diff --git a/constantine/arithmetic/bigints.nim b/constantine/arithmetic/bigints.nim index b6f565c..bf3c7f6 100644 --- a/constantine/arithmetic/bigints.nim +++ b/constantine/arithmetic/bigints.nim @@ -104,7 +104,7 @@ func copyTruncatedFrom*[dBits, sBits: static int](dst: var BigInt[dBits], src: B for wordIdx in 0 ..< min(dst.limbs.len, src.limbs.len): dst.limbs[wordIdx] = src.limbs[wordIdx] for wordIdx in min(dst.limbs.len, src.limbs.len) ..< dst.limbs.len: - dst.limbs[wordIdx] = SecretWord(0) + dst.limbs[wordIdx] = Zero # Comparison # ------------------------------------------------------------ @@ -317,14 +317,14 @@ func bit*[bits: static int](a: BigInt[bits], index: int): Ct[uint8] = ## (b255, b254, ..., b1, b0) const SlotShift = log2(WordBitWidth.uint32) const SelectMask = WordBitWidth - 1 - const BitMask = SecretWord 1 + const BitMask = One let slot = a.limbs[index shr SlotShift] # LimbEndianness is littleEndian result = ct(slot shr (index and SelectMask) and BitMask, uint8) func bit0*(a: BigInt): Ct[uint8] = ## Access the least significant bit - ct(a.limbs[0] and SecretWord(1), uint8) + ct(a.limbs[0] and One, uint8) # Multiplication by small cosntants # ------------------------------------------------------------ diff --git a/constantine/arithmetic/limbs.nim b/constantine/arithmetic/limbs.nim index a7e1027..153975c 100644 --- a/constantine/arithmetic/limbs.nim +++ b/constantine/arithmetic/limbs.nim @@ -67,7 +67,7 @@ func setZero*(a: var Limbs) = func setOne*(a: var Limbs) = ## Set ``a`` to 1 - a[0] = SecretWord(1) + a[0] = One when a.len > 1: zeroMem(a[1].addr, (a.len - 1) * sizeof(SecretWord)) @@ -76,7 +76,7 @@ func czero*(a: var Limbs, ctl: SecretBool) = # Only used for FF neg in pure Nim fallback # so no need for assembly for i in 0 ..< a.len: - ctl.ccopy(a[i], SecretWord 0) + ctl.ccopy(a[i], Zero) # Copy # ------------------------------------------------------------ @@ -147,15 +147,15 @@ func eq*(a: Limbs, n: SecretWord): SecretBool = func isOne*(a: Limbs): SecretBool = ## Returns true if ``a`` is equal to one - a.eq(SecretWord(1)) + a.eq(One) func isOdd*(a: Limbs): SecretBool = ## Returns true if a is odd - SecretBool(a[0] and SecretWord(1)) + SecretBool(a[0] and One) func isEven*(a: Limbs): SecretBool = ## Returns true if a is even - not SecretBool(a[0] and SecretWord(1)) + not SecretBool(a[0] and One) # Bit manipulation # ------------------------------------------------------------ @@ -341,7 +341,7 @@ func prod*[rLen, aLen, bLen: static int](r: var Limbs[rLen], a: Limbs[aLen], b: mul_asm(r, a, b) else: # We use Product Scanning / Comba multiplication - var t, u, v = SecretWord(0) + var t, u, v = Zero staticFor i, 0, min(a.len+b.len, r.len): const ib = min(b.len-1, i) @@ -352,11 +352,11 @@ func prod*[rLen, aLen, bLen: static int](r: var Limbs[rLen], a: Limbs[aLen], b: r[i] = v v = u u = t - t = SecretWord(0) + t = Zero if aLen+bLen < rLen: for i in aLen+bLen ..< rLen: - r[i] = SecretWord 0 + r[i] = Zero func prod_high_words*[rLen, aLen, bLen]( r: var Limbs[rLen], @@ -380,7 +380,7 @@ func prod_high_words*[rLen, aLen, bLen]( # i.e. prod_high_words(result, P, a, w) # We use Product Scanning / Comba multiplication - var t, u, v = SecretWord(0) # Will raise warning on empty iterations + var t, u, v = Zero # Will raise warning on empty iterations var z: Limbs[rLen] # zero-init, ensure on stack and removes in-place problems # The previous 2 columns can affect the lowest word due to carries @@ -397,7 +397,7 @@ func prod_high_words*[rLen, aLen, bLen]( z[i-lowestWordIndex] = v v = u u = t - t = SecretWord(0) + t = Zero r = z diff --git a/constantine/arithmetic/limbs_montgomery.nim b/constantine/arithmetic/limbs_montgomery.nim index 275d9ef..31ba98d 100644 --- a/constantine/arithmetic/limbs_montgomery.nim +++ b/constantine/arithmetic/limbs_montgomery.nim @@ -138,7 +138,7 @@ func montyMul_FIPS(r: var Limbs, a, b, M: Limbs, m0ninv: BaseType) = # https://eprint.iacr.org/2013/882.pdf var z: typeof(r) # zero-init, ensure on stack and removes in-place problems in tower fields const L = r.len - var t, u, v = SecretWord(0) + var t, u, v = Zero staticFor i, 0, L: staticFor j, 0, i: @@ -149,7 +149,7 @@ func montyMul_FIPS(r: var Limbs, a, b, M: Limbs, m0ninv: BaseType) = mulAcc(t, u, v, z[i], M[0]) v = u u = t - t = SecretWord(0) + t = Zero staticFor i, L, 2*L: staticFor j, i-L+1, L: mulAcc(t, u, v, a[j], b[i-j]) @@ -157,7 +157,7 @@ func montyMul_FIPS(r: var Limbs, a, b, M: Limbs, m0ninv: BaseType) = z[i-L] = v v = u u = t - t = SecretWord(0) + t = Zero discard z.csub(M, v.isNonZero() or not(z < M)) r = z diff --git a/constantine/elliptic/ec_endomorphism_accel.nim b/constantine/elliptic/ec_endomorphism_accel.nim index 405c2d7..1877827 100644 --- a/constantine/elliptic/ec_endomorphism_accel.nim +++ b/constantine/elliptic/ec_endomorphism_accel.nim @@ -85,7 +85,7 @@ func decomposeEndo*[M, scalBits, L: static int]( when babai(F)[i][1]: # prod_high_words works like logical right shift # When negative, we should add 1 to properly round toward -infinity - alphas[i] += SecretWord(1) + alphas[i] += One # We have k0 = s - 𝛼0 b00 - 𝛼1 b10 ... - 𝛼m bm0 # and kj = 0 - 𝛼j b0j - 𝛼1 b1j ... - 𝛼m bmj @@ -339,7 +339,7 @@ func scalarMulEndo*[scalBits; EC]( # we need the base miniscalar (that encodes the sign) # to be odd, and this in constant-time to protect the secret least-significant bit. let k0isOdd = miniScalars[0].isOdd() - discard miniScalars[0].cadd(SecretWord(1), not k0isOdd) + discard miniScalars[0].cadd(One, not k0isOdd) var recoded: GLV_SAC[M, L] # zero-init required recoded.nDimMultiScalarRecoding(miniScalars) @@ -511,7 +511,7 @@ func scalarMulGLV_m2w2*[scalBits; EC]( # we need the base miniscalar (that encodes the sign) # to be odd, and this in constant-time to protect the secret least-significant bit. let k0isOdd = miniScalars[0].isOdd() - discard miniScalars[0].cadd(SecretWord(1), not k0isOdd) + discard miniScalars[0].cadd(One, not k0isOdd) var recoded: GLV_SAC[2, L] # zero-init required recoded.nDimMultiScalarRecoding(miniScalars) diff --git a/tests/t_bigints.nim b/tests/t_bigints.nim index b338321..212df6c 100644 --- a/tests/t_bigints.nim +++ b/tests/t_bigints.nim @@ -157,7 +157,7 @@ proc mainArith() = let expected = BigInt[256].fromHex"7fffffff80000000800000000000000000000000800000000000000000000000" - discard a.add(SecretWord 1) + discard a.add(One) check: bool(a == expected) proc mainMul() = @@ -534,7 +534,7 @@ proc mainModularInverse() = let M = BigInt[16].fromUint(2017'u16) var mp1div2 = M - discard mp1div2.add(SecretWord 1) + discard mp1div2.add(One) mp1div2.shiftRight(1) let expected = BigInt[16].fromUint(1969'u16) @@ -549,7 +549,7 @@ proc mainModularInverse() = let M = BigInt[381].fromUint(2017'u16) var mp1div2 = M - discard mp1div2.add(SecretWord 1) + discard mp1div2.add(One) mp1div2.shiftRight(1) let expected = BigInt[381].fromUint(1969'u16) @@ -565,7 +565,7 @@ proc mainModularInverse() = let M = BigInt[16].fromUint(383'u16) var mp1div2 = M - discard mp1div2.add(SecretWord 1) + discard mp1div2.add(One) mp1div2.shiftRight(1) let expected = BigInt[16].fromUint(106'u16) @@ -580,7 +580,7 @@ proc mainModularInverse() = let M = BigInt[381].fromUint(383'u16) var mp1div2 = M - discard mp1div2.add(SecretWord 1) + discard mp1div2.add(One) mp1div2.shiftRight(1) let expected = BigInt[381].fromUint(106'u16) @@ -595,7 +595,7 @@ proc mainModularInverse() = let M = BigInt[381].fromHex("0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab") var mp1div2 = M - discard mp1div2.add(SecretWord 1) + discard mp1div2.add(One) mp1div2.shiftRight(1) let expected = BigInt[381].fromHex("0x0636759a0f3034fa47174b2c0334902f11e9915b7bd89c6a2b3082b109abbc9837da17201f6d8286fe6203caa1b9d4c8") @@ -612,7 +612,7 @@ proc mainModularInverse() = var mp1div2 = M mp1div2.shiftRight(1) - discard mp1div2.add(SecretWord 1) + discard mp1div2.add(One) let expected = BigInt[16].fromUint(0'u16) var r = canary(BigInt[16]) @@ -627,7 +627,7 @@ proc mainModularInverse() = var mp1div2 = M mp1div2.shiftRight(1) - discard mp1div2.add(SecretWord 1) + discard mp1div2.add(One) let expected = BigInt[381].fromUint(0'u16) var r = canary(BigInt[381])