Struct sunscreen_zkp_backend::BigInt

This algorithm computes self^(p-2) in F*_p. This is the inverse as a consequence of Fermat’s Little Theorem. Since x != 0 is a generator of F_p: x^p-1 = x * x^p-2 = 1. This means x^p-2 is x^-1.

This algorithm runs in constant time.

p should be prime, but this isn’t enforced by the algorithm. Incorrect results may occur if p is not prime.

p should be larger than 2, but what in tarnation would you need this algorithm for in a unary or binary field?

TODO: Are there better algorithms?

pub fn pow_fp(&self, x: &Self, p: &Self) -> Self

Compute self to the x power in F_p using the fast powers algorithm.

Remarks

This algorithm runs in constant time.

x should be less than p.

pub const ZERO: Self = _

The value 0.

source

pub const ONE: Self = _

The value 1.

Methods from Deref<Target = U512>§

source

pub fn adc(&self, rhs: &Uint<LIMBS>, carry: Limb) -> (Uint<LIMBS>, Limb)

Computes a + b + carry, returning the result along with the new carry.

source

pub fn saturating_add(&self, rhs: &Uint<LIMBS>) -> Uint<LIMBS>

Perform saturating addition, returning MAX on overflow.

source

pub fn wrapping_add(&self, rhs: &Uint<LIMBS>) -> Uint<LIMBS>

Perform wrapping addition, discarding overflow.

source

pub fn add_mod(&self, rhs: &Uint<LIMBS>, p: &Uint<LIMBS>) -> Uint<LIMBS>

Computes self + rhs mod p in constant time.

Assumes self + rhs as unbounded integer is < 2p.

source

pub fn add_mod_special(&self, rhs: &Uint<LIMBS>, c: Limb) -> Uint<LIMBS>

Computes self + rhs mod p in constant time for the special modulus p = MAX+1-c where c is small enough to fit in a single Limb.

Assumes self + rhs as unbounded integer is < 2p.

source

pub fn bitand(&self, rhs: &Uint<LIMBS>) -> Uint<LIMBS>

Computes bitwise a & b.

source

pub fn wrapping_and(&self, rhs: &Uint<LIMBS>) -> Uint<LIMBS>

Perform wrapping bitwise AND.

There’s no way wrapping could ever happen. This function exists so that all operations are accounted for in the wrapping operations

source

pub fn checked_and(&self, rhs: &Uint<LIMBS>) -> CtOption<Uint<LIMBS>>

Perform checked bitwise AND, returning a CtOption which is_some always

source

pub fn not(&self) -> Uint<LIMBS>

Computes bitwise !a.

source

pub fn bitor(&self, rhs: &Uint<LIMBS>) -> Uint<LIMBS>

Computes bitwise a & b.

source

pub fn wrapping_or(&self, rhs: &Uint<LIMBS>) -> Uint<LIMBS>

Perform wrapping bitwise OR.

There’s no way wrapping could ever happen. This function exists so that all operations are accounted for in the wrapping operations

source

pub fn checked_or(&self, rhs: &Uint<LIMBS>) -> CtOption<Uint<LIMBS>>

Perform checked bitwise OR, returning a CtOption which is_some always

source

pub fn bitxor(&self, rhs: &Uint<LIMBS>) -> Uint<LIMBS>

Computes bitwise a ^ b.

source

pub fn wrapping_xor(&self, rhs: &Uint<LIMBS>) -> Uint<LIMBS>

Perform wrapping bitwise `XOR``.

There’s no way wrapping could ever happen. This function exists so that all operations are accounted for in the wrapping operations

source

pub fn checked_xor(&self, rhs: &Uint<LIMBS>) -> CtOption<Uint<LIMBS>>

Perform checked bitwise XOR, returning a CtOption which is_some always

source

pub fn bit_vartime(&self, index: usize) -> bool

Returns true if the bit at position index is set, false otherwise.

source

pub fn bits_vartime(&self) -> usize

Calculate the number of bits needed to represent this number.

source

pub fn leading_zeros(&self) -> usize

Calculate the number of leading zeros in the binary representation of this number.

source

pub fn trailing_zeros(&self) -> usize

Calculate the number of trailing zeros in the binary representation of this number.

source

pub fn bits(&self) -> usize

Calculate the number of bits needed to represent this number.

source

pub fn bit(&self, index: usize) -> CtChoice

Get the value of the bit at position index, as a truthy or falsy CtChoice. Returns the falsy value for indices out of range.

source

pub fn cmp_vartime(&self, rhs: &Uint<LIMBS>) -> Ordering

Returns the Ordering between self and rhs in variable time.

source

pub fn ct_div_rem_limb_with_reciprocal( &self, reciprocal: &Reciprocal ) -> (Uint<LIMBS>, Limb)

Computes self / rhs using a pre-made reciprocal, returns the quotient (q) and remainder (r).

source

pub fn div_rem_limb_with_reciprocal( &self, reciprocal: &CtOption<Reciprocal> ) -> CtOption<(Uint<LIMBS>, Limb)>

Computes self / rhs using a pre-made reciprocal, returns the quotient (q) and remainder (r).

source

pub fn div_rem_limb(&self, rhs: NonZero<Limb>) -> (Uint<LIMBS>, Limb)

Computes self / rhs, returns the quotient (q) and remainder (r).

source

pub fn const_rem(&self, rhs: &Uint<LIMBS>) -> (Uint<LIMBS>, CtChoice)

Computes self % rhs, returns the remainder and and the truthy value for is_some or the falsy value for is_none.

NOTE: Use only if you need to access const fn. Otherwise use Self::rem. This is variable only with respect to rhs.

When used with a fixed rhs, this function is constant-time with respect to self.

source

pub fn rem2k(&self, k: usize) -> Uint<LIMBS>

Computes self % 2^k. Faster than reduce since its a power of 2. Limited to 2^16-1 since Uint doesn’t support higher.

source

pub fn div_rem(&self, rhs: &NonZero<Uint<LIMBS>>) -> (Uint<LIMBS>, Uint<LIMBS>)

Computes self / rhs, returns the quotient, remainder.

source

pub fn rem(&self, rhs: &NonZero<Uint<LIMBS>>) -> Uint<LIMBS>

Computes self % rhs, returns the remainder.

source

pub fn wrapping_div(&self, rhs: &Uint<LIMBS>) -> Uint<LIMBS>

Wrapped division is just normal division i.e. self / rhs There’s no way wrapping could ever happen. This function exists, so that all operations are accounted for in the wrapping operations.

Panics if rhs == 0.

source

pub fn checked_div(&self, rhs: &Uint<LIMBS>) -> CtOption<Uint<LIMBS>>

Perform checked division, returning a CtOption which is_some only if the rhs != 0

source

pub fn wrapping_rem(&self, rhs: &Uint<LIMBS>) -> Uint<LIMBS>

Wrapped (modular) remainder calculation is just self % rhs. There’s no way wrapping could ever happen. This function exists, so that all operations are accounted for in the wrapping operations.

Panics if rhs == 0.

source

pub fn checked_rem(&self, rhs: &Uint<LIMBS>) -> CtOption<Uint<LIMBS>>

Perform checked reduction, returning a CtOption which is_some only if the rhs != 0

source

pub fn inv_mod2k_vartime(&self, k: usize) -> Uint<LIMBS>

Computes 1/self mod 2^k. This method is constant-time w.r.t. self but not k.

Conditions: self < 2^k and self must be odd

source

pub fn inv_mod2k(&self, k: usize) -> Uint<LIMBS>

Computes 1/self mod 2^k.

Conditions: self < 2^k and self must be odd

source

pub fn inv_odd_mod_bounded( &self, modulus: &Uint<LIMBS>, bits: usize, modulus_bits: usize ) -> (Uint<LIMBS>, CtChoice)

Computes the multiplicative inverse of self mod modulus, where modulus is odd. In other words self^-1 mod modulus. bits and modulus_bits are the bounds on the bit size of self and modulus, respectively (the inversion speed will be proportional to bits + modulus_bits). The second element of the tuple is the truthy value if an inverse exists, otherwise it is a falsy value.

Note: variable time in bits and modulus_bits.

The algorithm is the same as in GMP 6.2.1’s mpn_sec_invert.

source

pub fn inv_odd_mod(&self, modulus: &Uint<LIMBS>) -> (Uint<LIMBS>, CtChoice)

Computes the multiplicative inverse of self mod modulus, where modulus is odd. Returns (inverse, CtChoice::TRUE) if an inverse exists, otherwise (undefined, CtChoice::FALSE).

source

pub fn inv_mod(&self, modulus: &Uint<LIMBS>) -> (Uint<LIMBS>, CtChoice)

Computes the multiplicative inverse of self mod modulus. Returns (inverse, CtChoice::TRUE) if an inverse exists, otherwise (undefined, CtChoice::FALSE).

source

pub fn mul<const HLIMBS: usize>( &self, rhs: &Uint<HLIMBS> ) -> <Uint<HLIMBS> as ConcatMixed<Uint<LIMBS>>>::MixedOutputwhere Uint<HLIMBS>: ConcatMixed<Uint<LIMBS>>,

Multiply self by rhs, returning a concatenated “wide” result.

source

pub fn mul_wide<const HLIMBS: usize>( &self, rhs: &Uint<HLIMBS> ) -> (Uint<LIMBS>, Uint<HLIMBS>)

Compute “wide” multiplication, with a product twice the size of the input.

Returns a tuple containing the (lo, hi) components of the product.

Ordering note

Releases of crypto-bigint prior to v0.3 used (hi, lo) ordering instead. This has been changed for better consistency with the rest of the APIs in this crate.

For more info see: https://github.com/RustCrypto/crypto-bigint/issues/4

source

pub fn saturating_mul<const HLIMBS: usize>( &self, rhs: &Uint<HLIMBS> ) -> Uint<LIMBS>

Perform saturating multiplication, returning MAX on overflow.

source

pub fn wrapping_mul<const H: usize>(&self, rhs: &Uint<H>) -> Uint<LIMBS>

Perform wrapping multiplication, discarding overflow.

source

pub fn square(&self) -> <Uint<LIMBS> as Concat>::Outputwhere Uint<LIMBS>: Concat,

Square self, returning a concatenated “wide” result.

source

pub fn square_wide(&self) -> (Uint<LIMBS>, Uint<LIMBS>)

Square self, returning a “wide” result in two parts as (lo, hi).

source

pub fn mul_mod_special(&self, rhs: &Uint<LIMBS>, c: Limb) -> Uint<LIMBS>

Computes self * rhs mod p in constant time for the special modulus p = MAX+1-c where c is small enough to fit in a single Limb. For the modulus reduction, this function implements Algorithm 14.47 from the “Handbook of Applied Cryptography”, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996.

source

pub fn wrapping_neg(&self) -> Uint<LIMBS>

Perform wrapping negation.

source

pub fn neg_mod(&self, p: &Uint<LIMBS>) -> Uint<LIMBS>

Computes -a mod p in constant time. Assumes self is in [0, p).

source

pub fn neg_mod_special(&self, c: Limb) -> Uint<LIMBS>

Computes -a mod p in constant time for the special modulus p = MAX+1-c where c is small enough to fit in a single Limb.

source

pub fn resize<const T: usize>(&self) -> Uint<T>

Construct a Uint<T> from the unsigned integer value, truncating the upper bits if the value is too large to be represented.

source

pub fn shl_vartime(&self, n: usize) -> Uint<LIMBS>

Computes self << shift.

NOTE: this operation is variable time with respect to n ONLY.

When used with a fixed n, this function is constant-time with respect to self.

source

pub fn shl(&self, shift: usize) -> Uint<LIMBS>

Computes self << n. Returns zero if n >= Self::BITS.

source

pub fn shr_vartime(&self, shift: usize) -> Uint<LIMBS>

Computes self >> n.

NOTE: this operation is variable time with respect to n ONLY.

When used with a fixed n, this function is constant-time with respect to self.

source

pub fn shr(&self, shift: usize) -> Uint<LIMBS>

Computes self << n. Returns zero if n >= Self::BITS.

source

pub fn sqrt(&self) -> Uint<LIMBS>

👎Deprecated since 0.5.3: This functionality will be moved to sqrt_vartime in a future release.

See Self::sqrt_vartime.

source

pub fn sqrt_vartime(&self) -> Uint<LIMBS>

Computes √(self) Uses Brent & Zimmermann, Modern Computer Arithmetic, v0.5.9, Algorithm 1.13

Callers can check if self is a square by squaring the result

source

pub fn wrapping_sqrt(&self) -> Uint<LIMBS>

👎Deprecated since 0.5.3: This functionality will be moved to wrapping_sqrt_vartime in a future release.

See Self::wrapping_sqrt_vartime.

source

pub fn wrapping_sqrt_vartime(&self) -> Uint<LIMBS>

Wrapped sqrt is just normal √(self) There’s no way wrapping could ever happen. This function exists, so that all operations are accounted for in the wrapping operations.

source

pub fn checked_sqrt(&self) -> CtOption<Uint<LIMBS>>

👎Deprecated since 0.5.3: This functionality will be moved to checked_sqrt_vartime in a future release.

See Self::checked_sqrt_vartime.

source

pub fn checked_sqrt_vartime(&self) -> CtOption<Uint<LIMBS>>

Perform checked sqrt, returning a CtOption which is_some only if the √(self)² == self

source

pub fn sbb(&self, rhs: &Uint<LIMBS>, borrow: Limb) -> (Uint<LIMBS>, Limb)

Computes a - (b + borrow), returning the result along with the new borrow.

source

pub fn saturating_sub(&self, rhs: &Uint<LIMBS>) -> Uint<LIMBS>

Perform saturating subtraction, returning ZERO on underflow.

source

pub fn wrapping_sub(&self, rhs: &Uint<LIMBS>) -> Uint<LIMBS>

Perform wrapping subtraction, discarding underflow and wrapping around the boundary of the type.

source

pub fn sub_mod(&self, rhs: &Uint<LIMBS>, p: &Uint<LIMBS>) -> Uint<LIMBS>

Computes self - rhs mod p in constant time.

Assumes self - rhs as unbounded signed integer is in [-p, p).

source

pub fn sub_mod_special(&self, rhs: &Uint<LIMBS>, c: Limb) -> Uint<LIMBS>

Computes self - rhs mod p in constant time for the special modulus p = MAX+1-c where c is small enough to fit in a single Limb.

Assumes self - rhs as unbounded signed integer is in [-p, p).

source

pub fn as_words(&self) -> &[u32; LIMBS]

Borrow the inner limbs as an array of Words.

source

pub fn as_limbs(&self) -> &[Limb; LIMBS]

Borrow the limbs of this Uint.

source