Dash Core Source Documentation (0.16.0.1)
Find detailed information regarding the Dash Core source code.
Include dependency graph for group_impl.h: This graph shows which files directly or indirectly include this file:Go to the source code of this file.
Variables | |
| static const secp256k1_ge | secp256k1_ge_const_g |
| Generator for secp256k1, value 'g' defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. More... | |
| static const int | CURVE_B = 7 |
Function Documentation
◆ secp256k1_ge_clear()
|
static |
Definition at line 215 of file group_impl.h.
References secp256k1_ge::infinity, secp256k1_fe_clear(), secp256k1_ge::x, and secp256k1_ge::y.
◆ secp256k1_ge_from_storage()
|
static |
Definition at line 669 of file group_impl.h.
References secp256k1_ge::infinity, secp256k1_fe_from_storage(), secp256k1_ge::x, secp256k1_ge_storage::x, secp256k1_ge::y, and secp256k1_ge_storage::y.
◆ secp256k1_ge_globalz_set_table_gej()
|
static |
Definition at line 170 of file group_impl.h.
References secp256k1_ge::infinity, secp256k1_fe_mul(), secp256k1_fe_normalize_weak(), secp256k1_ge_set_gej_zinv(), secp256k1_ge::x, secp256k1_gej::x, secp256k1_ge::y, secp256k1_gej::y, and secp256k1_gej::z.
◆ secp256k1_ge_is_infinity()
|
static |
Definition at line 90 of file group_impl.h.
References secp256k1_ge::infinity.
◆ secp256k1_ge_is_valid_var()
|
static |
Definition at line 292 of file group_impl.h.
References CURVE_B, secp256k1_ge::infinity, secp256k1_fe_add(), secp256k1_fe_equal_var(), secp256k1_fe_mul(), secp256k1_fe_normalize_weak(), secp256k1_fe_set_int(), secp256k1_fe_sqr(), secp256k1_ge::x, and secp256k1_ge::y.
◆ secp256k1_ge_neg()
|
static |
Definition at line 94 of file group_impl.h.
References secp256k1_fe_negate(), secp256k1_fe_normalize_weak(), and secp256k1_ge::y.
◆ secp256k1_ge_set_all_gej_var()
|
static |
Definition at line 129 of file group_impl.h.
References secp256k1_ge::infinity, secp256k1_gej::infinity, secp256k1_fe_inv_var(), secp256k1_fe_mul(), secp256k1_ge_set_gej_zinv(), VERIFY_CHECK, secp256k1_ge::x, and secp256k1_gej::z.
◆ secp256k1_ge_set_gej()
|
static |
Definition at line 100 of file group_impl.h.
References secp256k1_ge::infinity, secp256k1_gej::infinity, secp256k1_fe_inv(), secp256k1_fe_mul(), secp256k1_fe_set_int(), secp256k1_fe_sqr(), secp256k1_ge::x, secp256k1_gej::x, secp256k1_ge::y, secp256k1_gej::y, and secp256k1_gej::z.
◆ secp256k1_ge_set_gej_var()
|
static |
Definition at line 113 of file group_impl.h.
References secp256k1_ge::infinity, secp256k1_gej::infinity, secp256k1_fe_inv_var(), secp256k1_fe_mul(), secp256k1_fe_set_int(), secp256k1_fe_sqr(), secp256k1_ge::x, secp256k1_gej::x, secp256k1_ge::y, secp256k1_gej::y, and secp256k1_gej::z.
Referenced by secp256k1_ecdsa_sig_recover(), and test_ge().
◆ secp256k1_ge_set_gej_zinv()
|
static |
Definition at line 74 of file group_impl.h.
References secp256k1_ge::infinity, secp256k1_gej::infinity, secp256k1_fe_mul(), secp256k1_fe_sqr(), secp256k1_ge::x, secp256k1_gej::x, secp256k1_ge::y, and secp256k1_gej::y.
Referenced by secp256k1_ecmult_odd_multiples_table(), secp256k1_ecmult_odd_multiples_table_storage_var(), secp256k1_ge_globalz_set_table_gej(), and secp256k1_ge_set_all_gej_var().
◆ secp256k1_ge_set_infinity()
|
static |
Definition at line 202 of file group_impl.h.
References secp256k1_ge::infinity, secp256k1_fe_clear(), secp256k1_ge::x, and secp256k1_ge::y.
◆ secp256k1_ge_set_xo_var()
|
static |
Definition at line 232 of file group_impl.h.
References secp256k1_fe_is_odd(), secp256k1_fe_negate(), secp256k1_fe_normalize_var(), secp256k1_ge_set_xquad(), and secp256k1_ge::y.
◆ secp256k1_ge_set_xquad()
|
static |
Definition at line 221 of file group_impl.h.
References CURVE_B, secp256k1_ge::infinity, secp256k1_fe_add(), secp256k1_fe_mul(), secp256k1_fe_set_int(), secp256k1_fe_sqr(), secp256k1_fe_sqrt(), secp256k1_ge::x, and secp256k1_ge::y.
Referenced by secp256k1_ge_set_xo_var().
◆ secp256k1_ge_set_xy()
|
static |
Definition at line 84 of file group_impl.h.
References secp256k1_ge::infinity, secp256k1_ge::x, and secp256k1_ge::y.
◆ secp256k1_ge_storage_cmov()
|
static |
Definition at line 675 of file group_impl.h.
References secp256k1_fe_storage_cmov(), secp256k1_ge_storage::x, and secp256k1_ge_storage::y.
◆ secp256k1_ge_to_storage()
|
static |
Definition at line 658 of file group_impl.h.
References secp256k1_ge::infinity, secp256k1_fe_normalize(), secp256k1_fe_to_storage(), VERIFY_CHECK, secp256k1_ge::x, secp256k1_ge_storage::x, secp256k1_ge::y, and secp256k1_ge_storage::y.
◆ secp256k1_gej_add_ge()
|
static |
In: Eric Brier and Marc Joye, Weierstrass Elliptic Curves and Side-Channel Attacks. In D. Naccache and P. Paillier, Eds., Public Key Cryptography, vol. 2274 of Lecture Notes in Computer Science, pages 335-345. Springer-Verlag, 2002. we find as solution for a unified addition/doubling formula: lambda = ((x1 + x2)^2 - x1 * x2 + a) / (y1 + y2), with a = 0 for secp256k1's curve equation. x3 = lambda^2 - (x1 + x2) 2*y3 = lambda * (x1 + x2 - 2 * x3) - (y1 + y2).
Substituting x_i = Xi / Zi^2 and yi = Yi / Zi^3, for i=1,2,3, gives: U1 = X1*Z2^2, U2 = X2*Z1^2 S1 = Y1*Z2^3, S2 = Y2*Z1^3 Z = Z1*Z2 T = U1+U2 M = S1+S2 Q = T*M^2 R = T^2-U1*U2 X3 = 4*(R^2-Q) Y3 = 4*(R*(3*Q-2*R^2)-M^4) Z3 = 2*M*Z (Note that the paper uses xi = Xi / Zi and yi = Yi / Zi instead.)
This formula has the benefit of being the same for both addition of distinct points and doubling. However, it breaks down in the case that either point is infinity, or that y1 = -y2. We handle these cases in the following ways:
- If b is infinity we simply bail by means of a VERIFY_CHECK.
- If a is infinity, we detect this, and at the end of the computation replace the result (which will be meaningless, but we compute to be constant-time) with b.x : b.y : 1.
- If a = -b, we have y1 = -y2, which is a degenerate case. But here the answer is infinity, so we simply set the infinity flag of the result, overriding the computed values without even needing to cmov.
- If y1 = -y2 but x1 != x2, which does occur thanks to certain properties of our curve (specifically, 1 has nontrivial cube roots in our field, and the curve equation has no x coefficient) then the answer is not infinity but also not given by the above equation. In this case, we cmov in place an alternate expression for lambda. Specifically (y1 - y2)/(x1 - x2). Where both these expressions for lambda are defined, they are equal, and can be obtained from each other by multiplication by (y1 + y2)/(y1 + y2) then substitution of x^3 + 7 for y^2 (using the curve equation). For all pairs of nonzero points (a, b) at least one is defined, so this covers everything.
If lambda = R/M = 0/0 we have a problem (except in the "trivial" case that Z = z1z2 = 0, and this is special-cased later on).
In case a->infinity == 1, replace r with (b->x, b->y, 1).
Definition at line 525 of file group_impl.h.
References secp256k1_ge::infinity, secp256k1_gej::infinity, secp256k1_fe_add(), secp256k1_fe_cmov(), SECP256K1_FE_CONST, secp256k1_fe_mul(), secp256k1_fe_mul_int(), secp256k1_fe_negate(), secp256k1_fe_normalize_weak(), secp256k1_fe_normalizes_to_zero(), secp256k1_fe_sqr(), VERIFY_CHECK, secp256k1_ge::x, secp256k1_gej::x, secp256k1_ge::y, secp256k1_gej::y, and secp256k1_gej::z.
◆ secp256k1_gej_add_ge_var()
|
static |
Definition at line 419 of file group_impl.h.
References secp256k1_ge::infinity, secp256k1_gej::infinity, secp256k1_fe_add(), secp256k1_fe_mul(), secp256k1_fe_mul_int(), secp256k1_fe_negate(), secp256k1_fe_normalize_weak(), secp256k1_fe_normalizes_to_zero_var(), secp256k1_fe_set_int(), secp256k1_fe_sqr(), secp256k1_gej_double_var(), secp256k1_gej_set_ge(), VERIFY_CHECK, secp256k1_ge::x, secp256k1_gej::x, secp256k1_ge::y, secp256k1_gej::y, and secp256k1_gej::z.
◆ secp256k1_gej_add_var()
|
static |
Definition at line 366 of file group_impl.h.
References secp256k1_gej::infinity, secp256k1_fe_add(), secp256k1_fe_mul(), secp256k1_fe_mul_int(), secp256k1_fe_negate(), secp256k1_fe_normalizes_to_zero_var(), secp256k1_fe_set_int(), secp256k1_fe_sqr(), secp256k1_gej_double_var(), VERIFY_CHECK, secp256k1_gej::x, secp256k1_gej::y, and secp256k1_gej::z.
◆ secp256k1_gej_add_zinv_var()
|
static |
We need to calculate (rx,ry,rz) = (ax,ay,az) + (bx,by,1/bzinv). Due to secp256k1's isomorphism we can multiply the Z coordinates on both sides by bzinv, and get: (rx,ry,rz*bzinv) = (ax,ay,az*bzinv) + (bx,by,1). This means that (rx,ry,rz) can be calculated as (ax,ay,az*bzinv) + (bx,by,1), when not applying the bzinv factor to rz. The variable az below holds the modified Z coordinate for a, which is used for the computation of rx and ry, but not for rz.
Definition at line 468 of file group_impl.h.
References secp256k1_ge::infinity, secp256k1_gej::infinity, secp256k1_fe_add(), secp256k1_fe_mul(), secp256k1_fe_mul_int(), secp256k1_fe_negate(), secp256k1_fe_normalize_weak(), secp256k1_fe_normalizes_to_zero_var(), secp256k1_fe_set_int(), secp256k1_fe_sqr(), secp256k1_gej_double_var(), secp256k1_ge::x, secp256k1_gej::x, secp256k1_ge::y, secp256k1_gej::y, and secp256k1_gej::z.
◆ secp256k1_gej_clear()
|
static |
Definition at line 208 of file group_impl.h.
References secp256k1_gej::infinity, secp256k1_fe_clear(), secp256k1_gej::x, secp256k1_gej::y, and secp256k1_gej::z.
◆ secp256k1_gej_double_nonzero()
|
static |
Definition at line 361 of file group_impl.h.
References secp256k1_gej_double_var(), secp256k1_gej_is_infinity(), and VERIFY_CHECK.
◆ secp256k1_gej_double_var()
|
static |
For secp256k1, 2Q is infinity if and only if Q is infinity. This is because if 2Q = infinity, Q must equal -Q, or that Q.y == -(Q.y), or Q.y is 0. For a point on y^2 = x^3 + 7 to have y=0, x^3 must be -7 mod p. However, -7 has no cube root mod p.
Having said this, if this function receives a point on a sextic twist, e.g. by a fault attack, it is possible for y to be 0. This happens for y^2 = x^3 + 6, since -6 does have a cube root mod p. For this point, this function will not set the infinity flag even though the point doubles to infinity, and the result point will be gibberish (z = 0 but infinity = 0).
Definition at line 306 of file group_impl.h.
References secp256k1_gej::infinity, secp256k1_fe_add(), secp256k1_fe_mul(), secp256k1_fe_mul_int(), secp256k1_fe_negate(), secp256k1_fe_normalize_weak(), secp256k1_fe_set_int(), secp256k1_fe_sqr(), secp256k1_gej::x, secp256k1_gej::y, and secp256k1_gej::z.
Referenced by secp256k1_gej_add_ge_var(), secp256k1_gej_add_var(), secp256k1_gej_add_zinv_var(), and secp256k1_gej_double_nonzero().
◆ secp256k1_gej_eq_x_var()
|
static |
Definition at line 251 of file group_impl.h.
References secp256k1_gej::infinity, secp256k1_fe_equal_var(), secp256k1_fe_mul(), secp256k1_fe_normalize_weak(), secp256k1_fe_sqr(), VERIFY_CHECK, secp256k1_gej::x, and secp256k1_gej::z.
◆ secp256k1_gej_has_quad_y_var()
|
static |
Definition at line 691 of file group_impl.h.
References secp256k1_gej::infinity, secp256k1_fe_is_quad_var(), secp256k1_fe_mul(), secp256k1_gej::y, and secp256k1_gej::z.
◆ secp256k1_gej_is_infinity()
|
static |
Definition at line 268 of file group_impl.h.
References secp256k1_gej::infinity.
Referenced by secp256k1_gej_double_nonzero().
◆ secp256k1_gej_is_valid_var()
|
static |
y^2 = x^3 + 7 (Y/Z^3)^2 = (X/Z^2)^3 + 7 Y^2 / Z^6 = X^3 / Z^6 + 7 Y^2 = X^3 + 7*Z^6
Definition at line 272 of file group_impl.h.
References CURVE_B, secp256k1_gej::infinity, secp256k1_fe_add(), secp256k1_fe_equal_var(), secp256k1_fe_mul(), secp256k1_fe_mul_int(), secp256k1_fe_normalize_weak(), secp256k1_fe_sqr(), secp256k1_gej::x, secp256k1_gej::y, and secp256k1_gej::z.
Referenced by run_point_times_order(), and test_point_times_order().
◆ secp256k1_gej_neg()
|
static |
Definition at line 259 of file group_impl.h.
References secp256k1_gej::infinity, secp256k1_fe_negate(), secp256k1_fe_normalize_weak(), secp256k1_gej::x, secp256k1_gej::y, and secp256k1_gej::z.
◆ secp256k1_gej_rescale()
|
static |
Definition at line 647 of file group_impl.h.
References secp256k1_fe_is_zero(), secp256k1_fe_mul(), secp256k1_fe_sqr(), VERIFY_CHECK, secp256k1_gej::x, secp256k1_gej::y, and secp256k1_gej::z.
◆ secp256k1_gej_set_ge()
|
static |
Definition at line 244 of file group_impl.h.
References secp256k1_ge::infinity, secp256k1_gej::infinity, secp256k1_fe_set_int(), secp256k1_ge::x, secp256k1_gej::x, secp256k1_ge::y, secp256k1_gej::y, and secp256k1_gej::z.
Referenced by secp256k1_gej_add_ge_var().
◆ secp256k1_gej_set_infinity()
|
static |
Definition at line 195 of file group_impl.h.
References secp256k1_gej::infinity, secp256k1_fe_clear(), secp256k1_gej::x, secp256k1_gej::y, and secp256k1_gej::z.
Variable Documentation
◆ CURVE_B
|
static |
Definition at line 71 of file group_impl.h.
Referenced by secp256k1_ge_is_valid_var(), secp256k1_ge_set_xquad(), and secp256k1_gej_is_valid_var().
◆ secp256k1_ge_const_g
|
static |
Generator for secp256k1, value 'g' defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1.
Definition at line 64 of file group_impl.h.
Referenced by bench_callback(), ecmult_const_chain_multiply(), ecmult_const_commutativity(), main(), run_ec_pubkey_parse_test(), secp256k1_ecmult_context_build(), secp256k1_ecmult_gen_blind(), secp256k1_ecmult_gen_context_build(), secp256k1_ecmult_pippenger_batch(), test_ecmult_constants(), test_ecmult_multi(), and test_point_times_order().
- Generated on Mon Nov 2 2020 19:11:18 for Dash Core by
1.8.14