Bernstein-Yang modular inversion algorithm #372
Conversation
Imported from: privacy-scaling-explorations/halo2curves#83 Original code is Apache 2.0+MIT. Attribution has been added to the top of the module.
|
Hmm, re: 32-bit support, I was attempting to go off of what section 12.3 of https://gcd.cr.yp.to/safegcd-20190413.pdf had to say regarding the number of bits/iterations, but it seems something else is amiss |
tarcieri
force-pushed
the
bernstein-yang
branch
from
e9a6b9f
to
e17f681
Compare
|
Going to back out attempts at 32-bit support. The paper alludes to a That does leave the issue of how to assemble a |
tarcieri
force-pushed
the
bernstein-yang
branch
from
e17f681
to
b78e966
Compare
tarcieri
force-pushed
the
bernstein-yang
branch
from
ec0a2b2
to
a4dd489
Compare
|
Since we need to convert big integers from a saturated representation to an unsaturated 62-bit representation (and back) to perform Bernstein-Yang anyway, I changed the conversion functions to operate over That seems like enough to make the proptests pass on both 32-bit and 64-bit platforms. I haven't fully integrated it into the various modular inverse functions yet, but this is enough to get started. |
tarcieri
changed the title
|
Note: I do intend to encapsulate this and get it out of the public API |
Adapted from: privacy-scaling-explorations/halo2curves#83
Original code is Apache 2.0+MIT. Attribution has been added to the top of the module.
See also: #227
cc @dignifiedquire @fjarri @mratsim