Botan::Gf448Elem Class Reference

#include <curve448_gf.h>

Public Member Functions
void	ct_cond_assign (bool b, const Gf448Elem &other)
	Set this to other if b is true. Constant time for any b.
void	ct_cond_swap (bool b, Gf448Elem &other)
	Swap this and other if b == true. Constant time for any b.
	Gf448Elem (std::span< const uint64_t, WORDS_448 > data)
	Construct a GF element from a 448-bit integer gives as 7 uint64_t words x in little-endian order.
	Gf448Elem (std::span< const uint8_t, BYTES_448 > x)
	Construct a GF element from a 448-bit integer gives as 56 bytes x in little-endian order.
	Gf448Elem (uint64_t least_sig_word)
	Construct a GF element by passing the least significant 64 bits as a word. All other become zero.
bool	is_odd () const
	Return true iff this element is odd. Constant time.
bool	is_zero () const
	Return true iff this element is zero. Constant time.
bool	operator!= (const Gf448Elem &other) const =default
Gf448Elem	operator* (const Gf448Elem &other) const
Gf448Elem	operator+ (const Gf448Elem &other) const
Gf448Elem	operator- () const
Gf448Elem	operator- (const Gf448Elem &other) const
Gf448Elem	operator/ (const Gf448Elem &other) const
bool	operator== (const Gf448Elem &other) const
std::array< uint8_t, BYTES_448 >	to_bytes () const
	Return the canonical representation of the GF element as 56 bytes in little-endian order.
void	to_bytes (std::span< uint8_t, BYTES_448 > out) const
	Store the canonical representation of the GF element as 56 bytes in little-endian order.
std::span< uint64_t, WORDS_448 >	words ()
	Accessor to the internal words of the GF element.
std::span< const uint64_t, WORDS_448 >	words () const
	Constant accessor to the internal words of the GF element.

Static Public Member Functions
static bool	bytes_are_canonical_representation (std::span< const uint8_t, BYTES_448 > x)
	Given 56 bytes, checks that the (little endian) number from this bytes is a valid GF element, i.e. is smaller than the prime modulus.

Detailed Description

This class represents a GF element in the field GF(2^448 - 2^224 - 1). Computations are performed using optimized operations as defined in the paper: "Reduction Modulo 2^448 - 2^224 - 1" by Kaushik Nath and Palash Sarkar (https://eprint.iacr.org/2019/1304).

The representation of the field element is a 448-bit uint, stored in little-endian order as 7*64bit words. Note that the internal representation is not necessarily canonical, i.e. the value might be larger than the prime modulus. When calling the to_bytes() method, the canonical representation is returned.

Definition at line 35 of file curve448_gf.h.

Constructor & Destructor Documentation

Gf448Elem() [1/3]

Botan::Gf448Elem::Gf448Elem

(

std::span< const uint8_t, BYTES_448 >

x

)

Construct a GF element from a 448-bit integer gives as 56 bytes x in little-endian order.

Definition at line 265 of file curve448_gf.cpp.

                                                        {
   load_le(m_x, x);
}

References Botan::load_le().

Gf448Elem() [2/3]

Botan::Gf448Elem::Gf448Elem ( std::span< const uint64_t, WORDS_448 > data )

inline

Construct a GF element from a 448-bit integer gives as 7 uint64_t words x in little-endian order.

Definition at line 47 of file curve448_gf.h.

{ copy_mem(m_x, data); }

References Botan::copy_mem().

Gf448Elem() [3/3]

Botan::Gf448Elem::Gf448Elem

(

uint64_t

least_sig_word

)

Construct a GF element by passing the least significant 64 bits as a word. All other become zero.

Definition at line 269 of file curve448_gf.cpp.

                                            {
   clear_mem(m_x);
   m_x[0] = least_sig_word;
}

References Botan::clear_mem().

Member Function Documentation

bytes_are_canonical_representation()

bool Botan::Gf448Elem::bytes_are_canonical_representation ( std::span< const uint8_t, BYTES_448 > x )

static

Given 56 bytes, checks that the (little endian) number from this bytes is a valid GF element, i.e. is smaller than the prime modulus.

Definition at line 342 of file curve448_gf.cpp.

                                                                                      {
   const auto x_words = load_le<std::array<uint64_t, WORDS_448>>(x);
   const auto x_words_canonical = to_canonical(x_words);
   return CT::is_equal(x_words.data(), x_words_canonical.data(), WORDS_448).as_bool();
}

References Botan::CT::is_equal(), and Botan::WORDS_448.

Referenced by Botan::Ed448Point::decode().

ct_cond_assign()

void Botan::Gf448Elem::ct_cond_assign	(	bool	b,
		const Gf448Elem &	other )

Set this to other if b is true. Constant time for any b.

Definition at line 290 of file curve448_gf.cpp.

                                                             {
   CT::conditional_assign_mem(static_cast<uint64_t>(b), m_x.data(), other.m_x.data(), WORDS_448);
}

References Botan::CT::conditional_assign_mem(), and Botan::WORDS_448.

Referenced by Botan::Ed448Point::ct_conditional_assign().

ct_cond_swap()

void Botan::Gf448Elem::ct_cond_swap	(	bool	b,
		Gf448Elem &	other )

Swap this and other if b == true. Constant time for any b.

Definition at line 284 of file curve448_gf.cpp.

                                                     {
   for(size_t i = 0; i < WORDS_448; ++i) {
      CT::conditional_swap(b, m_x[i], other.m_x[i]);
   }
}

References Botan::CT::conditional_swap(), and Botan::WORDS_448.

Referenced by Botan::x448().

is_odd()

bool Botan::Gf448Elem::is_odd

(

)

const

Return true iff this element is odd. Constant time.

Definition at line 337 of file curve448_gf.cpp.

                             {
   const auto canonical_form = to_canonical(m_x);
   return (canonical_form[0] & 1) == 1;
}

Referenced by Botan::Ed448Point::encode().

is_zero()

bool Botan::Gf448Elem::is_zero

(

)

const

Return true iff this element is zero. Constant time.

Definition at line 331 of file curve448_gf.cpp.

                              {
   const auto canonical_form = to_canonical(m_x);
 
   return CT::all_zeros(canonical_form.data(), WORDS_448).as_bool();
}

References Botan::CT::all_zeros(), and Botan::WORDS_448.

operator!=()

bool Botan::Gf448Elem::operator!= ( const Gf448Elem & other ) const

default

operator*()

Gf448Elem Botan::Gf448Elem::operator*

(

const Gf448Elem &

other

)

const

Definition at line 312 of file curve448_gf.cpp.

                                                           {
   Gf448Elem res(0);
   gf_mul(res.m_x, m_x, other.m_x);
   return res;
}

operator+()

Gf448Elem Botan::Gf448Elem::operator+

(

const Gf448Elem &

other

)

const

Definition at line 294 of file curve448_gf.cpp.

                                                           {
   Gf448Elem res(0);
   gf_add(res.m_x, m_x, other.m_x);
   return res;
}

operator-() [1/2]

Gf448Elem Botan::Gf448Elem::operator-

(

)

const

Definition at line 306 of file curve448_gf.cpp.

                                     {
   Gf448Elem res(0);
   gf_sub(res.m_x, res.m_x, m_x);
   return res;
}

operator-() [2/2]

Gf448Elem Botan::Gf448Elem::operator-

(

const Gf448Elem &

other

)

const

Definition at line 300 of file curve448_gf.cpp.

                                                           {
   Gf448Elem res(0);
   gf_sub(res.m_x, m_x, other.m_x);
   return res;
}

operator/()

Gf448Elem Botan::Gf448Elem::operator/

(

const Gf448Elem &

other

)

const

Definition at line 318 of file curve448_gf.cpp.

                                                           {
   Gf448Elem res(0);
   gf_inv(res.m_x, other.m_x);
   gf_mul(res.m_x, m_x, res.m_x);
   return res;
}

operator==()

bool Botan::Gf448Elem::operator==

(

const Gf448Elem &

other

)

const

Definition at line 325 of file curve448_gf.cpp.

                                                       {
   const auto canonical_form_this = to_canonical(m_x);
   const auto canonical_form_other = to_canonical(other.m_x);
   return CT::is_equal(canonical_form_this.data(), canonical_form_other.data(), WORDS_448).as_bool();
}

References Botan::CT::is_equal(), and Botan::WORDS_448.

to_bytes() [1/2]

std::array< uint8_t, BYTES_448 > Botan::Gf448Elem::to_bytes

(

)

const

Return the canonical representation of the GF element as 56 bytes in little-endian order.

Definition at line 278 of file curve448_gf.cpp.

                                                       {
   std::array<uint8_t, BYTES_448> bytes;
   to_bytes(bytes);
   return bytes;
}

References to_bytes().

Referenced by to_bytes().

to_bytes() [2/2]

void Botan::Gf448Elem::to_bytes

(

std::span< uint8_t, BYTES_448 >

out

)

const

Store the canonical representation of the GF element as 56 bytes in little-endian order.

Parameters

out	The 56 byte output buffer.

Definition at line 274 of file curve448_gf.cpp.

                                                              {
   store_le(out, to_canonical(m_x));
}

References Botan::store_le().

Referenced by Botan::Ed448Point::encode().

words() [1/2]

std::span< uint64_t, WORDS_448 > Botan::Gf448Elem::words ( )

inline

Accessor to the internal words of the GF element.

Note that the internal representation is not necessarily canonical, i.e. the value might be larger than the prime modulus.

Definition at line 109 of file curve448_gf.h.

{ return m_x; }

Referenced by Botan::root(), and Botan::square().

words() [2/2]

std::span< const uint64_t, WORDS_448 > Botan::Gf448Elem::words ( ) const

inline

Constant accessor to the internal words of the GF element.

Note that the internal representation is not necessarily canonical, i.e. the value might be larger than the prime modulus.

Definition at line 117 of file curve448_gf.h.

{ return m_x; }

---

The documentation for this class was generated from the following files:

• src/lib/pubkey/curve448/curve448_gf.h
• src/lib/pubkey/curve448/curve448_gf.cpp