fq

package
v1.5.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 14, 2021 License: Apache-2.0 Imports: 5 Imported by: 2

README

fq

import "github.com/coinbase/kryptology/pkg/core/curves/native/pasta/fq"

Autogenerated: './src/ExtractionOCaml/word_by_word_montgomery' --lang Go pasta_fq 64 '2^254 + 45560315531506369815346746415080538113'

curve description: pasta_fq

machine_wordsize = 64 (from "64")

requested operations: (all)

m = 0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001 (from "2^254 + 45560315531506369815346746415080538113")

NOTE: In addition to the bounds specified above each function, all

functions synthesized for this Montgomery arithmetic require the

input to be strictly less than the prime modulus (m), and also

require the input to be in the unique saturated representation.

All functions also ensure that these two properties are true of

return values.

Computed values:

eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192)

bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248)

twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in

                         if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256

Index

Variables

var BiModulus = new(big.Int).SetBytes([]byte{
    0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x22, 0x46, 0x98, 0xfc, 0x09, 0x94, 0xa8, 0xdd,
    0x8c, 0x46, 0xeb, 0x21, 0x00, 0x00, 0x00, 0x01,
})

type Fq

type Fq fiat_pasta_fq_montgomery_domain_field_element
func (*Fq) Add
func (fq *Fq) Add(lhs, rhs *Fq) *Fq

Add returns the result from adding rhs to this element

func (*Fq) BigInt
func (fq *Fq) BigInt() *big.Int

BigInt converts this element into the big.Int struct

func (*Fq) Bytes
func (fq *Fq) Bytes() [32]byte

Bytes converts this element into a byte representation in little endian byte order

func (*Fq) CMove
func (fq *Fq) CMove(lhs, rhs *Fq, choice int) *Fq

CMove selects lhs if choice == 0 and rhs if choice == 1

func (*Fq) Cmp
func (fq *Fq) Cmp(rhs *Fq) int

Cmp returns -1 if fp < rhs 0 if fp == rhs 1 if fp > rhs

func (*Fq) Double
func (fq *Fq) Double(elem *Fq) *Fq

Double this element

func (*Fq) Equal
func (fq *Fq) Equal(rhs *Fq) bool

Equal returns true if fp == rhs

func (*Fq) Exp
func (fq *Fq) Exp(base, exp *Fq) *Fq

Exp exponentiates this element by exp

func (*Fq) Invert
func (fq *Fq) Invert(elem *Fq) (*Fq, bool)

Invert this element i.e. compute the multiplicative inverse return false, zero if this element is zero

func (*Fq) IsOne
func (fq *Fq) IsOne() bool

IsOne returns true if fp == r

func (*Fq) IsZero
func (fq *Fq) IsZero() bool

IsZero returns true if fp == 0

func (*Fq) Mul
func (fq *Fq) Mul(lhs, rhs *Fq) *Fq

Mul returns the result from multiplying this element by rhs

func (*Fq) Neg
func (fq *Fq) Neg(elem *Fq) *Fq

Neg returns negation of this element

func (*Fq) Set
func (fq *Fq) Set(rhs *Fq) *Fq

Set fp == rhs

func (*Fq) SetBigInt
func (fq *Fq) SetBigInt(bi *big.Int) *Fq

SetBigInt initializes an element from big.Int The value is reduced by the modulus

func (*Fq) SetBool
func (fq *Fq) SetBool(rhs bool) *Fq
func (*Fq) SetBytes
func (fq *Fq) SetBytes(input *[32]byte) (*Fq, error)

SetBytes attempts to convert a little endian byte representation of a scalar into a `Fq`, failing if input is not canonical

func (*Fq) SetBytesWide
func (fq *Fq) SetBytesWide(input *[64]byte) *Fq

SetBytesWide takes 64 bytes as input and treats them as a 512-bit number. Attributed to https://github.com/zcash/pasta_curves/blob/main/src/fields/fq.rs#L255 We reduce an arbitrary 512-bit number by decomposing it into two 256-bit digits with the higher bits multiplied by 2^256. Thus, we perform two reductions

1. the lower bits are multiplied by r^2, as normal 2. the upper bits are multiplied by r^2 * 2^256 = r^3

and computing their sum in the field. It remains to see that arbitrary 256-bit numbers can be placed into Montgomery form safely using the reduction. The reduction works so long as the product is less than r=2^256 multiplied by the modulus. This holds because for any `c` smaller than the modulus, we have that (2^256 - 1)*c is an acceptable product for the reduction. Therefore, the reduction always works so long as `c` is in the field; in this case it is either the constant `r2` or `r3`.

func (*Fq) SetOne
func (fq *Fq) SetOne() *Fq

SetOne fp == r

func (*Fq) SetRaw
func (fq *Fq) SetRaw(array *[4]uint64) *Fq

SetRaw converts a raw array into a field element

func (*Fq) SetUint64
func (fq *Fq) SetUint64(rhs uint64) *Fq

SetUint64 sets fp == rhs

func (*Fq) SetZero
func (fq *Fq) SetZero() *Fq

SetZero fp == 0

func (*Fq) Sqrt
func (fq *Fq) Sqrt(elem *Fq) (*Fq, bool)

Sqrt this element, if it exists. If true, then value is a square root. If false, value is a QNR

func (*Fq) Square
func (fq *Fq) Square(elem *Fq) *Fq

Square this element

func (*Fq) Sub
func (fq *Fq) Sub(lhs, rhs *Fq) *Fq

Sub returns the result from subtracting rhs from this element

func (*Fq) ToRaw
func (fq *Fq) ToRaw() [4]uint64

ToRaw converts this element into the a [4]uint64

Generated by gomarkdoc

Documentation

Overview

Autogenerated: './src/ExtractionOCaml/word_by_word_montgomery' --lang Go pasta_fq 64 '2^254 + 45560315531506369815346746415080538113'

curve description: pasta_fq

machine_wordsize = 64 (from "64")

requested operations: (all)

m = 0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001 (from "2^254 + 45560315531506369815346746415080538113")

NOTE: In addition to the bounds specified above each function, all

functions synthesized for this Montgomery arithmetic require the

input to be strictly less than the prime modulus (m), and also

require the input to be in the unique saturated representation.

All functions also ensure that these two properties are true of

return values.

Computed values:

eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192)

bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248)

twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in

                         if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256

Index

Constants

This section is empty.

Variables

View Source
var BiModulus = new(big.Int).SetBytes([]byte{
	0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x22, 0x46, 0x98, 0xfc, 0x09, 0x94, 0xa8, 0xdd,
	0x8c, 0x46, 0xeb, 0x21, 0x00, 0x00, 0x00, 0x01,
})

Functions

This section is empty.

Types

type Fq

type Fq fiat_pasta_fq_montgomery_domain_field_element

func (*Fq) Add

func (fq *Fq) Add(lhs, rhs *Fq) *Fq

Add returns the result from adding rhs to this element

func (*Fq) BigInt

func (fq *Fq) BigInt() *big.Int

BigInt converts this element into the big.Int struct

func (*Fq) Bytes

func (fq *Fq) Bytes() [32]byte

Bytes converts this element into a byte representation in little endian byte order

func (*Fq) CMove

func (fq *Fq) CMove(lhs, rhs *Fq, choice int) *Fq

CMove selects lhs if choice == 0 and rhs if choice == 1

func (*Fq) Cmp

func (fq *Fq) Cmp(rhs *Fq) int

Cmp returns -1 if fp < rhs 0 if fp == rhs 1 if fp > rhs

func (*Fq) Double

func (fq *Fq) Double(elem *Fq) *Fq

Double this element

func (*Fq) Equal

func (fq *Fq) Equal(rhs *Fq) bool

Equal returns true if fp == rhs

func (*Fq) Exp

func (fq *Fq) Exp(base, exp *Fq) *Fq

Exp exponentiates this element by exp

func (*Fq) Invert

func (fq *Fq) Invert(elem *Fq) (*Fq, bool)

Invert this element i.e. compute the multiplicative inverse return false, zero if this element is zero

func (*Fq) IsOne

func (fq *Fq) IsOne() bool

IsOne returns true if fp == r

func (*Fq) IsZero

func (fq *Fq) IsZero() bool

IsZero returns true if fp == 0

func (*Fq) Mul

func (fq *Fq) Mul(lhs, rhs *Fq) *Fq

Mul returns the result from multiplying this element by rhs

func (*Fq) Neg

func (fq *Fq) Neg(elem *Fq) *Fq

Neg returns negation of this element

func (*Fq) Set

func (fq *Fq) Set(rhs *Fq) *Fq

Set fp == rhs

func (*Fq) SetBigInt

func (fq *Fq) SetBigInt(bi *big.Int) *Fq

SetBigInt initializes an element from big.Int The value is reduced by the modulus

func (*Fq) SetBool

func (fq *Fq) SetBool(rhs bool) *Fq

func (*Fq) SetBytes

func (fq *Fq) SetBytes(input *[32]byte) (*Fq, error)

SetBytes attempts to convert a little endian byte representation of a scalar into a `Fq`, failing if input is not canonical

func (*Fq) SetBytesWide

func (fq *Fq) SetBytesWide(input *[64]byte) *Fq

SetBytesWide takes 64 bytes as input and treats them as a 512-bit number. Attributed to https://github.com/zcash/pasta_curves/blob/main/src/fields/fq.rs#L255 We reduce an arbitrary 512-bit number by decomposing it into two 256-bit digits with the higher bits multiplied by 2^256. Thus, we perform two reductions

1. the lower bits are multiplied by r^2, as normal 2. the upper bits are multiplied by r^2 * 2^256 = r^3

and computing their sum in the field. It remains to see that arbitrary 256-bit numbers can be placed into Montgomery form safely using the reduction. The reduction works so long as the product is less than r=2^256 multiplied by the modulus. This holds because for any `c` smaller than the modulus, we have that (2^256 - 1)*c is an acceptable product for the reduction. Therefore, the reduction always works so long as `c` is in the field; in this case it is either the constant `r2` or `r3`.

func (*Fq) SetOne

func (fq *Fq) SetOne() *Fq

SetOne fp == r

func (*Fq) SetRaw

func (fq *Fq) SetRaw(array *[4]uint64) *Fq

SetRaw converts a raw array into a field element

func (*Fq) SetUint64

func (fq *Fq) SetUint64(rhs uint64) *Fq

SetUint64 sets fp == rhs

func (*Fq) SetZero

func (fq *Fq) SetZero() *Fq

SetZero fp == 0

func (*Fq) Sqrt

func (fq *Fq) Sqrt(elem *Fq) (*Fq, bool)

Sqrt this element, if it exists. If true, then value is a square root. If false, value is a QNR

func (*Fq) Square

func (fq *Fq) Square(elem *Fq) *Fq

Square this element

func (*Fq) Sub

func (fq *Fq) Sub(lhs, rhs *Fq) *Fq

Sub returns the result from subtracting rhs from this element

func (*Fq) ToRaw

func (fq *Fq) ToRaw() [4]uint64

ToRaw converts this element into the a [4]uint64

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL