UInt256

A 256-bit unsigned integer backed by two UInt128 limbs, conforming to FixedWidthInteger, BinaryInteger, and UnsignedInteger; used for 256-bit field arithmetic on the secp256k1 curve.

iOS 18.0+
macCatalyst 18.0+
macOS 15.0+
tvOS 18.0+
visionOS 2.0+
watchOS 11.0+

@frozen struct UInt256

Overview

UInt256 is the natural Swift representation for a secp256k1 private key scalar or field element: both fit in exactly 32 bytes, and both require integer arithmetic modulo the curve order n or field prime p. The implementation uses two Swift.UInt128 limbs (low and high) rather than a byte array so that the compiler can emit native 128-bit operations on platforms that support them (ARM64 add/adc pairs on Apple Silicon; LLVM-synthesized 128-bit intrinsics on Intel). The signed counterpart is Int256; cross between the two views with init(bitPattern:) (zero-cost; the 256 bits are preserved verbatim), and use multipliedFullWidth(by:) for the 256-by-256 to 512-bit products required by Barrett / Montgomery reduction.

Important

This type is not a cryptographic scalar class. It provides generic integer arithmetic. Operations are not constant-time with respect to operand values and must not be used to hold secret scalars in contexts where timing leakage matters. For secret scalar arithmetic, use the upstream libsecp256k1 APIs that operate on secp256k1_scalar / secp256k1_fe in constant time.

The type is gated behind the UInt256 trait (or Xcode build), requiring Swift 6.1 with Swift’s native UInt128 type (macOS 15, iOS 18, etc.).