Struct curve25519_dalek::scalar::Scalar

pub struct Scalar(pub [u8; 32]);

The Scalar struct represents an element in ℤ/lℤ, where

l = 2²⁵² + 27742317777372353535851937790883648493

is the order of the basepoint. The Scalar is stored as bytes.

Methods

impl Scalar

fn random<T: Rng>(csprng: &mut T) -> Self

Return a Scalar chosen uniformly at random using a CSPRNG. Panics if the operating system's CSPRNG is unavailable.

Inputs

• cspring: any cryptographically secure PRNG which implements the rand::Rng interface.

Returns

A random scalar within ℤ/lℤ.

fn zero() -> Self

Construct the additive identity

fn one() -> Self

Construct the multiplicative identity

fn non_adjacent_form(&self) -> [i8; 256]

Compute a width-5 "Non-Adjacent Form" of this scalar.

A width-w NAF of a positive integer k is an expression k = sum(k[i]*2^i for i in range(l)), where each nonzero coefficient k[i] is odd and bounded by |k[i]| < 2^(w-1), k[l-1] is nonzero, and at most one of any w consecutive coefficients is nonzero. (Hankerson, Menezes, Vanstone; def 3.32).

Intuitively, this is like a binary expansion, except that we allow some coefficients to grow up to 2^(w-1) so that the nonzero coefficients are as sparse as possible.

fn to_radix_16(&self) -> [i8; 64]

Write this scalar in radix 16, with coefficients in [-8,8), i.e., compute a_i such that

a = a_0 + a_1*16¹ + ... + a_63*16^63,

with -8 ≤ a_i < 8 for 0 ≤ i < 63 and -8 ≤ a_63 ≤ 8.

Precondition: self[31] <= 127. This is the case whenever self is reduced.

fn multiply_add(a: &Scalar, b: &Scalar, c: &Scalar) -> Scalar

Compute ab+c (mod l). XXX should this exist, or should we just have Mul, Add etc impls that unpack and then call UnpackedScalar::multiply_add ?

fn reduce(input: &[u8; 64]) -> Scalar

Reduce a 512-bit little endian number mod l

Trait Implementations

impl Copy for Scalar

impl Clone for Scalar

fn clone(&self) -> Scalar

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Eq for Scalar

impl PartialEq for Scalar

fn eq(&self, other: &Self) -> bool

Test equality between two Scalars.

Warning

This function is not guaranteed to be constant time and should only be used for debugging purposes.

Returns

True if they are equal, and false otherwise.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=.

impl CTEq for Scalar

fn ct_eq(&self, other: &Self) -> u8

Test equality between two Scalars in constant time.

Returns

1u8 if they are equal, and 0u8 otherwise.

impl Index<usize> for Scalar

type Output = u8

The returned type after indexing

fn index<'a>(&'a self, _index: usize) -> &'a u8

The method for the indexing (container[index]) operation

impl IndexMut<usize> for Scalar

fn index_mut<'a>(&'a mut self, _index: usize) -> &'a mut u8

The method for the mutable indexing (container[index]) operation

impl Neg for Scalar

type Output = Scalar

The resulting type after applying the - operator

fn neg(self) -> Scalar

Negate this scalar by computing (l - 1) * self - 0 (mod l).

impl CTAssignable for Scalar

fn conditional_assign(&mut self, other: &Scalar, choice: u8)

Conditionally assign another Scalar to this one.

let a = Scalar([0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
                0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]);
let b = Scalar([1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
                1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]);
let mut t = a;
t.conditional_assign(&b, 0u8);
assert!(t[0] == a[0]);
t.conditional_assign(&b, 1u8);
assert!(t[0] == b[0]);

Preconditions

• choice in {0,1}