Dash Core Source Documentation (0.16.0.1)
Find detailed information regarding the Dash Core source code.
#include "scalar.h"#include "field.h"#include "group.h"#include "ecmult.h"#include "ecmult_gen.h"#include "ecdsa.h"
Include dependency graph for ecdsa_impl.h: This graph shows which files directly or indirectly include this file:Go to the source code of this file.
Functions | |
| static int | secp256k1_der_read_len (const unsigned char **sigp, const unsigned char *sigend) |
| static int | secp256k1_der_parse_integer (secp256k1_scalar *r, const unsigned char **sig, const unsigned char *sigend) |
| static int | secp256k1_ecdsa_sig_parse (secp256k1_scalar *rr, secp256k1_scalar *rs, const unsigned char *sig, size_t size) |
| static int | secp256k1_ecdsa_sig_serialize (unsigned char *sig, size_t *size, const secp256k1_scalar *ar, const secp256k1_scalar *as) |
| static int | secp256k1_ecdsa_sig_verify (const secp256k1_ecmult_context *ctx, const secp256k1_scalar *sigr, const secp256k1_scalar *sigs, const secp256k1_ge *pubkey, const secp256k1_scalar *message) |
| static int | secp256k1_ecdsa_sig_sign (const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid) |
Variables | |
| static const secp256k1_fe | secp256k1_ecdsa_const_order_as_fe |
| Group order for secp256k1 defined as 'n' in "Standards for Efficient Cryptography" (SEC2) 2.7.1 sage: for t in xrange(1023, -1, -1): More... | |
| static const secp256k1_fe | secp256k1_ecdsa_const_p_minus_order |
| Difference between field and order, values 'p' and 'n' values defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. More... | |
Function Documentation
◆ secp256k1_der_parse_integer()
|
static |
Definition at line 99 of file ecdsa_impl.h.
References memcpy(), secp256k1_der_read_len(), secp256k1_scalar_set_b32(), and secp256k1_scalar_set_int().
Referenced by secp256k1_ecdsa_sig_parse().
◆ secp256k1_der_read_len()
|
static |
Definition at line 49 of file ecdsa_impl.h.
Referenced by secp256k1_der_parse_integer(), and secp256k1_ecdsa_sig_parse().
◆ secp256k1_ecdsa_sig_parse()
|
static |
Definition at line 145 of file ecdsa_impl.h.
References secp256k1_der_parse_integer(), and secp256k1_der_read_len().
◆ secp256k1_ecdsa_sig_serialize()
|
static |
Definition at line 177 of file ecdsa_impl.h.
References memcpy(), and secp256k1_scalar_get_b32().
◆ secp256k1_ecdsa_sig_sign()
|
static |
Definition at line 271 of file ecdsa_impl.h.
References ctx, secp256k1_ecmult_gen(), secp256k1_fe_get_b32(), secp256k1_fe_is_odd(), secp256k1_fe_normalize(), secp256k1_ge_clear(), secp256k1_ge_set_gej(), secp256k1_gej_clear(), secp256k1_scalar_add(), secp256k1_scalar_clear(), secp256k1_scalar_inverse(), secp256k1_scalar_is_high(), secp256k1_scalar_is_zero(), secp256k1_scalar_mul(), secp256k1_scalar_negate(), secp256k1_scalar_set_b32(), VERIFY_CHECK, secp256k1_ge::x, and secp256k1_ge::y.
◆ secp256k1_ecdsa_sig_verify()
|
static |
We now have the recomputed R point in pr, and its claimed x coordinate (modulo n) in xr. Naively, we would extract the x coordinate from pr (requiring a inversion modulo p), compute the remainder modulo n, and compare it to xr. However:
xr == X(pr) mod n
<=> exists h. (xr + h * n < p && xr + h * n == X(pr)) [Since 2 * n > p, h can only be 0 or 1] <=> (xr == X(pr)) || (xr + n < p && xr + n == X(pr)) [In Jacobian coordinates, X(pr) is pr.x / pr.z^2 mod p] <=> (xr == pr.x / pr.z^2 mod p) || (xr + n < p && xr + n == pr.x / pr.z^2 mod p) [Multiplying both sides of the equations by pr.z^2 mod p] <=> (xr * pr.z^2 mod p == pr.x) || (xr + n < p && (xr + n) * pr.z^2 mod p == pr.x)
Thus, we can avoid the inversion, but we have to check both cases separately. secp256k1_gej_eq_x implements the (xr * pr.z^2 mod p == pr.x) test.
Definition at line 201 of file ecdsa_impl.h.
References ctx, secp256k1_ecdsa_const_order_as_fe, secp256k1_ecdsa_const_p_minus_order, secp256k1_ecmult(), secp256k1_fe_add(), secp256k1_fe_cmp_var(), secp256k1_fe_get_b32(), secp256k1_fe_normalize(), secp256k1_fe_set_b32(), secp256k1_ge_set_gej(), secp256k1_gej_eq_x_var(), secp256k1_gej_is_infinity(), secp256k1_gej_set_ge(), secp256k1_scalar_eq(), secp256k1_scalar_get_b32(), secp256k1_scalar_inverse_var(), secp256k1_scalar_is_zero(), secp256k1_scalar_mul(), secp256k1_scalar_set_b32(), and secp256k1_ge::x.
Variable Documentation
◆ secp256k1_ecdsa_const_order_as_fe
|
static |
Group order for secp256k1 defined as 'n' in "Standards for Efficient Cryptography" (SEC2) 2.7.1 sage: for t in xrange(1023, -1, -1):
. p = 2**256 - 2**32 - t .. if p.is_prime(): .. print 'x'p .. break 'fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f' sage: a = 0 sage: b = 7 sage: F = FiniteField (p) sage: 'x' % (EllipticCurve ([F (a), F (b)]).order()) 'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141'
Definition at line 31 of file ecdsa_impl.h.
Referenced by secp256k1_ecdsa_sig_recover(), and secp256k1_ecdsa_sig_verify().
◆ secp256k1_ecdsa_const_p_minus_order
|
static |
Difference between field and order, values 'p' and 'n' values defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1.
sage: p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F sage: a = 0 sage: b = 7 sage: F = FiniteField (p) sage: 'x' % (p - EllipticCurve ([F (a), F (b)]).order()) '14551231950b75fc4402da1722fc9baee'
Definition at line 45 of file ecdsa_impl.h.
Referenced by secp256k1_ecdsa_sig_recover(), and secp256k1_ecdsa_sig_verify().
- Generated on Mon Nov 2 2020 19:11:18 for Dash Core by
1.8.14