Given two GF(p^5) elements on stack, this routine computes modular<br />addition over extension field GF(p^5) s.t. p = 2^64 - 2^32 + 1<br /><br />Expected stack state :<br /><br />[a0, a1, a2, a3, a4, b0, b1, b2, b3, b4, ...]<br /><br />After application of routine stack :<br /><br />[c0, c1, c2, c3, c4, ...] s.t. c = a + b<br /><br />See section 3.2 of https://eprint.iacr.org/2022/274.pdf<br /><br />For reference implementation in high level language, see<br />https://github.com/pornin/ecgfp5/blob/ce059c6/python/ecGFp5.py#L607-L616<br />
## std::math::ecgfp5::base_field
| Procedure | Description |
| ----------- | ------------- |
| sub | Given two GF(p^5) elements on stack, this routine subtracts second<br />element from first one, over extension field GF(p^5) s.t. p = 2^64 - 2^32 + 1<br /><br />Expected stack state :<br /><br />[a0, a1, a2, a3, a4, b0, b1, b2, b3, b4, ...]<br /><br />After application of routine stack :<br /><br />[c0, c1, c2, c3, c4, ...] s.t. c = a - b<br /><br />See section 3.2 of https://eprint.iacr.org/2022/274.pdf<br /><br />For reference implementation in high level language, see<br />https://github.com/pornin/ecgfp5/blob/ce059c6/python/ecGFp5.py#L629-L638<br /> |
| mul | Given two GF(p^5) elements on stack, this routine computes modular<br />multiplication ( including reduction by irreducible polynomial )<br />over extension field GF(p^5) s.t. p = 2^64 - 2^32 + 1<br /><br />Expected stack state :<br /><br />[a0, a1, a2, a3, a4, b0, b1, b2, b3, b4, ...]<br /><br />After application of routine stack :<br /><br />[c0, c1, c2, c3, c4, ...] s.t. c = a * b<br /><br />See section 3.2 of https://eprint.iacr.org/2022/274.pdf<br /><br />For reference implementation in high level language, see<br />https://github.com/pornin/ecgfp5/blob/ce059c6/python/ecGFp5.py#L676-L689<br /> |
| square | Given one GF(p^5) element on stack, this routine computes modular<br />squaring ( including reduction by irreducible polynomial )<br />over extension field GF(p^5) s.t. p = 2^64 - 2^32 + 1<br /><br />This routine has same effect as calling mul(a, a) \| a ∈ GF(p^5)<br /><br />Expected stack state :<br /><br />[a0, a1, a2, a3, a4, ...]<br /><br />After application of routine stack :<br /><br />[b0, b1, b2, b3, b4, ...] s.t. b = a * a<br /><br />See section 3.2 of https://eprint.iacr.org/2022/274.pdf<br /><br />For reference implementation in high level language, see<br />https://github.com/pornin/ecgfp5/blob/ce059c6/python/ecGFp5.py#L709-L715<br /> |
| inv | Given one GF(p^5) element on stack, this routine computes multiplicative<br />inverse over extension field GF(p^5) s.t. p = 2^64 - 2^32 + 1<br /><br />Expected stack state :<br /><br />[a0, a1, a2, a3, a4, ...]<br /><br />After application of routine stack :<br /><br />[b0, b1, b2, b3, b4, ...] s.t. b = 1 / a<br /><br />See section 3.2 of https://eprint.iacr.org/2022/274.pdf<br /><br />For reference implementation in high level language, see<br />https://github.com/pornin/ecgfp5/blob/ce059c6/python/ecGFp5.py#L751-L775<br /><br />Note, this routine will not panic even when operand `a` is zero.<br /> |
| div | Given two GF(p^5) elements ( say a, b ) on stack, this routine computes<br />modular division over extension field GF(p^5) s.t. p = 2^64 - 2^32 + 1<br /><br />Expected stack state :<br /><br />[a0, a1, a2, a3, a4, b0, b1, b2, b3, b4, ...]<br /><br />After application of routine stack :<br /><br />[c0, c1, c2, c3, c4, ...] s.t. c = a / b<br /><br />See section 3.2 of https://eprint.iacr.org/2022/274.pdf<br /><br />For reference implementation in high level language, see<br />https://github.com/pornin/ecgfp5/blob/ce059c6/python/ecGFp5.py#L777-L781<br /> |
| legendre | Given an element v ∈ GF(p^5), this routine computes its legendre symbol,<br />which is an element ∈ GF(p) \| p = 2^64 - 2^32 + 1<br /><br />At beginning stack looks like<br /><br />[a0, a1, a2, a3, a4, ...]<br /><br />At end stack looks like<br /><br />[b, ...] s.t. b = legendre symbol of a<br /><br />See https://github.com/pornin/ecgfp5/blob/ce059c6/python/ecGFp5.py#L857-L877<br />for reference implementation in higher level language.<br /> |
| sqrt | Given an element v ∈ GF(p^5), this routine attempts to compute square root of v,<br />if that number is a square.<br /><br />At beginning stack looks like<br /><br />[a0, a1, a2, a3, a4, ...]<br /><br />At end stack looks like<br /><br />[b0, b1, b2, b3, b4, flg, ...]<br /><br />If flg = 1, it denotes v' = {b0, b1, b2, b3, b4} is square root of v i.e. v' * v' = v ( mod GF(p^5) )<br />If flg = 0, then v' = {0, 0, 0, 0, 0}, denoting v doesn't have a square root<br /><br />See https://github.com/pornin/ecgfp5/blob/ce059c6/python/ecGFp5.py#L879-L910<br />for reference implementation in higher level language.<br /> |
| eq | Given two elements a, b ∈ GF(p^5), this routine produces single field element r,<br />denoting whether a == b.<br /><br />Expected stack state<br /><br />[a0, a1, a2, a3, a4, b0, b1, b2, b3, b4, ...]<br /><br />Final stack state<br /><br />[r, ...]<br /><br />If a == b { r = 1 } Else { r = 0 }<br /><br />See https://github.com/pornin/ecgfp5/blob/ce059c6/python/ecGFp5.py#L797-L806<br />for reference implementation.<br /> |
| neq | Given two elements a, b ∈ GF(p^5), this routine produces single field element r,<br />denoting whether a != b.<br /><br />Expected stack state<br /><br />[a0, a1, a2, a3, a4, b0, b1, b2, b3, b4, ...]<br /><br />Final stack state<br /><br />[r, ...]<br /><br />If a != b { r = 1 } Else { r = 0 }<br /><br />See https://github.com/pornin/ecgfp5/blob/ce059c6/python/ecGFp5.py#L813-L822<br />for reference implementation.<br /> |