primefield: remove shr support (#1320)

It was noted as buggy in #1319 because `shr` was being computed on
values within the Montgomery domain directly. They either need to be
converted to canonical form first, or a multiplication needs to be used
in place of a bit shift.

Turns out it was completely unused, aside from fulfilling a bound in the
`elliptic-curve` crate, which has since been removed.

This removes `shr` support from all curves whose `Scalar` used an
internal Montgomery representation. It has been retained on `k256` and
`p256` which use canonical form `Scalar` types.

Closes #1319

Author: tarcieri

Cargo.lock

@@ -18,7 +18,7 @@ use self::scalar_impl::*;
 use crate::{FieldBytes, NistP521, U576};
 use core::{
     iter::{Product, Sum},
-    ops::{Add, AddAssign, Mul, MulAssign, Neg, Shr, ShrAssign, SubAssign},
+    ops::{Add, AddAssign, Mul, MulAssign, Neg, SubAssign},
 };
 use elliptic_curve::{
     Curve as _, Error, FieldBytesEncoding, Result,
@@ -305,32 +305,6 @@ impl Scalar {
         res
     }
 
-    /// Right shifts the scalar.
-    ///
-    /// Note: not constant-time with respect to the `shift` parameter.
-    #[cfg(target_pointer_width = "32")]
-    pub const fn shr_vartime(&self, shift: u32) -> Scalar {
-        Self(fiat_p521_scalar_montgomery_domain_field_element(
-            u32x18_to_u64x9(
-                &U576::from_words(u64x9_to_u32x18(self.as_limbs()))
-                    .wrapping_shr_vartime(shift)
-                    .to_words(),
-            ),
-        ))
-    }
-
-    /// Right shifts the scalar.
-    ///
-    /// Note: not constant-time with respect to the `shift` parameter.
-    #[cfg(target_pointer_width = "64")]
-    pub const fn shr_vartime(&self, shift: u32) -> Scalar {
-        Self(fiat_p521_scalar_montgomery_domain_field_element(
-            U576::from_words(self.into_limbs())
-                .wrapping_shr_vartime(shift)
-                .to_words(),
-        ))
-    }
-
     /// Borrow the inner limbs of this scalar.
     pub(crate) const fn as_limbs(&self) -> &[u64; 9] {
         &self.0.0
@@ -551,28 +525,6 @@ impl IsHigh for Scalar {
     }
 }
 
-impl Shr<usize> for Scalar {
-    type Output = Self;
-
-    fn shr(self, rhs: usize) -> Self::Output {
-        self.shr_vartime(rhs as u32)
-    }
-}
-
-impl Shr<usize> for &Scalar {
-    type Output = Scalar;
-
-    fn shr(self, rhs: usize) -> Self::Output {
-        self.shr_vartime(rhs as u32)
-    }
-}
-
-impl ShrAssign<usize> for Scalar {
-    fn shr_assign(&mut self, rhs: usize) {
-        *self = *self >> rhs;
-    }
-}
-
 impl PrimeField for Scalar {
     type Repr = FieldBytes;
 

p521/src/arithmetic/scalar.rs

@@ -197,22 +197,6 @@ macro_rules! field_element_type {
 
                 res
             }
-
-            /// Right shifts the [`
-            #[doc = stringify!($fe)]
-            /// `].
-            pub const fn shr(&self, shift: u32) -> Self {
-                Self(self.0.wrapping_shr(shift))
-            }
-
-            /// Right shifts the [`
-            #[doc = stringify!($fe)]
-            /// `].
-            ///
-            /// Note: not constant-time with respect to the `shift` parameter.
-            pub const fn shr_vartime(&self, shift: u32) -> Self {
-                Self(self.0.wrapping_shr_vartime(shift))
-            }
         }
 
         impl $crate::ff::Field for $fe {
@@ -323,56 +307,6 @@ macro_rules! field_element_type {
             }
         }
 
-        impl ::core::ops::Shr<u32> for $fe {
-            type Output = Self;
-
-            #[inline]
-            fn shr(self, rhs: u32) -> Self {
-                Self::shr(&self, rhs)
-            }
-        }
-
-        impl ::core::ops::Shr<u32> for &$fe {
-            type Output = Self;
-
-            #[inline]
-            fn shr(self, rhs: u32) -> Self {
-                Self::shr(self, rhs)
-            }
-        }
-
-        impl ::core::ops::ShrAssign<u32> for $fe {
-            #[inline]
-            fn shr_assign(&mut self, rhs: u32) {
-                *self = Self::shr(self, rhs)
-            }
-        }
-
-        impl ::core::ops::Shr<usize> for $fe {
-            type Output = Self;
-
-            #[inline]
-            fn shr(self, rhs: usize) -> Self {
-                Self::shr(&self, rhs as u32)
-            }
-        }
-
-        impl ::core::ops::Shr<usize> for &$fe {
-            type Output = Self;
-
-            #[inline]
-            fn shr(self, rhs: usize) -> Self {
-                Self::shr(self, rhs as u32)
-            }
-        }
-
-        impl ::core::ops::ShrAssign<usize> for $fe {
-            #[inline]
-            fn shr_assign(&mut self, rhs: usize) {
-                *self = Self::shr(self, rhs as u32)
-            }
-        }
-
         impl ::core::fmt::Debug for $fe {
             fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result {
                 write!(f, "{}(0x{:X})", stringify!($fe), &self.0)