Bitcoin Core 28.99.0
P2P Digital Currency
Functions
ecmult_gen_impl.h File Reference
#include "util.h"
#include "scalar.h"
#include "group.h"
#include "ecmult_gen.h"
#include "hash_impl.h"
#include "precomputed_ecmult_gen.h"
Include dependency graph for ecmult_gen_impl.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

static void secp256k1_ecmult_gen_context_build (secp256k1_ecmult_gen_context *ctx)
 
static int secp256k1_ecmult_gen_context_is_built (const secp256k1_ecmult_gen_context *ctx)
 
static void secp256k1_ecmult_gen_context_clear (secp256k1_ecmult_gen_context *ctx)
 
static void secp256k1_ecmult_gen_scalar_diff (secp256k1_scalar *diff)
 
static void secp256k1_ecmult_gen (const secp256k1_ecmult_gen_context *ctx, secp256k1_gej *r, const secp256k1_scalar *gn)
 
static void secp256k1_ecmult_gen_blind (secp256k1_ecmult_gen_context *ctx, const unsigned char *seed32)
 

Function Documentation

◆ secp256k1_ecmult_gen()

static void secp256k1_ecmult_gen ( const secp256k1_ecmult_gen_context ctx,
secp256k1_gej r,
const secp256k1_scalar gn 
)
static

This uses a conditional move to avoid any secret data in array indexes. Any use of secret indexes has been demonstrated to result in timing sidechannels, even when the cache-line access patterns are uniform. See also: "A word of warning", CHES 2013 Rump Session, by Daniel J. Bernstein and Peter Schwabe (https://cryptojedi.org/peter/data/chesrump-20130822.pdf) and "Cache Attacks and Countermeasures: the Case of AES", RSA 2006, by Dag Arne Osvik, Adi Shamir, and Eran Tromer (https://www.tau.ac.il/~tromer/papers/cache.pdf)

Definition at line 54 of file ecmult_gen_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ecmult_gen_blind()

static void secp256k1_ecmult_gen_blind ( secp256k1_ecmult_gen_context ctx,
const unsigned char *  seed32 
)
static

Using a CSPRNG allows a failure free interface, avoids needing large amounts of random data, and guards against weak or adversarial seeds. This is a simpler and safer interface than asking the caller for blinding values directly and expecting them to retry on failure.

Definition at line 285 of file ecmult_gen_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ecmult_gen_context_build()

static void secp256k1_ecmult_gen_context_build ( secp256k1_ecmult_gen_context ctx)
static

Definition at line 17 of file ecmult_gen_impl.h.

Here is the call graph for this function:

◆ secp256k1_ecmult_gen_context_clear()

static void secp256k1_ecmult_gen_context_clear ( secp256k1_ecmult_gen_context ctx)
static

Definition at line 26 of file ecmult_gen_impl.h.

Here is the call graph for this function:

◆ secp256k1_ecmult_gen_context_is_built()

static int secp256k1_ecmult_gen_context_is_built ( const secp256k1_ecmult_gen_context ctx)
static

Definition at line 22 of file ecmult_gen_impl.h.

Here is the caller graph for this function:

◆ secp256k1_ecmult_gen_scalar_diff()

static void secp256k1_ecmult_gen_scalar_diff ( secp256k1_scalar diff)
static

Definition at line 36 of file ecmult_gen_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function: