Struct curve25519_dalek::scalar::Scalar

pub struct Scalar(pub [u8; 32]);

The Scalar struct represents an element in ℤ/lℤ, where

l = 2²⁵² + 27742317777372353535851937790883648493

is the order of the basepoint. The Scalar is stored as bytes.

Methods

impl Scalar

fn random<T: Rng>(rng: &mut T) -> Self

Return a Scalar chosen uniformly at random using a user-provided RNG.

Inputs

• rng: any RNG which implements the rand::Rng interface.

Returns

A random scalar within ℤ/lℤ.

fn hash_from_bytes<D>(input: &[u8]) -> Scalar where
    D: Digest<OutputSize = U64> + Default, 

Hash a slice of bytes into a scalar.

Takes a type parameter D, which is any Digest producing 64 bytes (512 bits) of output.

Convenience wrapper around from_hash.

Example

extern crate sha2;
use sha2::Sha512;

let msg = "To really appreciate architecture, you may even need to commit a murder";
let s = Scalar::hash_from_bytes::<Sha512>(msg.as_bytes());

fn from_hash<D>(hash: D) -> Scalar where
    D: Digest<OutputSize = U64> + Default, 

Construct a scalar from an existing Digest instance.

Use this instead of hash_from_bytes if it is more convenient to stream data into the Digest than to pass a single byte slice.

fn as_bytes(&self) -> &[u8; 32]

View this Scalar as a sequence of bytes.

fn zero() -> Self

Construct the additive identity

fn one() -> Self

Construct the multiplicative identity

fn from_u64(x: u64) -> Scalar

Construct a scalar from the given u64.

fn invert(&self) -> Scalar

Compute the multiplicative inverse of this scalar.

fn bits(&self) -> [i8; 256]

Get the bits of the scalar.

fn non_adjacent_form(&self) -> [i8; 256]

Compute a width-5 "Non-Adjacent Form" of this scalar.

A width-w NAF of a positive integer k is an expression k = sum(k[i]*2^i for i in range(l)), where each nonzero coefficient k[i] is odd and bounded by |k[i]| < 2^(w-1), k[l-1] is nonzero, and at most one of any w consecutive coefficients is nonzero. (Hankerson, Menezes, Vanstone; def 3.32).

Intuitively, this is like a binary expansion, except that we allow some coefficients to grow up to 2^(w-1) so that the nonzero coefficients are as sparse as possible.

fn to_radix_16(&self) -> [i8; 64]

Write this scalar in radix 16, with coefficients in [-8,8), i.e., compute a_i such that

a = a_0 + a_1*16¹ + ... + a_63*16^63,

with -8 ≤ a_i < 8 for 0 ≤ i < 63 and -8 ≤ a_63 ≤ 8.

Precondition: self[31] <= 127. This is the case whenever self is reduced.

fn unpack(&self) -> Scalar32

Unpack this Scalar to an UnpackedScalar

fn add(a: &Scalar, b: &Scalar) -> Scalar

Compute a + b (mod l)

fn sub(a: &Scalar, b: &Scalar) -> Scalar

Compute a - b (mod l).

fn mul(a: &Scalar, b: &Scalar) -> Scalar

Compute a * b (mod l).

fn multiply_add(a: &Scalar, b: &Scalar, c: &Scalar) -> Scalar

Compute (a * b) + c (mod l).

fn reduce(input: &[u8; 64]) -> Scalar

Reduce a 512-bit little endian number mod l

Trait Implementations

impl Copy for Scalar

impl Clone for Scalar

fn clone(&self) -> Scalar

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Scalar

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl Eq for Scalar

impl PartialEq for Scalar

fn eq(&self, other: &Self) -> bool

Test equality between two Scalars.

Warning

This function is not guaranteed to be constant time and should only be used for debugging purposes.

Returns

True if they are equal, and false otherwise.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=.

impl Equal for Scalar

fn ct_eq(&self, other: &Self) -> u8

Test equality between two Scalars in constant time.

Returns

1u8 if they are equal, and 0u8 otherwise.

impl Index<usize> for Scalar

type Output = u8

The returned type after indexing.

fn index(&self, _index: usize) -> &u8

Performs the indexing (container[index]) operation.

impl IndexMut<usize> for Scalar

fn index_mut(&mut self, _index: usize) -> &mut u8

Performs the mutable indexing (container[index]) operation.

impl<'b> MulAssign<&'b Scalar> for Scalar

fn mul_assign(&mut self, _rhs: &'b Scalar)

Performs the *= operation.

impl<'a, 'b> Mul<&'b Scalar> for &'a Scalar

type Output = Scalar

The resulting type after applying the * operator.

fn mul(self, _rhs: &'b Scalar) -> Scalar

Performs the * operation.

impl<'b> AddAssign<&'b Scalar> for Scalar

fn add_assign(&mut self, _rhs: &'b Scalar)

Performs the += operation.

impl<'a, 'b> Add<&'b Scalar> for &'a Scalar

type Output = Scalar

The resulting type after applying the + operator.

fn add(self, _rhs: &'b Scalar) -> Scalar

Performs the + operation.

impl<'b> SubAssign<&'b Scalar> for Scalar

fn sub_assign(&mut self, _rhs: &'b Scalar)

Performs the -= operation.

impl<'a, 'b> Sub<&'b Scalar> for &'a Scalar

type Output = Scalar

The resulting type after applying the - operator.

fn sub(self, _rhs: &'b Scalar) -> Scalar

Performs the - operation.

impl<'a> Neg for &'a Scalar

type Output = Scalar

The resulting type after applying the - operator.

fn neg(self) -> Scalar

Performs the unary - operation.

impl ConditionallyAssignable for Scalar

fn conditional_assign(&mut self, other: &Scalar, choice: u8)

Conditionally assign another Scalar to this one.

let a = Scalar([0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
                0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]);
let b = Scalar([1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
                1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]);
let mut t = a;
t.conditional_assign(&b, 0u8);
assert!(t[0] == a[0]);
t.conditional_assign(&b, 1u8);
assert!(t[0] == b[0]);

Preconditions

• choice in {0,1}

impl<'a, 'b> Mul<&'b ExtendedPoint> for &'a Scalar

type Output = ExtendedPoint

The resulting type after applying the * operator.

fn mul(self, point: &'b ExtendedPoint) -> ExtendedPoint

Scalar multiplication: compute self * point.

Uses a window of size 4. Note: for scalar multiplication of the basepoint, basepoint_mult is approximately 4x faster.

impl<'a, 'b> Mul<&'a EdwardsBasepointTable> for &'b Scalar

type Output = ExtendedPoint

The resulting type after applying the * operator.

fn mul(self, basepoint_table: &'a EdwardsBasepointTable) -> ExtendedPoint

Construct an ExtendedPoint by via this Scalar times a the basepoint, B included in a precomputed basepoint_table.

Precondition: this scalar must be reduced.

The computation proceeds as follows, as described on page 13 of the Ed25519 paper. Write this scalar a in radix 16 with coefficients in [-8,8), i.e.,

a = a_0 + a_1*16¹ + ... + a_63*16^63,

with -8 ≤ a_i < 8. Then

a*B = a_0*B + a_1*16^1*B + ... + a_63*16^63*B.

Grouping even and odd coefficients gives

a*B = a_0*16^0*B + a_2*16^2*B + ... + a_62*16^62*B + a_1*16^1*B + a_3*16^3*B + ... + a_63*16^63*B = (a_0*16^0*B + a_2*16^2*B + ... + a_62*16^62*B) + 16*(a_1*16^0*B + a_3*16^2*B + ... + a_63*16^62*B).

We then use the select_precomputed_point function, which takes -8 ≤ x < 8 and [16^2i * B, ..., 8 * 16^2i * B], and returns x * 16^2i * B in constant time.

impl<'a, 'b> Mul<&'b MontgomeryPoint> for &'a Scalar

type Output = MontgomeryPoint

The resulting type after applying the * operator.

fn mul(self, point: &'b MontgomeryPoint) -> MontgomeryPoint

Performs the * operation.