| Copyright | (c) 2025 Jared Tobin |
|---|---|
| License | MIT |
| Maintainer | Jared Tobin <jared@ppad.tech> |
| Safe Haskell | None |
| Language | Haskell2010 |
Numeric.Montgomery.Secp256k1.Curve
Description
Montgomery form Wider words, as well as arithmetic operations, with
domain derived from the secp256k1 elliptic curve field prime.
Synopsis
- data Montgomery = Montgomery !Limb4
- render :: Montgomery -> String
- to :: Wider -> Montgomery
- from :: Montgomery -> Wider
- zero :: Montgomery
- one :: Montgomery
- eq :: Montgomery -> Montgomery -> Choice
- eq_vartime :: Montgomery -> Montgomery -> Bool
- redc :: Montgomery -> Montgomery -> Montgomery
- redc# :: Limb4 -> Limb4 -> Limb4
- retr :: Montgomery -> Wider
- retr# :: Limb4 -> Limb4
- select :: Montgomery -> Montgomery -> Choice -> Montgomery
- select# :: Limb4 -> Limb4 -> Choice -> Limb4
- add :: Montgomery -> Montgomery -> Montgomery
- add# :: Limb4 -> Limb4 -> Limb4
- sub :: Montgomery -> Montgomery -> Montgomery
- sub# :: Limb4 -> Limb4 -> Limb4
- mul :: Montgomery -> Montgomery -> Montgomery
- mul# :: Limb4 -> Limb4 -> Limb4
- sqr :: Montgomery -> Montgomery
- sqr# :: Limb4 -> Limb4
- neg :: Montgomery -> Montgomery
- neg# :: Limb4 -> Limb4
- inv :: Montgomery -> Montgomery
- inv# :: Limb4 -> Limb4
- sqrt_vartime :: Montgomery -> Maybe Montgomery
- sqrt# :: Limb4 -> (# Limb4, Choice #)
- exp :: Montgomery -> Wider -> Montgomery
- exp# :: Limb4 -> Limb4 -> Limb4
- odd# :: Limb4 -> Choice
- odd_vartime :: Montgomery -> Bool
Montgomery form, secp256k1 field prime modulus
data Montgomery Source #
Montgomery-form Wider words, on the Montgomery domain defined by
the secp256k1 field prime.
>>>let one = 1 :: Montgomery>>>one1>>>putStrLn (render one)(4294968273, 0, 0, 0)
Constructors
| Montgomery !Limb4 |
Instances
| Num Montgomery Source # | Note that |
Defined in Numeric.Montgomery.Secp256k1.Curve Methods (+) :: Montgomery -> Montgomery -> Montgomery # (-) :: Montgomery -> Montgomery -> Montgomery # (*) :: Montgomery -> Montgomery -> Montgomery # negate :: Montgomery -> Montgomery # abs :: Montgomery -> Montgomery # signum :: Montgomery -> Montgomery # fromInteger :: Integer -> Montgomery # | |
| Show Montgomery Source # | |
Defined in Numeric.Montgomery.Secp256k1.Curve Methods showsPrec :: Int -> Montgomery -> ShowS # show :: Montgomery -> String # showList :: [Montgomery] -> ShowS # | |
| NFData Montgomery Source # | |
Defined in Numeric.Montgomery.Secp256k1.Curve Methods rnf :: Montgomery -> () # | |
render :: Montgomery -> String Source #
Render a Montgomery value as a String, showing its individual
Limbs.
>>>putStrLn (render 1)(4294968273, 0, 0, 0)
from :: Montgomery -> Wider Source #
Retrieve a Montgomery word from the Montgomery domain.
This function is a synonym for retr.
zero :: Montgomery Source #
Zero (the additive unit) in the Montgomery domain.
one :: Montgomery Source #
One (the multiplicative unit) in the Montgomery domain.
Comparison
eq :: Montgomery -> Montgomery -> Choice Source #
Constant-time equality comparison.
eq_vartime :: Montgomery -> Montgomery -> Bool Source #
Variable-time equality comparison.
Reduction and retrieval
Arguments
| :: Montgomery | low wider-word, Montgomery form |
| -> Montgomery | high wider-word, Montgomery form |
| -> Montgomery | reduced value |
Montgomery reduction.
The first argument represents the low words, and the second the high words, of an extra-large eight-limb word in Montgomery form.
Arguments
| :: Montgomery | value in montgomery form |
| -> Wider | retrieved value |
Retrieve a Montgomery value from the Montgomery domain, producing
a Wider word.
Constant-time selection
Arguments
| :: Montgomery | a |
| -> Montgomery | b |
| -> Choice | c |
| -> Montgomery | result |
Return a if c is truthy, otherwise return b.
>>>import qualified Data.Choice as C>>>select 0 1 (C.true# ())1
Montgomery arithmetic
add :: Montgomery -> Montgomery -> Montgomery Source #
Addition in the Montgomery domain.
Note that Montgomery is an instance of Num, so you can use +
to apply this function.
>>>1 + 1 :: Montgomery2
sub :: Montgomery -> Montgomery -> Montgomery Source #
Subtraction in the Montgomery domain.
Note that Montgomery is an instance of Num, so you can use -
to apply this function.
>>>1 - 1 :: Montgomery0
Arguments
| :: Montgomery | multiplicand in montgomery form |
| -> Montgomery | multiplier in montgomery form |
| -> Montgomery | montgomery product |
Multiplication in the Montgomery domain.
Note that Montgomery is an instance of Num, so you can use *
to apply this function.
>>>1 * 1 :: Montgomery1
sqr :: Montgomery -> Montgomery Source #
Squaring in the Montgomery domain.
>>>sqr 11>>>sqr 24>>>sqr (negate 2)4
neg :: Montgomery -> Montgomery Source #
Additive inverse in the Montgomery domain.
Note that Montgomery is an instance of Num, so you can use negate
to apply this function.
>>>negate 1 :: Montgomery115792089237316195423570985008687907853269984665640564039457584007908834671662>>>(negate 1 :: Montgomery) + 10
inv :: Montgomery -> Montgomery Source #
Multiplicative inverse in the Montgomery domain.
> inv 2
57896044618658097711785492504343953926634992332820282019728792003954417335832 >> inv 2 * 2 1
sqrt_vartime :: Montgomery -> Maybe Montgomery Source #
Square root (Tonelli-Shanks) in the Montgomery domain.
Returns Nothing if the square root doesn't exist.
Note that the square root calculation itself is performed in
constant time; we branch only when casting to Maybe at the end.
>>>sqrt_vartime 4Just 2>>>sqrt_vartime 15Just 69211104694897500952317515077652022726490027694212560352756646854116994689233>>>(*) <$> sqrt_vartime 15 <*> sqrt_vartime 15Just 15
exp :: Montgomery -> Wider -> Montgomery Source #
Exponentiation in the Montgomery domain.
>>>exp 2 38>>>exp 2 101024
odd_vartime :: Montgomery -> Bool Source #
Check if a Montgomery value is odd.
Note that the comparison is performed in constant time, but we
branch when converting to Bool.
>>>odd 1True>>>odd 2False>>>Data.Word.Wider.odd (retr 3) -- parity is preservedTrue