Trait halo2_proofs::arithmetic::SqrtRatio
[−]pub trait SqrtRatio: PrimeField {
const T_MINUS1_OVER2: [u64; 4];
fn get_lower_32(&self) -> u32;
fn pow_by_t_minus1_over2(&self) -> Self { ... }
fn sqrt_ratio(num: &Self, div: &Self) -> (Choice, Self) { ... }
fn sqrt_alt(&self) -> (Choice, Self) { ... }
}Expand description
A trait that exposes additional operations related to calculating square roots of prime-order finite fields.
Required Associated Constants
const T_MINUS1_OVER2: [u64; 4]
const T_MINUS1_OVER2: [u64; 4]
The value $(T-1)/2$ such that $2^S \cdot T = p - 1$ with $T$ odd.
Required Methods
fn get_lower_32(&self) -> u32
fn get_lower_32(&self) -> u32
Gets the lower 32 bits of this field element when expressed canonically.
Provided Methods
fn pow_by_t_minus1_over2(&self) -> Self
fn pow_by_t_minus1_over2(&self) -> Self
Raise this field element to the power Self::T_MINUS1_OVER2.
Field implementations may override this to use an efficient addition chain.
fn sqrt_ratio(num: &Self, div: &Self) -> (Choice, Self)
fn sqrt_ratio(num: &Self, div: &Self) -> (Choice, Self)
Computes:
- $(\textsf{true}, \sqrt{\textsf{num}/\textsf{div}})$, if $\textsf{num}$ and $\textsf{div}$ are nonzero and $\textsf{num}/\textsf{div}$ is a square in the field;
- $(\textsf{true}, 0)$, if $\textsf{num}$ is zero;
- $(\textsf{false}, 0)$, if $\textsf{num}$ is nonzero and $\textsf{div}$ is zero;
- $(\textsf{false}, \sqrt{G_S \cdot \textsf{num}/\textsf{div}})$, if $\textsf{num}$ and $\textsf{div}$ are nonzero and $\textsf{num}/\textsf{div}$ is a nonsquare in the field;
where $G_S$ is a non-square.
For pasta_curves, $G_S$ is currently [ff::PrimeField::root_of_unity], a
generator of the order $2^S$ subgroup. Users of this crate should not rely on this
generator being fixed; it may be changed in future crate versions to simplify the
implementation of the SSWU hash-to-curve algorithm.
The choice of root from sqrt is unspecified.