• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
      • Apt
      • Zfc
      • Acre
      • Milawa
      • Smtlink
      • Abnf
      • Vwsim
      • Isar
      • Wp-gen
      • Dimacs-reader
      • Pfcs
      • Legacy-defrstobj
      • Proof-checker-array
      • Soft
      • C
      • Farray
      • Rp-rewriter
      • Instant-runoff-voting
      • Imp-language
      • Sidekick
      • Leftist-trees
      • Java
      • Riscv
      • Taspi
      • Bitcoin
      • Des
      • Ethereum
      • X86isa
      • Sha-2
      • Yul
      • Zcash
      • Proof-checker-itp13
      • Regex
      • ACL2-programming-language
      • Json
      • Jfkr
      • Equational
      • Cryptography
      • Poseidon
      • Where-do-i-place-my-book
      • Axe
      • Aleo
        • Aleobft
        • Aleovm
        • Leo
          • Grammar
          • Early-version
            • Json2ast
            • Testing
            • Definition
              • Flattening
              • Abstract-syntax
              • Dynamic-semantics
                • Execution
                • Values
                • Dynamic-environments
                • Arithmetic-operations
                  • Integer-arithmetic-operations
                  • Field-arithmetic-operations
                    • Op-field-pow
                    • Op-field-sub
                    • Op-field-mul
                    • Op-field-div
                    • Op-field-add
                    • Op-field-square-root
                      • Op-field-square
                      • Op-field-inv
                      • Op-field-double
                      • Op-field-neg
                    • Scalar-field-arithmetic-operations
                    • Group-arithmetic-operations
                    • Op-mul
                    • Op-add
                    • Op-sub-wrapped
                    • Op-sub
                    • Op-rem-wrapped
                    • Op-pow-wrapped
                    • Op-pow
                    • Op-mul-wrapped
                    • Op-div-wrapped
                    • Op-div
                    • Op-add-wrapped
                    • Op-rem
                    • Op-square-root
                    • Op-square
                    • Op-neg
                    • Op-inv
                    • Op-double
                    • Op-abs-wrapped
                    • Op-abs
                  • Curve-parameterization
                  • Shift-operations
                  • Errors
                  • Value-expressions
                  • Locations
                  • Input-execution
                  • Edwards-bls12-generator
                  • Equality-operations
                  • Logical-operations
                  • Program-execution
                  • Ordering-operations
                  • Bitwise-operations
                  • Literal-evaluation
                  • Type-maps-for-struct-components
                  • Output-execution
                  • Tuple-operations
                  • Struct-operations
                • Compilation
                • Static-semantics
                • Concrete-syntax
        • Bigmems
        • Builtins
        • Execloader
        • Solidity
        • Paco
        • Concurrent-programs
        • Bls12-377-curves
      • Debugging
      • Community
      • Std
      • Proof-automation
      • Macro-libraries
      • ACL2
      • Interfacing-tools
      • Hardware-verification
      • Software-verification
      • Math
      • Testing-utilities
    • Field-arithmetic-operations

    Op-field-square-root

    Leo field square-root operation.

    Signature
    (op-field-square-root arg curve) → result
    Arguments
    arg — Guard (valuep arg).
    curve — Guard (curvep curve).
    Returns
    result — Type (value-resultp result).

    If the argument has a modular square root in the field, then the larger of the square roots is returned. Returns zero if the argument is a quadradic non-residue.

    Definitions and Theorems

    Function: op-field-square-root

    (defun op-field-square-root (arg curve)
  (declare (xargs :guard (and (valuep arg) (curvep curve))))
  (declare (xargs :guard (value-case arg :field)))
  (let ((__function__ 'op-field-square-root))
    (declare (ignorable __function__))
    (b* ((err (list :op-field-square-root (value-fix arg)))
         (p (curve-base-prime curve))
         (x (value-field->get arg))
         ((unless (pfield::fep x p))
          (reserrf err))
         ((when (or (<= p 11)
                    (primes::has-square-root? 11 p)))
          (reserrf err))
         (sqrt (primes::tonelli-shanks-greater-sqrt x p 11))
         ((unless (pfield::fep sqrt p))
          (reserrf err)))
      (value-field sqrt))))

    Theorem: value-resultp-of-op-field-square-root

    (defthm value-resultp-of-op-field-square-root
  (b* ((result (op-field-square-root arg curve)))
    (value-resultp result))
  :rule-classes :rewrite)

    Theorem: op-field-square-root-of-value-fix-arg

    (defthm op-field-square-root-of-value-fix-arg
  (equal (op-field-square-root (value-fix arg)
                               curve)
         (op-field-square-root arg curve)))

    Theorem: op-field-square-root-value-equiv-congruence-on-arg

    (defthm op-field-square-root-value-equiv-congruence-on-arg
  (implies (value-equiv arg arg-equiv)
           (equal (op-field-square-root arg curve)
                  (op-field-square-root arg-equiv curve)))
  :rule-classes :congruence)

    Theorem: op-field-square-root-of-curve-fix-curve

    (defthm op-field-square-root-of-curve-fix-curve
  (equal (op-field-square-root arg (curve-fix curve))
         (op-field-square-root arg curve)))

    Theorem: op-field-square-root-curve-equiv-congruence-on-curve

    (defthm op-field-square-root-curve-equiv-congruence-on-curve
  (implies (curve-equiv curve curve-equiv)
           (equal (op-field-square-root arg curve)
                  (op-field-square-root arg curve-equiv)))
  :rule-classes :congruence)