Struct curve25519_dalek::scalar::Scalar [] [src]

pub struct Scalar(pub [u8; 32]);

The Scalar struct represents an element in ℤ/lℤ, where

l = 2252 + 27742317777372353535851937790883648493

is the order of the basepoint. The Scalar is stored as bytes.

Methods

impl Scalar
[src]

[src]

Return a Scalar chosen uniformly at random using a user-provided RNG.

Inputs

  • rng: any RNG which implements the rand::Rng interface.

Returns

A random scalar within ℤ/lℤ.

[src]

Hash a slice of bytes into a scalar.

Takes a type parameter D, which is any Digest producing 64 bytes (512 bits) of output.

Convenience wrapper around from_hash.

Example

extern crate sha2;
use sha2::Sha512;

let msg = "To really appreciate architecture, you may even need to commit a murder";
let s = Scalar::hash_from_bytes::<Sha512>(msg.as_bytes());

[src]

Construct a scalar from an existing Digest instance.

Use this instead of hash_from_bytes if it is more convenient to stream data into the Digest than to pass a single byte slice.

[src]

View this Scalar as a sequence of bytes.

[src]

Construct the additive identity

[src]

Construct the multiplicative identity

[src]

Construct a scalar from the given u64.

[src]

Compute the multiplicative inverse of this scalar.

[src]

Get the bits of the scalar.

[src]

Compute a width-5 "Non-Adjacent Form" of this scalar.

A width-w NAF of a positive integer k is an expression k = sum(k[i]*2^i for i in range(l)), where each nonzero coefficient k[i] is odd and bounded by |k[i]| < 2^(w-1), k[l-1] is nonzero, and at most one of any w consecutive coefficients is nonzero. (Hankerson, Menezes, Vanstone; def 3.32).

Intuitively, this is like a binary expansion, except that we allow some coefficients to grow up to 2^(w-1) so that the nonzero coefficients are as sparse as possible.

[src]

Write this scalar in radix 16, with coefficients in [-8,8), i.e., compute a_i such that

a = a_0 + a_1*161 + ... + a_63*1663,

with -8 ≤ a_i < 8 for 0 ≤ i < 63 and -8 ≤ a_63 ≤ 8.

Precondition: self[31] <= 127. This is the case whenever self is reduced.

[src]

Compute ab+c (mod l). XXX should this exist, or should we just have Mul, Add etc impls that unpack and then call UnpackedScalar::multiply_add ?

[src]

Reduce a 512-bit little endian number mod l

Trait Implementations

impl Copy for Scalar
[src]

impl Clone for Scalar
[src]

[src]

Returns a copy of the value. Read more

1.0.0
[src]

Performs copy-assignment from source. Read more

impl Debug for Scalar
[src]

[src]

Formats the value using the given formatter.

impl Eq for Scalar
[src]

impl PartialEq for Scalar
[src]

[src]

Test equality between two Scalars.

Warning

This function is not guaranteed to be constant time and should only be used for debugging purposes.

Returns

True if they are equal, and false otherwise.

1.0.0
[src]

This method tests for !=.

impl Equal for Scalar
[src]

[src]

Test equality between two Scalars in constant time.

Returns

1u8 if they are equal, and 0u8 otherwise.

impl Index<usize> for Scalar
[src]

The returned type after indexing.

[src]

Performs the indexing (container[index]) operation.

impl IndexMut<usize> for Scalar
[src]

[src]

Performs the mutable indexing (container[index]) operation.

impl<'b> MulAssign<&'b Scalar> for Scalar
[src]

[src]

Performs the *= operation.

impl<'a, 'b> Mul<&'b Scalar> for &'a Scalar
[src]

The resulting type after applying the * operator.

[src]

Performs the * operation.

impl<'b> AddAssign<&'b Scalar> for Scalar
[src]

[src]

Performs the += operation.

impl<'a, 'b> Add<&'b Scalar> for &'a Scalar
[src]

The resulting type after applying the + operator.

[src]

Performs the + operation.

impl<'b> SubAssign<&'b Scalar> for Scalar
[src]

[src]

Performs the -= operation.

impl<'a, 'b> Sub<&'b Scalar> for &'a Scalar
[src]

The resulting type after applying the - operator.

[src]

Performs the - operation.

impl<'a> Neg for &'a Scalar
[src]

The resulting type after applying the - operator.

[src]

Performs the unary - operation.

impl ConditionallyAssignable for Scalar
[src]

[src]

Conditionally assign another Scalar to this one.

let a = Scalar([0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
                0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]);
let b = Scalar([1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
                1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]);
let mut t = a;
t.conditional_assign(&b, 0u8);
assert!(t[0] == a[0]);
t.conditional_assign(&b, 1u8);
assert!(t[0] == b[0]);

Preconditions

  • choice in {0,1}

impl<'a, 'b> Mul<&'b ExtendedPoint> for &'a Scalar
[src]

The resulting type after applying the * operator.

[src]

Scalar multiplication: compute self * point.

Uses a window of size 4. Note: for scalar multiplication of the basepoint, basepoint_mult is approximately 4x faster.

impl<'a, 'b> Mul<&'a EdwardsBasepointTable> for &'b Scalar
[src]

The resulting type after applying the * operator.

[src]

Construct an ExtendedPoint by via this Scalar times a the basepoint, B included in a precomputed basepoint_table.

Precondition: this scalar must be reduced.

The computation proceeds as follows, as described on page 13 of the Ed25519 paper. Write this scalar a in radix 16 with coefficients in [-8,8), i.e.,

a = a_0 + a_1*161 + ... + a_63*1663,

with -8 ≤ a_i < 8. Then

a*B = a_0*B + a_1*161*B + ... + a_63*1663*B.

Grouping even and odd coefficients gives

a*B = a_0*160*B + a_2*162*B + ... + a_62*1662*B + a_1*161*B + a_3*163*B + ... + a_63*1663*B = (a_0*160*B + a_2*162*B + ... + a_62*1662*B) + 16*(a_1*160*B + a_3*162*B + ... + a_63*1662*B).

We then use the select_precomputed_point function, which takes -8 ≤ x < 8 and [16^2i * B, ..., 8 * 16^2i * B], and returns x * 16^2i * B in constant time.

impl<'a, 'b> Mul<&'b MontgomeryPoint> for &'a Scalar
[src]

The resulting type after applying the * operator.

[src]

Performs the * operation.