# Definition of divstep iteration and proof of termination bounds

      (c) Copyright, Daniel J. Bernstein 2023
         (c) Copyright, John Harrison 2023

This subdirectory contains a formalization of the "divstep" function,
a variant of the classic binary gcd algorithm for the integers
particularly well-suited to fast (and constant-time) multiprecision
gcds, modular inverses and related operations.

The following two files that prove the key mathematical bound property
were written by Daniel J. Bernstein and are in the public domain:

        Divstep/hull-light-20230416.sage
        Divstep/hull_light.ml

The former has been copied here directly from the original source
https://cr.yp.to/2023/hull-light-20230416.sage, while the latter
was generated by running Sage (https://www.sagemath.org/) on the
former, as shown in the Makefile here.

The additional files connecting to the definition of "divstep", as
well as the Makefile, toplevel "make.ml" and this README were written
by John Harrison, with mathematical details mainly following

  Daniel J. Bernstein and Bo-Yin Yang
  "Fast constant-time gcd computation and modular inversion"
  https://gcd.cr.yp.to/safegcd-20190413.pdf

More details about the algorithm itself can be found in that paper.
