bigmod

package
v0.29.5-beta.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 5, 2024 License: MIT Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Modulus 

type Modulus struct {
	// contains filtered or unexported fields
}

Modulus is used for modular arithmetic, precomputing relevant constants.

A Modulus can leak the exact number of bits needed to store its value and is stored without padding. Its actual value is still kept secret.

func NewModulus added in v0.29.3 

func NewModulus(b []byte) (*Modulus, error)

NewModulus creates a new Modulus from a slice of big-endian bytes. The modulus must be greater than one.

The number of significant bits and whether the modulus is even is leaked through timing side-channels.

func NewModulusProduct added in v0.29.5 

func NewModulusProduct(a, b []byte) (*Modulus, error)

NewModulusProduct creates a new Modulus from the product of two numbers represented as big-endian byte slices. The result must be greater than one.

func (*Modulus) BitLen 

func (m *Modulus) BitLen() int

BitLen returns the size of m in bits.

func (*Modulus) Nat 

func (m *Modulus) Nat() *Nat

Nat returns m as a Nat.

func (*Modulus) Size 

func (m *Modulus) Size() int

Size returns the size of m in bytes.

type Nat 

type Nat struct {
	// contains filtered or unexported fields
}

Nat represents an arbitrary natural number

Each Nat has an announced length, which is the number of limbs it has stored. Operations on this number are allowed to leak this length, but will not leak any information about the values contained in those limbs.

func NewNat 

func NewNat() *Nat

NewNat returns a new nat with a size of zero, just like new(Nat), but with the preallocated capacity to hold a number of up to preallocTarget bits. NewNat inlines, so the allocation can live on the stack.

func (*Nat) Add 

func (x *Nat) Add(y *Nat, m *Modulus) *Nat

Add computes x = x + y mod m.

The length of both operands must be the same as the modulus. Both operands must already be reduced modulo m.

func (*Nat) BitLenVarTime added in v0.29.5 

func (x *Nat) BitLenVarTime() int

BitLenVarTime returns the actual size of x in bits.

The actual size of x (but nothing more) leaks through timing side-channels. Note that this is ordinarily secret, as opposed to the announced size of x.

func (*Nat) Bytes 

func (x *Nat) Bytes(m *Modulus) []byte

Bytes returns x as a zero-extended big-endian byte slice. The size of the slice will match the size of m.

x must have the same size as m and it must be less than or equal to m.

func (*Nat) CmpGeq added in v0.27.1 

func (x *Nat) CmpGeq(y *Nat) choice

CmpGeq returns 1 if x >= y, and 0 otherwise.

Both operands must have the same announced length.

func (*Nat) Equal 

func (x *Nat) Equal(y *Nat) choice

Equal returns 1 if x == y, and 0 otherwise.

Both operands must have the same announced length.

func (*Nat) Exp 

func (out *Nat) Exp(x *Nat, e []byte, m *Modulus) *Nat

Exp calculates out = x^e mod m.

The exponent e is represented in big-endian order. The output will be resized to the size of m and overwritten. x must already be reduced modulo m.

m must be odd, or Exp will panic.

func (*Nat) ExpShortVarTime added in v0.24.3 

func (out *Nat) ExpShortVarTime(x *Nat, e uint, m *Modulus) *Nat

ExpShortVarTime calculates out = x^e mod m.

The output will be resized to the size of m and overwritten. x must already be reduced modulo m. This leaks the exponent through timing side-channels.

m must be odd, or ExpShortVarTime will panic.

func (*Nat) ExpandFor 

func (out *Nat) ExpandFor(m *Modulus) *Nat

ExpandFor ensures out has the right size to work with operations modulo m.

The announced size of out must be smaller than or equal to that of m.

func (*Nat) InverseVarTime added in v0.29.5 

func (x *Nat) InverseVarTime(a *Nat, m *Modulus) (*Nat, bool)

InverseVarTime calculates x = a⁻¹ mod m and returns (x, true) if a is invertible. Otherwise, InverseVarTime returns (x, false) and x is not modified.

a must be reduced modulo m, but doesn't need to have the same size. The output will be resized to the size of m and overwritten.

func (*Nat) IsMinusOne added in v0.29.5 

func (x *Nat) IsMinusOne(m *Modulus) choice

IsMinusOne returns 1 if x == -1 mod m, and 0 otherwise.

The length of x must be the same as the modulus. x must already be reduced modulo m.

func (*Nat) IsOdd added in v0.29.5 

func (x *Nat) IsOdd() choice

IsOdd returns 1 if x is odd, and 0 otherwise.

func (*Nat) IsOne added in v0.29.5 

func (x *Nat) IsOne() choice

IsOne returns 1 if x == 1, and 0 otherwise.

func (*Nat) IsZero 

func (x *Nat) IsZero() choice

IsZero returns 1 if x == 0, and 0 otherwise.

func (*Nat) Mod 

func (out *Nat) Mod(x *Nat, m *Modulus) *Nat

Mod calculates out = x mod m.

This works regardless how large the value of x is.

The output will be resized to the size of m and overwritten.

func (*Nat) Mul 

func (x *Nat) Mul(y *Nat, m *Modulus) *Nat

Mul calculates x = x * y mod m.

The length of both operands must be the same as the modulus. Both operands must already be reduced modulo m.

func (*Nat) Set 

func (x *Nat) Set(y *Nat) *Nat

set assigns x = y, optionally resizing x to the appropriate size.

func (*Nat) SetBytes 

func (x *Nat) SetBytes(b []byte, m *Modulus) (*Nat, error)

SetBytes assigns x = b, where b is a slice of big-endian bytes. SetBytes returns an error if b >= m.

The output will be resized to the size of m and overwritten.

func (*Nat) SetOverflowedBytes added in v0.29.3 

func (x *Nat) SetOverflowedBytes(b []byte, m *Modulus) *Nat

SetOverflowedBytes assigns x = (b mode (m-1)) + 1, where b is a slice of big-endian bytes.

The output will be resized to the size of m and overwritten.

func (*Nat) SetOverflowingBytes 

func (x *Nat) SetOverflowingBytes(b []byte, m *Modulus) (*Nat, error)

SetOverflowingBytes assigns x = b, where b is a slice of big-endian bytes. SetOverflowingBytes returns an error if b has a longer bit length than m, but reduces overflowing values up to 2^⌈log2(m)⌉ - 1.

The output will be resized to the size of m and overwritten.

func (*Nat) SetUint added in v0.29.4 

func (x *Nat) SetUint(y uint, m *Modulus) *Nat

SetUint assigns x = y.

The output will be resized to the size of m and overwritten.

func (*Nat) ShiftRightVarTime added in v0.29.5 

func (x *Nat) ShiftRightVarTime(n uint) *Nat

ShiftRightVarTime sets x = x >> n.

The announced length of x is unchanged.

func (*Nat) Sub 

func (x *Nat) Sub(y *Nat, m *Modulus) *Nat

Sub computes x = x - y mod m.

The length of both operands must be the same as the modulus. Both operands must already be reduced modulo m.

func (*Nat) SubOne added in v0.29.5 

func (x *Nat) SubOne(m *Modulus) *Nat

SubOne computes x = x - 1 mod m.

The length of x must be the same as the modulus.

func (*Nat) TrailingZeroBitsVarTime added in v0.29.5 

func (x *Nat) TrailingZeroBitsVarTime() uint

TrailingZeroBitsVarTime returns the number of trailing zero bits in x.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.