 |
Bitcoin Core 28.99.0
P2P Digital Currency
|
|
Bitcoin Core 28.99.0
P2P Digital Currency
|
#include "../../../include/secp256k1.h"#include "../../../include/secp256k1_ellswift.h"#include "../../eckey.h"#include "../../hash.h"Go to the source code of this file.
Functions | |
| static void | secp256k1_ellswift_xswiftec_frac_var (secp256k1_fe *xn, secp256k1_fe *xd, const secp256k1_fe *u, const secp256k1_fe *t) |
| Decode ElligatorSwift encoding (u, t) to a fraction xn/xd representing a curve X coordinate. More... | |
| static void | secp256k1_ellswift_xswiftec_var (secp256k1_fe *x, const secp256k1_fe *u, const secp256k1_fe *t) |
| Decode ElligatorSwift encoding (u, t) to X coordinate. More... | |
| static void | secp256k1_ellswift_swiftec_var (secp256k1_ge *p, const secp256k1_fe *u, const secp256k1_fe *t) |
| Decode ElligatorSwift encoding (u, t) to point P. More... | |
| static int | secp256k1_ellswift_xswiftec_inv_var (secp256k1_fe *t, const secp256k1_fe *x_in, const secp256k1_fe *u_in, int c) |
| static void | secp256k1_ellswift_prng (unsigned char *out32, const secp256k1_sha256 *hasher, uint32_t cnt) |
| Use SHA256 as a PRNG, returning SHA256(hasher || cnt). More... | |
| static void | secp256k1_ellswift_xelligatorswift_var (unsigned char *u32, secp256k1_fe *t, const secp256k1_fe *x, const secp256k1_sha256 *hasher) |
| Find an ElligatorSwift encoding (u, t) for X coordinate x, and random Y coordinate. More... | |
| static void | secp256k1_ellswift_elligatorswift_var (unsigned char *u32, secp256k1_fe *t, const secp256k1_ge *p, const secp256k1_sha256 *hasher) |
| Find an ElligatorSwift encoding (u, t) for point P. More... | |
| static void | secp256k1_ellswift_sha256_init_encode (secp256k1_sha256 *hash) |
| Set hash state to the BIP340 tagged hash midstate for "secp256k1_ellswift_encode". More... | |
| int | secp256k1_ellswift_encode (const secp256k1_context *ctx, unsigned char *ell64, const secp256k1_pubkey *pubkey, const unsigned char *rnd32) |
| Construct a 64-byte ElligatorSwift encoding of a given pubkey. More... | |
| static void | secp256k1_ellswift_sha256_init_create (secp256k1_sha256 *hash) |
| Set hash state to the BIP340 tagged hash midstate for "secp256k1_ellswift_create". More... | |
| int | secp256k1_ellswift_create (const secp256k1_context *ctx, unsigned char *ell64, const unsigned char *seckey32, const unsigned char *auxrnd32) |
| Compute an ElligatorSwift public key for a secret key. More... | |
| int | secp256k1_ellswift_decode (const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *ell64) |
| Decode a 64-bytes ElligatorSwift encoded public key. More... | |
| static int | ellswift_xdh_hash_function_prefix (unsigned char *output, const unsigned char *x32, const unsigned char *ell_a64, const unsigned char *ell_b64, void *data) |
| static void | secp256k1_ellswift_sha256_init_bip324 (secp256k1_sha256 *hash) |
| Set hash state to the BIP340 tagged hash midstate for "bip324_ellswift_xonly_ecdh". More... | |
| static int | ellswift_xdh_hash_function_bip324 (unsigned char *output, const unsigned char *x32, const unsigned char *ell_a64, const unsigned char *ell_b64, void *data) |
| int | secp256k1_ellswift_xdh (const secp256k1_context *ctx, unsigned char *output, const unsigned char *ell_a64, const unsigned char *ell_b64, const unsigned char *seckey32, int party, secp256k1_ellswift_xdh_hash_function hashfp, void *data) |
| Given a private key, and ElligatorSwift public keys sent in both directions, compute a shared secret using x-only Elliptic Curve Diffie-Hellman (ECDH). More... | |
Variables | |
| static const secp256k1_fe | secp256k1_ellswift_c1 = SECP256K1_FE_CONST(0x851695d4, 0x9a83f8ef, 0x919bb861, 0x53cbcb16, 0x630fb68a, 0xed0a766a, 0x3ec693d6, 0x8e6afa40) |
| c1 = (sqrt(-3)-1)/2 More... | |
| static const secp256k1_fe | secp256k1_ellswift_c2 = SECP256K1_FE_CONST(0x7ae96a2b, 0x657c0710, 0x6e64479e, 0xac3434e9, 0x9cf04975, 0x12f58995, 0xc1396c28, 0x719501ee) |
| c2 = (-sqrt(-3)-1)/2 = -(c1+1) More... | |
| static const secp256k1_fe | secp256k1_ellswift_c3 = SECP256K1_FE_CONST(0x7ae96a2b, 0x657c0710, 0x6e64479e, 0xac3434e9, 0x9cf04975, 0x12f58995, 0xc1396c28, 0x719501ef) |
| c3 = (-sqrt(-3)+1)/2 = -c1 = c2+1 More... | |
| static const secp256k1_fe | secp256k1_ellswift_c4 = SECP256K1_FE_CONST(0x851695d4, 0x9a83f8ef, 0x919bb861, 0x53cbcb16, 0x630fb68a, 0xed0a766a, 0x3ec693d6, 0x8e6afa41) |
| c4 = (sqrt(-3)+1)/2 = -c2 = c1+1 More... | |
| const secp256k1_ellswift_xdh_hash_function | secp256k1_ellswift_xdh_hash_function_prefix = ellswift_xdh_hash_function_prefix |
| const secp256k1_ellswift_xdh_hash_function | secp256k1_ellswift_xdh_hash_function_bip324 = ellswift_xdh_hash_function_bip324 |
|
static |
|
static |
| int secp256k1_ellswift_create | ( | const secp256k1_context * | ctx, |
| unsigned char * | ell64, | ||
| const unsigned char * | seckey32, | ||
| const unsigned char * | auxrnd32 | ||
| ) |
Compute an ElligatorSwift public key for a secret key.
Returns: 1: secret was valid, public key was stored. 0: secret was invalid, try again. Args: ctx: pointer to a context object Out: ell64: pointer to a 64-byte array to receive the ElligatorSwift public key In: seckey32: pointer to a 32-byte secret key auxrnd32: (optional) pointer to 32 bytes of randomness
Constant time in seckey and auxrnd32, but not in the resulting public key.
It is recommended that auxrnd32 contains 32 uniformly random bytes, though it is optional (and does result in encodings that are indistinguishable from uniform even without any auxrnd32). It differs from the (mandatory) rnd32 argument to secp256k1_ellswift_encode in this regard.
This function can be used instead of calling secp256k1_ec_pubkey_create followed by secp256k1_ellswift_encode. It is safer, as it uses the secret key as entropy for the encoding (supplemented with auxrnd32, if provided).
Like secp256k1_ellswift_encode, this function does not guarantee that the computed encoding is stable across versions of the library, even if all arguments (including auxrnd32) are the same.
Definition at line 450 of file main_impl.h.
| int secp256k1_ellswift_decode | ( | const secp256k1_context * | ctx, |
| secp256k1_pubkey * | pubkey, | ||
| const unsigned char * | ell64 | ||
| ) |
Decode a 64-bytes ElligatorSwift encoded public key.
Returns: always 1 Args: ctx: pointer to a context object Out: pubkey: pointer to a secp256k1_pubkey that will be filled In: ell64: pointer to a 64-byte array to decode
This function runs in variable time.
Definition at line 489 of file main_impl.h.
|
static |
Find an ElligatorSwift encoding (u, t) for point P.
This is similar secp256k1_ellswift_xelligatorswift_var, except it takes a full group element p as input, and returns an encoding that matches the provided Y coordinate rather than a random one.
Definition at line 375 of file main_impl.h.
| int secp256k1_ellswift_encode | ( | const secp256k1_context * | ctx, |
| unsigned char * | ell64, | ||
| const secp256k1_pubkey * | pubkey, | ||
| const unsigned char * | rnd32 | ||
| ) |
Construct a 64-byte ElligatorSwift encoding of a given pubkey.
Returns: 1 always. Args: ctx: pointer to a context object Out: ell64: pointer to a 64-byte array to be filled In: pubkey: pointer to a secp256k1_pubkey containing an initialized public key rnd32: pointer to 32 bytes of randomness
It is recommended that rnd32 consists of 32 uniformly random bytes, not known to any adversary trying to detect whether public keys are being encoded, though 16 bytes of randomness (padded to an array of 32 bytes, e.g., with zeros) suffice to make the result indistinguishable from uniform. The randomness in rnd32 must not be a deterministic function of the pubkey (it can be derived from the private key, though).
It is not guaranteed that the computed encoding is stable across versions of the library, even if all arguments to this function (including rnd32) are the same.
This function runs in variable time.
Definition at line 399 of file main_impl.h.
|
static |
Use SHA256 as a PRNG, returning SHA256(hasher || cnt).
hasher is a SHA256 object to which an incrementing 4-byte counter is written to generate randomness. Writing 13 bytes (4 bytes for counter, plus 9 bytes for the SHA256 padding) cannot cross a 64-byte block size boundary (to make sure it only triggers a single SHA256 compression).
Definition at line 310 of file main_impl.h.
|
static |
Set hash state to the BIP340 tagged hash midstate for "bip324_ellswift_xonly_ecdh".
Definition at line 519 of file main_impl.h.
|
static |
Set hash state to the BIP340 tagged hash midstate for "secp256k1_ellswift_create".
Definition at line 436 of file main_impl.h.
|
static |
Set hash state to the BIP340 tagged hash midstate for "secp256k1_ellswift_encode".
Definition at line 385 of file main_impl.h.
|
static |
Decode ElligatorSwift encoding (u, t) to point P.
Definition at line 143 of file main_impl.h.
| int secp256k1_ellswift_xdh | ( | const secp256k1_context * | ctx, |
| unsigned char * | output, | ||
| const unsigned char * | ell_a64, | ||
| const unsigned char * | ell_b64, | ||
| const unsigned char * | seckey32, | ||
| int | party, | ||
| secp256k1_ellswift_xdh_hash_function | hashfp, | ||
| void * | data | ||
| ) |
Given a private key, and ElligatorSwift public keys sent in both directions, compute a shared secret using x-only Elliptic Curve Diffie-Hellman (ECDH).
Returns: 1: shared secret was successfully computed 0: secret was invalid or hashfp returned 0 Args: ctx: pointer to a context object. Out: output: pointer to an array to be filled by hashfp. In: ell_a64: pointer to the 64-byte encoded public key of party A (will not be NULL) ell_b64: pointer to the 64-byte encoded public key of party B (will not be NULL) seckey32: pointer to our 32-byte secret key party: boolean indicating which party we are: zero if we are party A, non-zero if we are party B. seckey32 must be the private key corresponding to that party's ell_?64. This correspondence is not checked. hashfp: pointer to a hash function. data: arbitrary data pointer passed through to hashfp.
Constant time in seckey32.
This function is more efficient than decoding the public keys, and performing ECDH on them.
Definition at line 551 of file main_impl.h.
|
static |
Find an ElligatorSwift encoding (u, t) for X coordinate x, and random Y coordinate.
u32 is the 32-byte big endian encoding of u; t is the output field element t that still needs encoding.
hasher is a hasher in the secp256k1_ellswift_prng sense, with the same restrictions.
Definition at line 333 of file main_impl.h.
|
static |
Decode ElligatorSwift encoding (u, t) to a fraction xn/xd representing a curve X coordinate.
Definition at line 24 of file main_impl.h.
|
static |
Definition at line 168 of file main_impl.h.
|
static |
Decode ElligatorSwift encoding (u, t) to X coordinate.
Definition at line 135 of file main_impl.h.
|
static |
c1 = (sqrt(-3)-1)/2
Definition at line 15 of file main_impl.h.
|
static |
c2 = (-sqrt(-3)-1)/2 = -(c1+1)
Definition at line 17 of file main_impl.h.
|
static |
c3 = (-sqrt(-3)+1)/2 = -c1 = c2+1
Definition at line 19 of file main_impl.h.
|
static |
c4 = (sqrt(-3)+1)/2 = -c2 = c1+1
Definition at line 21 of file main_impl.h.
| const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_bip324 = ellswift_xdh_hash_function_bip324 |
Definition at line 549 of file main_impl.h.
| const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_prefix = ellswift_xdh_hash_function_prefix |
Definition at line 548 of file main_impl.h.
1.9.4