Expand description
Autogenerated: fiat_crypto.js word-by-word-montgomery –lang Rust fr 32 2111115437357092606062206234695386632838870926408408195193685246394721360383 –no-prefix-fiat –public-type-case PascalCase –private-type-case PascalCase curve description: fr machine_wordsize = 32 (from “32”) requested operations: (all) m = 0x4aad957a68b2955982d1347970dec005293a3afc43c8afeb95aee9ac33fd9ff (from “2111115437357092606062206234695386632838870926408408195193685246394721360383”)
NOTE: In addition to the bounds specified above each function, all functions synthesized for this Montgomery arithmetic require the input to be strictly less than the prime modulus (m), and also require the input to be in the unique saturated representation. All functions also ensure that these two properties are true of return values.
Computed values: eval z = z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) twos_complement_eval z = let x1 := z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) in if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256
Structs§
- The type FrMontgomeryDomainFieldElement is a field element in the Montgomery domain. Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
- The type FrNonMontgomeryDomainFieldElement is a field element NOT in the Montgomery domain. Bounds: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
Functions§
- The function fr_add adds two field elements in the Montgomery domain.
- The function fr_addcarryx_u32 is an addition with carry.
- The function fr_cmovznz_u32 is a single-word conditional move.
- The function fr_divstep computes a divstep.
- The function fr_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form).
- The function fr_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order.
- The function fr_from_montgomery translates a field element out of the Montgomery domain.
- The function fr_msat returns the saturated representation of the prime modulus.
- The function fr_mul multiplies two field elements in the Montgomery domain.
- The function fr_mulx_u32 is a multiplication, returning the full double-width result.
- The function fr_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise.
- The function fr_opp negates a field element in the Montgomery domain.
- The function fr_selectznz is a multi-limb conditional select.
- The function fr_set_one returns the field element one in the Montgomery domain.
- The function fr_square squares a field element in the Montgomery domain.
- The function fr_sub subtracts two field elements in the Montgomery domain.
- The function fr_subborrowx_u32 is a subtraction with borrow.
- The function fr_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order.
- The function fr_to_montgomery translates a field element into the Montgomery domain.
Type Aliases§
- FrI1 represents values of 1 bits, stored in one byte.
- FrI2 represents values of 2 bits, stored in one byte.
- FrU1 represents values of 1 bits, stored in one byte.
- FrU2 represents values of 2 bits, stored in one byte.