Name Description Size
eckcdsa.cpp @brief Truncate hash output if needed. If the output length of the hash function exceeds the size of the group order, ISO/IEC 14888-3:2018 specifies a truncation of the hash output when calculating the witness R (the first part of the signature) and H. The truncation is specified as follows: R = I2BS(beta', BS2I(gamma, R) mod 2^beta') H = I2BS(beta', BS2I(gamma, H) mod 2^beta') where - gamma: the output bit-length of the hash-function - beta: the bit-length of the prime number q (i.e. the group order size) - beta' = 8 * ceil(beta / 8) This essentially means a truncation on the byte level happens from the low side of the hash. @param[in,out] digest The hash output to potentially truncate. @param[in] group_order_bytes Size of the group order. 10145
eckcdsa.h This class represents ECKCDSA public keys. 4398
info.txt 224