Bitcoin Core 28.99.0
P2P Digital Currency
|
#include "util.h"
#include "scalar.h"
#include "group.h"
#include "ecmult_gen.h"
#include "hash_impl.h"
#include "precomputed_ecmult_gen.h"
Go to the source code of this file.
Functions | |
static void | secp256k1_ecmult_gen_context_build (secp256k1_ecmult_gen_context *ctx) |
static int | secp256k1_ecmult_gen_context_is_built (const secp256k1_ecmult_gen_context *ctx) |
static void | secp256k1_ecmult_gen_context_clear (secp256k1_ecmult_gen_context *ctx) |
static void | secp256k1_ecmult_gen_scalar_diff (secp256k1_scalar *diff) |
static void | secp256k1_ecmult_gen (const secp256k1_ecmult_gen_context *ctx, secp256k1_gej *r, const secp256k1_scalar *gn) |
static void | secp256k1_ecmult_gen_blind (secp256k1_ecmult_gen_context *ctx, const unsigned char *seed32) |
|
static |
This uses a conditional move to avoid any secret data in array indexes. Any use of secret indexes has been demonstrated to result in timing sidechannels, even when the cache-line access patterns are uniform. See also: "A word of warning", CHES 2013 Rump Session, by Daniel J. Bernstein and Peter Schwabe (https://cryptojedi.org/peter/data/chesrump-20130822.pdf) and "Cache Attacks and Countermeasures: the Case of AES", RSA 2006, by Dag Arne Osvik, Adi Shamir, and Eran Tromer (https://www.tau.ac.il/~tromer/papers/cache.pdf)
Definition at line 54 of file ecmult_gen_impl.h.
|
static |
Using a CSPRNG allows a failure free interface, avoids needing large amounts of random data, and guards against weak or adversarial seeds. This is a simpler and safer interface than asking the caller for blinding values directly and expecting them to retry on failure.
Definition at line 285 of file ecmult_gen_impl.h.
|
static |
|
static |
|
static |
|
static |
Definition at line 36 of file ecmult_gen_impl.h.