crypto-bigint 0.7.3

Pure Rust implementation of a big integer library which has been designed from the ground-up for use in cryptographic applications. Provides constant-time, no_std-friendly implementations of modern formulas using const generics.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

//! Multiplicative inverses of boxed integers in Montgomery form.

use super::{BoxedMontyForm, BoxedMontyParams};
use crate::{CtOption, Invert, modular::safegcd::boxed::BoxedSafeGcdInverter};

impl BoxedMontyForm {
    /// Computes `self^-1` representing the multiplicative inverse of `self`,
    /// i.e. `self * self^-1 = 1`.
    #[must_use]
    pub fn invert(&self) -> CtOption<Self> {
        let montgomery_form = self.params.inverter().invert(&self.montgomery_form);
        let is_some = montgomery_form.is_some();
        let montgomery_form2 = self.montgomery_form.clone();
        let ret = BoxedMontyForm {
            montgomery_form: Option::from(montgomery_form).unwrap_or(montgomery_form2),
            params: self.params.clone(),
        };

        CtOption::new(ret, is_some)
    }

    /// Computes `self^-1` representing the multiplicative inverse of `self`,
    /// i.e. `self * self^-1 = 1`.
    ///
    /// This version is variable-time with respect to the self of `self`, but constant-time with
    /// respect to `self`'s `params`.
    #[must_use]
    pub fn invert_vartime(&self) -> CtOption<Self> {
        let montgomery_form = self.params.inverter().invert_vartime(&self.montgomery_form);
        let is_some = montgomery_form.is_some();
        let montgomery_form2 = self.montgomery_form.clone();
        let ret = BoxedMontyForm {
            montgomery_form: Option::from(montgomery_form).unwrap_or(montgomery_form2),
            params: self.params.clone(),
        };

        CtOption::new(ret, is_some)
    }
}

impl Invert for BoxedMontyForm {
    type Output = CtOption<Self>;

    fn invert(&self) -> Self::Output {
        self.invert()
    }

    fn invert_vartime(&self) -> Self::Output {
        self.invert_vartime()
    }
}

impl BoxedMontyParams {
    /// Compute the inverter for these params.
    fn inverter(&self) -> BoxedSafeGcdInverter {
        BoxedSafeGcdInverter::new_with_inverse(
            self.modulus().clone(),
            self.mod_inv(),
            self.r2().clone(),
        )
    }
}

#[cfg(test)]
mod tests {
    use crate::{
        BoxedUint, Invert,
        modular::{BoxedMontyForm, BoxedMontyParams},
    };
    use hex_literal::hex;

    fn monty_params() -> BoxedMontyParams {
        BoxedMontyParams::new(
            BoxedUint::from_be_slice(
                &hex!("15477BCCEFE197328255BFA79A1217899016D927EF460F4FF404029D24FA4409"),
                256,
            )
            .unwrap()
            .to_odd()
            .unwrap(),
        )
    }

    #[test]
    fn test_self_inverse() {
        let params = monty_params();
        let x = BoxedUint::from_be_slice(
            &hex!("77117F1273373C26C700D076B3F780074D03339F56DD0EFB60E7F58441FD3685"),
            256,
        )
        .unwrap();
        let x_mod = BoxedMontyForm::new(x, &params);

        let inv = x_mod.invert().unwrap();
        let res = &x_mod * &inv;

        assert!(bool::from(res.retrieve().is_one()));

        let inv_trait = Invert::invert(&x_mod).unwrap();
        assert_eq!(inv_trait, inv);
    }
}