Trait FieldOps 

pub trait FieldOps:
    Sized
    + Clone
    + PartialEq
    + Eq
    + Add<Output = Self>
    + Sub<Output = Self>
    + Mul<Output = Self>
    + Neg<Output = Self>
    + Default
    + ConditionallySelectable {
    // Required methods
    fn zero() -> Self;
    fn one() -> Self;
    fn is_zero(&self) -> Choice;
    fn is_one(&self) -> Choice;
    fn negate(&self) -> Self;
    fn add(&self, rhs: &Self) -> Self;
    fn sub(&self, rhs: &Self) -> Self;
    fn mul(&self, rhs: &Self) -> Self;
    fn square(&self) -> Self;
    fn double(&self) -> Self;
    fn invert(&self) -> CtOption<Self>;
    fn frobenius(&self) -> Self;
    fn norm(&self) -> Self;
    fn trace(&self) -> Self;
    fn sqrt(&self) -> CtOption<Self>;
    fn legendre(&self) -> i8;
    fn characteristic() -> Vec<u64>;
    fn degree() -> u32;
    fn from_u64(x: u64) -> Self;

    // Provided methods
    fn div(&self, rhs: &Self) -> CtOption<Self> { ... }
    fn pow_vartime(&self, exp: &[u64]) -> Self { ... }
    fn pow(&self, exp: &[u64]) -> Self { ... }
    fn frobenius_pow(&self, k: u32) -> Self { ... }
    fn inverse_and_sqrt(&self) -> (CtOption<Self>, CtOption<Self>) { ... }
    fn inv_sqrt(&self) -> CtOption<Self> { ... }
    fn invertme_sqrtother(&self, rhs: &Self) -> (CtOption<Self>, CtOption<Self>) { ... }
    fn sqrt_ratio(&self, rhs: &Self) -> CtOption<Self> { ... }
}

Core arithmetic interface for field elements used throughout the library.

This trait abstracts the operations needed by the prime-field layer, extension fields, and higher-level elliptic-curve code.

It combines:

• basic ring-style operations (+, -, *, unary -);
• distinguished constants zero() and one();
• predicates such as is_zero() and is_one();
• field-specific operations such as inversion, Frobenius, norm, trace, square roots, and Legendre-symbol-style square testing;
• constant-time conditional selection via subtle::ConditionallySelectable.

The trait is intentionally separate from FieldRandom, so downstream code that only needs deterministic arithmetic does not need to depend on rand.

Scalars used by exponentiation methods are encoded as little-endian u64 limbs, matching the convention used elsewhere in the library.

Required Methods

fn zero() -> Self

Create the constant zero

fn one() -> Self

Create the constant one

fn is_zero(&self) -> Choice

Check if element is zero

fn is_one(&self) -> Choice

Check if element is one

fn negate(&self) -> Self

Negate self to -self

fn add(&self, rhs: &Self) -> Self

Add rhs to self

fn sub(&self, rhs: &Self) -> Self

Sub rhs from self

fn mul(&self, rhs: &Self) -> Self

Multipliy self by rhs

fn square(&self) -> Self

Square self

fn double(&self) -> Self

Double self

fn invert(&self) -> CtOption<Self>

Invert self

fn frobenius(&self) -> Self

Compute self^p the frobenius acting on self

fn norm(&self) -> Self

compute the norm of self down to $\mathbb{F}_p$ (as an element of type Self)

fn trace(&self) -> Self

compute the trace of self down to $\mathbb{F}_p$ (as an element of type Self)

fn sqrt(&self) -> CtOption<Self>

Returns a squareroot if it exists

Returns a squareroof of self if it exists in the finite field $\mathbb{F}{p^M}$. The return type is CtOption<Self> and it is not none if and only if the squareroot exists. This is an implementation fo the Tonelli–Shanks algorithm in the multiplicative group $\mathbb{F}{p^M}^*$

Arguments

• &self - Element of $\mathbb{F}_{p^M}$ (type: self)

Returns

The square root of self (type: CtOption<Self>)

fn legendre(&self) -> i8

Computes the “Legendre symbol” i.e., if 0,1,-1 depending if self is 0, a square or a nonsquare.

fn characteristic() -> Vec<u64>

Returns the characteristic of the field.

fn degree() -> u32

Returns the extension degree of the field.

fn from_u64(x: u64) -> Self

Convert u64 to the field.

Provided Methods

fn div(&self, rhs: &Self) -> CtOption<Self>

Divide self by rhs

fn pow_vartime(&self, exp: &[u64]) -> Self

self^exp using square-and multiply (litte-endian bit order)

It is constant time for fixed exp

Arguments

• &self - Finite field element (type: self)
• exp - Exponent (type: &u64)

Returns

&self^exp (type: Self)

Why <Self as FieldOps>::mul instead of result.mul(&base)

FieldOps requires Mul<Output = Self> as a supertrait, so Self exposes two methods named mul:

• <Self as Mul>::mul(self, rhs: Self) -> Self ← operator, takes by value
• <Self as FieldOps>::mul(&self, rhs: &Self) -> Self ← ours, takes by ref

Writing result.mul(&base) triggers method resolution, which picks Mul::mul (the operator) because it was declared first in the supertrait list. Mul::mul expects Self, not &Self → E0308.

Fully-qualified syntax <Self as FieldOps>::mul(...) bypasses method resolution entirely and calls exactly the trait method we want.

fn pow(&self, exp: &[u64]) -> Self

self^pow in constant time using a Montgomery ladder

Uses a Montgomery ladder to compute self^exp WARNING: Only constant time if the number of limbs of exp is constant

Arguments

• &self - Element of $\mathbb{F}_p$ (type: self)
• exp - Exponent (type: &u64)

Returns

The value self^pow (type: Self)

Todo

Use subtle and conditional_swap to make true constant time

fn frobenius_pow(&self, k: u32) -> Self

Compute self^{p^k} a power of the frobenius

fn inverse_and_sqrt(&self) -> (CtOption<Self>, CtOption<Self>)

Computes the inverse and square root of self

Computes simulaineously the inverse and square root of self.

Arguments

• &self - Element of $\mathbb{F}_{p^M}$ (type: self)

Returns

The inverse and square root of self. The former is none if and only if nonzero and the latter is not none if and only if there exists a squareroot in $\mathbb{F}_{p^M}$ (type: (CtOption<Self>, CtOption<self>))

fn inv_sqrt(&self) -> CtOption<Self>

Computes the square root the inverse of self

Arguments

• &self - Element of $\mathbb{F}_{p^M}$ (type: self)

Returns

The square root of the inverse of self. The former is not none if and only if it is both nonzero there exists a squareroot in $\mathbb{F}_{p^M}$ (type: CtOption<self>)

fn invertme_sqrtother(&self, rhs: &Self) -> (CtOption<Self>, CtOption<Self>)

Computes the inverse of self and square root of rhs

Computes simulaineously the inverse of self and square root of rhs.

Arguments

• &self - Element of $\mathbb{F}_{p^M}$ (type: self)
• rhs - Element of $\mathbb{F}_{p^M}$ (type: &Self)

Returns

The inverse of self and square root fo rhs. Theq former is none if and only if self is nonzero and the latter is not none if and only if there exists a squareroot of rhs in $\mathbb{F}_{p^M}$ (type: (CtOption<Self>, CtOption<self>))

fn sqrt_ratio(&self, rhs: &Self) -> CtOption<Self>

Computes the squareroot of a ratio self/rhs

Arguments

• &self - Element of $\mathbb{F}_{p^M}$ (type: self)
• rhs - Element of $\mathbb{F}_{p^M}$ (type: &Self)

Returns

The squareroot of the ratio self/rhs is not none if and only if rhs is invertible and the ratio has an $\mathbb{F}_{p^M}$ squareroot (type: (CtOption<Self>, CtOption<self>))

Dyn Compatibility

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors

impl FieldOps for F2Element

impl<MOD, const LIMBS: usize> FieldOps for FpElement<MOD, LIMBS>

where MOD: ConstPrimeMontyParams<LIMBS>,

impl<MOD, const LIMBS: usize, const M: usize, const N: usize, P, TSCONSTS> FieldOps for FpExt<MOD, LIMBS, M, N, P, TSCONSTS>

where MOD: ConstPrimeMontyParams<LIMBS>, P: IrreduciblePoly<MOD, LIMBS, M>, TSCONSTS: TonelliShanksConstants<MOD, LIMBS, M, N>,

impl<const LIMBS: usize, P> FieldOps for F2Ext<LIMBS, P>

where P: BinaryIrreducible<LIMBS>,