Expand description
Hard-coded safe primes and Gold exponents for pilot parameter sets.
§Provenance (256-bit set)
- Generation:
openssl prime -generate -safe -bits 255(OpenSSL 3.x), decimal output50427571419144900628919267453863926315743253667527897108380512375229288045819. - Independent check: SymPy
isprime(p)andisprime((p-1)//2)bothTrue(Miller-Rabin internally; deterministic for this size class). - Bit length: 255 bits (
p < 2^256, fitscrypto_bigint::U256). - Encoding below: big-endian hex (same integer as OpenSSL decimal).
§Provenance (512-bit set)
- Generation:
openssl prime -generate -safe -bits 511, decimal5846462199204458696044836418989331885058164550456003028279732171283212220247560926277230464259799968087668834545163644537944481399188821346081377725974863. - Independent check: SymPy
isprime(p)andisprime((p-1)//2)bothTrue. - Bit length: 511 bits (fits
crypto_bigint::U512).
§Gold exponent
For each safe prime p = 2q + 1 with q prime, p - 1 = 2^1 · q. The pilot Gold exponent is
g = q = (p-1)/2, an odd divisor of p-1 suitable for the power-residue PRF construction.
Structs§
- Gold
PrfParams256 - Parameters for the Gold (power-residue) PRF: odd divisor
gofp-1and modulusp. - Gold
PrfParams512 - Gold PRF parameters at 512-bit pilot modulus.
- Legendre
PrfParams256 - Parameters for the Legendre PRF over (\mathbb{F}_p) with
pa safe prime. - Legendre
PrfParams512 - Parameters for the Legendre PRF at the 512-bit pilot modulus.
Constants§
- P256_
BE_ HEX - 256-bit pilot:
p(255-bit safe prime), big-endian hex. - P512_
BE_ HEX - 512-bit pilot:
p(511-bit safe prime), big-endian hex.
Functions§
- u256_
from_ le_ bytes - Parse a little-endian field element; must be
< pfor valid keys. - u256_
to_ le_ bytes - Encode a field element as fixed little-endian bytes (for wire formats / digests).
- u512_
from_ le_ bytes - Parse
U512from little-endian bytes. - u512_
to_ le_ bytes - Encode a
U512as little-endian bytes.