Expand description
Legendre and Gold (power-residue) PRFs over prime fields (\mathbb{F}_p).
This crate provides constant-time field arithmetic via crypto_bigint::modular::FixedMontyForm
for pilot safe-prime moduli documented in params. It is intended as a building block for
Fiat–Shamir protocols such as DualRing-PRF (QROM), composed at the lib-q-ring-sig layer.
Secret key material for Legendre and Gold PRFs is held in opaque key types with validated
constructors (LegendreKey256::from_uint, GoldKey256::from_uint, and derive_from_seed
variants); use LegendreKey256::as_uint, LegendreKey512::as_uint, GoldKey256::as_uint,
or GoldKey512::as_uint when you need the field element for serialization or constant-time
equality checks. The shared scalar checks live in keys.
Re-exports§
pub use error::PrfError;pub use field::fp_add;pub use field::fp_mul;pub use field::fp_pow;pub use field::legendre_symbol_monty;pub use field::legendre_symbol_residue;pub use field::to_monty;pub use field::uint_ct_eq_zero;pub use gold::GoldKey256;pub use gold::GoldKey512;pub use gold::gold_prf_u256;pub use gold::gold_prf_u512;pub use legendre::LegendreKey256;pub use legendre::LegendreKey512;pub use legendre::legendre_prf_u256;pub use legendre::legendre_prf_u512;pub use params::GoldPrfParams256;pub use params::GoldPrfParams512;pub use params::LegendrePrfParams256;pub use params::LegendrePrfParams512;pub use params::P256_BE_HEX;pub use params::P512_BE_HEX;pub use params::u256_from_le_bytes;pub use params::u256_to_le_bytes;pub use params::u512_from_le_bytes;pub use params::u512_to_le_bytes;
Modules§
- error
- Errors for PRF evaluation and parameter parsing.
- field
- Field arithmetic in (\mathbb{F}_p) using Montgomery form (
crypto_bigint::modular::FixedMontyForm). - gold
- Gold (power-residue) PRF: (\mathrm{Gold}_k(x) = (k+x)^g \bmod p).
- keys
- Shared validation for PRF secret keys represented as field scalars.
- legendre
- Legendre PRF: (L_K(x) = \left(\frac{x+K}{p}\right)).
- params
- Hard-coded safe primes and Gold exponents for pilot parameter sets.