field_5x52.h
1 /***********************************************************************
2  * Copyright (c) 2013, 2014 Pieter Wuille *
3  * Distributed under the MIT software license, see the accompanying *
5  ***********************************************************************/
6
7 #ifndef SECP256K1_FIELD_REPR_H
8 #define SECP256K1_FIELD_REPR_H
9
10 #include <stdint.h>
11
14 typedef struct {
15  /* A field element f represents the sum(i=0..4, f.n[i] << (i*52)) mod p,
16  * where p is the field modulus, 2^256 - 2^32 - 977.
17  *
18  * The individual limbs f.n[i] can exceed 2^52; the field's magnitude roughly
19  * corresponds to how much excess is allowed. The value
20  * sum(i=0..4, f.n[i] << (i*52)) may exceed p, unless the field element is
21  * normalized. */
22  uint64_t n[5];
23  /*
24  * Magnitude m requires:
25  * n[i] <= 2 * m * (2^52 - 1) for i=0..3
26  * n[4] <= 2 * m * (2^48 - 1)
27  *
28  * Normalized requires:
29  * n[i] <= (2^52 - 1) for i=0..3
30  * sum(i=0..4, n[i] << (i*52)) < p
31  * (together these imply n[4] <= 2^48 - 1)
32  */
34 } secp256k1_fe;
35
36 /* Unpacks a constant into a overlapping multi-limbed FE element. */
37 #define SECP256K1_FE_CONST_INNER(d7, d6, d5, d4, d3, d2, d1, d0) { \
38  (d0) | (((uint64_t)(d1) & 0xFFFFFUL) << 32), \
39  ((uint64_t)(d1) >> 20) | (((uint64_t)(d2)) << 12) | (((uint64_t)(d3) & 0xFFUL) << 44), \
40  ((uint64_t)(d3) >> 8) | (((uint64_t)(d4) & 0xFFFFFFFUL) << 24), \
41  ((uint64_t)(d4) >> 28) | (((uint64_t)(d5)) << 4) | (((uint64_t)(d6) & 0xFFFFUL) << 36), \
42  ((uint64_t)(d6) >> 16) | (((uint64_t)(d7)) << 16) \
43 }
44
45 typedef struct {
46  uint64_t n[4];
48
49 #define SECP256K1_FE_STORAGE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{ \
50  (d0) | (((uint64_t)(d1)) << 32), \
51  (d2) | (((uint64_t)(d3)) << 32), \
52  (d4) | (((uint64_t)(d5)) << 32), \
53  (d6) | (((uint64_t)(d7)) << 32) \
54 }}
55
56 #define SECP256K1_FE_STORAGE_CONST_GET(d) \
57  (uint32_t)(d.n[3] >> 32), (uint32_t)d.n[3], \
58  (uint32_t)(d.n[2] >> 32), (uint32_t)d.n[2], \
59  (uint32_t)(d.n[1] >> 32), (uint32_t)d.n[1], \
60  (uint32_t)(d.n[0] >> 32), (uint32_t)d.n[0]
61
62 #endif /* SECP256K1_FIELD_REPR_H */
