3 * Arithmetic in the Goldilocks field GF(2^448 - 2^224 - 1)
5 * (c) 2017 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of secnet.
11 * See README for full list of copyright holders.
13 * secnet is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version d of the License, or
16 * (at your option) any later version.
18 * secnet is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 * General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * version 3 along with secnet; if not, see
25 * https://www.gnu.org/licenses/gpl.html.
27 * This file was originally part of Catacomb, but has been automatically
28 * modified for incorporation into secnet: see `import-catacomb-crypto'
31 * Catacomb is free software; you can redistribute it and/or modify
32 * it under the terms of the GNU Library General Public License as
33 * published by the Free Software Foundation; either version 2 of the
34 * License, or (at your option) any later version.
36 * Catacomb is distributed in the hope that it will be useful,
37 * but WITHOUT ANY WARRANTY; without even the implied warranty of
38 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
39 * GNU Library General Public License for more details.
41 * You should have received a copy of the GNU Library General Public
42 * License along with Catacomb; if not, write to the Free
43 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
47 #ifndef CATACOMB_FGOLDI_H
48 #define CATACOMB_FGOLDI_H
54 /*----- Header files ------------------------------------------------------*/
56 #include "fake-mLib-bits.h"
58 #ifndef CATACOMB_QFARITH_H
62 /*----- Data structures ---------------------------------------------------*/
68 typedef int32 fgoldi_piece
;
70 /*----- Functions provided ------------------------------------------------*/
72 /* --- @fgoldi_load@ --- *
74 * Arguments: @fgoldi *z@ = where to store the result
75 * @const octet xv[56]@ = source to read
79 * Use: Reads an element of %$\gf{2^{448} - 2^{224} - 19}$% in
80 * external representation from @xv@ and stores it in @z@.
82 * External representation is little-endian base-256. Some
83 * elements have multiple encodings, which are not produced by
84 * correct software; use of noncanonical encodings is not an
85 * error, and toleration of them is considered a performance
89 extern void fgoldi_load(fgoldi */
*z*/
, const octet
/*xv*/[56]);
91 /* --- @fgoldi_store@ --- *
93 * Arguments: @octet zv[56]@ = where to write the result
94 * @const fgoldi *x@ = the field element to write
98 * Use: Stores a field element in the given octet vector in external
99 * representation. A canonical encoding is always stored.
102 extern void fgoldi_store(octet
/*zv*/[56], const fgoldi */
*x*/
);
104 /* --- @fgoldi_set@ --- *
106 * Arguments: @fgoldi *z@ = where to write the result
107 * @int a@ = a small-ish constant
111 * Use: Sets @z@ to equal @a@.
114 extern void fgoldi_set(fgoldi */
*x*/
, int /*a*/);
116 /* --- @fgoldi_add@ --- *
118 * Arguments: @fgoldi *z@ = where to put the result (may alias @x@ or @y@)
119 * @const fgoldi *x, *y@ = two operands
123 * Use: Set @z@ to the sum %$x + y$%.
126 extern void fgoldi_add(fgoldi */
*z*/
,
127 const fgoldi */
*x*/
, const fgoldi */
*y*/
);
129 /* --- @fgoldi_sub@ --- *
131 * Arguments: @fgoldi *z@ = where to put the result (may alias @x@ or @y@)
132 * @const fgoldi *x, *y@ = two operands
136 * Use: Set @z@ to the difference %$x - y$%.
139 extern void fgoldi_sub(fgoldi */
*z*/
,
140 const fgoldi */
*x*/
, const fgoldi */
*y*/
);
142 /* --- @fgoldi_neg@ --- *
144 * Arguments: @fgoldi *z@ = where to put the result (may alias @x@)
145 * @const fgoldi *x@ = an operand
152 extern void fgoldi_neg(fgoldi */
*z*/
, const fgoldi */
*x*/
);
154 /* --- @fgoldi_pick2@ --- *
156 * Arguments: @fgoldi *z@ = where to put the result (may alias @x@ or @y@)
157 * @const fgoldi *x, *y@ = two operands
158 * @uint32 m@ = a mask
162 * Use: If @m@ is zero, set @z = y@; if @m@ is all-bits-set, then set
163 * @z = x@. If @m@ has some other value, then scramble @z@ in
167 extern void fgoldi_pick2(fgoldi */
*z*/
,
168 const fgoldi */
*x*/
, const fgoldi */
*y*/
,
171 /* --- @fgoldi_pickn@ --- *
173 * Arguments: @fgoldi *z@ = where to put the result
174 * @const fgoldi *v@ = a table of entries
175 * @size_t n@ = the number of entries in @v@
176 * @size_t i@ = an index
180 * Use: If @0 <= i < n < 32@ then set @z = v[i]@. If @n >= 32@ then
181 * do something unhelpful; otherwise, if @i >= n@ then set @z@
185 extern void fgoldi_pickn(fgoldi */
*z*/
,
186 const fgoldi */
*v*/
, size_t /*n*/, size_t /*i*/);
188 /* --- @fgoldi_condswap@ --- *
190 * Arguments: @fgoldi *x, *y@ = two operands
191 * @uint32 m@ = a mask
195 * Use: If @m@ is zero, do nothing; if @m@ is all-bits-set, then
196 * exchange @x@ and @y@. If @m@ has some other value, then
197 * scramble @x@ and @y@ in an unhelpful way.
200 extern void fgoldi_condswap(fgoldi */
*x*/
, fgoldi */
*y*/
, uint32
/*m*/);
202 /* --- @fgoldi_condneg@ --- *
204 * Arguments: @fgoldi *z@ = where to put the result (may alias @x@)
205 * @const fgoldi *x@ = an operand
206 * @uint32 m@ = a mask
210 * Use: If @m@ is zero, set @z = x@; if @m@ is all-bits-set, then set
211 * @z = -x@. If @m@ has some other value then scramble @z@ in
215 extern void fgoldi_condneg(fgoldi */
*z*/
, const fgoldi */
*x*/
, uint32
/*m*/);
217 /* --- @fgoldi_mulconst@ --- *
219 * Arguments: @fgoldi *z@ = where to put the result (may alias @x@)
220 * @const fgoldi *x@ = an operand
221 * @long a@ = a small-ish constant; %$|a| < 2^{20}$%.
225 * Use: Set @z@ to the product %$a x$%.
228 extern void fgoldi_mulconst(fgoldi */
*z*/
, const fgoldi */
*x*/
, long /*a*/);
230 /* --- @fgoldi_mul@ --- *
232 * Arguments: @fgoldi *z@ = where to put the result (may alias @x@ or @y@)
233 * @const fgoldi *x, *y@ = two operands
237 * Use: Set @z@ to the product %$x y$%.
240 extern void fgoldi_mul(fgoldi */
*z*/
,
241 const fgoldi */
*x*/
, const fgoldi */
*y*/
);
243 /* --- @fgoldi_sqr@ --- *
245 * Arguments: @fgoldi *z@ = where to put the result (may alias @x@ or @y@)
246 * @const fgoldi *x@ = an operand
250 * Use: Set @z@ to the square %$x^2$%.
253 extern void fgoldi_sqr(fgoldi */
*z*/
, const fgoldi */
*x*/
);
255 /* --- @fgoldi_inv@ --- *
257 * Arguments: @fgoldi *z@ = where to put the result (may alias @x@)
258 * @const fgoldi *x@ = an operand
262 * Use: Stores in @z@ the multiplicative inverse %$x^{-1}$%. If
263 * %$x = 0$% then @z@ is set to zero. This is considered a
267 extern void fgoldi_inv(fgoldi */
*z*/
, const fgoldi */
*x*/
);
269 /* --- @fgoldi_quosqrt@ --- *
271 * Arguments: @fgoldi *z@ = where to put the result (may alias @x@ or @y@)
272 * @const fgoldi *x, *y@ = two operands
274 * Returns: Zero if successful, @-1@ if %$x/y$% is not a square.
276 * Use: Stores in @z@ the one of the square roots %$\pm\sqrt{x/y}$%.
277 * If %$x = y = 0% then the result is zero; if %$y = 0$% but %$x
278 * \ne 0$% then the operation fails. If you wanted a specific
279 * square root then you'll have to pick it yourself.
282 extern int fgoldi_quosqrt(fgoldi */
*z*/
,
283 const fgoldi */
*x*/
, const fgoldi */
*y*/
);
285 /*----- That's all, folks -------------------------------------------------*/
~mdw / secnet / blob