Botan::Scalar448 Class Reference

Representation of a scalar for X448. More...

#include <curve448_scalar.h>

Public Member Functions
bool	get_bit (size_t i) const
	Access the i-th bit of the scalar. From 0 (lsb) to 445 (msb).
Scalar448	operator* (const Scalar448 &other) const
	scalar = (scalar * other) mod L
Scalar448	operator+ (const Scalar448 &other) const
	scalar = (scalar + other) mod L
	Scalar448 (std::span< const uint8_t > x)
	Construct a new scalar from (max. 114) bytes. Little endian.
template<size_t S = BYTES> requires (S >= BYTES)
std::array< uint8_t, S >	to_bytes () const
	Convert the scalar to bytes in little endian.

Static Public Member Functions
static bool	bytes_are_reduced (std::span< const uint8_t > x)

Static Public Attributes
static constexpr size_t	BYTES = ceil_tobytes<size_t>(446)
static constexpr size_t	WORDS = words_for_bits(446)

Detailed Description

Representation of a scalar for X448.

The scalar is an element in 0 <= s < L, where L is the group order of X448. The constructor and all operations on scalars reduce the element mod L internally. All operations are constant time.

L = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 (RFC 7748 4.2)

Definition at line 34 of file curve448_scalar.h.

Constructor & Destructor Documentation

Scalar448()

Botan::Scalar448::Scalar448 ( std::span< const uint8_t > x )

explicit

Construct a new scalar from (max. 114) bytes. Little endian.

Definition at line 148 of file curve448_scalar.cpp.

                                                    {
   BOTAN_ARG_CHECK(in_bytes.size() <= 114, "Input must be at most 114 bytes long");
   std::array<uint8_t, 114> max_bytes = {0};
   copy_mem(std::span(max_bytes).first(in_bytes.size()), in_bytes);
 
   const auto x_words = bytes_to_words(std::span<const uint8_t, 114>(max_bytes));
   m_scalar_words = ct_reduce_mod_L(x_words);
}

References BOTAN_ARG_CHECK, Botan::bytes_to_words(), and Botan::copy_mem().

Referenced by operator*(), and operator+().

Member Function Documentation

bytes_are_reduced()

bool Botan::Scalar448::bytes_are_reduced ( std::span< const uint8_t > x )

static

Returns

true iff x >= L.

Definition at line 186 of file curve448_scalar.cpp.

                                                          {
   BOTAN_ARG_CHECK(x.size() >= BYTES, "Input is not long enough (at least 446 bits)");
   // remember: `x` contains a big int in little-endian
   const auto leading_zeros = x.subspan(BYTES);
   const auto leading_zeros_are_zero = CT::all_zeros(leading_zeros.data(), leading_zeros.size());
   auto x_sig_words = bytes_to_words(x.first<56>());
   const auto least_56_bytes_smaller_L = CT::Mask<uint8_t>::from_choice(!ct_subtract_L_if_bigger(x_sig_words));
   return (leading_zeros_are_zero & least_56_bytes_smaller_L).as_bool();
}

References Botan::CT::all_zeros(), BOTAN_ARG_CHECK, BYTES, Botan::bytes_to_words(), and Botan::CT::Mask< T >::from_choice().

Referenced by Botan::verify_signature().

get_bit()

bool Botan::Scalar448::get_bit

(

size_t

i

)

const

Access the i-th bit of the scalar. From 0 (lsb) to 445 (msb).

Definition at line 157 of file curve448_scalar.cpp.

                                            {
   BOTAN_ARG_CHECK(bit_pos < 446, "Bit position out of range");
   constexpr size_t word_sz = sizeof(word) * 8;
   return (((m_scalar_words[bit_pos / word_sz] >> (bit_pos % word_sz)) & 1) == 1);
}

References BOTAN_ARG_CHECK.

Referenced by Botan::Ed448Point::scalar_mul().

operator*()

Scalar448 Botan::Scalar448::operator*

(

const Scalar448 &

other

)

const

scalar = (scalar * other) mod L

Definition at line 169 of file curve448_scalar.cpp.

                                                           {
   std::array<word, WORDS_REDUCE_SZ> product = {0};
   std::array<word, WORDS_REDUCE_SZ> ws = {0};
   bigint_mul(product.data(),
              product.size(),
              m_scalar_words.data(),
              m_scalar_words.size(),
              m_scalar_words.size(),
              other.m_scalar_words.data(),
              other.m_scalar_words.size(),
              other.m_scalar_words.size(),
              ws.data(),
              ws.size());
 
   return Scalar448(ct_reduce_mod_L(product));
}

References Botan::bigint_mul(), and Scalar448().

operator+()

Scalar448 Botan::Scalar448::operator+

(

const Scalar448 &

other

)

const

scalar = (scalar + other) mod L

Definition at line 163 of file curve448_scalar.cpp.

                                                           {
   auto sum = add(m_scalar_words, other.m_scalar_words);
   ct_subtract_L_if_bigger(sum);
   return Scalar448(sum);
}

References Scalar448().

to_bytes()

template<size_t S = BYTES>
requires (S >= BYTES)

std::array< uint8_t, S > Botan::Scalar448::to_bytes ( ) const

inline

Convert the scalar to bytes in little endian.

Definition at line 44 of file curve448_scalar.h.

      {
         std::array<uint8_t, S> result = {0};
         store_le(std::span(result).template first<BYTES>(), m_scalar_words);
         return result;
      }

References BYTES, and Botan::store_le().

Member Data Documentation

BYTES

size_t Botan::Scalar448::BYTES = ceil_tobytes<size_t>(446)

staticconstexpr

Definition at line 37 of file curve448_scalar.h.

Referenced by bytes_are_reduced(), and to_bytes().

WORDS

size_t Botan::Scalar448::WORDS = words_for_bits(446)

staticconstexpr

Definition at line 36 of file curve448_scalar.h.

---

The documentation for this class was generated from the following files:

• src/lib/pubkey/curve448/curve448_scalar.h
• src/lib/pubkey/curve448/curve448_scalar.cpp