Available on
curve25519_dalek_bits="32" only.Expand description
Arithmetic mod 2^252 + 27742317777372353535851937790883648493 with 9 29-bit unsigned limbs
To see that this is safe for intermediate results, note that the largest limb in a 9 by 9 product of 29-bit limbs will be (0x1fffffff^2) * 9 = 0x23fffffdc0000009 (62 bits).
For a one level Karatsuba decomposition, the specific ranges depend on how the limbs are combined, but will stay within -0x1ffffffe00000008 (62 bits with sign bit) to 0x43fffffbc0000011 (63 bits), which is still safe.
Structs
- The
Scalar29struct represents an element in \(\mathbb{Z} / \ell\mathbb{Z}\) as 9 29-bit limbs