Documentation
¶
Overview ¶
Package field implements the base field for elements on the curve SECP256k1 building on Fiat-Crypto.
Index ¶
- Constants
- func Add(out1 *MontgomeryDomainFieldElement, arg1 *MontgomeryDomainFieldElement, ...)
- func FromMontgomery(out1 *NonMontgomeryDomainFieldElement, arg1 *MontgomeryDomainFieldElement)
- func IsEqual(u, v uint64) uint64
- func IsNonZero(u uint64) uint64
- func IsZero(u uint64) uint64
- func Mul(out1 *MontgomeryDomainFieldElement, arg1 *MontgomeryDomainFieldElement, ...)
- func Nonzero(out1 *uint64, arg1 *[4]uint64)
- func Opp(out1 *MontgomeryDomainFieldElement, arg1 *MontgomeryDomainFieldElement)
- func Reduce(x *NonMontgomeryDomainFieldElement) uint64
- func Selectznz(out1 *[4]uint64, arg1 uint1, arg2 *[4]uint64, arg3 *[4]uint64)
- func SetOne(out1 *MontgomeryDomainFieldElement)
- func Square(out1 *MontgomeryDomainFieldElement, arg1 *MontgomeryDomainFieldElement)
- func Sub(out1 *MontgomeryDomainFieldElement, arg1 *MontgomeryDomainFieldElement, ...)
- func ToMontgomery(out1 *MontgomeryDomainFieldElement, arg1 *NonMontgomeryDomainFieldElement)
- type Element
- func (e *Element) Add(u, v *Element) *Element
- func (e *Element) Bytes() []byte
- func (e *Element) CMove(c uint64, u, v *Element) *Element
- func (e *Element) Equals(u *Element) uint64
- func (e *Element) FromBytesNoReduce(input []byte) *Element
- func (e *Element) FromBytesWithReduce(input [ElementSize]byte) (*Element, uint64)
- func (e *Element) HashToFieldElement(input [SecLength]byte) *Element
- func (z *Element) Invert(x Element) *Element
- func (e *Element) IsZero() uint64
- func (e *Element) Multiply(u, v *Element) *Element
- func (e *Element) Negate(u *Element) *Element
- func (e *Element) One() *Element
- func (e *Element) Set(u *Element) *Element
- func (e *Element) Sgn0() uint64
- func (e *Element) SqrtRatio(u, v *Element) (*Element, uint64)
- func (e *Element) Square(u *Element) *Element
- func (e *Element) Subtract(u, v *Element) *Element
- type MontgomeryDomainFieldElement
- type NonMontgomeryDomainFieldElement
Constants ¶
const (
// ElementSize is the size of a field element in bytes.
ElementSize = 32
)
const (
// SecLength is the security length dictating the input length for HashToFieldElement.
SecLength = 48
)
Variables ¶
This section is empty.
Functions ¶
func Add ¶ added in v0.2.0
func Add(out1 *MontgomeryDomainFieldElement, arg1 *MontgomeryDomainFieldElement, arg2 *MontgomeryDomainFieldElement)
Add adds two field elements in the Montgomery domain.
Preconditions:
0 ≤ eval arg1 < m 0 ≤ eval arg2 < m
Postconditions:
eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m 0 ≤ eval out1 < m
func FromMontgomery ¶ added in v0.2.0
func FromMontgomery(out1 *NonMontgomeryDomainFieldElement, arg1 *MontgomeryDomainFieldElement)
FromMontgomery translates a field element out of the Montgomery domain.
Preconditions:
0 ≤ eval arg1 < m
Postconditions:
eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m 0 ≤ eval out1 < m
func Mul ¶ added in v0.2.0
func Mul(out1 *MontgomeryDomainFieldElement, arg1 *MontgomeryDomainFieldElement, arg2 *MontgomeryDomainFieldElement)
Mul multiplies two field elements in the Montgomery domain.
Preconditions:
0 ≤ eval arg1 < m 0 ≤ eval arg2 < m
Postconditions:
eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m 0 ≤ eval out1 < m
func Nonzero ¶ added in v0.2.0
Nonzero outputs a single non-zero word if the input is non-zero and zero otherwise.
Preconditions:
0 ≤ eval arg1 < m
Postconditions:
out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0
Input Bounds:
arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
Output Bounds:
out1: [0x0 ~> 0xffffffffffffffff]
func Opp ¶ added in v0.2.0
func Opp(out1 *MontgomeryDomainFieldElement, arg1 *MontgomeryDomainFieldElement)
Opp negates a field element in the Montgomery domain.
Preconditions:
0 ≤ eval arg1 < m
Postconditions:
eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m 0 ≤ eval out1 < m
func Reduce ¶ added in v0.2.0
func Reduce(x *NonMontgomeryDomainFieldElement) uint64
Reduce will set x to x mod p, and return 0 if a reduction was necessary and 1 otherwise.
func Selectznz ¶ added in v0.2.0
Selectznz is a multi-limb conditional select.
Postconditions:
out1 = (if arg1 = 0 then arg2 else arg3)
Input Bounds:
arg1: [0x0 ~> 0x1] arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
Output Bounds:
out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
func SetOne ¶ added in v0.2.0
func SetOne(out1 *MontgomeryDomainFieldElement)
SetOne returns the field element One in the Montgomery domain.
Postconditions:
eval (from_montgomery out1) mod m = 1 mod m 0 ≤ eval out1 < m
func Square ¶ added in v0.2.0
func Square(out1 *MontgomeryDomainFieldElement, arg1 *MontgomeryDomainFieldElement)
Square squares a field element in the Montgomery domain.
Preconditions:
0 ≤ eval arg1 < m
Postconditions:
eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m 0 ≤ eval out1 < m
func Sub ¶ added in v0.2.0
func Sub(out1 *MontgomeryDomainFieldElement, arg1 *MontgomeryDomainFieldElement, arg2 *MontgomeryDomainFieldElement)
Sub subtracts two field elements in the Montgomery domain.
Preconditions:
0 ≤ eval arg1 < m 0 ≤ eval arg2 < m
Postconditions:
eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m 0 ≤ eval out1 < m
func ToMontgomery ¶ added in v0.2.0
func ToMontgomery(out1 *MontgomeryDomainFieldElement, arg1 *NonMontgomeryDomainFieldElement)
ToMontgomery translates a field element into the Montgomery domain.
Preconditions:
0 ≤ eval arg1 < m
Postconditions:
eval (from_montgomery out1) mod m = eval arg1 mod m 0 ≤ eval out1 < m
Types ¶
type Element ¶ added in v0.2.0
type Element struct {
E MontgomeryDomainFieldElement
}
An Element on the field.
func (*Element) Equals ¶ added in v0.2.0
Equals returns 1 if e == u, and 0 otherwise. e and u are considered to be reduced.
func (*Element) FromBytesNoReduce ¶ added in v0.2.0
FromBytesNoReduce set e to input.
func (*Element) FromBytesWithReduce ¶ added in v0.2.0
func (e *Element) FromBytesWithReduce(input [ElementSize]byte) (*Element, uint64)
FromBytesWithReduce sets e to a reduction of u (if necessary), or u otherwise, and return e and whether a reduction was necessary (in which case 0, and 1 otherwise).
func (*Element) HashToFieldElement ¶ added in v0.2.0
HashToFieldElement sets e to a field element from a 48-byte string obtained by ExpandXMD. We use Frank Denis' trick, c.f. blog from Filippo: https://words.filippo.io/dispatches/wide-reduction i.e. represent the value as a+b*2^192+c*2^384.
func (*Element) Invert ¶ added in v0.2.0
Invert computes z = 1/x (mod p) and returns it, by computing z = x^(p-2) mod p. For some reason, addchain outputs something different than from the examples, using the receiver in the computation, which doesn't work if the receiver and the argument point to the same element. Dereferencing and thus using a local copy of the original does the trick.
func (*Element) Sgn0 ¶ added in v0.2.0
Sgn0 returns the parity of e, 0 if e is even, and 1 otherwise.
func (*Element) SqrtRatio ¶ added in v0.2.0
SqrtRatio sets e to the square root of (u/v) if a quadratic residue (the square root) exists, in which case it also returns 1. In all other cases and returns 1 if there's a quadratic residue (i.e. if a square root actually exists), and 0 otherwise. This uses an optimized implementation sqrt_ratio_3mod4 RFC 9380 section F.2.1.2.
type MontgomeryDomainFieldElement ¶ added in v0.2.0
type MontgomeryDomainFieldElement [4]uint64
MontgomeryDomainFieldElement is a field element in the Montgomery domain.
Bounds:
[[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
type NonMontgomeryDomainFieldElement ¶ added in v0.2.0
type NonMontgomeryDomainFieldElement [4]uint64
NonMontgomeryDomainFieldElement is a field element NOT in the Montgomery domain.
Bounds:
[[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
Source Files