purify/docs/numeric_8cpp_source.html

// Copyright (c) 2026 Judica, Inc.

// Distributed under the MIT software license, see the accompanying

// file COPYING or https://opensource.org/license/mit/.


#include "purify/numeric.hpp"


#include "field.h"


namespace purify {


namespace {


purify_fe to_core(const FieldElement& value) {

    return purify_fe{detail::FieldElementAccess::raw(value)};

}


FieldElement from_core(const purify_fe& value) {

    return detail::FieldElementAccess::from_raw(value.value);

}


}  // namespace


FieldElement::FieldElement() {

    purify_scalar_set_int(&value_, 0);

}


FieldElement FieldElement::zero() {

    return FieldElement();

}


FieldElement FieldElement::one() {

    return from_u64(1);

}


FieldElement FieldElement::from_u64(std::uint64_t value) {

    FieldElement out;

    purify_scalar_set_u64(&out.value_, value);

    return out;

}


FieldElement FieldElement::from_int(std::int64_t value) {

    if (value >= 0) {

        return from_u64(static_cast<std::uint64_t>(value));

    }

    return from_u64(static_cast<std::uint64_t>(-value)).negate();

}


Result<FieldElement> FieldElement::try_from_bytes32(const std::array<unsigned char, 32>& bytes) {

    FieldElement out;

    int overflow = 0;

    purify_scalar_set_b32(&out.value_, bytes.data(), &overflow);

    if (overflow != 0) {

        return unexpected_error(ErrorCode::RangeViolation, "FieldElement::try_from_bytes32:out_of_range");

    }

    return out;

}


FieldElement FieldElement::from_bytes32(const std::array<unsigned char, 32>& bytes) {

    Result<FieldElement> out = try_from_bytes32(bytes);

    assert(out.has_value() && "FieldElement::from_bytes32() requires a canonical field element");

    return std::move(*out);

}


Result<FieldElement> FieldElement::try_from_uint256(const UInt256& value) {

    return try_from_bytes32(value.to_bytes_be());

}


FieldElement FieldElement::from_uint256(const UInt256& value) {

    Result<FieldElement> out = try_from_uint256(value);

    assert(out.has_value() && "FieldElement::from_uint256() requires a canonical field element");

    return std::move(*out);

}


UInt256 FieldElement::to_uint256() const {

    std::array<unsigned char, 32> bytes = to_bytes_be();

    return UInt256::from_bytes_be(bytes.data(), bytes.size());

}


std::array<unsigned char, 32> FieldElement::to_bytes_be() const {

    std::array<unsigned char, 32> bytes{};

    purify_scalar_get_b32(bytes.data(), &value_);

    return bytes;

}


std::array<unsigned char, 32> FieldElement::to_bytes_le() const {

    std::array<unsigned char, 32> bytes = to_bytes_be();

    std::reverse(bytes.begin(), bytes.end());

    return bytes;

}


std::string FieldElement::to_hex() const {

    return to_uint256().to_hex();

}


std::string FieldElement::to_decimal() const {

    return to_uint256().to_decimal();

}


bool FieldElement::is_zero() const {

    return purify_scalar_is_zero(&value_) != 0;

}


bool FieldElement::is_one() const {

    return purify_scalar_is_one(&value_) != 0;

}


bool FieldElement::is_odd() const {

    return purify_scalar_is_even(&value_) == 0;

}


bool FieldElement::is_square() const {

    const purify_fe input = to_core(*this);

    return purify_fe_is_square(&input) != 0;

}


FieldElement FieldElement::negate() const {

    FieldElement out;

    purify_scalar_negate(&out.value_, &value_);

    return out;

}


void FieldElement::conditional_assign(const FieldElement& other, bool flag) {

    purify_scalar_cmov(&value_, &other.value_, flag ? 1 : 0);

}


FieldElement FieldElement::inverse_consttime() const {

    FieldElement out;

    purify_scalar_inverse(&out.value_, &value_);

    return out;

}


FieldElement FieldElement::inverse() const {

    FieldElement out;

    purify_scalar_inverse_var(&out.value_, &value_);

    return out;

}


std::optional<FieldElement> FieldElement::sqrt() const {

    const purify_fe input = to_core(*this);

    purify_fe output{};

    if (purify_fe_sqrt(&output, &input) == 0) {

        return std::nullopt;

    }

    return from_core(output);

}


FieldElement FieldElement::pow(const UInt256& exponent) const {

    const purify_fe input = to_core(*this);

    purify_fe output{};

    purify_fe_pow(&output, &input, exponent.limbs.data());

    return from_core(output);

}


bool operator==(const FieldElement& lhs, const FieldElement& rhs) {

    return purify_scalar_eq(&lhs.value_, &rhs.value_) != 0;

}


bool operator!=(const FieldElement& lhs, const FieldElement& rhs) {

    return !(lhs == rhs);

}


FieldElement operator+(const FieldElement& lhs, const FieldElement& rhs) {

    FieldElement out;

    purify_scalar_add(&out.value_, &lhs.value_, &rhs.value_);

    return out;

}


FieldElement operator-(const FieldElement& lhs, const FieldElement& rhs) {

    return lhs + rhs.negate();

}


FieldElement operator*(const FieldElement& lhs, const FieldElement& rhs) {

    FieldElement out;

    purify_scalar_mul(&out.value_, &lhs.value_, &rhs.value_);

    return out;

}


FieldElement square(const FieldElement& value) {

    const purify_fe input = to_core(value);

    purify_fe output{};

    purify_fe_square(&output, &input);

    return from_core(output);

}


int legendre_symbol(const FieldElement& value) {

    const purify_fe input = to_core(value);

    return purify_fe_legendre_symbol(&input);

}


}  // namespace purify

purify::Expected
Purify result carrier that either holds a value or an error.
Definition expected.hpp:64

purify::Expected::has_value
bool has_value() const noexcept
Definition expected.hpp:170

purify::FieldElement
Field element modulo the backend scalar field used by this implementation.
Definition numeric.hpp:815

purify::FieldElement::is_square
bool is_square() const
Returns true when the element is a quadratic residue in the field.
Definition numeric.cpp:116

purify::FieldElement::is_one
bool is_one() const
Returns true when the element is one.
Definition numeric.cpp:108

purify::FieldElement::to_bytes_le
std::array< unsigned char, 32 > to_bytes_le() const
Serializes the field element in little-endian form.
Definition numeric.cpp:90

purify::FieldElement::from_bytes32
static FieldElement from_bytes32(const std::array< unsigned char, 32 > &bytes)
Decodes a 32-byte big-endian field element.
Definition numeric.cpp:63

purify::FieldElement::from_uint256
static FieldElement from_uint256(const UInt256 &value)
Converts a 256-bit unsigned integer into the scalar field representation.
Definition numeric.cpp:73

purify::FieldElement::FieldElement
FieldElement()
Definition numeric.cpp:28

purify::FieldElement::inverse
FieldElement inverse() const
Returns the multiplicative inverse modulo the field prime using the faster variable-time backend.
Definition numeric.cpp:137

purify::FieldElement::pow
FieldElement pow(const UInt256 &exponent) const
Raises the element to an unsigned exponent via square-and-multiply.
Definition numeric.cpp:152

purify::FieldElement::is_odd
bool is_odd() const
Returns true when the canonical representative is odd.
Definition numeric.cpp:112

purify::FieldElement::from_u64
static FieldElement from_u64(std::uint64_t value)
Constructs a field element from an unsigned 64-bit integer.
Definition numeric.cpp:40

purify::FieldElement::to_hex
std::string to_hex() const
Formats the field element as lowercase hexadecimal.
Definition numeric.cpp:96

purify::FieldElement::try_from_uint256
static Result< FieldElement > try_from_uint256(const UInt256 &value)
Converts a canonical 256-bit unsigned integer into the scalar field representation.
Definition numeric.cpp:69

purify::FieldElement::sqrt
std::optional< FieldElement > sqrt() const
Computes a square root when one exists, otherwise returns std::nullopt.
Definition numeric.cpp:143

purify::FieldElement::to_decimal
std::string to_decimal() const
Formats the field element as an unsigned decimal string.
Definition numeric.cpp:100

purify::FieldElement::one
static FieldElement one()
Returns the multiplicative identity of the scalar field.
Definition numeric.cpp:36

purify::FieldElement::conditional_assign
void conditional_assign(const FieldElement &other, bool flag)
Conditionally assigns other into *this when flag is true.
Definition numeric.cpp:127

purify::FieldElement::try_from_bytes32
static Result< FieldElement > try_from_bytes32(const std::array< unsigned char, 32 > &bytes)
Decodes a canonical 32-byte big-endian field element.
Definition numeric.cpp:53

purify::FieldElement::negate
FieldElement negate() const
Returns the additive inverse modulo the field prime.
Definition numeric.cpp:121

purify::FieldElement::from_int
static FieldElement from_int(std::int64_t value)
Constructs a field element from a signed integer, reducing negatives modulo the field.
Definition numeric.cpp:46

purify::FieldElement::to_uint256
UInt256 to_uint256() const
Exports the field element as a canonical 256-bit unsigned integer.
Definition numeric.cpp:79

purify::FieldElement::is_zero
bool is_zero() const
Returns true when the element is zero.
Definition numeric.cpp:104

purify::FieldElement::zero
static FieldElement zero()
Returns the additive identity of the scalar field.
Definition numeric.cpp:32

purify::FieldElement::to_bytes_be
std::array< unsigned char, 32 > to_bytes_be() const
Serializes the field element in big-endian form.
Definition numeric.cpp:84

purify::FieldElement::inverse_consttime
FieldElement inverse_consttime() const
Returns the multiplicative inverse modulo the field prime in constant time.
Definition numeric.cpp:131

purify_fe_is_square
int purify_fe_is_square(const purify_fe *value)
Definition field.c:139

purify_fe_legendre_symbol
int purify_fe_legendre_symbol(const purify_fe *value)
Definition field.c:154

purify_fe_sqrt
int purify_fe_sqrt(purify_fe *out, const purify_fe *value)
Definition field.c:161

purify_fe_pow
void purify_fe_pow(purify_fe *out, const purify_fe *value, const uint64_t exponent[4])
Definition field.c:122

purify_fe_square
void purify_fe_square(purify_fe *out, const purify_fe *value)
Definition field.c:118

field.h

purify
Definition api.hpp:21

purify::operator!=
bool operator!=(const FieldElement &lhs, const FieldElement &rhs)
Definition numeric.cpp:163

purify::unexpected_error
constexpr Unexpected< Error > unexpected_error(ErrorCode code, const char *context=nullptr)
Constructs an unexpected Error value from a machine-readable code.
Definition error.hpp:293

purify::ErrorCode::RangeViolation
@ RangeViolation

purify::operator*
Expr operator*(const Expr &expr, const FieldElement &scalar)
Definition expr.cpp:311

purify::square
FieldElement square(const FieldElement &value)
Squares a field element.
Definition numeric.cpp:183

purify::operator==
bool operator==(const Expr &lhs, const Expr &rhs)
Definition expr.cpp:335

purify::operator-
Expr operator-(const Expr &lhs, const Expr &rhs)
Definition expr.cpp:295

purify::legendre_symbol
int legendre_symbol(const FieldElement &value)
Returns 0 for zero, 1 for quadratic residues, and -1 for non-residues.
Definition numeric.cpp:190

purify::operator+
Bytes operator+(Bytes lhs, const Bytes &rhs)
Concatenates two byte vectors.
Definition curve.cpp:167

numeric.hpp
Fixed-width integer and field arithmetic helpers used throughout Purify.

purify_scalar_mul
void purify_scalar_mul(purify_scalar *out, const purify_scalar *lhs, const purify_scalar *rhs)
Multiplies two scalars modulo the backend field.
Definition bppp_bridge.c:446

purify_scalar_is_zero
int purify_scalar_is_zero(const purify_scalar *value)
Returns nonzero when the scalar is zero.
Definition bppp_bridge.c:414

purify_scalar_add
int purify_scalar_add(purify_scalar *out, const purify_scalar *lhs, const purify_scalar *rhs)
Adds two scalars modulo the backend field.
Definition bppp_bridge.c:442

purify_scalar_set_int
void purify_scalar_set_int(purify_scalar *out, unsigned int value)
Initializes a scalar from an unsigned integer.
Definition bppp_bridge.c:398

purify_scalar_cmov
void purify_scalar_cmov(purify_scalar *dst, const purify_scalar *src, int flag)
Conditionally assigns src into dst when flag is nonzero.
Definition bppp_bridge.c:450

purify_scalar_is_even
int purify_scalar_is_even(const purify_scalar *value)
Returns nonzero when the scalar is even.
Definition bppp_bridge.c:422

purify_scalar_is_one
int purify_scalar_is_one(const purify_scalar *value)
Returns nonzero when the scalar is one.
Definition bppp_bridge.c:418

purify_scalar_inverse
void purify_scalar_inverse(purify_scalar *out, const purify_scalar *value)
Computes the multiplicative inverse of a scalar in constant time.
Definition bppp_bridge.c:434

purify_scalar_inverse_var
void purify_scalar_inverse_var(purify_scalar *out, const purify_scalar *value)
Computes the multiplicative inverse of a scalar.
Definition bppp_bridge.c:438

purify_scalar_eq
int purify_scalar_eq(const purify_scalar *lhs, const purify_scalar *rhs)
Returns nonzero when two scalars are equal.
Definition bppp_bridge.c:426

purify_scalar_negate
void purify_scalar_negate(purify_scalar *out, const purify_scalar *value)
Computes the additive inverse of a scalar.
Definition bppp_bridge.c:430

purify_scalar_set_u64
void purify_scalar_set_u64(purify_scalar *out, uint64_t value)
Initializes a scalar from a 64-bit unsigned integer.
Definition bppp_bridge.c:402

purify_scalar_get_b32
void purify_scalar_get_b32(unsigned char output32[32], const purify_scalar *value)
Serializes a scalar as 32 big-endian bytes.
Definition bppp_bridge.c:410

purify_scalar_set_b32
void purify_scalar_set_b32(purify_scalar *out, const unsigned char input32[32], int *overflow)
Parses a big-endian 32-byte scalar.
Definition bppp_bridge.c:406

purify::BigUInt< 4 >

purify::BigUInt< 4 >::from_bytes_be
static BigUInt from_bytes_be(const unsigned char *data, std::size_t size)
Parses a big-endian byte string into the fixed-width integer.
Definition numeric.hpp:235

purify::BigUInt::limbs
std::array< std::uint64_t, Words > limbs
Definition numeric.hpp:201

purify::BigUInt::to_bytes_be
std::array< unsigned char, Words *8 > to_bytes_be() const
Serializes the value to a fixed-width big-endian byte array.
Definition numeric.hpp:621

purify::BigUInt::to_decimal
std::string to_decimal() const
Formats the value as an unsigned decimal string.
Definition numeric.hpp:658

purify::BigUInt::to_hex
std::string to_hex() const
Formats the value as lowercase hexadecimal without leading zero padding.
Definition numeric.hpp:638

purify_fe
Definition field.h:16

purify_fe::value
purify_scalar value
Definition field.h:17