Expand description
Implementation of Bernstein-Yang modular inversion and GCD algorithm (a.k.a. safegcd) as described in: https://eprint.iacr.org/2019/266.
Adapted from the Apache 2.0+MIT licensed implementation originally from: https://github.com/taikoxyz/halo2curves/pull/2 https://github.com/privacy-scaling-explorations/halo2curves/pull/83
Copyright (c) 2023 Privacy Scaling Explorations Team
Modulesยง
- boxed ๐
- Implementation of Bernstein-Yang modular inversion and GCD algorithm (a.k.a. safegcd) as described in: https://eprint.iacr.org/2019/266.
Structsยง
- Safe
GcdInverter ๐ - Modular multiplicative inverter based on the Bernstein-Yang method.
- Signed
Int ๐ - A
Uintwhich carries a separate sign in order to maintain the same range.
Constantsยง
- GCD_
BATCH_ ๐SIZE
Functionsยง
- conditional_
negate_ ๐in_ place_ wide - Conditionally negate a wide Uint represented by
(lo, hi). - gcd_odd
- Calculate the greatest common denominator of odd
f, andg. - invert_
odd_ mod - invert_
odd_ ๐mod_ precomp - Calculate the multiplicative inverse of
amodulom. - iterations ๐
- Calculate the maximum number of iterations required according to safegcd-bounds: https://github.com/sipa/safegcd-bounds
- jump ๐
- Perform
batchsteps of the gcd reduction process on signed tail valuesfandg. - jump_
step ๐ - Perform one step of the gcd reduction in constant time. This follows the half-delta variant of safegcd-bounds which reduces the round count. https://github.com/sipa/safegcd-bounds
- jump_
step_ ๐vartime - Perform one step of the gcd reduction in variable time.
- shr_
in_ ๐place_ wide - Right shift a wide Uint represented by
(lo, hi)returning any remaining high bits. - update_
de ๐ - update_
fg ๐
Type Aliasesยง
- Matrix ๐
- Type of the Bernstein-Yang transition matrix multiplied by 2^62