Struct curve25519_dalek::backend::serial::u64::field::FieldElement51

pub struct FieldElement51(pub(crate) [u64; 5]);

A FieldElement51 represents an element of the field \( \mathbb Z / (2^{255} - 19)\).

In the 64-bit implementation, a FieldElement is represented in radix \(2^{51}\) as five u64s; the coefficients are allowed to grow up to \(2^{54}\) between reductions modulo \(p\).

Note

The curve25519_dalek::field module provides a type alias curve25519_dalek::field::FieldElement to either FieldElement51 or FieldElement2625.

The backend-specific type FieldElement51 should not be used outside of the curve25519_dalek::field module.

Methods

impl FieldElement51

pub fn is_negative(&self) -> Choice

Determine if this FieldElement is negative, in the sense used in the ed25519 paper: x is negative if the low bit is set.

Return

If negative, return Choice(1). Otherwise, return Choice(0).

pub fn is_zero(&self) -> Choice

Determine if this FieldElement is zero.

Return

If zero, return Choice(1). Otherwise, return Choice(0).

fn pow22501(&self) -> (FieldElement51, FieldElement51)

Compute (self^(2^250-1), self^11), used as a helper function within invert() and pow22523().

pub fn batch_invert(inputs: &mut [FieldElement51])

Given a slice of public FieldElements, replace each with its inverse.

All input FieldElements MUST be nonzero.

pub fn invert(&self) -> FieldElement51

Given a nonzero field element, compute its inverse.

The inverse is computed as self^(p-2), since x^(p-2)x = x^(p-1) = 1 (mod p).

This function returns zero on input zero.

fn pow_p58(&self) -> FieldElement51

Raise this field element to the power (p-5)/8 = 2^252 -3.

pub fn sqrt_ratio_i(
    u: &FieldElement51,
    v: &FieldElement51
) -> (Choice, FieldElement51)

Given FieldElements u and v, compute either sqrt(u/v) or sqrt(i*u/v) in constant time.

This function always returns the nonnegative square root.

Return

• (Choice(1), +sqrt(u/v)) if v is nonzero and u/v is square;
• (Choice(1), zero) if u is zero;
• (Choice(0), zero) if v is zero and u is nonzero;
• (Choice(0), +sqrt(i*u/v)) if u/v is nonsquare (so i*u/v is square).

pub fn invsqrt(&self) -> (Choice, FieldElement51)

Attempt to compute sqrt(1/self) in constant time.

Convenience wrapper around sqrt_ratio_i.

This function always returns the nonnegative square root.

Return

• (Choice(1), +sqrt(1/self)) if self is a nonzero square;
• (Choice(0), zero) if self is zero;
• (Choice(0), +sqrt(i/self)) if self is a nonzero nonsquare;

impl FieldElement51

pub fn negate(&mut self)

Invert the sign of this field element

pub fn zero() -> FieldElement51

Construct zero.

pub fn one() -> FieldElement51

Construct one.

pub fn minus_one() -> FieldElement51

Construct -1.

fn reduce(limbs: [u64; 5]) -> FieldElement51

Given 64-bit input limbs, reduce to enforce the bound 2^(51 + epsilon).

pub fn from_bytes(bytes: &[u8; 32]) -> FieldElement51

Load a FieldElement51 from the low 255 bits of a 256-bit input.

Warning

This function does not check that the input used the canonical representative. It masks the high bit, but it will happily decode 2^255 - 18 to 1. Applications that require a canonical encoding of every field element should decode, re-encode to the canonical encoding, and check that the input was canonical.

pub fn to_bytes(&self) -> [u8; 32]

Serialize this FieldElement51 to a 32-byte array. The encoding is canonical.

pub fn pow2k(&self, k: u32) -> FieldElement51

Given k > 0, return self^(2^k).

pub fn square(&self) -> FieldElement51

Returns the square of this field element.

pub fn square2(&self) -> FieldElement51

Returns 2 times the square of this field element.

Trait Implementations

impl<'a, 'b> Add<&'b FieldElement51> for &'a FieldElement51

type Output = FieldElement51

The resulting type after applying the + operator.

fn add(self, _rhs: &'b FieldElement51) -> FieldElement51

Performs the + operation.

impl<'b> AddAssign<&'b FieldElement51> for FieldElement51

fn add_assign(&mut self, _rhs: &'b FieldElement51)

Performs the += operation.

impl Clone for FieldElement51

fn clone(&self) -> FieldElement51

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl ConditionallySelectable for FieldElement51

fn conditional_select(
    a: &FieldElement51,
    b: &FieldElement51,
    choice: Choice
) -> FieldElement51

Select a or b according to choice.

fn conditional_swap(
    a: &mut FieldElement51,
    b: &mut FieldElement51,
    choice: Choice
)

Conditionally swap self and other if choice == 1; otherwise, reassign both unto themselves.

fn conditional_assign(&mut self, other: &FieldElement51, choice: Choice)

Conditionally assign other to self, according to choice.

impl ConstantTimeEq for FieldElement51

fn ct_eq(&self, other: &FieldElement51) -> Choice

Test equality between two FieldElements. Since the internal representation is not canonical, the field elements are normalized to wire format before comparison.

impl Copy for FieldElement51

impl Debug for FieldElement51

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl Eq for FieldElement51

fn assert_receiver_is_total_eq(&self)

impl<'a, 'b> Mul<&'b FieldElement51> for &'a FieldElement51

type Output = FieldElement51

The resulting type after applying the * operator.

fn mul(self, _rhs: &'b FieldElement51) -> FieldElement51

Performs the * operation.

impl<'b> MulAssign<&'b FieldElement51> for FieldElement51

fn mul_assign(&mut self, _rhs: &'b FieldElement51)

Performs the *= operation.

impl<'a> Neg for &'a FieldElement51

type Output = FieldElement51

The resulting type after applying the - operator.

fn neg(self) -> FieldElement51

Performs the unary - operation.

impl PartialEq<FieldElement51> for FieldElement51

fn eq(&self, other: &FieldElement51) -> bool

This method tests for self and other values to be equal, and is used by ==.

#[must_use] fn ne(&self, other: &Rhs) -> bool

This method tests for !=.

impl<'a, 'b> Sub<&'b FieldElement51> for &'a FieldElement51

type Output = FieldElement51

The resulting type after applying the - operator.

fn sub(self, _rhs: &'b FieldElement51) -> FieldElement51

Performs the - operation.

impl<'b> SubAssign<&'b FieldElement51> for FieldElement51

fn sub_assign(&mut self, _rhs: &'b FieldElement51)

Performs the -= operation.

impl Zeroize for FieldElement51

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not "optimized away" by the compiler.