diff --git a/internal/fp.lua b/internal/fp.lua index e37d5f8..f2d4c26 100644 --- a/internal/fp.lua +++ b/internal/fp.lua @@ -210,7 +210,7 @@ end -- -- @tparam fp2 a -- @tparam fp2 b --- @treturn fp1 c ≡ a ✕ b (mod p). +-- @treturn fp1 c ≡ a × b (mod p). -- local function mul(a, b) local a00, a01, a02, a03, a04, a05, a06, a07, a08, a09, a10, a11 = unpack(a) @@ -564,7 +564,7 @@ end -- -- @tparam fp2 a -- @tparam number k A number k in [0..2²²). --- @treturn fp1 c ≡ a ✕ k (mod p). +-- @treturn fp1 c ≡ a × k (mod p). -- local function kmul(a, k) local a00, a01, a02, a03, a04, a05, a06, a07, a08, a09, a10, a11 = unpack(a) diff --git a/internal/fq.lua b/internal/fq.lua index 41bb8c8..b0ca25c 100644 --- a/internal/fq.lua +++ b/internal/fq.lua @@ -61,7 +61,7 @@ local T1 = { --- Carries a number in base 2²⁴. -- --- @tparam {number...} a A number 0 <= a < 2 ^ (24 ✕ (#a + 1)) as limbs in +-- @tparam {number...} a A number 0 <= a < 2 ^ (24 × (#a + 1)) as limbs in -- [-2⁵²..2⁵²]. -- @treturn {number...} a as #a + 1 limbs in [0..2²⁴). -- @@ -98,7 +98,7 @@ end -- -- @tparam {number...} a An array of 11 limbs in [0..2²⁴). -- @tparam {number...} b An array of 11 limbs in [0..2²⁴). --- @treturn {number...} a ✕ b as 22 limbs in [0..2²⁴). +-- @treturn {number...} a × b as 22 limbs in [0..2²⁴). -- local function intMul(a, b) local c = {} @@ -110,8 +110,8 @@ local function intMul(a, b) end end - -- {a, b} < 2²⁶⁴ means that c < 2⁵²⁸ = 2 ^ (24 ✕ (21 + 1)). - -- c's limbs are smaller than 2⁴⁸ ✕ 11 < 2⁵², since multiplication doubles + -- {a, b} < 2²⁶⁴ means that c < 2⁵²⁸ = 2 ^ (24 × (21 + 1)). + -- c's limbs are smaller than 2⁴⁸ × 11 < 2⁵², since multiplication doubles -- bit length, and 11 multiplied limbs are added together. return carry(c) end @@ -138,7 +138,7 @@ local function reduce(a) end -- c >= q means c - q >= 0. - -- Since q < 2²⁸⁸, c < 2q means c - q < q < 2²⁸⁸ = 2^(24 ✕ (11 + 1)). + -- Since q < 2²⁸⁸, c < 2q means c - q < q < 2²⁸⁸ = 2^(24 × (11 + 1)). -- c's limbs fit in [-2²⁵..2²⁵], since subtraction adds at most one bit. local cc = carry(c) cc[12] = nil -- cc < q implies that cc[12] = 0. @@ -148,7 +148,7 @@ end --- Adds two scalars mod q. -- -- If the two operands are in Montgomery form, returns the correct result also --- in Montgomery form, since (2²⁶⁴ ✕ a) + (2²⁶⁴ ✕ b) ≡ 2²⁶⁴ ✕ (a + b) (mod q). +-- in Montgomery form, since (2²⁶⁴ × a) + (2²⁶⁴ × b) ≡ 2²⁶⁴ × (a + b) (mod q). -- -- @tparam {number...} a A number a < q as 11 limbs in [0..2²⁴). -- @tparam {number...} b A number b < q as 11 limbs in [0..2²⁴). @@ -169,7 +169,7 @@ local function neg(a) c[i] = Q[i] - a[i] end - -- 0 < c < q implies 0 < q - c < q < 2²⁸⁸ = 2^(24 ✕ (11 + 1)). + -- 0 < c < q implies 0 < q - c < q < 2²⁸⁸ = 2^(24 × (11 + 1)). -- c's limbs fit in [-2²⁵..2²⁵], since subtraction adds at most one bit. -- q - c < q also implies q - c < 2q. return reduce(carry(c)) @@ -177,8 +177,8 @@ end --- Given a scalar a, computes 2⁻²⁶⁴ a mod q. -- --- @tparam {number...} a A number a < 2²⁶⁴ ✕ q as 22 limbs in [0..2²⁴). --- @treturn {number...} 2⁻²⁶⁴ ✕ a mod q as 11 limbs in [0..2²⁴). +-- @tparam {number...} a A number a < 2²⁶⁴ × q as 22 limbs in [0..2²⁴). +-- @treturn {number...} 2⁻²⁶⁴ × a mod q as 11 limbs in [0..2²⁴). -- local function redc(a) local al = {unpack(a, 1, 11)} @@ -192,29 +192,29 @@ end --- Converts a scalar into Montgomery form. -- -- @tparam {number...} a A number a as 11 limbs in [0..2²⁴). --- @treturn {number...} 2²⁶⁴ ✕ a mod q as 11 limbs in [0..2²⁴). +-- @treturn {number...} 2²⁶⁴ × a mod q as 11 limbs in [0..2²⁴). -- local function montgomery(a) - -- a < 2²⁶⁴ and T1 < q imply that a ✕ T1 < 2²⁶⁴ ✕ q. + -- a < 2²⁶⁴ and T1 < q imply that a × T1 < 2²⁶⁴ × q. return redc(intMul(a, T1)) end --- Converts a scalar from Montgomery form. -- -- @tparam {number...} a A number a < q as 11 limbs in [0..2²⁴). --- @treturn {number...} 2⁻²⁶⁴ ✕ a mod q as 11 limbs in [0..2²⁴). +-- @treturn {number...} 2⁻²⁶⁴ × a mod q as 11 limbs in [0..2²⁴). -- local function demontgomery(a) a = {unpack(a)} for i = 12, 22 do a[i] = 0 end - -- a < q < 2²⁶⁴ ✕ q. + -- a < q < 2²⁶⁴ × q. return redc(a) end --- Converts a Lua number to a scalar. -- -- @tparam number n A number n in [0..2²⁴). --- @treturn {number...} 2²⁶⁴ ✕ n mod q as 11 limbs in [0..2²⁴). +-- @treturn {number...} 2²⁶⁴ × n mod q as 11 limbs in [0..2²⁴). -- local function num(n) return montgomery({n, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}) @@ -222,18 +222,18 @@ end --- Multiplies two scalars mod q. -- --- @tparam {number...} a 2²⁶⁴ ✕ a' mod q as 11 limbs in [0..2²⁴). --- @tparam {number...} b 2²⁶⁴ ✕ b' mod q as 11 limbs in [0..2²⁴). --- @treturn {number...} 2²⁶⁴ ✕ a' ✕ b' mod q as 11 limbs in [0..2²⁴). +-- @tparam {number...} a 2²⁶⁴ × a' mod q as 11 limbs in [0..2²⁴). +-- @tparam {number...} b 2²⁶⁴ × b' mod q as 11 limbs in [0..2²⁴). +-- @treturn {number...} 2²⁶⁴ × a' × b' mod q as 11 limbs in [0..2²⁴). -- local function mul(a, b) - -- {a, b} < q so a ✕ b < q² < 2²⁶⁴ ✕ q. + -- {a, b} < q so a × b < q² < 2²⁶⁴ × q. return redc(intMul(a, b)) end --- Encodes a scalar. -- --- @tparam {number...} a A number 2²⁶⁴ ✕ a mod q as 11 limbs in [0..2²⁴). +-- @tparam {number...} a A number 2²⁶⁴ × a mod q as 11 limbs in [0..2²⁴). -- @treturn string The 32-byte string encoding of a. -- local function encode(a) @@ -243,7 +243,7 @@ end --- Decodes a scalar. -- -- @tparam string str A 32-byte string encoding some little-endian number a. --- @treturn {number...} 2²⁶⁴ ✕ a mod q as 11 limbs in [0..2²⁴). +-- @treturn {number...} 2²⁶⁴ × a mod q as 11 limbs in [0..2²⁴). -- local function decode(str) local dec = {("