How to calculate p256Zero31 in NIST P256 golang implementation?

Question

We found there are predefined

// p256Zero31 is 0 mod p.
var p256Zero31 = [p256Limbs]uint32{two31m3, two30m2, two31m2, two30p13m2, two31m2, two30m2, two31p24m2, two30m27m2, two31m2}

in crypto/elliptic/p256.go. p224.go has similar var p224ZeroModP31. Per check the reference from p224.go. at https://www.imperialviolet.org/2010/12/04/ecc.html. We also can't find detail of "0 mod p" from Subtraction part.

We also can find such definition in openssl implementation: https://github.com/openssl/openssl/blob/master/crypto/ec/ecp_nistp256.c

What's the fomula to get p256Zero31 ? I calcualted 0x7ffff * p, it's not equal to p256Zero31. 0x7ffff * p < p256Zero31 < 0x80000 * p

"Who can give me some clues for this magic?" is not a problem statement. If you are asking "who" specifically, try using the mailing list where the author might even reply directly. — JimB, Jan 05 '21 at 13:47

score 0 · Accepted Answer · answered Jan 15 '21 at 04:16

0

I found the logic finally,

p256Zero31 = {two31,two30,two31,two30,two31,two30,two31,two30,two31} - {two31,two30,two31,two30,two31,two30,two31,two30,two31} mod P

And convert the bigInt to limbs.

answered Jan 15 '21 at 04:16

Emman Sun

351
3
15

How to calculate p256Zero31 in NIST P256 golang implementation?

1 Answers1