• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
    • Debugging
    • Std
    • Proof-automation
    • Macro-libraries
    • ACL2
    • Interfacing-tools
    • Hardware-verification
    • Software-verification
      • Kestrel-books
        • Crypto-hdwallet
        • Apt
        • Error-checking
        • Fty-extensions
        • Isar
        • Kestrel-utilities
        • Soft
        • Bv
        • Imp-language
        • C
        • Event-macros
        • Java
        • Bitcoin
        • Ethereum
        • Yul
        • Zcash
        • ACL2-programming-language
        • Prime-fields
        • Json
        • Syntheto
        • File-io-light
        • Number-theory
        • Cryptography
          • R1cs
          • Interfaces
          • Sha-2
          • Keccak
          • Kdf
          • Mimc
          • Padding
          • Hmac
          • Elliptic-curves
            • Secp256k1-attachment
            • Twisted-edwards
            • Montgomery
            • Edwards-bls12
            • Short-weierstrass-curves
            • Birational-montgomery-twisted-edwards
            • Has-square-root?-satisfies-pfield-squarep
            • Secp256k1
              • Secp256k1*
              • Secp256k1-negate
              • Secp256k1-sqrt
                • Secp256k1+
                • Secp256k1-has-square-root?
                • Secp256k1-point-type-conversions
                • Secp256k1-generator
              • Secp256k1-domain-parameters
              • Secp256k1-types
              • Pfield-squarep
              • Secp256k1-interface
              • Bls12-377-domain-parameters
              • Prime-field-extra-rules
              • Points
            • Attachments
            • Elliptic-curve-digital-signature-algorithm
          • Lists-light
          • Builtins
          • Axe
          • Solidity
          • Helpers
          • Htclient
          • Typed-lists-light
          • Arithmetic-light
        • X86isa
        • Axe
        • Execloader
      • Math
      • Testing-utilities
    • Secp256k1

    Secp256k1-sqrt

    Compute the modular square root of a in the field p.

    (secp256k1-sqrt a) finds an x such that x^2 = a\ (mod\ p), if such exists, where p is the prime field used for secp256k1. If there is no square root, the symbol :invalid is returned.

    Note that this function is about the prime field p used to define secp256k1. It is independent of the other secp256k1 domain parameters.

    Definitions and Theorems

    Function: secp256k1-sqrt

    (defun secp256k1-sqrt (a)
  (declare (xargs :guard (and (natp a)
                              (< a (secp256k1-field-prime)))))
  (let ((p (secp256k1-field-prime)))
    (let ((poss-root (pow a (/ (+ p 1) 4) p)))
      (if (equal (mod (* poss-root poss-root) p)
                 a)
          poss-root
        ':invalid))))