FieldElement

p521::arithmetic::field

Struct FieldElement 

Source 
pub struct FieldElement(pub(crate) [u64; 9]);
Expand description

Element of the secp521r1 base field used for curve coordinates.

Tuple Fields§

§0: [u64; 9]

Implementations§

Source§

impl FieldElement

Source

pub const ZERO: Self

Zero element.

Source

pub const ONE: Self

Multiplicative identity.

Source

const BYTES: usize = 66usize

Number of bytes in the serialized representation.

Source

pub fn from_bytes(repr: &FieldBytes) -> CtOption<Self>

Create a FieldElement from a canonical big-endian representation.

Source

pub fn from_slice(slice: &[u8]) -> Result<Self>

Decode FieldElement from a big endian byte slice.

Source

pub fn from_uint(uint: U576) -> CtOption<Self>

Decode FieldElement from U576.

Source

pub(crate) const fn from_hex(hex: &str) -> Self

Parse a FieldElement from big endian hex-encoded bytes.

Does not perform a check that the field element does not overflow the order.

This method is primarily intended for defining internal constants.

Source

pub const fn from_u64(w: u64) -> Self

Convert a u64 into a FieldElement.

Source

pub(crate) const fn from_uint_unchecked(w: U576) -> Self

Decode FieldElement from U576.

Does not perform a check that the field element does not overflow the order.

Used incorrectly this can lead to invalid results!

Source

pub fn to_bytes(self) -> FieldBytes

Returns the big-endian encoding of this FieldElement.

Source

pub fn is_odd(&self) -> Choice

Determine if this FieldElement is odd in the SEC1 sense: self mod 2 == 1.

§Returns

If odd, return Choice(1). Otherwise, return Choice(0).

Source

pub fn is_even(&self) -> Choice

Determine if this FieldElement is even in the SEC1 sense: self mod 2 == 0.

§Returns

If even, return Choice(1). Otherwise, return Choice(0).

Source

pub fn is_zero(&self) -> Choice

Determine if this FieldElement is zero.

§Returns

If zero, return Choice(1). Otherwise, return Choice(0).

Source

pub(crate) const fn add_loose(&self, rhs: &Self) -> LooseFieldElement

Add elements.

Source

pub(crate) const fn double_loose(&self) -> LooseFieldElement

Double element (add it to itself).

Source

pub(crate) const fn sub_loose(&self, rhs: &Self) -> LooseFieldElement

Subtract elements, returning a loose field element.

Source

pub(crate) const fn neg_loose(&self) -> LooseFieldElement

Negate element, returning a loose field element.

Source

pub const fn add(&self, rhs: &Self) -> Self

Add two field elements.

Source

pub const fn sub(&self, rhs: &Self) -> Self

Subtract field elements.

Source

pub const fn neg(&self) -> Self

Negate element.

Source

pub const fn double(&self) -> Self

Double element (add it to itself).

Source

pub const fn multiply(&self, rhs: &Self) -> Self

Multiply elements.

Source

pub const fn square(&self) -> Self

Square element.

Source

const fn sqn(&self, n: usize) -> Self

Returns self^(2^n) mod p

Source

pub const fn pow_vartime(&self, exp: &[u64]) -> Self

Returns self^exp, where exp is a little-endian integer exponent.

This operation is variable time with respect to the exponent.

If the exponent is fixed, this operation is effectively constant time.

Source

pub fn invert(&self) -> CtOption<Self>

Compute FieldElement inversion: 1 / self.

Source

const fn invert_unchecked(&self) -> Self

Returns the multiplicative inverse of self.

Does not check that self is non-zero.

Source

pub fn sqrt(&self) -> CtOption<Self>

Returns the square root of self mod p, or None if no square root exists.

§Implementation details

If x has a sqrt, then due to Euler’s criterion this implies x(p - 1)/2 = 1.

  1. x(p + 1)/2 = x.
  2. There’s a special property due to p ≡ 3 (mod 4) which implies (p + 1)/4 is an integer.
  3. We can rewrite 1. as x((p+1)/4)2
  4. x(p+1)/4 is the square root.
  5. This is simplified as (2251 - 1 + 1) /4 = 2519
  6. Hence, x2519 is the square root iff result.square() == self
Source

pub(crate) const fn relax(&self) -> LooseFieldElement

Relax a tight field element into a loose one.

Trait Implementations§

Source§

impl Add<&FieldElement> for &FieldElement

Source§

type Output = FieldElement

The resulting type after applying the + operator.
Source§

fn add(self, rhs: &FieldElement) -> FieldElement

Performs the + operation. Read more
Source§

impl Add<&FieldElement> for FieldElement

Source§

type Output = FieldElement

The resulting type after applying the + operator.
Source§

fn add(self, rhs: &FieldElement) -> FieldElement

Performs the + operation. Read more
Source§

impl Add for FieldElement

Source§

type Output = FieldElement

The resulting type after applying the + operator.
Source§

fn add(self, rhs: FieldElement) -> FieldElement

Performs the + operation. Read more
Source§

impl AddAssign<&FieldElement> for FieldElement

Source§

fn add_assign(&mut self, other: &FieldElement)

Performs the += operation. Read more
Source§

impl AddAssign for FieldElement

Source§

fn add_assign(&mut self, other: FieldElement)

Performs the += operation. Read more
Source§

impl AsRef<[u64; 9]> for FieldElement

Source§

fn as_ref(&self) -> &[u64; 9]

Converts this type into a shared reference of the (usually inferred) input type.
Source§

impl Clone for FieldElement

Source§

fn clone(&self) -> FieldElement

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl ConditionallySelectable for FieldElement

Source§

fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self

Select a or b according to choice. Read more
Source§

fn conditional_assign(&mut self, other: &Self, choice: Choice)

Conditionally assign other to self, according to choice. Read more
Source§

fn conditional_swap(a: &mut Self, b: &mut Self, choice: Choice)

Conditionally swap self and other if choice == 1; otherwise, reassign both unto themselves. Read more
Source§

impl ConstantTimeEq for FieldElement

Source§

fn ct_eq(&self, other: &Self) -> Choice

Determine if two items are equal. Read more
Source§

fn ct_ne(&self, other: &Self) -> Choice

Determine if two items are NOT equal. Read more
Source§

impl Debug for FieldElement

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formatting machinery for FieldElement

§Why
let fe1 = FieldElement([9, 0, 0, 0, 0, 0, 0, 0, 0]);
let fe2 = FieldElement([
    8,
    0,
    288230376151711744,
    288230376151711743,
    288230376151711743,
    288230376151711743,
    288230376151711743,
    288230376151711743,
    144115188075855871,
]);

For the above example, deriving core::fmt::Debug will result in returning 2 different strings, which are in reality the same due to p521’s unsaturated math, instead print the output as a hex string in big-endian.

This makes debugging easier.

Source§

impl Default for FieldElement

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl Field for FieldElement

Source§

const ZERO: Self = Self::ZERO

The zero element of the field, the additive identity.
Source§

const ONE: Self = Self::ONE

The one element of the field, the multiplicative identity.
Source§

fn random(rng: impl RngCore) -> Self

Returns an element chosen uniformly at random using a user-provided RNG.
Source§

fn is_zero(&self) -> Choice

Returns true iff this element is zero.
Source§

fn square(&self) -> Self

Squares this element.
Source§

fn double(&self) -> Self

Doubles this element.
Source§

fn invert(&self) -> CtOption<Self>

Computes the multiplicative inverse of this element, failing if the element is zero.
Source§

fn sqrt(&self) -> CtOption<Self>

Returns the square root of the field element, if it is quadratic residue. Read more
Source§

fn sqrt_ratio(num: &Self, div: &Self) -> (Choice, Self)

Computes: Read more
Source§

fn is_zero_vartime(&self) -> bool

Returns true iff this element is zero. Read more
Source§

fn cube(&self) -> Self

Cubes this element.
Source§

fn sqrt_alt(&self) -> (Choice, Self)

Equivalent to Self::sqrt_ratio(self, one()). Read more
Source§

fn pow<S>(&self, exp: S) -> Self
where S: AsRef<[u64]>,

Exponentiates self by exp, where exp is a little-endian order integer exponent. Read more
Source§

fn pow_vartime<S>(&self, exp: S) -> Self
where S: AsRef<[u64]>,

Exponentiates self by exp, where exp is a little-endian order integer exponent. Read more
Source§

impl From<&FieldElement> for LooseFieldElement

Source§

fn from(tight: &FieldElement) -> LooseFieldElement

Converts to this type from the input type.
Source§

impl From<&LooseFieldElement> for FieldElement

Source§

fn from(loose: &LooseFieldElement) -> FieldElement

Converts to this type from the input type.
Source§

impl From<FieldElement> for LooseFieldElement

Source§

fn from(tight: FieldElement) -> LooseFieldElement

Converts to this type from the input type.
Source§

impl From<LooseFieldElement> for FieldElement

Source§

fn from(loose: LooseFieldElement) -> FieldElement

Converts to this type from the input type.
Source§

impl From<u128> for FieldElement

Source§

fn from(n: u128) -> FieldElement

Converts to this type from the input type.
Source§

impl From<u32> for FieldElement

Source§

fn from(n: u32) -> FieldElement

Converts to this type from the input type.
Source§

impl From<u64> for FieldElement

Source§

fn from(n: u64) -> FieldElement

Converts to this type from the input type.
Source§

impl Mul<&FieldElement> for &FieldElement

Source§

type Output = FieldElement

The resulting type after applying the * operator.
Source§

fn mul(self, rhs: &FieldElement) -> FieldElement

Performs the * operation. Read more
Source§

impl Mul<&FieldElement> for FieldElement

Source§

type Output = FieldElement

The resulting type after applying the * operator.
Source§

fn mul(self, rhs: &FieldElement) -> FieldElement

Performs the * operation. Read more
Source§

impl Mul for FieldElement

Source§

type Output = FieldElement

The resulting type after applying the * operator.
Source§

fn mul(self, rhs: FieldElement) -> FieldElement

Performs the * operation. Read more
Source§

impl MulAssign<&FieldElement> for FieldElement

Source§

fn mul_assign(&mut self, other: &FieldElement)

Performs the *= operation. Read more
Source§

impl MulAssign for FieldElement

Source§

fn mul_assign(&mut self, other: FieldElement)

Performs the *= operation. Read more
Source§

impl Neg for FieldElement

Source§

type Output = FieldElement

The resulting type after applying the - operator.
Source§

fn neg(self) -> FieldElement

Performs the unary - operation. Read more
Source§

impl PartialEq for FieldElement

Source§

fn eq(&self, rhs: &Self) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl PrimeField for FieldElement

Source§

const MODULUS: &'static str = MODULUS_HEX

Modulus of the field written as a string for debugging purposes. Read more
Source§

const NUM_BITS: u32 = 521u32

How many bits are needed to represent an element of this field.
Source§

const CAPACITY: u32 = 520u32

How many bits of information can be reliably stored in the field element. Read more
Source§

const TWO_INV: Self

Inverse of $2$ in the field.
Source§

const MULTIPLICATIVE_GENERATOR: Self

A fixed multiplicative generator of modulus - 1 order. This element must also be a quadratic nonresidue. Read more
Source§

const S: u32 = 1u32

An integer s satisfying the equation 2^s * t = modulus - 1 with t odd. Read more
Source§

const ROOT_OF_UNITY: Self

The 2^s root of unity. Read more
Source§

const ROOT_OF_UNITY_INV: Self

Inverse of Self::ROOT_OF_UNITY.
Source§

const DELTA: Self

Generator of the t-order multiplicative subgroup. Read more
Source§

type Repr = GenericArray<u8, <NistP521 as Curve>::FieldBytesSize>

The prime field can be converted back and forth into this binary representation.
Source§

fn from_repr(bytes: FieldBytes) -> CtOption<Self>

Attempts to convert a byte representation of a field element into an element of this prime field, failing if the input is not canonical (is not smaller than the field’s modulus). Read more
Source§

fn to_repr(&self) -> FieldBytes

Converts an element of the prime field into the standard byte representation for this field. Read more
Source§

fn is_odd(&self) -> Choice

Returns true iff this element is odd.
Source§

fn from_str_vartime(s: &str) -> Option<Self>

Interpret a string of numbers as a (congruent) prime field element. Does not accept unnecessary leading zeroes or a blank string. Read more
Source§

fn from_u128(v: u128) -> Self

Obtains a field element congruent to the integer v. Read more
Source§

fn from_repr_vartime(repr: Self::Repr) -> Option<Self>

Attempts to convert a byte representation of a field element into an element of this prime field, failing if the input is not canonical (is not smaller than the field’s modulus). Read more
Source§

fn is_even(&self) -> Choice

Returns true iff this element is even.
Source§

impl<'a> Product<&'a FieldElement> for FieldElement

Source§

fn product<I: Iterator<Item = &'a Self>>(iter: I) -> Self

Takes an iterator and generates Self from the elements by multiplying the items.
Source§

impl Product for FieldElement

Source§

fn product<I: Iterator<Item = Self>>(iter: I) -> Self

Takes an iterator and generates Self from the elements by multiplying the items.
Source§

impl Sub<&FieldElement> for &FieldElement

Source§

type Output = FieldElement

The resulting type after applying the - operator.
Source§

fn sub(self, rhs: &FieldElement) -> FieldElement

Performs the - operation. Read more
Source§

impl Sub<&FieldElement> for FieldElement

Source§

type Output = FieldElement

The resulting type after applying the - operator.
Source§

fn sub(self, rhs: &FieldElement) -> FieldElement

Performs the - operation. Read more
Source§

impl Sub for FieldElement

Source§

type Output = FieldElement

The resulting type after applying the - operator.
Source§

fn sub(self, rhs: FieldElement) -> FieldElement

Performs the - operation. Read more
Source§

impl SubAssign<&FieldElement> for FieldElement

Source§

fn sub_assign(&mut self, other: &FieldElement)

Performs the -= operation. Read more
Source§

impl SubAssign for FieldElement

Source§

fn sub_assign(&mut self, other: FieldElement)

Performs the -= operation. Read more
Source§

impl<'a> Sum<&'a FieldElement> for FieldElement

Source§

fn sum<I: Iterator<Item = &'a FieldElement>>(iter: I) -> Self

Takes an iterator and generates Self from the elements by “summing up” the items.
Source§

impl Sum for FieldElement

Source§

fn sum<I: Iterator<Item = Self>>(iter: I) -> Self

Takes an iterator and generates Self from the elements by “summing up” the items.
Source§

impl Copy for FieldElement

Source§

impl DefaultIsZeroes for FieldElement

Source§

impl Eq for FieldElement

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<Z> Zeroize for Z
where Z: DefaultIsZeroes,

Source§

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.
Source§

impl<T, Rhs, Output> GroupOps<Rhs, Output> for T
where T: Add<Rhs, Output = Output> + Sub<Rhs, Output = Output> + AddAssign<Rhs> + SubAssign<Rhs>,

Source§

impl<T, Rhs, Output> GroupOpsOwned<Rhs, Output> for T
where T: for<'r> GroupOps<&'r Rhs, Output>,

Source§

impl<T, Rhs, Output> ScalarMul<Rhs, Output> for T
where T: Mul<Rhs, Output = Output> + MulAssign<Rhs>,

Source§

impl<T, Rhs, Output> ScalarMulOwned<Rhs, Output> for T
where T: for<'r> ScalarMul<&'r Rhs, Output>,