Skip to main content

CryptoBigintElement

class_groups::crypto_bigint::element

Struct CryptoBigintElement 

Source 
pub struct CryptoBigintElement<U: Limbs> {
    a: U,
    b: (Choice, U),
    c: U::Wide,
    discriminant_abs: U::Wide,
}
Expand description

A constant-time primitive element of a class group, implemented via crypto-bigint.

This only supports discriminants delta such that $delta < 0, |delta| \cong 1 \mod 2$.

This is implemented in time variable to the discriminant yet constant to the a, b, c coefficients. This prevents timing analysis from leaking the elements being composed. It is only recommended for provers as it has a significant performance overhead compared to other backends, which verifiers should take advantage of.

This implementation does not itself allocate and can be used with crypto_bigint::Uint to achieve elements which are fixed size and live on the stack, albeit only with support for a bounded subset of discriminants. Alternatively, crypto_bigint::BoxedUint may be used to support all discriminants, at the cost of using the heap.

Fields§

§a: U

The a coefficient.

This may not be reduced but is bounded to less than the square root of the discriminant.

§b: (Choice, U)

The b coefficient.

This may not be reduced but is bounded to have an absolute value less than the square root of the discriminant.

§c: U::Wide

The c coefficient.

This may not be reduced but is bounded to be less than the discriminant.

§discriminant_abs: U::Wide

The absolute value of the negative discriminant for this form.

This is used to recalculate the c coefficient after composition.

Implementations§

Source§

impl<U: Limbs> CryptoBigintElement<U>

Source

fn identity_from_discriminant(discriminant_abs: U::Wide) -> Self

This is only valid for forms of negative odd discriminant.

Source§

impl<U: Limbs> CryptoBigintElement<U>

Source

fn partial_reduce( a: U::Wide, b: (Choice, U::Wide), discriminant_abs: U::Wide, ) -> Self

Partially reduce an element.

This assumes the coefficients are the result from composition (either addition or doubling) of two well-defined instances of this type.

Source

fn reduce(self) -> Self

Reduce an element.

Trait Implementations§

Source§

impl<U: Clone + Limbs> Clone for CryptoBigintElement<U>
where U::Wide: Clone,

Source§

fn clone(&self) -> CryptoBigintElement<U>

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<U: Limbs> Coefficients for CryptoBigintElement<U>

Source§

fn a_b_c_discriminant( self, ) -> (impl AsRef<[u8]>, (Choice, impl AsRef<[u8]>), impl AsRef<[u8]>, impl AsRef<[u8]>)

This function runs in constant time.

Source§

impl<U: Limbs> CtEq for CryptoBigintElement<U>

Source§

fn ct_eq(&self, other: &Self) -> Choice

This MAY return an incorrect result for forms of different discriminants.

Source§

fn ct_ne(&self, other: &Rhs) -> Choice

Determine if self is NOT equal to other in constant-time.
Source§

impl<U: Limbs> CtSelect for CryptoBigintElement<U>

Source§

fn ct_select(&self, b: &Self, choice: Choice) -> Self

This MAY return an incorrect result for forms of different discriminants.

Source§

fn ct_swap(&mut self, other: &mut Self, choice: Choice)

Conditionally swap self and other if choice is Choice::TRUE.
Source§

impl<U: Debug + Limbs> Debug for CryptoBigintElement<U>
where U::Wide: Debug,

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<U: Limbs> Element for CryptoBigintElement<U>

Source§

fn identity(discriminant_abs: impl AsRef<[u8]>) -> Self

This is only valid for forms of negative odd discriminant.

Source§

fn is_identity(&self) -> Choice

This MAY return an incorrect result when the form doesn’t have an odd, negative discriminant.

Source§

fn add(&self, other: &Self) -> Self

This is only correct for forms of the same discriminant where at least one form is primitive.

Source§

fn double(&self) -> Self

This is only correct when the form is primitive.

Source§

fn sub(&self, other: Self) -> Self

This is only correct for forms of the same discriminant where at least one form is primitive.

Source§

unsafe fn from_coefficients( a: impl AsRef<[u8]>, (b_positive, b_abs): (Choice, impl AsRef<[u8]>), c: impl AsRef<[u8]>, discriminant_abs: impl AsRef<[u8]>, ) -> Self

This function is only valid for primitive reduced positive definite binary quadratic forms of negative odd discriminant where the discriminant fits within (2 * max_bits) - 2 bits.

This function MAY run in time variable to:

  • the byte-length of the inputs
  • the validity of the inputs
  • the discriminant

This function MAY panic if asked to handle coefficients which exceed the capacity of the underlying container(s).

Source§

fn uncompressed_encode(self) -> impl AsRef<[u8]>

This runs in time variable to the size of the discriminant and the size of the underlying container.

Source§

fn uncompressed_decode( buf: impl AsRef<[u8]>, discriminant_abs: impl AsRef<[u8]>, ) -> CtOption<Self>

This runs in time variable to the size of the discriminant and the size of the underlying container. This MAY return None for discriminants which fit within the bounds but have trailing zero bytes which cause the amount of encoded bits to exceed the bounds.

Source§

fn compress(self, writer: impl Write) -> Result<()>

Available on crate feature std only.
Compress an element. Read more
Source§

fn decompress( reader: impl Read, discriminant_abs: impl AsRef<[u8]>, ) -> Result<Self>

Available on crate feature std only.
Decompress an element of the specified discriminant. Read more
Source§

fn from(source: impl Element) -> Self

Create an element of this type from another element.
Source§

fn next_prime_ideal_squared( rng: impl CryptoRng, seed: BoxedUint, discriminant_abs: impl AsRef<[u8]>, bits_of_security: u32, ) -> Self

Available on crate feature alloc only.
Sample a uniform element from a subgroup of the class group and return its square. Read more
Source§

impl<U: Limbs> ElementExt for CryptoBigintElement<U>

Available on crate feature alloc only.
Source§

fn multiexp(identity: &Self, pairs: &[(&Table<Self>, &[u8])]) -> Self

This is only correct when identity is in fact the identity element for the class group the elements in the table belong to.

Source§

const MAX_TABLE_BITS: u32 = 12

The maximum amount of bits to create a table with. Read more
Source§

fn mul(table: &Table<Self>, scalar: &[u8]) -> Self

Perform a multiplication with a Table. Read more
Source§

impl<U: Limbs> Eq for CryptoBigintElement<U>

1.0.0 (const: unstable) · Source§

#[doc(hidden)]
fn assert_receiver_is_total_eq(&self)

👎Deprecated since 1.95.0:

implementation detail of #[derive(Eq)]

Source§

#[doc(hidden)]
fn assert_fields_are_eq(&self)

🔬This is a nightly-only experimental API. (derive_eq_internals)
Source§

impl<U: Limbs> Neg for CryptoBigintElement<U>

Source§

fn neg(self) -> Self

This is only correct for primitives forms where $delta \cong 1 \mod 2$.

Source§

type Output = CryptoBigintElement<U>

The resulting type after applying the - operator.
Source§

impl<U: Limbs> PartialEq for CryptoBigintElement<U>

Source§

fn eq(&self, other: &Self) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<U: Limbs> Zeroize for CryptoBigintElement<U>

Source§

fn zeroize(&mut self)

This is only valid for forms of negative odd discriminant.

This does not zeroize the discriminant, solely the a, b, c coefficients, and will set the result to the identity element of the same discriminant.

Auto Trait Implementations§

§

impl<U> Freeze for CryptoBigintElement<U>
where <U as Limbs>::Wide: Sized + Freeze, U: Freeze,

§

impl<U> RefUnwindSafe for CryptoBigintElement<U>
where <U as Limbs>::Wide: Sized + RefUnwindSafe, U: RefUnwindSafe,

§

impl<U> Send for CryptoBigintElement<U>
where <U as Limbs>::Wide: Sized,

§

impl<U> Sync for CryptoBigintElement<U>
where <U as Limbs>::Wide: Sized,

§

impl<U> Unpin for CryptoBigintElement<U>
where <U as Limbs>::Wide: Sized + Unpin, U: Unpin,

§

impl<U> UnsafeUnpin for CryptoBigintElement<U>
where <U as Limbs>::Wide: Sized + UnsafeUnpin, U: UnsafeUnpin,

§

impl<U> UnwindSafe for CryptoBigintElement<U>
where <U as Limbs>::Wide: Sized + UnwindSafe, U: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> AssertZeroize for T
where T: Zeroize + ?Sized,

Source§

fn zeroize_or_on_drop(&mut self)

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> SizedTypeProperties for T

Source§

#[doc(hidden)]
const SIZE: usize = _

🔬This is a nightly-only experimental API. (sized_type_properties)
Source§

#[doc(hidden)]
const ALIGN: usize = _

🔬This is a nightly-only experimental API. (sized_type_properties)
Source§

#[doc(hidden)]
const ALIGNMENT: Alignment = _

🔬This is a nightly-only experimental API. (ptr_alignment_type)
Source§

#[doc(hidden)]
const IS_ZST: bool = _

🔬This is a nightly-only experimental API. (sized_type_properties)
true if this type requires no storage. false if its size is greater than zero. Read more
Source§

#[doc(hidden)]
const LAYOUT: Layout = _

🔬This is a nightly-only experimental API. (sized_type_properties)
Source§

#[doc(hidden)]
const MAX_SLICE_LEN: usize = _

🔬This is a nightly-only experimental API. (sized_type_properties)
The largest safe length for a [Self]. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.