fp

package
v0.0.3003 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 4, 2024 License: ISC Imports: 5 Imported by: 1

Documentation

Overview

Autogenerated: './src/ExtractionOCaml/word_by_word_montgomery' --lang Go pasta_fp 64 '2^254 + 45560315531419706090280762371685220353'

curve description: pasta_fp

machine_wordsize = 64 (from "64")

requested operations: (all)

m = 0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001 (from "2^254 + 45560315531419706090280762371685220353")

NOTE: In addition to the bounds specified above each function, all

functions synthesized for this Montgomery arithmetic require the

input to be strictly less than the prime modulus (m), and also

require the input to be in the unique saturated representation.

All functions also ensure that these two properties are true of

return values.

Computed values:

eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192)

bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248)

twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in

                         if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Fp

type Fp fiat_pasta_fp_montgomery_domain_field_element

func (*Fp) Add

func (fp *Fp) Add(lhs, rhs *Fp) *Fp

Add returns the result from adding rhs to this element

func (*Fp) BigInt

func (fp *Fp) BigInt() *big.Int

BigInt converts this element into the big.Int struct

func (*Fp) Bytes

func (fp *Fp) Bytes() [32]byte

Bytes converts this element into a byte representation in little endian byte order

func (*Fp) CMove

func (fp *Fp) CMove(lhs, rhs *Fp, choice int) *Fp

CMove selects lhs if choice == 0 and rhs if choice == 1

func (*Fp) Cmp

func (fp *Fp) Cmp(rhs *Fp) int

Cmp returns -1 if fp < rhs 0 if fp == rhs 1 if fp > rhs

func (*Fp) Double

func (fp *Fp) Double(elem *Fp) *Fp

Double this element

func (*Fp) Equal

func (fp *Fp) Equal(rhs *Fp) bool

Equal returns true if fp == rhs

func (*Fp) Exp

func (fp *Fp) Exp(base, exp *Fp) *Fp

Exp exponentiates this element by exp

func (*Fp) Invert

func (fp *Fp) Invert(elem *Fp) (*Fp, bool)

Invert this element i.e. compute the multiplicative inverse return false, zero if this element is zero

func (*Fp) IsOdd

func (fp *Fp) IsOdd() bool

func (*Fp) IsOne

func (fp *Fp) IsOne() bool

IsOne returns true if fp == R

func (*Fp) IsZero

func (fp *Fp) IsZero() bool

IsZero returns true if fp == 0

func (*Fp) Mul

func (fp *Fp) Mul(lhs, rhs *Fp) *Fp

Mul returns the result from multiplying this element by rhs

func (*Fp) Neg

func (fp *Fp) Neg(elem *Fp) *Fp

Neg returns negation of this element

func (*Fp) Set

func (fp *Fp) Set(rhs *Fp) *Fp

Set fp == rhs

func (*Fp) SetBigInt

func (fp *Fp) SetBigInt(bi *big.Int) *Fp

SetBigInt initializes an element from big.Int The value is reduced by the modulus

func (*Fp) SetBool

func (fp *Fp) SetBool(rhs bool) *Fp

func (*Fp) SetBytes

func (fp *Fp) SetBytes(input *[32]byte) (*Fp, error)

SetBytes attempts to convert a little endian byte representation of a scalar into a `Fp`, failing if input is not canonical

func (*Fp) SetBytesWide

func (fp *Fp) SetBytesWide(input *[64]byte) *Fp

SetBytesWide takes 64 bytes as input and treats them as a 512-bit number. Attributed to https://github.com/zcash/pasta_curves/blob/main/src/fields/fp.rs#L255 We reduce an arbitrary 512-bit number by decomposing it into two 256-bit digits with the higher bits multiplied by 2^256. Thus, we perform two reductions

1. the lower bits are multiplied by R^2, as normal 2. the upper bits are multiplied by R^2 * 2^256 = R^3

and computing their sum in the field. It remains to see that arbitrary 256-bit numbers can be placed into Montgomery form safely using the reduction. The reduction works so long as the product is less than R=2^256 multiplied by the modulus. This holds because for any `c` smaller than the modulus, we have that (2^256 - 1)*c is an acceptable product for the reduction. Therefore, the reduction always works so long as `c` is in the field; in this case it is either the constant `r2` or `r3`.

func (*Fp) SetOne

func (fp *Fp) SetOne() *Fp

SetOne fp == R

func (*Fp) SetRaw

func (fp *Fp) SetRaw(array *[4]uint64) *Fp

SetRaw converts a raw array into a field element

func (*Fp) SetUint64

func (fp *Fp) SetUint64(rhs uint64) *Fp

SetUint64 sets fp == rhs

func (*Fp) SetZero

func (fp *Fp) SetZero() *Fp

SetZero fp == 0

func (*Fp) Sqrt

func (fp *Fp) Sqrt(elem *Fp) (*Fp, bool)

Sqrt this element, if it exists. If true, then value is a square root. If false, value is a QNR

func (*Fp) Square

func (fp *Fp) Square(elem *Fp) *Fp

Square this element

func (*Fp) Sub

func (fp *Fp) Sub(lhs, rhs *Fp) *Fp

Sub returns the result from subtracting rhs from this element

func (*Fp) ToRaw

func (fp *Fp) ToRaw() [4]uint64

ToRaw converts this element into the a [4]uint64

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL