Skip to main content

Goldilocks

poseidon_hash

Struct Goldilocks 

Source 
pub struct Goldilocks(pub u64);
Expand description

Goldilocks field element.

The Goldilocks field uses prime modulus p = 2^64 - 2^32 + 1, which is optimized for:

  • Fast modular reduction using bit manipulation
  • Efficient 64-bit CPU operations
  • Zero-Knowledge proof systems (Plonky2, STARKs)

§Example

use poseidon_hash::Goldilocks;

let a = Goldilocks::from_canonical_u64(42);
let b = Goldilocks::from_canonical_u64(10);
let sum = a.add(&b);
let product = a.mul(&b);

Tuple Fields§

§0: u64

Implementations§

Source§

impl Goldilocks

Source

pub const MODULUS: u64 = 0xffffffff00000001

Field modulus: p = 2^64 - 2^32 + 1 = 0xffffffff00000001

Source

pub const EPSILON: u64 = 0xffffffff

Epsilon constant: (1 << 32) - 1 = 0xffffffff Used for efficient modular reduction

Source

pub const ORDER: u64 = Self::MODULUS

The order of the field (same as MODULUS)

Source

pub fn zero() -> Self

Returns the zero element of the field.

Source

pub fn one() -> Self

Returns the multiplicative identity (one) of the field.

Source

pub fn is_zero(&self) -> bool

Checks if this element is zero.

Source

pub fn to_canonical_u64(&self) -> u64

Converts this field element to its canonical representation as a u64.

The canonical form ensures the value is in the range [0, MODULUS).

Source

pub fn add(&self, other: &Goldilocks) -> Goldilocks

Adds two field elements with modular reduction.

§Example
use poseidon_hash::Goldilocks;

let a = Goldilocks::from_canonical_u64(100);
let b = Goldilocks::from_canonical_u64(50);
let sum = a.add(&b);
assert_eq!(sum.to_canonical_u64(), 150);
Source

pub fn sub(&self, other: &Goldilocks) -> Goldilocks

Subtracts two field elements with modular reduction.

§Example
use poseidon_hash::Goldilocks;

let a = Goldilocks::from_canonical_u64(100);
let b = Goldilocks::from_canonical_u64(50);
let diff = a.sub(&b);
assert_eq!(diff.to_canonical_u64(), 50);
Source

pub fn mul(&self, other: &Goldilocks) -> Goldilocks

Multiplies two field elements with modular reduction.

Uses optimized reduction algorithm for the Goldilocks prime.

§Example
use poseidon_hash::Goldilocks;

let a = Goldilocks::from_canonical_u64(10);
let b = Goldilocks::from_canonical_u64(5);
let product = a.mul(&b);
assert_eq!(product.to_canonical_u64(), 50);
Source

pub fn square(&self) -> Goldilocks

Computes the square of this field element.

More efficient than self.mul(self) as it can use optimized squaring formulas.

Source

pub fn double(&self) -> Goldilocks

Doubles this field element (multiplies by 2).

Source

pub fn neg(&self) -> Goldilocks

Computes the additive inverse (negation) of this field element.

Returns 0 for the zero element; otherwise returns p - x where p is the modulus.

§Example
use poseidon_hash::Goldilocks;

let a = Goldilocks::from_canonical_u64(42);
let neg_a = a.neg();
assert!(neg_a.add(&a).is_zero(), "a + (-a) must be zero");
assert_eq!(neg_a.neg().to_canonical_u64(), a.to_canonical_u64(), "-(-a) must equal a");
Source

pub fn inverse(&self) -> Goldilocks

Computes the multiplicative inverse of this field element.

Uses Fermat’s little theorem: a^(-1) ≡ a^(p-2) mod p

Returns 0 when called on the zero element (analogous to inverse_or_zero()). Use the explicit check if self.is_zero() before calling when a zero input indicates a logic error in your code.

Source

pub fn from_canonical_u64(val: u64) -> Goldilocks

Creates a field element from a canonical u64 value.

The input value is unconditionally reduced modulo MODULUS, so values in the range [MODULUS, u64::MAX] are accepted and normalised. In debug builds an assertion fires for non-canonical inputs so callers can catch unintended use early.

§Example
use poseidon_hash::Goldilocks;

let a = Goldilocks::from_canonical_u64(42);
// Values above MODULUS are silently reduced.
let b = Goldilocks::from_canonical_u64(Goldilocks::MODULUS + 1);
assert_eq!(b.to_canonical_u64(), 1);
Source

pub fn from_noncanonical_u64(val: u64) -> Goldilocks

Creates a field element from any u64 value, reducing modulo MODULUS.

Use this when the input may legitimately exceed MODULUS (e.g. when deserialising untrusted data or computing intermediate results).

Source

pub fn from_i64(val: i64) -> Goldilocks

Creates a field element from an i64 value.

Negative values are handled using two’s complement representation. The field operations will automatically reduce the value modulo MODULUS.

§Example
use poseidon_hash::Goldilocks;

let a = Goldilocks::from_i64(-10);
Source

pub fn sqrt(&self) -> Option<Goldilocks>

Computes the square root of this field element using Tonelli-Shanks algorithm.

Returns Some(sqrt) if the square root exists, None otherwise.

For Goldilocks field p = 2^64 - 2^32 + 1, implements full Tonelli-Shanks. p - 1 = 2^32 * (2^32 - 1) = 2^32 * q where q = 0xFFFFFFFF is odd.

Source

pub fn exp_power_of_2(&self, n: usize) -> Goldilocks

Raises this element to the power of 2^n by repeated squaring.

§Example
use poseidon_hash::Goldilocks;

let a = Goldilocks::from_canonical_u64(5);
let result = a.exp_power_of_2(3); // a^(2^3) = a^8
Source

pub fn equals(&self, other: &Goldilocks) -> bool

Checks if two Goldilocks elements are equal.

Source

pub fn exp(&self, exponent: u64) -> Goldilocks

Exponentiation: raises this element to a power.

Uses binary exponentiation (square-and-multiply algorithm).

Source§

impl Goldilocks

Source

pub fn to_bytes_le(&self) -> [u8; 8]

Serialises this element as 8 little-endian bytes.

The output always uses the canonical representation (value reduced mod MODULUS).

Source

pub fn from_bytes_le(bytes: &[u8]) -> Result<Self, String>

Deserialises a Goldilocks element from 8 little-endian bytes.

Returns Err if bytes is not exactly 8 bytes long or if the decoded u64 value is ≥ MODULUS (i.e. not a canonical field element).

Source

pub fn to_hex(&self) -> String

Encodes this element as a 16-character lowercase hex string.

The hex string always represents canonical (reduced) bytes, little-endian.

Source

pub fn from_hex(s: &str) -> Result<Self, String>

Decodes a Goldilocks element from a 16-character hex string.

Accepts an optional 0x prefix. Returns Err if the hex is malformed, the wrong length, or the decoded value ≥ MODULUS.

Trait Implementations§

Source§

impl Clone for Goldilocks

Source§

fn clone(&self) -> Goldilocks

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Goldilocks

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Display for Goldilocks

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl From<u64> for Goldilocks

Source§

fn from(val: u64) -> Self

Converts to this type from the input type.
Source§

impl PartialEq for Goldilocks

Two Goldilocks elements are equal iff they represent the same field element, i.e., their canonical (reduced mod p) values are identical. This is necessary because arithmetic operations (especially mul) can produce non-canonical representations where the raw u64 exceeds the modulus.

Source§

fn eq(&self, other: &Self) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Zeroize for Goldilocks

Source§

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.
Source§

impl Copy for Goldilocks

Source§

impl Eq for Goldilocks

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.