Struct FieldElement

pub struct FieldElement(/* private fields */);

P-384 field element representing values in F_p

Internally stored as 12 little-endian 32-bit limbs for efficient arithmetic. All operations maintain the invariant that values are reduced modulo p.

Implementations

impl FieldElement

pub fn zero() -> Self

The additive identity element: 0

pub fn one() -> Self

The multiplicative identity element: 1

pub fn from_bytes(bytes: &[u8; 48]) -> Result<Self>

Create a field element from big-endian byte representation

Validates that the input represents a value less than the field modulus p. Returns an error if the value is >= p.

pub fn to_bytes(&self) -> [u8; 48]

Convert field element to big-endian byte representation

pub fn is_valid(&self) -> bool

Constant-time validation that the field element is in canonical form (< p)

Uses constant-time subtraction to check if self < p without branching. Returns true if the element is valid (< p), false otherwise.

pub fn add(&self, other: &Self) -> Self

Constant-time field addition: (self + other) mod p

Algorithm:

1. Perform full 384-bit addition with carry detection
2. Conditionally subtract p if result >= p
3. Ensure result is in canonical form

pub fn sub(&self, other: &Self) -> Self

Constant-time field subtraction: (self - other) mod p

Algorithm:

1. Perform limb-wise subtraction
2. If subtraction borrows, add p to get the correct positive result

pub fn mul(&self, other: &Self) -> Self

Field multiplication: (self * other) mod p

Algorithm:

1. Compute the full 768-bit product using schoolbook multiplication
2. Perform carry propagation to get proper limb representation
3. Apply Barrett reduction for P-384

pub fn square(&self) -> Self

Field squaring: self² mod p

Optimized version of multiplication for the case where both operands are the same. Currently implemented as self.mul(self) but could be optimized further with dedicated squaring algorithms.

pub fn invert(&self) -> Result<Self>

Compute the modular multiplicative inverse using Fermat’s Little Theorem

For prime fields, a^(p-1) ≡ 1 (mod p), so a^(p-2) ≡ a^(-1) (mod p). Uses binary exponentiation (square-and-multiply) for efficiency.

Returns an error if attempting to invert zero (which has no inverse).

pub fn is_zero(&self) -> bool

Check if the field element represents zero

Constant-time check across all limbs to determine if the field element is the additive identity.

pub fn is_odd(&self) -> bool

Return true when the element is odd (LSB set)

Used for point compression to determine the sign of the y-coordinate. The parity is determined by the least significant bit of the canonical representation.

pub fn sqrt(&self) -> Option<Self>

Modular square root using the (p+1)/4 shortcut (p ≡ 3 mod 4).

Because the P-384 prime satisfies p ≡ 3 (mod 4), we can compute sqrt(a) = a^((p+1)/4) mod p. This is more efficient than the general Tonelli-Shanks algorithm.

Returns None when the input is a quadratic non-residue (i.e., when no square root exists in the field).

Algorithm

For p ≡ 3 (mod 4), if a has a square root, then:

• sqrt(a) = ±a^((p+1)/4) mod p
• We return the principal square root (the smaller of the two)

Trait Implementations

impl Clone for FieldElement

fn clone(&self) -> FieldElement

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for FieldElement

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl PartialEq for FieldElement

fn eq(&self, other: &FieldElement) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for FieldElement

impl StructuralPartialEq for FieldElement