519(), false))
 }
 
 func TestExtended25519(t *testing.T) {
-	test.GroupTest(t, new(ExtendedCurve).Init(Param25519(), false))
+	test.GroupTest(t, new(ExtendedCurve).Init(ParamEd25519(), false))
 }
 
 func TestEd25519(t *testing.T) {
@@ -30,7 +30,7 @@ func Test1174(t *testing.T) {
 }
 
 func Test25519(t *testing.T) {
-	test.GroupTest(t, new(ExtendedCurve).Init(Param25519(), false))
+	test.GroupTest(t, new(ExtendedCurve).Init(ParamEd25519(), false))
 }
 
 func TestE382(t *testing.T) {
@@ -64,7 +64,7 @@ func TestFullOrder1174(t *testing.T) {
 }
 
 func TestFullOrder25519(t *testing.T) {
-	test.GroupTest(t, new(ExtendedCurve).Init(Param25519(), true))
+	test.GroupTest(t, new(ExtendedCurve).Init(ParamEd25519(), true))
 }
 
 func TestFullOrderE382(t *testing.T) {
@@ -83,8 +83,8 @@ func TestFullOrderE521(t *testing.T) {
 
 func TestCompareProjectiveExtended25519(t *testing.T) {
 	test.CompareGroups(t, testSuite.XOF,
-		new(ProjectiveCurve).Init(Param25519(), false),
-		new(ExtendedCurve).Init(Param25519(), false))
+		new(ProjectiveCurve).Init(ParamEd25519(), false),
+		new(ExtendedCurve).Init(ParamEd25519(), false))
 }
 
 func TestCompareProjectiveExtendedE382(t *testing.T) {
@@ -117,14 +117,14 @@ func TestCompareProjectiveExtendedE521(t *testing.T) {
 // Test Ed25519 versus ExtendedCurve implementations of Curve25519.
 func TestCompareEd25519(t *testing.T) {
 	test.CompareGroups(t, testSuite.XOF,
-		new(ExtendedCurve).Init(Param25519(), false),
+		new(ExtendedCurve).Init(ParamEd25519(), false),
 		new(edwards25519.Curve))
 }
 
 // Benchmark contrasting implementations of the Ed25519 curve
 
-var projBench = test.NewGroupBench(new(ProjectiveCurve).Init(Param25519(), false))
-var extBench = test.NewGroupBench(new(ExtendedCurve).Init(Param25519(), false))
+var projBench = test.NewGroupBench(new(ProjectiveCurve).Init(ParamEd25519(), false))
+var extBench = test.NewGroupBench(new(ExtendedCurve).Init(ParamEd25519(), false))
 var optBench = test.NewGroupBench(new(edwards25519.Curve))
 
 func BenchmarkPointAddProjective(b *testing.B) { projBench.PointAdd(b.N) }

group/curve25519/ext.go → group/var_ed25519/ext.go

@@ -1,4 +1,4 @@
-package curve25519
+package var_ed25519
 
 import (
 	"crypto/cipher"

group/curve25519/param.go → group/var_ed25519/param.go

@@ -1,4 +1,4 @@
-// Package curve25519 contains several implementations of Twisted Edwards Curves,
+// Package var_ed25519 contains several implementations of Twisted Edwards Curves,
 // from general and unoptimized to highly specialized and optimized.
 //
 // Twisted Edwards curves are elliptic curves satisfying the equation:
@@ -10,7 +10,7 @@
 // are isomorphic to curves having c == 1.
 //
 // For details see Bernstein et al, "Twisted Edwards Curves", http://eprint.iacr.org/2008/013.pdf
-package curve25519
+package var_ed25519
 
 import (
 	"math/big"
@@ -68,13 +68,13 @@ func Param1174() *Param {
 	return &p
 }
 
-// Param25519 defines the Edwards version of Curve25519, as specified in:
+// ParamEd25519 defines the Edwards version of Curve25519, as specified in:
 // Bernstein et al, "High-speed high-security signatures",
 // http://ed25519.cr.yp.to/ed25519-20110926.pdf
-func Param25519() *Param {
+func ParamEd25519() *Param {
 	var p Param
 	var qs big.Int
-	p.Name = "Curve25519"
+	p.Name = "var_ed25519"
 	p.P.SetBit(zero, 255, 1).Sub(&p.P, big.NewInt(19))
 	qs.SetString("27742317777372353535851937790883648493", 10)
 	p.Q.SetBit(zero, 252, 1).Add(&p.Q, &qs)

group/curve25519/proj.go → group/var_ed25519/proj.go

@@ -1,4 +1,4 @@
-package curve25519
+package var_ed25519
 
 import (
 	"crypto/cipher"

group/curve25519/suite.go → group/var_ed25519/suite.go

@@ -1,4 +1,4 @@
-package curve25519
+package var_ed25519
 
 import (
 	"crypto/cipher"
@@ -14,50 +14,50 @@ import (
 	"go.dedis.ch/kyber/v4/xof/blake2xb"
 )
 
-// SuiteCurve25519 is the suite for the 25519 curve
-type SuiteCurve25519 struct {
+// SuiteEd25519 is the suite for the Ed25519 curve
+type SuiteEd25519 struct {
 	ProjectiveCurve
 }
 
 // Hash returns the instance associated with the suite
-func (s *SuiteCurve25519) Hash() hash.Hash {
+func (s *SuiteEd25519) Hash() hash.Hash {
 	return sha256.New()
 }
 
 // XOF creates the XOF associated with the suite
-func (s *SuiteCurve25519) XOF(seed []byte) kyber.XOF {
+func (s *SuiteEd25519) XOF(seed []byte) kyber.XOF {
 	return blake2xb.New(seed)
 }
 
-func (s *SuiteCurve25519) Read(r io.Reader, objs ...interface{}) error {
+func (s *SuiteEd25519) Read(r io.Reader, objs ...interface{}) error {
 	return fixbuf.Read(r, s, objs)
 }
 
-func (s *SuiteCurve25519) Write(w io.Writer, objs ...interface{}) error {
+func (s *SuiteEd25519) Write(w io.Writer, objs ...interface{}) error {
 	return fixbuf.Write(w, objs)
 }
 
 // New implements the kyber.encoding interface
-func (s *SuiteCurve25519) New(t reflect.Type) interface{} {
+func (s *SuiteEd25519) New(t reflect.Type) interface{} {
 	return marshalling.GroupNew(s, t)
 }
 
 // RandomStream returns a cipher.Stream that returns a key stream
 // from crypto/rand.
-func (s *SuiteCurve25519) RandomStream() cipher.Stream {
+func (s *SuiteEd25519) RandomStream() cipher.Stream {
 	return random.New()
 }
 
-// NewBlakeSHA256Curve25519 returns a cipher suite based on package
-// go.dedis.ch/kyber/v4/xof/blake2xb, SHA-256, and Curve25519.
+// NewBlakeSHA256Ed25519 returns a cipher suite based on package
+// go.dedis.ch/kyber/v4/xof/blake2xb, SHA-256, and Ed25519.
 //
 // If fullGroup is false, then the group is the prime-order subgroup.
 //
 // The scalars created by this group implement kyber.Scalar's SetBytes
 // method, interpreting the bytes as a big-endian integer, so as to be
 // compatible with the Go standard library's big.Int type.
-func NewBlakeSHA256Curve25519(fullGroup bool) *SuiteCurve25519 {
-	suite := new(SuiteCurve25519)
-	suite.Init(Param25519(), fullGroup)
+func NewBlakeSHA256Ed25519(fullGroup bool) *SuiteEd25519 {
+	suite := new(SuiteEd25519)
+	suite.Init(ParamEd25519(), fullGroup)
 	return suite
 }

proof/proof_test.go

@@ -7,9 +7,9 @@ import (
 	"testing"
 
 	"go.dedis.ch/kyber/v4"
-	"go.dedis.ch/kyber/v4/group/curve25519"
 	"go.dedis.ch/kyber/v4/group/edwards25519"
-	"go.dedis.ch/kyber/v4/group/nist"
+	"go.dedis.ch/kyber/v4/group/p256"
+	"go.dedis.ch/kyber/v4/group/var_ed25519"
 	"go.dedis.ch/kyber/v4/xof/blake2xb"
 )
 
@@ -256,10 +256,10 @@ func BenchmarkProof(b *testing.B) {
 		Suite
 	}{
 		{edwards25519.NewBlakeSHA256Ed25519()},
-		{curve25519.NewBlakeSHA256Curve25519(false)},
-		{curve25519.NewBlakeSHA256Curve25519(true)},
-		{nist.NewBlakeSHA256P256()},
-		{nist.NewBlakeSHA256QR512()},
+		{var_ed25519.NewBlakeSHA256Ed25519(false)},
+		{var_ed25519.NewBlakeSHA256Ed25519(true)},
+		{p256.NewBlakeSHA256P256()},
+		{p256.NewBlakeSHA256QR512()},
 	}
 
 	for _, suite := range suites {

shuffle/vartime_test.go

@@ -3,29 +3,29 @@ package shuffle
 import (
 	"testing"
 
-	"go.dedis.ch/kyber/v4/group/nist"
+	"go.dedis.ch/kyber/v4/group/p256"
 )
 
 func BenchmarkBiffleP256(b *testing.B) {
-	biffleTest(nist.NewBlakeSHA256P256(), b.N)
+	biffleTest(p256.NewBlakeSHA256P256(), b.N)
 }
 
 func Benchmark2PairShuffleP256(b *testing.B) {
-	pairShuffleTest(nist.NewBlakeSHA256P256(), 2, b.N)
+	pairShuffleTest(p256.NewBlakeSHA256P256(), 2, b.N)
 }
 
 func Benchmark10PairShuffleP256(b *testing.B) {
-	pairShuffleTest(nist.NewBlakeSHA256P256(), 10, b.N)
+	pairShuffleTest(p256.NewBlakeSHA256P256(), 10, b.N)
 }
 
 func Benchmark2Pair2SeqShuffleP256(b *testing.B) {
-	sequenceShuffleTest(nist.NewBlakeSHA256P256(), 2, 2, b.N)
+	sequenceShuffleTest(p256.NewBlakeSHA256P256(), 2, 2, b.N)
 }
 
 func Benchmark2Pair10SeqShuffleP256(b *testing.B) {
-	sequenceShuffleTest(nist.NewBlakeSHA256P256(), 2, 10, b.N)
+	sequenceShuffleTest(p256.NewBlakeSHA256P256(), 2, 10, b.N)
 }
 
 func Benchmark10Pair10SeqShuffleP256(b *testing.B) {
-	sequenceShuffleTest(nist.NewBlakeSHA256P256(), 10, 10, b.N)
+	sequenceShuffleTest(p256.NewBlakeSHA256P256(), 10, 10, b.N)
 }

suites/all.go

@@ -2,16 +2,16 @@ package suites
 
 import (
 	"go.dedis.ch/kyber/v4/group/edwards25519"
-	"go.dedis.ch/kyber/v4/group/nist"
+	"go.dedis.ch/kyber/v4/group/p256"
 	"go.dedis.ch/kyber/v4/pairing/bn256"
 	"go.dedis.ch/kyber/v4/pairing/circl_bls12381"
 )
 
 func init() {
 	// Those are variable time suites that shouldn't be used
 	// in production environment when possible
-	register(nist.NewBlakeSHA256P256())
-	register(nist.NewBlakeSHA256QR512())
+	register(p256.NewBlakeSHA256P256())
+	register(p256.NewBlakeSHA256QR512())
 	register(bn256.NewSuiteG1())
 	register(bn256.NewSuiteG2())
 	register(bn256.NewSuiteGT())