diff --git a/src/limb/cmp.rs b/src/limb/cmp.rs index 1de0f443..aa90df8c 100644 --- a/src/limb/cmp.rs +++ b/src/limb/cmp.rs @@ -28,13 +28,13 @@ impl Limb { /// Return `b` if `c` is truthy, otherwise return `a`. #[inline] - pub(crate) const fn ct_select(a: Self, b: Self, c: CtChoice) -> Self { + pub(crate) const fn select(a: Self, b: Self, c: CtChoice) -> Self { Self(c.select_word(a.0, b.0)) } /// Returns the truthy value if `self != 0` and the falsy value otherwise. #[inline] - pub(crate) const fn ct_is_nonzero(&self) -> CtChoice { + pub(crate) const fn is_nonzero(&self) -> CtChoice { CtChoice::from_word_nonzero(self.0) } } diff --git a/src/modular/div_by_2.rs b/src/modular/div_by_2.rs index 278f3dda..362a4fd2 100644 --- a/src/modular/div_by_2.rs +++ b/src/modular/div_by_2.rs @@ -26,5 +26,5 @@ pub(crate) fn div_by_2(a: &Uint, modulus: &Uint::ONE); - Uint::::ct_select(&if_even, &if_odd, is_odd) + Uint::::select(&if_even, &if_odd, is_odd) } diff --git a/src/modular/dyn_residue.rs b/src/modular/dyn_residue.rs index f00901b3..5b913a53 100644 --- a/src/modular/dyn_residue.rs +++ b/src/modular/dyn_residue.rs @@ -56,7 +56,7 @@ impl DynResidueParams { mod_neg_inv, }; - CtOption::new(params, modulus.is_odd()) + CtOption::new(params, as Integer>::is_odd(modulus)) } /// Returns the modulus which was used to initialize these parameters. diff --git a/src/modular/pow.rs b/src/modular/pow.rs index 5f6d74e8..e53a3308 100644 --- a/src/modular/pow.rs +++ b/src/modular/pow.rs @@ -164,7 +164,7 @@ const fn multi_exponentiate_montgomery_form_internal::ct_select(&power, &powers[j as usize], choice); + power = Uint::::select(&power, &powers[j as usize], choice); j += 1; } diff --git a/src/modular/residue.rs b/src/modular/residue.rs index 4dfa4838..640a80fa 100644 --- a/src/modular/residue.rs +++ b/src/modular/residue.rs @@ -100,7 +100,7 @@ impl, const LIMBS: usize> Residue { /// [`new_checked`][`Residue::new_checked`] if you want to be able to detect an invalid modulus. pub const fn new(integer: &Uint) -> Self { // A valid modulus must be odd - if MOD::MODULUS.ct_is_odd().to_u8() == 0 { + if MOD::MODULUS.is_odd().to_u8() == 0 { panic!("modulus must be odd"); } @@ -117,7 +117,7 @@ impl, const LIMBS: usize> Residue { // A valid modulus must be odd. CtOption::new( Self::generate_residue(integer), - MOD::MODULUS.ct_is_odd().into(), + MOD::MODULUS.is_odd().into(), ) } @@ -226,7 +226,7 @@ where D: Deserializer<'de>, { Uint::::deserialize(deserializer).and_then(|montgomery_form| { - if Uint::ct_lt(&montgomery_form, &MOD::MODULUS).into() { + if montgomery_form < MOD::MODULUS { Ok(Self { montgomery_form, phantom: PhantomData, diff --git a/src/non_zero.rs b/src/non_zero.rs index 6db07862..1b7b71a9 100644 --- a/src/non_zero.rs +++ b/src/non_zero.rs @@ -28,7 +28,7 @@ impl NonZero { /// Creates a new non-zero limb in a const context. /// The second return value is `FALSE` if `n` is zero, `TRUE` otherwise. pub const fn const_new(n: Limb) -> (Self, CtChoice) { - (Self(n), n.ct_is_nonzero()) + (Self(n), n.is_nonzero()) } } @@ -36,7 +36,7 @@ impl NonZero> { /// Creates a new non-zero integer in a const context. /// The second return value is `FALSE` if `n` is zero, `TRUE` otherwise. pub const fn const_new(n: Uint) -> (Self, CtChoice) { - (Self(n), n.ct_is_nonzero()) + (Self(n), n.is_nonzero()) } } diff --git a/src/uint/add.rs b/src/uint/add.rs index 94047743..f05752a5 100644 --- a/src/uint/add.rs +++ b/src/uint/add.rs @@ -24,7 +24,7 @@ impl Uint { /// Perform saturating addition, returning `MAX` on overflow. pub const fn saturating_add(&self, rhs: &Self) -> Self { let (res, overflow) = self.adc(rhs, Limb::ZERO); - Self::ct_select(&res, &Self::MAX, CtChoice::from_word_lsb(overflow.0)) + Self::select(&res, &Self::MAX, CtChoice::from_word_lsb(overflow.0)) } /// Perform wrapping addition, discarding overflow. @@ -39,7 +39,7 @@ impl Uint { rhs: &Self, choice: CtChoice, ) -> (Self, CtChoice) { - let actual_rhs = Uint::ct_select(&Uint::ZERO, rhs, choice); + let actual_rhs = Uint::select(&Uint::ZERO, rhs, choice); let (sum, carry) = self.adc(&actual_rhs, Limb::ZERO); (sum, CtChoice::from_word_lsb(carry.0)) } diff --git a/src/uint/cmp.rs b/src/uint/cmp.rs index e2740d17..a2b93496 100644 --- a/src/uint/cmp.rs +++ b/src/uint/cmp.rs @@ -10,12 +10,12 @@ use subtle::{Choice, ConstantTimeEq, ConstantTimeGreater, ConstantTimeLess}; impl Uint { /// Return `b` if `c` is truthy, otherwise return `a`. #[inline] - pub(crate) const fn ct_select(a: &Self, b: &Self, c: CtChoice) -> Self { + pub(crate) const fn select(a: &Self, b: &Self, c: CtChoice) -> Self { let mut limbs = [Limb::ZERO; LIMBS]; let mut i = 0; while i < LIMBS { - limbs[i] = Limb::ct_select(a.limbs[i], b.limbs[i], c); + limbs[i] = Limb::select(a.limbs[i], b.limbs[i], c); i += 1; } @@ -23,33 +23,33 @@ impl Uint { } #[inline] - pub(crate) const fn ct_swap(a: &Self, b: &Self, c: CtChoice) -> (Self, Self) { - let new_a = Self::ct_select(a, b, c); - let new_b = Self::ct_select(b, a, c); + pub(crate) const fn swap(a: &Self, b: &Self, c: CtChoice) -> (Self, Self) { + let new_a = Self::select(a, b, c); + let new_b = Self::select(b, a, c); (new_a, new_b) } /// Returns the truthy value if `self`!=0 or the falsy value otherwise. #[inline] - pub(crate) const fn ct_is_nonzero(&self) -> CtChoice { + pub(crate) const fn is_nonzero(&self) -> CtChoice { let mut b = 0; let mut i = 0; while i < LIMBS { b |= self.limbs[i].0; i += 1; } - Limb(b).ct_is_nonzero() + Limb(b).is_nonzero() } /// Returns the truthy value if `self` is odd or the falsy value otherwise. - pub(crate) const fn ct_is_odd(&self) -> CtChoice { + pub(crate) const fn is_odd(&self) -> CtChoice { CtChoice::from_word_lsb(self.limbs[0].0 & 1) } /// Returns the truthy value if `self == rhs` or the falsy value otherwise. #[inline] - pub(crate) const fn ct_eq(lhs: &Self, rhs: &Self) -> CtChoice { + pub(crate) const fn eq(lhs: &Self, rhs: &Self) -> CtChoice { let mut acc = 0; let mut i = 0; @@ -59,12 +59,12 @@ impl Uint { } // acc == 0 if and only if self == rhs - Limb(acc).ct_is_nonzero().not() + Limb(acc).is_nonzero().not() } /// Returns the truthy value if `self <= rhs` and the falsy value otherwise. #[inline] - pub(crate) const fn ct_lt(lhs: &Self, rhs: &Self) -> CtChoice { + pub(crate) const fn lt(lhs: &Self, rhs: &Self) -> CtChoice { // We could use the same approach as in Limb::ct_lt(), // but since we have to use Uint::wrapping_sub(), which calls `sbb()`, // there are no savings compared to just calling `sbb()` directly. @@ -74,7 +74,7 @@ impl Uint { /// Returns the truthy value if `self >= rhs` and the falsy value otherwise. #[inline] - pub(crate) const fn ct_gt(lhs: &Self, rhs: &Self) -> CtChoice { + pub(crate) const fn gt(lhs: &Self, rhs: &Self) -> CtChoice { let (_res, borrow) = rhs.sbb(lhs, Limb::ZERO); CtChoice::from_word_mask(borrow.0) } @@ -85,7 +85,7 @@ impl Uint { /// 0 is Equal /// 1 is Greater #[inline] - pub(crate) const fn ct_cmp(lhs: &Self, rhs: &Self) -> i8 { + pub(crate) const fn cmp(lhs: &Self, rhs: &Self) -> i8 { let mut i = 0; let mut borrow = Limb::ZERO; let mut diff = Limb::ZERO; @@ -97,7 +97,7 @@ impl Uint { i += 1; } let sgn = ((borrow.0 & 2) as i8) - 1; - (diff.ct_is_nonzero().to_u8() as i8) * sgn + (diff.is_nonzero().to_u8() as i8) * sgn } /// Returns the Ordering between `self` and `rhs` in variable time. @@ -123,21 +123,21 @@ impl Uint { impl ConstantTimeEq for Uint { #[inline] fn ct_eq(&self, other: &Self) -> Choice { - Uint::ct_eq(self, other).into() + Uint::eq(self, other).into() } } impl ConstantTimeGreater for Uint { #[inline] fn ct_gt(&self, other: &Self) -> Choice { - Uint::ct_gt(self, other).into() + Uint::gt(self, other).into() } } impl ConstantTimeLess for Uint { #[inline] fn ct_lt(&self, other: &Self) -> Choice { - Uint::ct_lt(self, other).into() + Uint::lt(self, other).into() } } @@ -145,7 +145,7 @@ impl Eq for Uint {} impl Ord for Uint { fn cmp(&self, other: &Self) -> Ordering { - let c = Self::ct_cmp(self, other); + let c = Self::cmp(self, other); match c { -1 => Ordering::Less, 0 => Ordering::Equal, @@ -181,9 +181,15 @@ mod tests { #[test] fn is_odd() { + // inherent methods assert!(!bool::from(U128::ZERO.is_odd())); assert!(bool::from(U128::ONE.is_odd())); assert!(bool::from(U128::MAX.is_odd())); + + // `Integer` methods + assert!(!bool::from(::is_odd(&U128::ZERO))); + assert!(bool::from(::is_odd(&U128::ONE))); + assert!(bool::from(::is_odd(&U128::MAX))); } #[test] diff --git a/src/uint/div.rs b/src/uint/div.rs index ac50a206..f4259baa 100644 --- a/src/uint/div.rs +++ b/src/uint/div.rs @@ -9,7 +9,10 @@ impl Uint { /// Computes `self` / `rhs` using a pre-made reciprocal, /// returns the quotient (q) and remainder (r). #[inline(always)] - pub const fn ct_div_rem_limb_with_reciprocal(&self, reciprocal: &Reciprocal) -> (Self, Limb) { + pub const fn const_div_rem_limb_with_reciprocal( + &self, + reciprocal: &Reciprocal, + ) -> (Self, Limb) { div_rem_limb_with_reciprocal(self, reciprocal) } @@ -27,8 +30,8 @@ impl Uint { /// Returns the truthy value as the third element of the tuple if `rhs != 0`, /// and the falsy value otherwise. #[inline(always)] - pub(crate) const fn ct_div_rem_limb(&self, rhs: Limb) -> (Self, Limb, CtChoice) { - let (reciprocal, is_some) = Reciprocal::ct_new(rhs); + pub(crate) const fn const_div_rem_limb(&self, rhs: Limb) -> (Self, Limb, CtChoice) { + let (reciprocal, is_some) = Reciprocal::const_new(rhs); let (quo, rem) = div_rem_limb_with_reciprocal(self, &reciprocal); (quo, rem, is_some) } @@ -37,7 +40,7 @@ impl Uint { #[inline(always)] pub fn div_rem_limb(&self, rhs: NonZero) -> (Self, Limb) { // Guaranteed to succeed since `rhs` is nonzero. - let (quo, rem, _is_some) = self.ct_div_rem_limb(*rhs); + let (quo, rem, _is_some) = self.const_div_rem_limb(*rhs); (quo, rem) } @@ -59,9 +62,9 @@ impl Uint { let mut done = CtChoice::FALSE; loop { let (mut r, borrow) = rem.sbb(&c, Limb::ZERO); - rem = Self::ct_select(&r, &rem, CtChoice::from_word_mask(borrow.0).or(done)); + rem = Self::select(&r, &rem, CtChoice::from_word_mask(borrow.0).or(done)); r = quo.bitor(&Self::ONE); - quo = Self::ct_select(&r, &quo, CtChoice::from_word_mask(borrow.0).or(done)); + quo = Self::select(&r, &quo, CtChoice::from_word_mask(borrow.0).or(done)); if i == 0 { break; } @@ -70,11 +73,11 @@ impl Uint { // aren't modified further (but do the remaining iterations anyway to be constant-time) done = CtChoice::from_word_lt(i as Word, mb as Word); c = c.shr1(); - quo = Self::ct_select(&quo.shl1(), &quo, done); + quo = Self::select(&quo.shl1(), &quo, done); } - let is_some = Limb(mb as Word).ct_is_nonzero(); - quo = Self::ct_select(&Self::ZERO, &quo, is_some); + let is_some = Limb(mb as Word).is_nonzero(); + quo = Self::select(&Self::ZERO, &quo, is_some); (quo, rem, is_some) } @@ -97,9 +100,9 @@ impl Uint { loop { let (mut r, borrow) = rem.sbb(&c, Limb::ZERO); - rem = Self::ct_select(&r, &rem, CtChoice::from_word_mask(borrow.0)); + rem = Self::select(&r, &rem, CtChoice::from_word_mask(borrow.0)); r = quo.bitor(&Self::ONE); - quo = Self::ct_select(&r, &quo, CtChoice::from_word_mask(borrow.0)); + quo = Self::select(&r, &quo, CtChoice::from_word_mask(borrow.0)); if bd == 0 { break; } @@ -109,7 +112,7 @@ impl Uint { } let is_some = CtChoice::from_u32_nonzero(mb); - quo = Self::ct_select(&Self::ZERO, &quo, is_some); + quo = Self::select(&Self::ZERO, &quo, is_some); (quo, rem, is_some) } @@ -129,7 +132,7 @@ impl Uint { loop { let (r, borrow) = rem.sbb(&c, Limb::ZERO); - rem = Self::ct_select(&r, &rem, CtChoice::from_word_mask(borrow.0)); + rem = Self::select(&r, &rem, CtChoice::from_word_mask(borrow.0)); if bd == 0 { break; } @@ -164,8 +167,8 @@ impl Uint { let (lower_sub, borrow) = lower.sbb(&c.0, Limb::ZERO); let (upper_sub, borrow) = upper.sbb(&c.1, borrow); - lower = Self::ct_select(&lower_sub, &lower, CtChoice::from_word_mask(borrow.0)); - upper = Self::ct_select(&upper_sub, &upper, CtChoice::from_word_mask(borrow.0)); + lower = Self::select(&lower_sub, &lower, CtChoice::from_word_mask(borrow.0)); + upper = Self::select(&upper_sub, &upper, CtChoice::from_word_mask(borrow.0)); if bd == 0 { break; } @@ -191,7 +194,7 @@ impl Uint { let outmask = Limb(out.limbs[limb_num].0 & mask); - out.limbs[limb_num] = Limb::ct_select(out.limbs[limb_num], outmask, le); + out.limbs[limb_num] = Limb::select(out.limbs[limb_num], outmask, le); // TODO: this is not constant-time. let mut i = limb_num + 1; @@ -305,7 +308,7 @@ impl Div> for Uint { type Output = Uint; fn div(self, rhs: NonZero) -> Self::Output { - let (q, _, _) = self.ct_div_rem_limb(*rhs); + let (q, _, _) = self.const_div_rem_limb(*rhs); q } } @@ -394,7 +397,7 @@ impl Rem> for Uint { type Output = Limb; fn rem(self, rhs: NonZero) -> Self::Output { - let (_, r, _) = self.ct_div_rem_limb(*rhs); + let (_, r, _) = self.const_div_rem_limb(*rhs); r } } diff --git a/src/uint/div_limb.rs b/src/uint/div_limb.rs index 62cef024..d19bfa40 100644 --- a/src/uint/div_limb.rs +++ b/src/uint/div_limb.rs @@ -70,14 +70,14 @@ pub const fn reciprocal(d: Word) -> Word { /// Returns `u32::MAX` if `a < b` and `0` otherwise. #[inline] -const fn ct_lt(a: u32, b: u32) -> u32 { +const fn lt(a: u32, b: u32) -> u32 { let bit = (((!a) & b) | (((!a) | b) & (a.wrapping_sub(b)))) >> (u32::BITS - 1); bit.wrapping_neg() } /// Returns `a` if `c == 0` and `b` if `c == u32::MAX`. #[inline(always)] -const fn ct_select(a: u32, b: u32, c: u32) -> u32 { +const fn select(a: u32, b: u32, c: u32) -> u32 { a ^ (c & (a ^ b)) } @@ -101,8 +101,8 @@ const fn short_div(dividend: u32, dividend_bits: u32, divisor: u32, divisor_bits while i > 0 { i -= 1; - let bit = ct_lt(dividend, divisor); - dividend = ct_select(dividend.wrapping_sub(divisor), dividend, bit); + let bit = lt(dividend, divisor); + dividend = select(dividend.wrapping_sub(divisor), dividend, bit); divisor >>= 1; let inv_bit = !bit; quotient |= (inv_bit >> (u32::BITS - 1)) << i; @@ -174,7 +174,7 @@ impl Reciprocal { /// Note: if the returned flag is falsy, the returned reciprocal object is still self-consistent /// and can be passed to functions here without causing them to panic, /// but the results are naturally not to be used. - pub const fn ct_new(divisor: Limb) -> (Self, CtChoice) { + pub const fn const_new(divisor: Limb) -> (Self, CtChoice) { // Assuming this is constant-time for primitive types. let shift = divisor.0.leading_zeros(); @@ -218,7 +218,7 @@ impl Reciprocal { /// A non-const-fn version of `new_const()`, wrapping the result in a `CtOption`. pub fn new(divisor: Limb) -> CtOption { - let (rec, is_some) = Self::ct_new(divisor); + let (rec, is_some) = Self::const_new(divisor); CtOption::new(rec, is_some.into()) } } diff --git a/src/uint/inv_mod.rs b/src/uint/inv_mod.rs index 19f9ade5..350490b6 100644 --- a/src/uint/inv_mod.rs +++ b/src/uint/inv_mod.rs @@ -23,7 +23,7 @@ impl Uint { let x_i = b.limbs[0].0 & 1; let x_i_choice = CtChoice::from_word_lsb(x_i); // b_{i+1} = (b_i - a * X_i) / 2 - b = Self::ct_select(&b, &b.wrapping_sub(self), x_i_choice).shr1(); + b = Self::select(&b, &b.wrapping_sub(self), x_i_choice).shr1(); // Store the X_i bit in the result (x = x | (1 << X_i)) x = x.bitor(&Uint::from_word(x_i).shl_vartime(i)); @@ -53,7 +53,7 @@ impl Uint { let x_i = b.limbs[0].0 & 1; let x_i_choice = CtChoice::from_word_lsb(x_i); // b_{i+1} = (b_i - a * X_i) / 2 - b = Self::ct_select(&b, &b.wrapping_sub(self), x_i_choice).shr1(); + b = Self::select(&b, &b.wrapping_sub(self), x_i_choice).shr1(); // Store the X_i bit in the result (x = x | (1 << X_i)) // Don't change the result in dummy iterations. @@ -83,7 +83,7 @@ impl Uint { bits: u32, modulus_bits: u32, ) -> (Self, CtChoice) { - debug_assert!(modulus.ct_is_odd().is_true_vartime()); + debug_assert!(modulus.is_odd().is_true_vartime()); let mut a = *self; @@ -102,18 +102,18 @@ impl Uint { let mut i = 0; while i < bit_size { - debug_assert!(b.ct_is_odd().is_true_vartime()); + debug_assert!(b.is_odd().is_true_vartime()); - let self_odd = a.ct_is_odd(); + let self_odd = a.is_odd(); // Set `self -= b` if `self` is odd. let (new_a, swap) = a.conditional_wrapping_sub(&b, self_odd); // Set `b += self` if `swap` is true. - b = Uint::ct_select(&b, &b.wrapping_add(&new_a), swap); + b = Uint::select(&b, &b.wrapping_add(&new_a), swap); // Negate `self` if `swap` is true. a = new_a.conditional_wrapping_neg(swap); - let (new_u, new_v) = Uint::ct_swap(&u, &v, swap); + let (new_u, new_v) = Uint::swap(&u, &v, swap); let (new_u, cy) = new_u.conditional_wrapping_sub(&new_v, self_odd); let (new_u, cyy) = new_u.conditional_wrapping_add(modulus, cy); debug_assert!(cy.is_true_vartime() == cyy.is_true_vartime()); @@ -131,9 +131,9 @@ impl Uint { i += 1; } - debug_assert!(!a.ct_is_nonzero().is_true_vartime()); + debug_assert!(!a.is_nonzero().is_true_vartime()); - (v, Uint::ct_eq(&b, &Uint::ONE)) + (v, Uint::eq(&b, &Uint::ONE)) } /// Computes the multiplicative inverse of `self` mod `modulus`, where `modulus` is odd. @@ -156,7 +156,7 @@ impl Uint { let (a, a_is_some) = self.inv_odd_mod(&s); let b = self.inv_mod2k(k); // inverse modulo 2^k exists either if `k` is 0 or if `self` is odd. - let b_is_some = CtChoice::from_u32_nonzero(k).not().or(self.ct_is_odd()); + let b_is_some = CtChoice::from_u32_nonzero(k).not().or(self.is_odd()); // Restore from RNS: // self^{-1} = a mod s = b mod 2^k diff --git a/src/uint/mul.rs b/src/uint/mul.rs index a668f2ce..f49ac80b 100644 --- a/src/uint/mul.rs +++ b/src/uint/mul.rs @@ -76,7 +76,7 @@ impl Uint { /// Perform saturating multiplication, returning `MAX` on overflow. pub const fn saturating_mul(&self, rhs: &Uint) -> Self { let (res, overflow) = self.mul_wide(rhs); - Self::ct_select(&res, &Self::MAX, overflow.ct_is_nonzero()) + Self::select(&res, &Self::MAX, overflow.is_nonzero()) } /// Perform wrapping multiplication, discarding overflow. diff --git a/src/uint/neg.rs b/src/uint/neg.rs index 4881a279..a1efcb1a 100644 --- a/src/uint/neg.rs +++ b/src/uint/neg.rs @@ -13,7 +13,7 @@ impl Neg for Wrapping> { impl Uint { /// Negates based on `choice` by wrapping the integer. pub(crate) const fn conditional_wrapping_neg(&self, choice: CtChoice) -> Uint { - Uint::ct_select(self, &self.wrapping_neg(), choice) + Uint::select(self, &self.wrapping_neg(), choice) } /// Perform wrapping negation. diff --git a/src/uint/neg_mod.rs b/src/uint/neg_mod.rs index 28cd24b3..b6ca3927 100644 --- a/src/uint/neg_mod.rs +++ b/src/uint/neg_mod.rs @@ -6,7 +6,7 @@ impl Uint { /// Computes `-a mod p`. /// Assumes `self` is in `[0, p)`. pub const fn neg_mod(&self, p: &Self) -> Self { - let z = self.ct_is_nonzero(); + let z = self.is_nonzero(); let mut ret = p.sbb(self, Limb::ZERO).0; let mut i = 0; while i < LIMBS { diff --git a/src/uint/shl.rs b/src/uint/shl.rs index ce4b9047..6a7643c3 100644 --- a/src/uint/shl.rs +++ b/src/uint/shl.rs @@ -13,11 +13,11 @@ impl Uint { let mut i = 0; while i < Self::LOG2_BITS + 1 { let bit = CtChoice::from_u32_lsb((shift >> i) & 1); - result = Uint::ct_select(&result, &result.shl_vartime(1 << i), bit); + result = Uint::select(&result, &result.shl_vartime(1 << i), bit); i += 1; } - Uint::ct_select(&result, &Self::ZERO, overflow) + Uint::select(&result, &Self::ZERO, overflow) } /// Computes `self << shift`. diff --git a/src/uint/shr.rs b/src/uint/shr.rs index 8f2b0b69..c38116a1 100644 --- a/src/uint/shr.rs +++ b/src/uint/shr.rs @@ -14,11 +14,11 @@ impl Uint { let mut i = 0; while i < Self::LOG2_BITS + 1 { let bit = CtChoice::from_u32_lsb((shift >> i) & 1); - result = Uint::ct_select(&result, &result.shr_vartime(1 << i), bit); + result = Uint::select(&result, &result.shr_vartime(1 << i), bit); i += 1; } - Uint::ct_select(&result, &Self::ZERO, overflow) + Uint::select(&result, &Self::ZERO, overflow) } /// Computes `self >> shift`. diff --git a/src/uint/sqrt.rs b/src/uint/sqrt.rs index eed95826..55dd879c 100644 --- a/src/uint/sqrt.rs +++ b/src/uint/sqrt.rs @@ -30,7 +30,7 @@ impl Uint { let (q, _, is_some) = self.const_div_rem(&x); // A protection in case `self == 0`, which will make `x == 0` - let q = Self::ct_select(&Self::ZERO, &q, is_some); + let q = Self::select(&Self::ZERO, &q, is_some); x = x.wrapping_add(&q).shr1(); i += 1; @@ -39,7 +39,7 @@ impl Uint { // At this point `x_prev == x_{n}` and `x == x_{n+1}` // where `n == i - 1 == LOG2_BITS + 1 == floor(log2(BITS)) + 1`. // Thus, according to Hast, `sqrt(self) = min(x_n, x_{n+1})`. - Self::ct_select(&x_prev, &x, Uint::ct_gt(&x_prev, &x)) + Self::select(&x_prev, &x, Uint::gt(&x_prev, &x)) } /// Computes √(`self`) @@ -68,7 +68,7 @@ impl Uint { x = next_x; } - if self.ct_is_nonzero().is_true_vartime() { + if self.is_nonzero().is_true_vartime() { x } else { Self::ZERO diff --git a/src/uint/sub.rs b/src/uint/sub.rs index 000a4f8c..9a60ebcd 100644 --- a/src/uint/sub.rs +++ b/src/uint/sub.rs @@ -25,7 +25,7 @@ impl Uint { /// Perform saturating subtraction, returning `ZERO` on underflow. pub const fn saturating_sub(&self, rhs: &Self) -> Self { let (res, underflow) = self.sbb(rhs, Limb::ZERO); - Self::ct_select(&res, &Self::ZERO, CtChoice::from_word_mask(underflow.0)) + Self::select(&res, &Self::ZERO, CtChoice::from_word_mask(underflow.0)) } /// Perform wrapping subtraction, discarding underflow and wrapping around @@ -41,7 +41,7 @@ impl Uint { rhs: &Self, choice: CtChoice, ) -> (Self, CtChoice) { - let actual_rhs = Uint::ct_select(&Uint::ZERO, rhs, choice); + let actual_rhs = Uint::select(&Uint::ZERO, rhs, choice); let (res, borrow) = self.sbb(&actual_rhs, Limb::ZERO); (res, CtChoice::from_word_mask(borrow.0)) }