jubjub 0.9.0

Implementation of the Jubjub elliptic curve group
/// Compute a + b + carry, returning the result and the new carry over.
pub const fn adc(a: u64, b: u64, carry: u64) -> (u64, u64) {
    let ret = (a as u128) + (b as u128) + (carry as u128);
    (ret as u64, (ret >> 64) as u64)

/// Compute a - (b + borrow), returning the result and the new borrow.
pub const fn sbb(a: u64, b: u64, borrow: u64) -> (u64, u64) {
    let ret = (a as u128).wrapping_sub((b as u128) + ((borrow >> 63) as u128));
    (ret as u64, (ret >> 64) as u64)

/// Compute a + (b * c) + carry, returning the result and the new carry over.
pub const fn mac(a: u64, b: u64, c: u64, carry: u64) -> (u64, u64) {
    let ret = (a as u128) + ((b as u128) * (c as u128)) + (carry as u128);
    (ret as u64, (ret >> 64) as u64)

macro_rules! impl_add_binop_specify_output {
    ($lhs:ident, $rhs:ident, $output:ident) => {
        impl<'b> Add<&'b $rhs> for $lhs {
            type Output = $output;

            fn add(self, rhs: &'b $rhs) -> $output {
                &self + rhs

        impl<'a> Add<$rhs> for &'a $lhs {
            type Output = $output;

            fn add(self, rhs: $rhs) -> $output {
                self + &rhs

        impl Add<$rhs> for $lhs {
            type Output = $output;

            fn add(self, rhs: $rhs) -> $output {
                &self + &rhs

macro_rules! impl_sub_binop_specify_output {
    ($lhs:ident, $rhs:ident, $output:ident) => {
        impl<'b> Sub<&'b $rhs> for $lhs {
            type Output = $output;

            fn sub(self, rhs: &'b $rhs) -> $output {
                &self - rhs

        impl<'a> Sub<$rhs> for &'a $lhs {
            type Output = $output;

            fn sub(self, rhs: $rhs) -> $output {
                self - &rhs

        impl Sub<$rhs> for $lhs {
            type Output = $output;

            fn sub(self, rhs: $rhs) -> $output {
                &self - &rhs

macro_rules! impl_binops_additive_specify_output {
    ($lhs:ident, $rhs:ident, $output:ident) => {
        impl_add_binop_specify_output!($lhs, $rhs, $output);
        impl_sub_binop_specify_output!($lhs, $rhs, $output);

macro_rules! impl_binops_multiplicative_mixed {
    ($lhs:ident, $rhs:ident, $output:ident) => {
        impl<'b> Mul<&'b $rhs> for $lhs {
            type Output = $output;

            fn mul(self, rhs: &'b $rhs) -> $output {
                &self * rhs

        impl<'a> Mul<$rhs> for &'a $lhs {
            type Output = $output;

            fn mul(self, rhs: $rhs) -> $output {
                self * &rhs

        impl Mul<$rhs> for $lhs {
            type Output = $output;

            fn mul(self, rhs: $rhs) -> $output {
                &self * &rhs

macro_rules! impl_binops_additive {
    ($lhs:ident, $rhs:ident) => {
        impl_binops_additive_specify_output!($lhs, $rhs, $lhs);

        impl SubAssign<$rhs> for $lhs {
            fn sub_assign(&mut self, rhs: $rhs) {
                *self = &*self - &rhs;

        impl AddAssign<$rhs> for $lhs {
            fn add_assign(&mut self, rhs: $rhs) {
                *self = &*self + &rhs;

        impl<'b> SubAssign<&'b $rhs> for $lhs {
            fn sub_assign(&mut self, rhs: &'b $rhs) {
                *self = &*self - rhs;

        impl<'b> AddAssign<&'b $rhs> for $lhs {
            fn add_assign(&mut self, rhs: &'b $rhs) {
                *self = &*self + rhs;

macro_rules! impl_binops_multiplicative {
    ($lhs:ident, $rhs:ident) => {
        impl_binops_multiplicative_mixed!($lhs, $rhs, $lhs);

        impl MulAssign<$rhs> for $lhs {
            fn mul_assign(&mut self, rhs: $rhs) {
                *self = &*self * &rhs;

        impl<'b> MulAssign<&'b $rhs> for $lhs {
            fn mul_assign(&mut self, rhs: &'b $rhs) {
                *self = &*self * rhs;