Documentation ¶
Overview ¶
Autogenerated: './src/ExtractionOCaml/word_by_word_montgomery' --lang Go pasta_fq 64 '2^254 + 45560315531506369815346746415080538113'
curve description: pasta_fq
machine_wordsize = 64 (from "64")
requested operations: (all)
m = 0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001 (from "2^254 + 45560315531506369815346746415080538113")
NOTE: In addition to the bounds specified above each function, all
functions synthesized for this Montgomery arithmetic require the input to be strictly less than the prime modulus (m), and also require the input to be in the unique saturated representation. All functions also ensure that these two properties are true of return values.
Computed values:
eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256
Index ¶
- Variables
- type Fq
- func (fq *Fq) Add(lhs, rhs *Fq) *Fq
- func (fq *Fq) BigInt() *big.Int
- func (fq *Fq) Bytes() [32]byte
- func (fq *Fq) CMove(lhs, rhs *Fq, choice int) *Fq
- func (fq *Fq) Cmp(rhs *Fq) int
- func (fq *Fq) Double(elem *Fq) *Fq
- func (fq *Fq) Equal(rhs *Fq) bool
- func (fq *Fq) Exp(base, exp *Fq) *Fq
- func (fq *Fq) Invert(elem *Fq) (*Fq, bool)
- func (fq *Fq) IsOne() bool
- func (fq *Fq) IsZero() bool
- func (fq *Fq) Mul(lhs, rhs *Fq) *Fq
- func (fq *Fq) Neg(elem *Fq) *Fq
- func (fq *Fq) Set(rhs *Fq) *Fq
- func (fq *Fq) SetBigInt(bi *big.Int) *Fq
- func (fq *Fq) SetBool(rhs bool) *Fq
- func (fq *Fq) SetBytes(input *[32]byte) (*Fq, error)
- func (fq *Fq) SetBytesWide(input *[64]byte) *Fq
- func (fq *Fq) SetOne() *Fq
- func (fq *Fq) SetRaw(array *[4]uint64) *Fq
- func (fq *Fq) SetUint64(rhs uint64) *Fq
- func (fq *Fq) SetZero() *Fq
- func (fq *Fq) Sqrt(elem *Fq) (*Fq, bool)
- func (fq *Fq) Square(elem *Fq) *Fq
- func (fq *Fq) Sub(lhs, rhs *Fq) *Fq
- func (fq *Fq) ToRaw() [4]uint64
Constants ¶
This section is empty.
Variables ¶
var BiModulus = new(big.Int).SetBytes([]byte{
0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x22, 0x46, 0x98, 0xfc, 0x09, 0x94, 0xa8, 0xdd,
0x8c, 0x46, 0xeb, 0x21, 0x00, 0x00, 0x00, 0x01,
})
Functions ¶
This section is empty.
Types ¶
type Fq ¶
type Fq fiat_pasta_fq_montgomery_domain_field_element
func (*Fq) Bytes ¶
Bytes converts this element into a byte representation in little endian byte order
func (*Fq) Invert ¶
Invert this element i.e. compute the multiplicative inverse return false, zero if this element is zero
func (*Fq) SetBigInt ¶
SetBigInt initializes an element from big.Int The value is reduced by the modulus
func (*Fq) SetBytes ¶
SetBytes attempts to convert a little endian byte representation of a scalar into a `Fq`, failing if input is not canonical
func (*Fq) SetBytesWide ¶
SetBytesWide takes 64 bytes as input and treats them as a 512-bit number. Attributed to https://github.com/zcash/pasta_curves/blob/main/src/fields/fq.rs#L255 We reduce an arbitrary 512-bit number by decomposing it into two 256-bit digits with the higher bits multiplied by 2^256. Thus, we perform two reductions
1. the lower bits are multiplied by r^2, as normal 2. the upper bits are multiplied by r^2 * 2^256 = r^3
and computing their sum in the field. It remains to see that arbitrary 256-bit numbers can be placed into Montgomery form safely using the reduction. The reduction works so long as the product is less than r=2^256 multiplied by the modulus. This holds because for any `c` smaller than the modulus, we have that (2^256 - 1)*c is an acceptable product for the reduction. Therefore, the reduction always works so long as `c` is in the field; in this case it is either the constant `r2` or `r3`.
func (*Fq) Sqrt ¶
Sqrt this element, if it exists. If true, then value is a square root. If false, value is a QNR