3 * Arithmetic in the Goldilocks field GF(2^448 - 2^224 - 1)
5 * (c) 2017 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of secnet.
11 * See README for full list of copyright holders.
13 * secnet is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version d of the License, or
16 * (at your option) any later version.
18 * secnet is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 * General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * version 3 along with secnet; if not, see
25 * https://www.gnu.org/licenses/gpl.html.
27 * This file was originally part of Catacomb, but has been automatically
28 * modified for incorporation into secnet: see `import-catacomb-crypto'
31 * Catacomb is free software; you can redistribute it and/or modify
32 * it under the terms of the GNU Library General Public License as
33 * published by the Free Software Foundation; either version 2 of the
34 * License, or (at your option) any later version.
36 * Catacomb is distributed in the hope that it will be useful,
37 * but WITHOUT ANY WARRANTY; without even the implied warranty of
38 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
39 * GNU Library General Public License for more details.
41 * You should have received a copy of the GNU Library General Public
42 * License along with Catacomb; if not, write to the Free
43 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
47 #ifndef CATACOMB_FGOLDI_H
48 #define CATACOMB_FGOLDI_H
54 /*----- Header files ------------------------------------------------------*/
56 #include "fake-mLib-bits.h"
58 #ifndef CATACOMB_QFARITH_H
62 /*----- Data structures ---------------------------------------------------*/
68 /*----- Functions provided ------------------------------------------------*/
70 /* --- @fgoldi_load@ --- *
72 * Arguments: @fgoldi *z@ = where to store the result
73 * @const octet xv[56]@ = source to read
77 * Use: Reads an element of %$\gf{2^{448} - 2^{224} - 19}$% in
78 * external representation from @xv@ and stores it in @z@.
80 * External representation is little-endian base-256. Some
81 * elements have multiple encodings, which are not produced by
82 * correct software; use of noncanonical encodings is not an
83 * error, and toleration of them is considered a performance
87 extern void fgoldi_load(fgoldi */
*z*/
, const octet
/*xv*/[56]);
89 /* --- @fgoldi_store@ --- *
91 * Arguments: @octet zv[56]@ = where to write the result
92 * @const fgoldi *x@ = the field element to write
96 * Use: Stores a field element in the given octet vector in external
97 * representation. A canonical encoding is always stored.
100 extern void fgoldi_store(octet
/*zv*/[56], const fgoldi */
*x*/
);
102 /* --- @fgoldi_set@ --- *
104 * Arguments: @fgoldi *z@ = where to write the result
105 * @int a@ = a small-ish constant
109 * Use: Sets @z@ to equal @a@.
112 extern void fgoldi_set(fgoldi */
*x*/
, int /*a*/);
114 /* --- @fgoldi_add@ --- *
116 * Arguments: @fgoldi *z@ = where to put the result (may alias @x@ or @y@)
117 * @const fgoldi *x, *y@ = two operands
121 * Use: Set @z@ to the sum %$x + y$%.
124 extern void fgoldi_add(fgoldi */
*z*/
,
125 const fgoldi */
*x*/
, const fgoldi */
*y*/
);
127 /* --- @fgoldi_sub@ --- *
129 * Arguments: @fgoldi *z@ = where to put the result (may alias @x@ or @y@)
130 * @const fgoldi *x, *y@ = two operands
134 * Use: Set @z@ to the difference %$x - y$%.
137 extern void fgoldi_sub(fgoldi */
*z*/
,
138 const fgoldi */
*x*/
, const fgoldi */
*y*/
);
140 /* --- @fgoldi_condswap@ --- *
142 * Arguments: @fgoldi *x, *y@ = two operands
143 * @uint32 m@ = a mask
147 * Use: If @m@ is zero, do nothing; if @m@ is all-bits-set, then
148 * exchange @x@ and @y@. If @m@ has some other value, then
149 * scramble @x@ and @y@ in an unhelpful way.
152 extern void fgoldi_condswap(fgoldi */
*x*/
, fgoldi */
*y*/
, uint32
/*m*/);
154 /* --- @fgoldi_mulconst@ --- *
156 * Arguments: @fgoldi *z@ = where to put the result (may alias @x@)
157 * @const fgoldi *x@ = an operand
158 * @long a@ = a small-ish constant; %$|a| < 2^{20}$%.
162 * Use: Set @z@ to the product %$a x$%.
165 extern void fgoldi_mulconst(fgoldi */
*z*/
, const fgoldi */
*x*/
, long /*a*/);
167 /* --- @fgoldi_mul@ --- *
169 * Arguments: @fgoldi *z@ = where to put the result (may alias @x@ or @y@)
170 * @const fgoldi *x, *y@ = two operands
174 * Use: Set @z@ to the product %$x y$%.
177 extern void fgoldi_mul(fgoldi */
*z*/
,
178 const fgoldi */
*x*/
, const fgoldi */
*y*/
);
180 /* --- @fgoldi_sqr@ --- *
182 * Arguments: @fgoldi *z@ = where to put the result (may alias @x@ or @y@)
183 * @const fgoldi *x@ = an operand
187 * Use: Set @z@ to the square %$x^2$%.
190 extern void fgoldi_sqr(fgoldi */
*z*/
, const fgoldi */
*x*/
);
192 /* --- @fgoldi_inv@ --- *
194 * Arguments: @fgoldi *z@ = where to put the result (may alias @x@)
195 * @const fgoldi *x@ = an operand
199 * Use: Stores in @z@ the multiplicative inverse %$x^{-1}$%. If
200 * %$x = 0$% then @z@ is set to zero. This is considered a
204 extern void fgoldi_inv(fgoldi */
*z*/
, const fgoldi */
*x*/
);
206 /*----- That's all, folks -------------------------------------------------*/
~mdw / secnet / blob