Type Definition curve25519_dalek::field::FieldElement

type FieldElement = FieldElement32;

A FieldElement represents an element of the field GF(2²⁵⁵ - 19).

Methods

impl FieldElement

fn is_negative_ed25519(&self) -> u8

Determine if this FieldElement is negative, in the sense used in the ed25519 paper: x is negative if the low bit is set.

Return

If negative, return 1u8. Otherwise, return 0u8.

fn is_negative_decaf(&self) -> u8

Determine if this FieldElement is negative, in the sense used by Decaf: x is nonnegative if the least absolute residue for x lies in [0, (p-1)/2], and is negative otherwise.

Return

Returns 1u8 if negative, 0u8 if nonnegative.

Implementation

Uses a trick borrowed from Mike Hamburg's code. Let x \in F_p and let y \in Z be the least absolute residue for x. Suppose y ≤ (p-1)/2. Then 2y < p so 2y = 2y mod p and 2y mod p is even. On the other hand, if y > (p-1)/2 then 2y ≥ p; since y < p, 2y \in [p, 2p), so 2y mod p = 2y-p, which is odd.

Thus we can test whether y ≤ (p-1)/2 by checking whether 2y mod p is even.

fn is_nonnegative_decaf(&self) -> u8

Determine if this FieldElement is nonnegative, in the sense used by Decaf: x is nonnegative if the least absolute residue for x lies in [0, (p-1)/2], and is negative otherwise.

fn is_zero(&self) -> u8

Determine if this FieldElement is zero.

Return

If zero, return 1u8. Otherwise, return 0u8.

fn is_nonzero(&self) -> u8

Determine if this FieldElement is non-zero.

Return

If non-zero, return 1u8. Otherwise, return 0u8.

fn invert(&self) -> FieldElement

Given a nonzero field element, compute its inverse.

The inverse is computed as self^p-2, since x^p-2x = x^p-1 = 1 (mod p).

fn pow_p58(&self) -> FieldElement

Raise this field element to the power (p-5)/8 = 2²⁵² -3. Used in decoding.

fn sqrt_ratio(u: &FieldElement, v: &FieldElement) -> (u8, FieldElement)

Given FieldElements u and v, attempt to compute sqrt(u/v) in constant time.

It would be much better to use an Option type here, but doing so forces the caller to branch, which we don't want to do. This seems like the least bad solution.

Return

• (1u8, sqrt(u/v)) if v is nonzero and u/v is square;
• (0u8, zero) if v is zero;
• (0u8, garbage) if u/v is nonsquare.

fn invsqrt(&self) -> (u8, FieldElement)

For self a nonzero square, compute 1/sqrt(self) in constant time.

It would be much better to use an Option type here, but doing so forces the caller to branch, which we don't want to do. This seems like the least bad solution.

Return

• (1u8, 1/sqrt(self)) if self is a nonzero square;
• (0u8, zero) if self is zero;
• (0u8, garbage) if self is nonsquare.

fn chi(&self) -> FieldElement

chi calculates self^((p-1)/2).

Return

• If this element is a non-zero square, returns 1.
• If it is zero, returns 0.
• If it is non-square, returns -1.

Trait Implementations

impl Eq for FieldElement

impl PartialEq for FieldElement

fn eq(&self, other: &FieldElement) -> bool

Test equality between two FieldElements. Since the internal representation is not canonical, the field elements are normalized to wire format before comparison.

Warning

This comparison is not constant time. It could easily be made to be, but the main use of an Eq implementation is for branching, so it seems pointless to do so.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=.

impl Equal for FieldElement

fn ct_eq(&self, other: &FieldElement) -> u8

Test equality between two FieldElements. Since the internal representation is not canonical, the field elements are normalized to wire format before comparison.

Returns

1u8 if the two FieldElements are equal, and 0u8 otherwise.