Expand description
Prime field arithmetic for the Pasta curves (Pallas and Vesta).
Field elements are 256-bit integers stored as four 64-bit limbs in little-endian order. All arithmetic is modular with respect to the chosen curve’s prime modulus.
§Moduli
- Pallas:
0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001 - Vesta:
0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001
Structs§
- Field
Element - A 256-bit prime field element stored as four little-endian 64-bit limbs.
Enums§
- Curve
- Identifies which Pasta curve modulus to use.
Constants§
- LIMBS 🔒
- Number of 64-bit limbs in a field element.
- PALLAS_
FIFTH_ 🔒ROOT_ EXP - Fifth-root exponent for Pallas:
(4p - 3) / 5, little-endian limbs. - PALLAS_
MODULUS 🔒 - The Pallas curve base field modulus, little-endian limbs.
- VESTA_
FIFTH_ 🔒ROOT_ EXP - Fifth-root exponent for Vesta:
(4p - 3) / 5, little-endian limbs. - VESTA_
MODULUS 🔒 - The Vesta curve base field modulus, little-endian limbs.
Functions§
- add_
limbs 🔒 - Adds two 4-limb numbers, returning (result, carry).
- gte_
modulus 🔒 - Returns
trueifa >= modulus. - mul_
wide 🔒 - Schoolbook multiplication producing an 8-limb (512-bit) result.
- reduce_
wide 🔒 - Reduces a 512-bit product modulo
pvia shift-and-subtract. - shift_
left_ 🔒one - Shifts a 4-limb number left by one bit.
- sub_
limbs 🔒 - Subtracts two 4-limb numbers, returning (result, borrow).