numct

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 16, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

README

numct

Package numct provides constant-time arbitrary-precision arithmetic for cryptographic applications.

Overview

This package wraps saferith and boringssl to provide Nat (natural numbers), Int (signed integers), and Modulus types. All arithmetic, except possibly some for even moduli, avoids secret-dependent branches and memory access patterns, making it suitable for use in cryptographic protocols where timing side-channels must be avoided.

Architecture

The package has two implementations of modular arithmetic:

  • ModulusBasic: Pure Go implementation using saferith. Portable and works everywhere.
  • Modulus: CGO-accelerated implementation using BoringSSL's bignum for modular exponentiation and inversion on odd moduli. Falls back to ModulusBasic for even moduli or when CGO is disabled.

The CGO implementation provides significant performance improvements for expensive operations like modular exponentiation while maintaining identical constant-time semantics. Build with purego or nobignum tags to use the pure Go implementation exclusively.

Key Types

  • Nat: Unsigned arbitrary-precision integer with constant-time operations.
  • Int: Signed arbitrary-precision integer built on Nat.
  • Modulus: Represents a modulus and provides modular arithmetic operations (add, sub, mul, div, exp, inv, sqrt).

Usage Notes

  • All comparison operations return ct.Bool or ct.Choice types that can be used for constant-time conditional operations.
  • Use Select and CondAssign for constant-time branching based on secret values.
  • The Modulus type caches Montgomery context for repeated exponentiations with the same modulus.

Documentation

Overview

Package numct provides constant-time arbitrary-precision arithmetic for cryptographic applications.

See README.md for details.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrFailed = errs.New("failed")
)
View Source 
var ErrInvalidArgument = errs.New("invalid argument")

Functions

func LCM 

func LCM(out, a, b *Nat)

Types

type Int 

type Int saferith.Int

func IntOne 

func IntOne() *Int

IntOne returns a new Int set to 1.

func IntZero 

func IntZero() *Int

IntZero returns a new Int set to 0.

func NewInt 

func NewInt(value int64) *Int

NewInt creates a new Int set to the given int64 value.

func NewIntFromBig 

func NewIntFromBig(n *big.Int, capacity int) *Int

NewIntFromBig creates a new Int from a big.Int with the given capacity.

func NewIntFromBytes 

func NewIntFromBytes(b []byte) *Int

NewIntFromBytes creates a new Int from a big-endian byte slice.

func NewIntFromSaferith 

func NewIntFromSaferith(n *saferith.Int) *Int

NewIntFromSaferith creates a new Int from a saferith.Int.

func NewIntFromUint64 

func NewIntFromUint64(value uint64) *Int

NewIntFromUint64 creates a new Int set to the given uint64 value.

func (*Int) Abs 

func (i *Int) Abs(x *Int)

Abs sets i = |i|.

func (*Int) Add 

func (i *Int) Add(lhs, rhs *Int)

Add sets i = lhs + rhs.

func (*Int) AddCap 

func (i *Int) AddCap(lhs, rhs *Int, capacity int)

AddCap sets i = lhs + rhs with capacity capacity. When capacity < 0, it is set to max(lhs.AnnouncedLen(), rhs.AnnouncedLen()) + 1.

func (*Int) And 

func (i *Int) And(x, y *Int)

And sets i = x & y. For signed integers, this operates on the two's complement representation.

func (*Int) AndCap 

func (i *Int) AndCap(x, y *Int, capacity int)

AndCap sets i = x & y with capacity capacity. For signed integers, this operates on the two's-complement representation.

func (*Int) AnnouncedLen 

func (i *Int) AnnouncedLen() int

AnnouncedLen returns the announced length in bits of i. Safe to be used publicly.

func (*Int) Big 

func (i *Int) Big() *big.Int

Big returns a big.Int representation of i.

func (*Int) Bytes 

func (i *Int) Bytes() []byte

Bytes returns a sign-magnitude encoding: 

b[0] = 0 if i >= 0, 1 if i < 0
b[1:] = big-endian |i|

func (*Int) Clone 

func (i *Int) Clone() *Int

Clone returns a copy of i.

func (*Int) Compare 

func (i *Int) Compare(rhs *Int) (lt, eq, gt ct.Bool)

Compare compares i and rhs and returns (lt, eq, gt) where each is 1 or 0.

func (*Int) CondAssign 

func (i *Int) CondAssign(choice ct.Choice, x *Int)

CondAssign sets i = x iff choice == 1, otherwise leaves i unchanged.

func (*Int) CondNeg 

func (i *Int) CondNeg(choice ct.Choice)

CondNeg negates i iff choice == 1.

func (*Int) Coprime 

func (i *Int) Coprime(rhs *Int) ct.Bool

Coprime returns 1 if gcd(|i|, |rhs|) == 1.

func (*Int) Decrement 

func (i *Int) Decrement()

Decrement sets i = i - 1.

func (*Int) Div 

func (i *Int) Div(remainder, numerator, denominator *Int) ct.Bool

Div sets n = numerator / denominator. If r is not nil, it will be set it to the remainder. It returns ok=1 if the division was successful, ok=0 otherwise (i.e., division by zero). The number of bits of the quotient will be numerator.AnnouncedLen() and the number of bits of the remainder will be denominator.AnnouncedLen().

func (*Int) DivVarTime 

func (i *Int) DivVarTime(remainder, numerator, denominator *Int) (ok ct.Bool)

DivVarTime sets n to quotient of numerator / denominator. If r is not nil, it will be set it to the remainder. It returns ok=1 if the division was successful, ok=0 otherwise (i.e., division by zero). The number of bits of the quotient will be min(numerator.AnnouncedLen(), numerator.AnnouncedLen() - denominator.TrueLen() + 2) and the number of bits of the remainder will be denominator.AnnouncedLen().

func (*Int) Double 

func (i *Int) Double(x *Int)

Double sets i = 2 * x.

func (*Int) Equal 

func (i *Int) Equal(rhs *Int) ct.Bool

Equal returns 1 if i == rhs.

func (*Int) EuclideanDiv 

func (i *Int) EuclideanDiv(remainder *Nat, numerator, denominator *Int) (ok ct.Bool)

EuclideanDiv sets n to quotient of numerator / denominator. If r is not nil, it will be set it to the remainder. It returns ok=1 if the division was successful, ok=0 otherwise (i.e., division by zero). The number of bits of the quotient will be numerator.AnnouncedLen() and the number of bits of the remainder will be denominator.AnnouncedLen().

func (*Int) EuclideanDivVarTime 

func (i *Int) EuclideanDivVarTime(remainder *Nat, numerator, denominator *Int) (ok ct.Bool)

EuclideanDivVarTime sets n to quotient of numerator / denominator. If r is not nil, it will be set it to the remainder. It returns ok=1 if the division was successful, ok=0 otherwise (i.e., division by zero). The number of bits of the quotient will be min(numerator.AnnouncedLen(), numerator.AnnouncedLen() - denominator.TrueLen() + 2) and the number of bits of the remainder will be denominator.AnnouncedLen().

func (*Int) GCD 

func (i *Int) GCD(a, b *Int)

GCD sets i = gcd(a, b) in Z, always non-negative. It is implemented via the constant-time Nat.GCD on |a| and |b|.

func (*Int) HashCode 

func (i *Int) HashCode() base.HashCode

HashCode returns a hash code for i.

func (*Int) Increment 

func (i *Int) Increment()

Increment sets i = i + 1.

func (*Int) Int64 

func (i *Int) Int64() int64

Int64 returns the int64 value of i.

func (*Int) Inv 

func (i *Int) Inv(x *Int) (ok ct.Bool)

Inv sets i = x^{-1}. It returns ok = false if x is not a unit.

func (*Int) IsEven 

func (i *Int) IsEven() ct.Bool

IsEven returns 1 if i is even.

func (*Int) IsNegative 

func (i *Int) IsNegative() ct.Bool

IsNegative returns 1 if i is negative.

func (*Int) IsNonZero 

func (i *Int) IsNonZero() ct.Bool

IsNonZero returns 1 if i != 0.

func (*Int) IsOdd 

func (i *Int) IsOdd() ct.Bool

IsOdd returns 1 if i is odd.

func (*Int) IsOne 

func (i *Int) IsOne() ct.Bool

IsOne returns 1 if i == 1.

func (*Int) IsProbablyPrime 

func (i *Int) IsProbablyPrime() ct.Bool

IsProbablyPrime returns 1 if i is probably prime and non-negative.

func (*Int) IsUnit 

func (i *Int) IsUnit() ct.Bool

IsUnit returns true if i is a unit (i.e., ±1).

func (*Int) IsZero 

func (i *Int) IsZero() ct.Bool

IsZero returns 1 if i == 0.

func (*Int) Lsh 

func (i *Int) Lsh(x *Int, shift uint)

Lsh sets i = x << shift.

func (*Int) LshCap 

func (i *Int) LshCap(x *Int, shift uint, capacity int)

LshCap sets i = x << shift with given capacity.

func (*Int) MarshalCBOR 

func (i *Int) MarshalCBOR() ([]byte, error)

func (*Int) Mul 

func (i *Int) Mul(lhs, rhs *Int)

Mul sets i = lhs * rhs.

func (*Int) MulCap 

func (i *Int) MulCap(lhs, rhs *Int, capacity int)

MulCap sets i = lhs * rhs with capacity capacity. When capacity < 0, it is set to lhs.AnnouncedLen() + rhs.AnnouncedLen().

func (*Int) Neg 

func (i *Int) Neg(x *Int)

Neg sets i = -x.

func (*Int) Not 

func (i *Int) Not(x *Int)

Not sets i = ^x. For signed integers, this is equivalent to -(x+1) due to two's complement.

func (*Int) NotCap 

func (i *Int) NotCap(x *Int, capacity int)

NotCap sets i = ^x with a given capacity. For signed integers, this is equivalent to -(x+1) due to two's complement.

func (*Int) Or 

func (i *Int) Or(x, y *Int)

Or sets i = x | y. For signed integers, this operates on the two's complement representation.

func (*Int) OrCap 

func (i *Int) OrCap(x, y *Int, capacity int)

OrCap sets i = x | y with a given capacity.

func (*Int) Resize 

func (i *Int) Resize(capacity int)

Resize resizes i to have the given capacity. When capacity < 0, use the current announced length When capacity >= 0, use the provided capacity.

func (*Int) Rsh 

func (i *Int) Rsh(x *Int, shift uint)

Rsh sets i = x >> shift.

func (*Int) RshCap 

func (i *Int) RshCap(x *Int, shift uint, capacity int)

RshCap sets i = x >> shift with given capacity. if capacity < 0, capacity will be x.AnnouncedLen() - shift.

func (*Int) Select 

func (i *Int) Select(choice ct.Choice, x0, x1 *Int)

Select sets i = x0 if choice == 0, or i = x1 if choice == 1, using only arithmetic on Int (no ct slice helpers).

func (*Int) Set 

func (i *Int) Set(v *Int)

Set sets i = v.

func (*Int) SetBytes 

func (i *Int) SetBytes(b []byte) (ok ct.Bool)

SetBytes expects the sign-magnitude encoding produced by Bytes/BytesBE: 

b[0] = 0 for >=0, 1 for <0
b[1:] = big-endian |i|

Returns ok = 0 only for obviously malformed input (empty slice).

func (*Int) SetInt64 

func (i *Int) SetInt64(x int64)

SetInt64 sets i = x.

func (*Int) SetNat 

func (i *Int) SetNat(v *Nat)

SetNat sets i = v where v is a Nat.

func (*Int) SetOne 

func (i *Int) SetOne()

SetOne sets i = 1.

func (*Int) SetRandomRangeLH 

func (i *Int) SetRandomRangeLH(lowInclusive, highExclusive *Int, prng io.Reader) error

SetRandomRangeLH sets i to a random integer in [lowInclusive, highExclusive).

func (*Int) SetTwosComplementBEBytes 

func (i *Int) SetTwosComplementBEBytes(b []byte)

SetTwosComplementBEBytes sets i from the two's-complement big-endian byte representation.

func (*Int) SetUint64 

func (i *Int) SetUint64(x uint64)

SetUint64 sets i = x.

func (*Int) SetZero 

func (i *Int) SetZero()

SetZero sets i = 0.

func (*Int) Sqrt 

func (i *Int) Sqrt(x *Int) (ok ct.Bool)

Sqrt sets i = sqrt(x) if x is a perfect square, else leaves i unchanged. Returns ok = 1 if x is a perfect square.

func (*Int) Square 

func (i *Int) Square(x *Int)

Square sets i = x^2.

func (*Int) String 

func (i *Int) String() string

String returns the hex string representation of i.

func (*Int) Sub 

func (i *Int) Sub(lhs, rhs *Int)

Sub sets i = lhs - rhs.

func (*Int) SubCap 

func (i *Int) SubCap(lhs, rhs *Int, capacity int)

SubCap sets i = lhs - rhs with capacity capacity. When capacity < 0, it is set to max(lhs.AnnouncedLen(), rhs.AnnouncedLen()) + 1.

func (*Int) TrueLen 

func (i *Int) TrueLen() int

TrueLen returns the exact number of bits required to represent i.

func (*Int) TwosComplementBEBytes 

func (i *Int) TwosComplementBEBytes() []byte

TwosComplementBEBytes returns the two's-complement big-endian byte representation of i.

func (*Int) Uint64 

func (i *Int) Uint64() uint64

Uint64 returns the absolute value of i as a uint64.

func (*Int) UnmarshalCBOR 

func (i *Int) UnmarshalCBOR(data []byte) error

func (*Int) Xor 

func (i *Int) Xor(x, y *Int)

Xor sets i = x ^ y. For signed integers, this operates on the two's complement representation.

func (*Int) XorCap 

func (i *Int) XorCap(x, y *Int, capacity int)

XorCap sets i = x ^ y with the given capacity.

type Modulus 

type Modulus struct {
	*ModulusBasic
	// contains filtered or unexported fields
}

Modulus is a modulus implementation based on BoringSSL's BigNum and saferith.Modulus.

func NewModulus 

func NewModulus(m *Nat) (modulus *Modulus, ok ct.Bool)

NewModulus creates a new Modulus from a Nat. It returns ok = false if m is zero. Remarks: it leaks the true length of m.

func NewModulusFromBytesBE 

func NewModulusFromBytesBE(input []byte) (modulus *Modulus, ok ct.Bool)

NewModulus creates a new Modulus from a Nat.

func (*Modulus) MarshalCBOR 

func (m *Modulus) MarshalCBOR() ([]byte, error)

func (*Modulus) ModExp 

func (m *Modulus) ModExp(out, base, exp *Nat)

ModExp sets out = base^exp (mod m).

func (*Modulus) ModExpI 

func (m *Modulus) ModExpI(out, base *Nat, exp *Int)

ModExpI sets out = base^exp (mod m) where exp is an Int.

func (*Modulus) ModInv 

func (m *Modulus) ModInv(out, a *Nat) ct.Bool

ModInv sets out = a^{-1} (mod m).

func (*Modulus) ModMul 

func (m *Modulus) ModMul(out, x, y *Nat)

ModMul sets out = (x * y) (mod m).

func (*Modulus) ModMultiBaseExp 

func (m *Modulus) ModMultiBaseExp(out, bases []*Nat, exp *Nat)

ModMultiBaseExp sets out[i] = bases[i]^exp (mod m) for all i.

func (*Modulus) Set 

func (m *Modulus) Set(v *Modulus)

Set sets m = v.

func (*Modulus) SetNat 

func (m *Modulus) SetNat(n *Nat) ct.Bool

SetNat sets m = n where n is a Nat.

func (*Modulus) UnmarshalCBOR 

func (m *Modulus) UnmarshalCBOR(data []byte) error

type ModulusBasic 

type ModulusBasic saferith.Modulus

ModulusBasic is a modulus implementation based on saferith.Modulus.

func (*ModulusBasic) Big 

func (m *ModulusBasic) Big() *big.Int

Big returns the big.Int representation of the modulus.

func (*ModulusBasic) BitLen 

func (m *ModulusBasic) BitLen() int

BitLen returns the bit length of the modulus.

func (*ModulusBasic) Bytes 

func (m *ModulusBasic) Bytes() []byte

Bytes returns the big-endian byte representation of the modulus.

func (*ModulusBasic) BytesBE 

func (m *ModulusBasic) BytesBE() []byte

BytesBE returns the big-endian byte representation of the modulus.

func (*ModulusBasic) HashCode 

func (m *ModulusBasic) HashCode() base.HashCode

HashCode returns a hash code for the modulus.

func (*ModulusBasic) IsInRange 

func (m *ModulusBasic) IsInRange(x *Nat) ct.Bool

IsInRange returns true if 0 <= x < m.

func (*ModulusBasic) IsInRangeSymmetric 

func (m *ModulusBasic) IsInRangeSymmetric(x *Int) ct.Bool

IsInRangeSymmetric returns true if -m/2 <= x < m/2.

func (*ModulusBasic) IsUnit 

func (m *ModulusBasic) IsUnit(x *Nat) ct.Bool

IsUnit returns true if x is a unit modulo m.

func (*ModulusBasic) Mod 

func (m *ModulusBasic) Mod(out, x *Nat)

Mod sets out = x (mod m).

func (*ModulusBasic) ModAdd 

func (m *ModulusBasic) ModAdd(out, x, y *Nat)

ModAdd sets out = (x + y) (mod m).

func (*ModulusBasic) ModDiv 

func (m *ModulusBasic) ModDiv(out, x, y *Nat) ct.Bool

ModDiv sets out = x * y^{-1} (mod m).

func (*ModulusBasic) ModExp 

func (m *ModulusBasic) ModExp(out, b, exp *Nat)

ModExp sets out = base^exp (mod m).

func (*ModulusBasic) ModExpI 

func (m *ModulusBasic) ModExpI(out, b *Nat, exp *Int)

ModExpI sets out = base^exp (mod m) where exp is an Int.

func (*ModulusBasic) ModI 

func (m *ModulusBasic) ModI(out *Nat, x *Int)

ModI sets out = x (mod m) where x is an Int.

func (*ModulusBasic) ModInv 

func (m *ModulusBasic) ModInv(out, x *Nat) ct.Bool

ModInv sets out = x^{-1} (mod m).

func (*ModulusBasic) ModMul 

func (m *ModulusBasic) ModMul(out, x, y *Nat)

ModMul sets out = (x * y) (mod m).

func (*ModulusBasic) ModMultiBaseExp 

func (m *ModulusBasic) ModMultiBaseExp(out, bases []*Nat, exp *Nat)

ModMultiBaseExp sets out[i] = bases[i]^exp (mod m) for all i.

func (*ModulusBasic) ModNeg 

func (m *ModulusBasic) ModNeg(out, x *Nat)

ModNeg sets out = -x (mod m).

func (*ModulusBasic) ModSqrt 

func (m *ModulusBasic) ModSqrt(out, x *Nat) ct.Bool

ModSqrt sets out = sqrt(x) (mod m) if it exists.

func (*ModulusBasic) ModSub 

func (m *ModulusBasic) ModSub(out, x, y *Nat)

ModSub sets out = (x - y) (mod m).

func (*ModulusBasic) ModSymmetric 

func (m *ModulusBasic) ModSymmetric(out *Int, x *Nat)

ModSymmetric sets out = x mod m in the symmetric range [-m/2, m/2).

func (*ModulusBasic) Nat 

func (m *ModulusBasic) Nat() *Nat

Nat returns the Nat representation of the modulus.

func (*ModulusBasic) Quo 

func (m *ModulusBasic) Quo(out, x *Nat)

Quo sets out = x / m.

func (*ModulusBasic) Random 

func (m *ModulusBasic) Random(prng io.Reader) (*Nat, error)

Random returns a random Nat in [0, m).

func (*ModulusBasic) Saferith 

func (m *ModulusBasic) Saferith() *saferith.Modulus

Saferith returns the underlying saferith.Modulus.

func (*ModulusBasic) Set 

func (m *ModulusBasic) Set(v *ModulusBasic)

Set sets m = v.

func (*ModulusBasic) SetNat 

func (m *ModulusBasic) SetNat(n *Nat) ct.Bool

SetNat sets m = n where n is a Nat.

func (*ModulusBasic) String 

func (m *ModulusBasic) String() string

String returns the string representation of the modulus.

type Nat 

type Nat saferith.Nat

Nat is a wrapper around saferith.Nat providing additional methods and occasional improvements. This implements the low level constant time interfaces that fiat-crypto implements.

func NatOne 

func NatOne() *Nat

NatOne returns a new Nat representing one.

func NatThree 

func NatThree() *Nat

NatThree returns a new Nat representing three.

func NatTwo 

func NatTwo() *Nat

NatTwo returns a new Nat representing two.

func NatZero 

func NatZero() *Nat

NatZero returns a new Nat representing zero.

func NewNat 

func NewNat(value uint64) *Nat

NewNat returns a new Nat initialised to the given uint64 value.

func NewNatFromBig 

func NewNatFromBig(n *big.Int, capacity int) *Nat

NewNatFromBig creates a Nat from a big.Int with the given capacity.

func NewNatFromBytes 

func NewNatFromBytes(n []byte) *Nat

NewNatFromBytes creates a Nat from a big-endian byte slice.

func NewNatFromSaferith 

func NewNatFromSaferith(n *saferith.Nat) *Nat

NewNatFromSaferith creates a Nat from a saferith.Nat.

func (*Nat) Abs 

func (n *Nat) Abs(i *Int)

Abs sets n to |i|.

func (*Nat) Add 

func (n *Nat) Add(lhs, rhs *Nat)

Add sets n = lhs + rhs.

func (*Nat) AddCap 

func (n *Nat) AddCap(lhs, rhs *Nat, capacity int)

AddCap sets n = lhs + rhs modulo 2^capacity with capacity capacity. if capacity < 0, capacity will be max(lhs.AnnouncedLen(), rhs.AnnouncedLen()) + 1.

func (*Nat) And 

func (n *Nat) And(x, y *Nat)

And sets n = x & y and returns n.

func (*Nat) AndCap 

func (n *Nat) AndCap(x, y *Nat, capacity int)

AndCap sets n = x & y with capacity cap.

func (*Nat) AnnouncedLen 

func (n *Nat) AnnouncedLen() int

AnnouncedLen returns the announced length in bits of n. Safe to be used publicly.

func (*Nat) Big 

func (n *Nat) Big() *big.Int

Big returns the big.Int representation of n.

func (*Nat) Bit 

func (n *Nat) Bit(i uint) byte

Bit returns the i-th bit of n.

func (*Nat) Byte 

func (n *Nat) Byte(i uint) byte

Byte returns the i-th byte of n.

func (*Nat) Bytes 

func (n *Nat) Bytes() []byte

Bytes returns the big-endian byte representation of n.

func (*Nat) BytesBE 

func (n *Nat) BytesBE() []byte

BytesBE returns the big-endian byte representation of n.

func (*Nat) Clone 

func (n *Nat) Clone() *Nat

Clone returns a copy of n.

func (*Nat) Compare 

func (n *Nat) Compare(rhs *Nat) (lt, eq, gt ct.Bool)

Compare compares n with rhs and returns lt, eq, gt (each will be 1 or 0).

func (*Nat) CondAssign 

func (n *Nat) CondAssign(choice ct.Choice, x *Nat)

CondAssign sets n = x if choice == 1.

func (*Nat) Coprime 

func (n *Nat) Coprime(x *Nat) ct.Bool

Coprime returns 1 if n is coprime to x.

func (*Nat) Decrement 

func (n *Nat) Decrement()

Decrement decrements n by 1.

func (*Nat) Div 

func (n *Nat) Div(remainder, numerator, denominator *Nat) ct.Bool

Div sets n = numerator / denominator. If r is not nil, it will be set it to the remainder. It returns ok=1 if the division was successful, ok=0 otherwise (i.e., division by zero). The number of bits of the quotient will be numerator.AnnouncedLen() and the number of bits of the remainder will be denominator.AnnouncedLen().

func (*Nat) DivVarTime 

func (n *Nat) DivVarTime(remainder, numerator, denominator *Nat) ct.Bool

DivVarTime sets n = numerator / denominator. If r is not nil, it will be set it to the remainder. It returns ok=true if the division was successful, ok=false otherwise (e.g., division by zero). The number of bits of the quotient will be min(numerator.AnnouncedLen(), numerator.AnnouncedLen() - denominator.TrueLen() + 2) and the number of bits of the remainder will be denominator.TrueLen().

func (*Nat) Double 

func (n *Nat) Double(x *Nat)

Double sets n = x + x.

func (*Nat) Equal 

func (n *Nat) Equal(rhs *Nat) ct.Bool

Equal returns 1 if n == rhs.

func (*Nat) EuclideanDiv 

func (n *Nat) EuclideanDiv(r, numerator, denominator *Nat) ct.Bool

EuclideanDiv sets n to quotient of numerator / denominator. If r is not nil, it will be set it to the remainder. It returns ok=1 if the division was successful, ok=0 otherwise (i.e., division by zero). The number of bits of the quotient will be numerator.AnnouncedLen() and the number of bits of the remainder will be denominator.AnnouncedLen().

func (*Nat) EuclideanDivVarTime 

func (n *Nat) EuclideanDivVarTime(remainder, numerator, denominator *Nat) ct.Bool

EuclideanDivVarTime sets n to quotient of numerator / denominator. If r is not nil, it will be set it to the remainder. It returns ok=true if the division was successful, ok=false otherwise (e.g., division by zero). The number of bits of the quotient will be min(numerator.AnnouncedLen(), numerator.AnnouncedLen() - denominator.TrueLen() + 2) and the number of bits of the remainder will be denominator.TrueLen().

func (*Nat) FillBytes 

func (n *Nat) FillBytes(buf []byte) []byte

FillBytes fills buf with the big-endian byte representation of n and returns buf.

func (*Nat) GCD 

func (n *Nat) GCD(x, y *Nat)

GCD sets n = gcd(x, y) using boringssl based implementation.

func (*Nat) HashCode 

func (n *Nat) HashCode() base.HashCode

HashCode returns a hash code for n.

func (*Nat) Increment 

func (n *Nat) Increment()

Increment increments n by 1.

func (*Nat) IsEven 

func (n *Nat) IsEven() ct.Bool

IsEven returns 1 if n is even.

func (*Nat) IsNonZero 

func (n *Nat) IsNonZero() ct.Bool

IsNonZero returns 1 if n != 0.

func (*Nat) IsOdd 

func (n *Nat) IsOdd() ct.Bool

IsOdd returns 1 if n is odd.

func (*Nat) IsOne 

func (n *Nat) IsOne() ct.Bool

IsOne returns 1 if n == 1.

func (*Nat) IsProbablyPrime 

func (n *Nat) IsProbablyPrime() ct.Bool

IsProbablyPrime returns 1 if n is probably prime, by applying a BPSW test.

func (*Nat) IsZero 

func (n *Nat) IsZero() ct.Bool

IsZero returns 1 if n == 0.

func (*Nat) Lift 

func (n *Nat) Lift() *Int

Lift converts n to an Int.

func (*Nat) Lsh 

func (n *Nat) Lsh(x *Nat, shift uint)

Lsh left shifts n by shift bits.

func (*Nat) LshCap 

func (n *Nat) LshCap(x *Nat, shift uint, capacity int)

LshCap left shifts n by shift bits with given capacity. if capacity < 0, capacity will be x.AnnouncedLen() + shift.

func (*Nat) MarshalCBOR 

func (n *Nat) MarshalCBOR() ([]byte, error)

func (*Nat) Mul 

func (n *Nat) Mul(lhs, rhs *Nat)

Mul sets n = lhs * rhs.

func (*Nat) MulCap 

func (n *Nat) MulCap(lhs, rhs *Nat, capacity int)

MulCap sets n = lhs * rhs modulo 2^capacity. if capacity < 0, capacity will be lhs.AnnouncedLen() + rhs.AnnouncedLen().

func (*Nat) Not 

func (n *Nat) Not(x *Nat)

Not sets n = ^x.

func (*Nat) NotCap 

func (n *Nat) NotCap(x *Nat, capacity int)

NotCap sets n = ^x with capacity cap. For compatibility with big.Int.Not, use the announced capacity of x.

func (*Nat) Or 

func (n *Nat) Or(x, y *Nat)

Or sets n = x | y.

func (*Nat) OrCap 

func (n *Nat) OrCap(x, y *Nat, capacity int)

OrCap sets n = x | y with capacity cap.

func (*Nat) Resize 

func (n *Nat) Resize(capacity int)

Resize resizes n to have given capacity. When capacity < 0, use the current announced length When capacity >= 0, use the provided capacity.

func (*Nat) Rsh 

func (n *Nat) Rsh(x *Nat, shift uint)

Rsh right shifts n by shift bits.

func (*Nat) RshCap 

func (n *Nat) RshCap(x *Nat, shift uint, capacity int)

RshCap right shifts n by shift bits with given capacity. if capacity < 0, capacity will be x.AnnouncedLen() - shift.

func (*Nat) Select 

func (n *Nat) Select(choice ct.Choice, x0, x1 *Nat)

Select sets n = x0 if choice == 0, n = x1 if choice == 1.

func (*Nat) Set 

func (n *Nat) Set(v *Nat)

Set sets n to the value of v.

func (*Nat) SetBytes 

func (n *Nat) SetBytes(data []byte) (ok ct.Bool)

SetBytes sets n from the big-endian byte slice data.

func (*Nat) SetOne 

func (n *Nat) SetOne()

SetOne sets n to one.

func (*Nat) SetRandomRangeH 

func (n *Nat) SetRandomRangeH(highExclusive *Nat, prng io.Reader) error

SetRandomRangeH sets n to a random value in the range [0, highExclusive). This simply uses rejection sampling to generate a random value in [0, highExclusive) but masks out bits that are too high to be in the range so sampling rejection happens with relatively low probability (~0.5).

func (*Nat) SetRandomRangeLH 

func (n *Nat) SetRandomRangeLH(lowInclusive, highExclusive *Nat, prng io.Reader) error

SetRandomRangeLH sets n to a random value in the range [lowInclusive, highExclusive).

func (*Nat) SetUint64 

func (n *Nat) SetUint64(x uint64)

SetUint64 sets n to the given uint64 value.

func (*Nat) SetZero 

func (n *Nat) SetZero()

SetZero sets n to zero.

func (*Nat) Sqrt 

func (n *Nat) Sqrt(x *Nat) (ok ct.Bool)

Sqrt sets n = sqrt(x) if x is a perfect square, else leaves n unchanged. Returns ok = 1 if n is a perfect square.

func (*Nat) String 

func (n *Nat) String() string

String returns the hex string representation of n.

func (*Nat) SubCap 

func (n *Nat) SubCap(lhs, rhs *Nat, capacity int)

SubCap sets n = lhs - rhs modulo 2^capacity. if capacity < 0, capacity will be max(lhs.AnnouncedLen(), rhs.AnnouncedLen()).

func (*Nat) TrueLen 

func (n *Nat) TrueLen() int

TrueLen returns the exact number of bits required to represent n.

func (*Nat) Uint64 

func (n *Nat) Uint64() uint64

Uint64 returns the uint64 representation of n.

func (*Nat) UnmarshalCBOR 

func (n *Nat) UnmarshalCBOR(data []byte) error

func (*Nat) Xor 

func (n *Nat) Xor(x, y *Nat)

Xor sets n = x ^ y.

func (*Nat) XorCap 

func (n *Nat) XorCap(x, y *Nat, capacity int)

XorCap sets n = x ^ y with capacity cap.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.