[−][src]Module fiat_crypto::secp256k1_64
Autogenerated: src/ExtractionOCaml/word_by_word_montgomery --lang=Rust secp256k1 '2^256 - 2^32 - 977' 64 mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes curve description: secp256k1 requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes m = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f (from "2^256 - 2^32 - 977") machine_wordsize = 64 (from "64")
NOTE: In addition to the bounds specified above each function, all
functions synthesized for this Montgomery arithmetic require the
input to be strictly less than the prime modulus (m), and also
require the input to be in the unique saturated representation.
All functions also ensure that these two properties are true of
return values.
Functions
| fiat_secp256k1_mul | The function fiat_secp256k1_mul multiplies two field elements in the Montgomery domain. Preconditions: 0 ≤ eval arg1 < m 0 ≤ eval arg2 < m Postconditions: eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m 0 ≤ eval out1 < m |
| fiat_secp256k1_square | The function fiat_secp256k1_square squares a field element in the Montgomery domain. Preconditions: 0 ≤ eval arg1 < m Postconditions: eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m 0 ≤ eval out1 < m |
| fiat_secp256k1_add | The function fiat_secp256k1_add adds two field elements in the Montgomery domain. Preconditions: 0 ≤ eval arg1 < m 0 ≤ eval arg2 < m Postconditions: eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m 0 ≤ eval out1 < m |
| fiat_secp256k1_sub | The function fiat_secp256k1_sub subtracts two field elements in the Montgomery domain. Preconditions: 0 ≤ eval arg1 < m 0 ≤ eval arg2 < m Postconditions: eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m 0 ≤ eval out1 < m |
| fiat_secp256k1_opp | The function fiat_secp256k1_opp negates a field element in the Montgomery domain. Preconditions: 0 ≤ eval arg1 < m Postconditions: eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m 0 ≤ eval out1 < m |
| fiat_secp256k1_from_montgomery | The function fiat_secp256k1_from_montgomery translates a field element out of the Montgomery domain. Preconditions: 0 ≤ eval arg1 < m Postconditions: eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m 0 ≤ eval out1 < m |
| fiat_secp256k1_to_montgomery | The function fiat_secp256k1_to_montgomery translates a field element into the Montgomery domain. Preconditions: 0 ≤ eval arg1 < m Postconditions: eval (from_montgomery out1) mod m = eval arg1 mod m 0 ≤ eval out1 < m |
| fiat_secp256k1_nonzero | The function fiat_secp256k1_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. Preconditions: 0 ≤ eval arg1 < m Postconditions: out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 |
| fiat_secp256k1_selectznz | The function fiat_secp256k1_selectznz is a multi-limb conditional select. Postconditions: eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) |
| fiat_secp256k1_to_bytes | The function fiat_secp256k1_to_bytes serializes a field element in the Montgomery domain to bytes in little-endian order. Preconditions: 0 ≤ eval arg1 < m Postconditions: out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] |
| fiat_secp256k1_from_bytes | The function fiat_secp256k1_from_bytes deserializes a field element in the Montgomery domain from bytes in little-endian order. Preconditions: 0 ≤ bytes_eval arg1 < m Postconditions: eval out1 mod m = bytes_eval arg1 mod m 0 ≤ eval out1 < m |
| fiat_secp256k1_addcarryx_u64 | The function fiat_secp256k1_addcarryx_u64 is an addition with carry. Postconditions: out1 = (arg1 + arg2 + arg3) mod 2^64 out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ |
| fiat_secp256k1_cmovznz_u64 | The function fiat_secp256k1_cmovznz_u64 is a single-word conditional move. Postconditions: out1 = (if arg1 = 0 then arg2 else arg3) |
| fiat_secp256k1_mulx_u64 | The function fiat_secp256k1_mulx_u64 is a multiplication, returning the full double-width result. Postconditions: out1 = (arg1 * arg2) mod 2^64 out2 = ⌊arg1 * arg2 / 2^64⌋ |
| fiat_secp256k1_subborrowx_u64 | The function fiat_secp256k1_subborrowx_u64 is a subtraction with borrow. Postconditions: out1 = (-arg1 + arg2 + -arg3) mod 2^64 out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ |
Type Definitions
| fiat_secp256k1_i1 | |
| fiat_secp256k1_i2 | |
| fiat_secp256k1_u1 | |
| fiat_secp256k1_u2 |