-rw-r--r-- 3244 lib25519-20220426/CONTRIBUTORS raw
Curve25519 design, X25519 design: Daniel J. Bernstein. "Curve25519: new Diffie-Hellman speed records." Pages 207–228 in Public key cryptography—PKC 2006, 9th international conference on theory and practice in public-key cryptography, New York, NY, USA, April 24–26, 2006, proceedings, edited by Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, Tal Malkin, Lecture Notes in Computer Science 3958, Springer, 2006, ISBN 3-540-33851-9. (The 32-bit implementations from that paper are not included in lib25519.) crypto_dh/x25519/ref10: Copied from public-domain supercop/crypto_scalarmult/curve25519/ref10 code by Daniel J. Bernstein. Tweaked in lib25519 to provide crypto_dh instead of crypto_scalarmult (which is done as a separate wrapper in SUPERCOP), and to return void instead of int (these functions never fail in lib25519). crypto_sign/x25519/ref10 is similarly copied from SUPERCOP. SUPERCOP releases: https://bench.cr.yp.to/supercop.html crypto_dh/x25519/donna_c64: Copied from public-domain supercop/crypto_scalarmult/curve25519/donna_c64 code by Adam Langley. Tweaked in lib25519 to provide crypto_dh instead of crypto_scalarmult, and to return void instead of int. crypto_dh/x25519/amd64*: Copied from public-domain supercop/crypto_scalarmult/curve25519/amd64* code by Daniel J. Bernstein, Niels Duif, Tanja Lange, lead: Peter Schwabe, Bo-Yin Yang. Tweaked in lib25519 to provide crypto_dh instead of crypto_scalarmult, to return void instead of int, and to use consts.c (for easy PIC) instead of consts.S. crypto_sign/ed25519/amd64*: Copied from public-domain supercop/crypto_sign/ed25519/amd64* code by Daniel J. Bernstein, Niels Duif, Tanja Lange, lead: Peter Schwabe, Bo-Yin Yang. Tweaked in lib25519 to return void from sign_keypair and sign, to use consts.c instead of consts.S, and to eliminate some compiler warnings (window size 64 in amd64-64-24k/sc25519.h; #ifdef SMALLTABLES around ecd). crypto_dh/x25519/sandy2x: Copied from public-domain supercop/crypto_scalarmult/curve25519/sandy2x code by Tung Chou. Tweaked in lib25519 to provide crypto_dh instead of crypto_scalarmult, to return void instead of int, and to use consts.c instead of consts.S. crypto_sign/ed25519/nath-maa/fe25519_{mul,nsquare}.S: Kaushik Nath and Palash Sarkar, "Efficient arithmetic in (pseudo-)Mersenne prime order fields", Advances in Mathematics of Communications 16 (2022), pages 303–348. Original release: https://github.com/kn-cs/pmp-farith/tree/master/gf-p2-255-19/SL crypto_sign/ed25519/nath-maa/ge25519_base.S: New code in lib25519 from Kaushik Nath. Other ed25519/nath-maa code is from amd64-64-24k. crypto_hash*/sha512/*: Copied from public-domain supercop/crypto_hash*/sha512/* code by Daniel J. Bernstein. Tweaked in lib25519 to have crypto_hash() return void instead of int. lib25519-speed.c: Portions based on public-domain benchmarking software in SUPERCOP by Daniel J. Bernstein. lib25519-test.c: Portions based on public-domain testing software in SUPERCOP by Daniel J. Bernstein. The symmetric-cryptography code in lib25519-test.c for generating pseudorandom test inputs and hashing test outputs is adapted from TweetNaCl, a public-domain library by Daniel J. Bernstein, Wesley Janssen, Tanja Lange, and Peter Schwabe.