jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: b0a2110717
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b0a2110717'
${ noResults }
ed448goldilocks/src/include/field.h

254 lines
5.3 KiB
Raw Blame History 

  1. /**

  2.  * @file field.h

  3.  * @brief Generic field header.

  4.  * @copyright

  5.  *   Copyright (c) 2014 Cryptography Research, Inc.  \n

  6.  *   Released under the MIT License.  See LICENSE.txt for license information.

  7.  * @author Mike Hamburg

  8.  */

  9. 

  10. #ifndef __FIELD_H__

  11. #define __FIELD_H__

  12. 

  13. #include "constant_time.h"

  14. #include "f_field.h"

  15. #include <string.h>

  16. 

  17. #define is32 (GOLDI_BITS == 32 || FIELD_BITS != 448)

  18. #if (is32)

  19. #define IF32(s) (s)

  20. #else

  21. #define IF32(s)

  22. #endif

  23. 

  24. /** @brief Bytes in a field element */

  25. #define FIELD_BYTES          (1+(FIELD_BITS-1)/8)

  26. 

  27. /** @brief Words in a field element */

  28. #define FIELD_WORDS          (1+(FIELD_BITS-1)/sizeof(word_t))

  29. 

  30. /* TODO: standardize notation */

  31. /** @brief The number of words in the Goldilocks field. */

  32. #define GOLDI_FIELD_WORDS DIV_CEIL(FIELD_BITS,WORD_BITS)

  33. 

  34. /** @brief The number of bits in the Goldilocks curve's cofactor (cofactor=4). */

  35. #define COFACTOR_BITS 2

  36. 

  37. /** @brief The number of bits in a Goldilocks scalar. */

  38. #define SCALAR_BITS (FIELD_BITS - COFACTOR_BITS)

  39. 

  40. /** @brief The number of bytes in a Goldilocks scalar. */

  41. #define SCALAR_BYTES (1+(SCALAR_BITS)/8)

  42. 

  43. /** @brief The number of words in the Goldilocks field. */

  44. #define SCALAR_WORDS WORDS_FOR_BITS(SCALAR_BITS)

  45. 

  46. /**

  47.  * @brief For GMP tests: little-endian representation of the field modulus.

  48.  */

  49. extern const uint8_t FIELD_MODULUS[FIELD_BYTES];

  50. 

  51. /**

  52.  * Copy one field element to another.

  53.  */

  54. static inline void

  55. __attribute__((unused,always_inline))        

  56. field_copy (

  57.     struct field_t *__restrict__ a,

  58.     const struct field_t *__restrict__ b

  59. ) {

  60.     memcpy(a,b,sizeof(*a));

  61. }

  62. 

  63. /**

  64.  * Returns 1/sqrt(+- x).

  65.  * 

  66.  * The Legendre symbol of the result is the same as that of the

  67.  * input.

  68.  * 

  69.  * If x=0, returns 0.

  70.  */

  71. void

  72. field_isr (

  73.     struct field_t*       a,

  74.     const struct field_t* x

  75. );

  76.     

  77. /**

  78.  * Batch inverts out[i] = 1/in[i]

  79.  * 

  80.  * If any input is zero, all the outputs will be zero.

  81.  */     

  82. void

  83. field_simultaneous_invert (

  84.     struct field_t *__restrict__ out,

  85.     const struct field_t *in,

  86.     unsigned int n

  87. );

  88. 

  89. /**

  90.  * Returns 1/x.

  91.  * 

  92.  * If x=0, returns 0.

  93.  */

  94. void

  95. field_inverse (

  96.     struct field_t*       a,

  97.     const struct field_t* x

  98. );

  99. 

  100. /**

  101.  * Returns -1 if a==b, 0 otherwise.

  102.  */

  103. mask_t

  104. field_eq (

  105.     const struct field_t *a,

  106.     const struct field_t *b

  107. );

  108.     

  109. /**

  110.  * Square x, n times.

  111.  */

  112. static __inline__ void

  113. __attribute__((unused,always_inline))

  114. field_sqrn (

  115.     field_t *__restrict__ y,

  116.     const field_t *x,

  117.     int n

  118. ) {

  119.     field_t tmp;

  120.     assert(n>0);

  121.     if (n&1) {

  122.         field_sqr(y,x);

  123.         n--;

  124.     } else {

  125.         field_sqr(&tmp,x);

  126.         field_sqr(y,&tmp);

  127.         n-=2;

  128.     }

  129.     for (; n; n-=2) {

  130.         field_sqr(&tmp,y);

  131.         field_sqr(y,&tmp);

  132.     }

  133. }

  134. 

  135. static __inline__ mask_t

  136. __attribute__((unused,always_inline))

  137. field_low_bit (const struct field_t *f) {

  138.     struct field_t red;

  139.     field_copy(&red,f);

  140.     field_strong_reduce(&red);

  141.     return -(1&red.limb[0]);

  142. }

  143. 

  144. static __inline__ mask_t

  145. __attribute__((unused,always_inline))

  146. field_make_nonzero (struct field_t *f) {

  147.     mask_t z = field_is_zero(f);

  148.     field_addw( f, -z );

  149.     return z;

  150. }

  151. 

  152. /* Multiply by signed curve constant */

  153. static __inline__ void

  154. field_mulw_scc (

  155.     struct field_t* __restrict__ out,

  156.     const struct field_t *a,

  157.     int64_t scc

  158. ) {

  159.     if (scc >= 0) {

  160.         field_mulw(out, a, scc);

  161.     } else {

  162.         field_mulw(out, a, -scc);

  163.         field_neg_RAW(out,out);

  164.         field_bias(out,2);

  165.     }

  166. }

  167. 

  168. /* Multiply by signed curve constant and weak reduce if biased */

  169. static __inline__ void

  170. field_mulw_scc_wr (

  171.     struct field_t* __restrict__ out,

  172.     const struct field_t *a,

  173.     int64_t scc

  174. ) {

  175.     field_mulw_scc(out, a, scc);

  176.     if (scc < 0)

  177.         field_weak_reduce(out);

  178. }

  179. 

  180. static __inline__ void

  181. field_subx_RAW (

  182.     struct field_t *d,

  183.     const struct field_t *a,

  184.     const struct field_t *b

  185. ) {

  186.     field_sub_RAW ( d, a, b );

  187.     field_bias( d, 2 );

  188.     IF32( field_weak_reduce ( d ) );

  189. }

  190. 

  191. static __inline__ void

  192. field_sub (

  193.     struct field_t *d,

  194.     const struct field_t *a,

  195.     const struct field_t *b

  196. ) {

  197.     field_sub_RAW ( d, a, b );

  198.     field_bias( d, 2 );

  199.     field_weak_reduce ( d );

  200. }

  201. 

  202. static __inline__ void

  203. field_add (

  204.     struct field_t *d,

  205.     const struct field_t *a,

  206.     const struct field_t *b

  207. ) {

  208.     field_add_RAW ( d, a, b );

  209.     field_weak_reduce ( d );

  210. }

  211. 

  212. static __inline__ void

  213. field_subw (

  214.     struct field_t *d,

  215.     word_t c

  216. ) {

  217.     field_subw_RAW ( d, c );

  218.     field_bias( d, 1 );

  219.     field_weak_reduce ( d );

  220. }

  221. 

  222. static __inline__ void

  223. field_negx (

  224.     struct field_t *d,

  225.     const struct field_t *a

  226. ) {

  227.     field_neg_RAW ( d, a );

  228.     field_bias( d, 2 );

  229.     field_weak_reduce ( d );

  230. }

  231. 

  232. /**

  233.  * Negate a in place if doNegate.

  234.  */

  235. static inline void

  236. __attribute__((unused,always_inline)) 

  237. field_cond_neg (

  238.     field_t *a,

  239.     mask_t doNegate

  240. ) {

  241. 	struct field_t negated;

  242.     field_negx(&negated, a);

  243. 	constant_time_select(a, &negated, a, sizeof(negated), doNegate);

  244. }

  245. 

  246. /** Require the warning annotation on raw routines */

  247. #define ANALYZE_THIS_ROUTINE_CAREFULLY const int ANNOTATE___ANALYZE_THIS_ROUTINE_CAREFULLY = 0;

  248. #define MUST_BE_CAREFUL (void) ANNOTATE___ANALYZE_THIS_ROUTINE_CAREFULLY

  249. #define field_add_nr(a,b,c) { MUST_BE_CAREFUL; field_add_RAW(a,b,c); }

  250. #define field_sub_nr(a,b,c) { MUST_BE_CAREFUL; field_sub_RAW(a,b,c); }

  251. #define field_subx_nr(a,b,c) { MUST_BE_CAREFUL; field_subx_RAW(a,b,c); }

  252. 

  253. #endif // __FIELD_H__