[secp256k1.git] / src / modinv64.h

/***********************************************************************
 * Copyright (c) 2020 Peter Dettman                                    *
 * Distributed under the MIT software license, see the accompanying    *
 * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
 **********************************************************************/

#ifndef SECP256K1_MODINV64_H
#define SECP256K1_MODINV64_H

#if defined HAVE_CONFIG_H
#include "libsecp256k1-config.h"
#endif

#include "util.h"

#ifndef SECP256K1_WIDEMUL_INT128
#error "modinv64 requires 128-bit wide multiplication support"
#endif

/* A signed 62-bit limb representation of integers.
 *
 * Its value is sum(v[i] * 2^(62*i), i=0..4). */
typedef struct {
    int64_t v[5];
} secp256k1_modinv64_signed62;

typedef struct {
    /* The modulus in signed62 notation, must be odd and in [3, 2^256]. */
    secp256k1_modinv64_signed62 modulus;

    /* modulus^{-1} mod 2^62 */
    uint64_t modulus_inv62;
} secp256k1_modinv64_modinfo;

/* Replace x with its modular inverse mod modinfo->modulus. x must be in range [0, modulus).
 * If x is zero, the result will be zero as well. If not, the inverse must exist (i.e., the gcd of
 * x and modulus must be 1). These rules are automatically satisfied if the modulus is prime.
 *
 * On output, all of x's limbs will be in [0, 2^62).
 */
static void secp256k1_modinv64_var(secp256k1_modinv64_signed62 *x, const secp256k1_modinv64_modinfo *modinfo);

/* Same as secp256k1_modinv64_var, but constant time in x (not in the modulus). */
static void secp256k1_modinv64(secp256k1_modinv64_signed62 *x, const secp256k1_modinv64_modinfo *modinfo);

#endif /* SECP256K1_MODINV64_H */
Commit	Line	Data
8e415acb PD	1	/***********************************************************************
	2	* Copyright (c) 2020 Peter Dettman *
	3	* Distributed under the MIT software license, see the accompanying *
	4	* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
	5	**********************************************************************/
	6
	7	#ifndef SECP256K1_MODINV64_H
	8	#define SECP256K1_MODINV64_H
	9
	10	#if defined HAVE_CONFIG_H
	11	#include "libsecp256k1-config.h"
	12	#endif
	13
	14	#include "util.h"
	15
	16	#ifndef SECP256K1_WIDEMUL_INT128
	17	#error "modinv64 requires 128-bit wide multiplication support"
	18	#endif
	19
d8a92fcc PW	20	/* A signed 62-bit limb representation of integers.
	21	*
	22	* Its value is sum(v[i] * 2^(62i), i=0..4). /
8e415acb PD	23	typedef struct {
	24	int64_t v[5];
	25	} secp256k1_modinv64_signed62;
	26
	27	typedef struct {
d8a92fcc	28	/* The modulus in signed62 notation, must be odd and in [3, 2^256]. */
8e415acb PD	29	secp256k1_modinv64_signed62 modulus;
	30
	31	/* modulus^{-1} mod 2^62 */
	32	uint64_t modulus_inv62;
	33	} secp256k1_modinv64_modinfo;
	34
d8a92fcc PW	35	/* Replace x with its modular inverse mod modinfo->modulus. x must be in range [0, modulus).
	36	* If x is zero, the result will be zero as well. If not, the inverse must exist (i.e., the gcd of
	37	* x and modulus must be 1). These rules are automatically satisfied if the modulus is prime.
	38	*
	39	* On output, all of x's limbs will be in [0, 2^62).
	40	*/
8e415acb PD	41	static void secp256k1_modinv64_var(secp256k1_modinv64_signed62 x, const secp256k1_modinv64_modinfo modinfo);
8e415acb PD	42
d8a92fcc PW	43	/* Same as secp256k1_modinv64_var, but constant time in x (not in the modulus). */
	44	static void secp256k1_modinv64(secp256k1_modinv64_signed62 x, const secp256k1_modinv64_modinfo modinfo);
	45
8e415acb	46	#endif /* SECP256K1_MODINV64_H */