Bitcoin Core  26.99.0
P2P Digital Currency
Functions | Variables
main_impl.h File Reference
#include "../../../include/secp256k1.h"
#include "../../../include/secp256k1_ellswift.h"
#include "../../eckey.h"
#include "../../hash.h"
Include dependency graph for main_impl.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

static void secp256k1_ellswift_xswiftec_frac_var (secp256k1_fe *xn, secp256k1_fe *xd, const secp256k1_fe *u, const secp256k1_fe *t)
 Decode ElligatorSwift encoding (u, t) to a fraction xn/xd representing a curve X coordinate. More...
 
static void secp256k1_ellswift_xswiftec_var (secp256k1_fe *x, const secp256k1_fe *u, const secp256k1_fe *t)
 Decode ElligatorSwift encoding (u, t) to X coordinate. More...
 
static void secp256k1_ellswift_swiftec_var (secp256k1_ge *p, const secp256k1_fe *u, const secp256k1_fe *t)
 Decode ElligatorSwift encoding (u, t) to point P. More...
 
static int secp256k1_ellswift_xswiftec_inv_var (secp256k1_fe *t, const secp256k1_fe *x_in, const secp256k1_fe *u_in, int c)
 
static void secp256k1_ellswift_prng (unsigned char *out32, const secp256k1_sha256 *hasher, uint32_t cnt)
 Use SHA256 as a PRNG, returning SHA256(hasher || cnt). More...
 
static void secp256k1_ellswift_xelligatorswift_var (unsigned char *u32, secp256k1_fe *t, const secp256k1_fe *x, const secp256k1_sha256 *hasher)
 Find an ElligatorSwift encoding (u, t) for X coordinate x, and random Y coordinate. More...
 
static void secp256k1_ellswift_elligatorswift_var (unsigned char *u32, secp256k1_fe *t, const secp256k1_ge *p, const secp256k1_sha256 *hasher)
 Find an ElligatorSwift encoding (u, t) for point P. More...
 
static void secp256k1_ellswift_sha256_init_encode (secp256k1_sha256 *hash)
 Set hash state to the BIP340 tagged hash midstate for "secp256k1_ellswift_encode". More...
 
int secp256k1_ellswift_encode (const secp256k1_context *ctx, unsigned char *ell64, const secp256k1_pubkey *pubkey, const unsigned char *rnd32)
 Construct a 64-byte ElligatorSwift encoding of a given pubkey. More...
 
static void secp256k1_ellswift_sha256_init_create (secp256k1_sha256 *hash)
 Set hash state to the BIP340 tagged hash midstate for "secp256k1_ellswift_create". More...
 
int secp256k1_ellswift_create (const secp256k1_context *ctx, unsigned char *ell64, const unsigned char *seckey32, const unsigned char *auxrnd32)
 Compute an ElligatorSwift public key for a secret key. More...
 
int secp256k1_ellswift_decode (const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *ell64)
 Decode a 64-bytes ElligatorSwift encoded public key. More...
 
static int ellswift_xdh_hash_function_prefix (unsigned char *output, const unsigned char *x32, const unsigned char *ell_a64, const unsigned char *ell_b64, void *data)
 
static void secp256k1_ellswift_sha256_init_bip324 (secp256k1_sha256 *hash)
 Set hash state to the BIP340 tagged hash midstate for "bip324_ellswift_xonly_ecdh". More...
 
static int ellswift_xdh_hash_function_bip324 (unsigned char *output, const unsigned char *x32, const unsigned char *ell_a64, const unsigned char *ell_b64, void *data)
 
int secp256k1_ellswift_xdh (const secp256k1_context *ctx, unsigned char *output, const unsigned char *ell_a64, const unsigned char *ell_b64, const unsigned char *seckey32, int party, secp256k1_ellswift_xdh_hash_function hashfp, void *data)
 Given a private key, and ElligatorSwift public keys sent in both directions, compute a shared secret using x-only Elliptic Curve Diffie-Hellman (ECDH). More...
 

Variables

static const secp256k1_fe secp256k1_ellswift_c1 = SECP256K1_FE_CONST(0x851695d4, 0x9a83f8ef, 0x919bb861, 0x53cbcb16, 0x630fb68a, 0xed0a766a, 0x3ec693d6, 0x8e6afa40)
 c1 = (sqrt(-3)-1)/2 More...
 
static const secp256k1_fe secp256k1_ellswift_c2 = SECP256K1_FE_CONST(0x7ae96a2b, 0x657c0710, 0x6e64479e, 0xac3434e9, 0x9cf04975, 0x12f58995, 0xc1396c28, 0x719501ee)
 c2 = (-sqrt(-3)-1)/2 = -(c1+1) More...
 
static const secp256k1_fe secp256k1_ellswift_c3 = SECP256K1_FE_CONST(0x7ae96a2b, 0x657c0710, 0x6e64479e, 0xac3434e9, 0x9cf04975, 0x12f58995, 0xc1396c28, 0x719501ef)
 c3 = (-sqrt(-3)+1)/2 = -c1 = c2+1 More...
 
static const secp256k1_fe secp256k1_ellswift_c4 = SECP256K1_FE_CONST(0x851695d4, 0x9a83f8ef, 0x919bb861, 0x53cbcb16, 0x630fb68a, 0xed0a766a, 0x3ec693d6, 0x8e6afa41)
 c4 = (sqrt(-3)+1)/2 = -c2 = c1+1 More...
 
const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_prefix = ellswift_xdh_hash_function_prefix
 
const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_bip324 = ellswift_xdh_hash_function_bip324
 

Function Documentation

◆ ellswift_xdh_hash_function_bip324()

static int ellswift_xdh_hash_function_bip324 ( unsigned char *  output,
const unsigned char *  x32,
const unsigned char *  ell_a64,
const unsigned char *  ell_b64,
void *  data 
)
static

Definition at line 532 of file main_impl.h.

Here is the call graph for this function:

◆ ellswift_xdh_hash_function_prefix()

static int ellswift_xdh_hash_function_prefix ( unsigned char *  output,
const unsigned char *  x32,
const unsigned char *  ell_a64,
const unsigned char *  ell_b64,
void *  data 
)
static

Definition at line 504 of file main_impl.h.

Here is the call graph for this function:

◆ secp256k1_ellswift_create()

int secp256k1_ellswift_create ( const secp256k1_context ctx,
unsigned char *  ell64,
const unsigned char *  seckey32,
const unsigned char *  auxrnd32 
)

Compute an ElligatorSwift public key for a secret key.

Returns: 1: secret was valid, public key was stored. 0: secret was invalid, try again. Args: ctx: pointer to a context object Out: ell64: pointer to a 64-byte array to receive the ElligatorSwift public key In: seckey32: pointer to a 32-byte secret key auxrnd32: (optional) pointer to 32 bytes of randomness

Constant time in seckey and auxrnd32, but not in the resulting public key.

It is recommended that auxrnd32 contains 32 uniformly random bytes, though it is optional (and does result in encodings that are indistinguishable from uniform even without any auxrnd32). It differs from the (mandatory) rnd32 argument to secp256k1_ellswift_encode in this regard.

This function can be used instead of calling secp256k1_ec_pubkey_create followed by secp256k1_ellswift_encode. It is safer, as it uses the secret key as entropy for the encoding (supplemented with auxrnd32, if provided).

Like secp256k1_ellswift_encode, this function does not guarantee that the computed encoding is stable across versions of the library, even if all arguments (including auxrnd32) are the same.

Definition at line 450 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ellswift_decode()

int secp256k1_ellswift_decode ( const secp256k1_context ctx,
secp256k1_pubkey pubkey,
const unsigned char *  ell64 
)

Decode a 64-bytes ElligatorSwift encoded public key.

Returns: always 1 Args: ctx: pointer to a context object Out: pubkey: pointer to a secp256k1_pubkey that will be filled In: ell64: pointer to a 64-byte array to decode

This function runs in variable time.

Definition at line 489 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ellswift_elligatorswift_var()

static void secp256k1_ellswift_elligatorswift_var ( unsigned char *  u32,
secp256k1_fe t,
const secp256k1_ge p,
const secp256k1_sha256 hasher 
)
static

Find an ElligatorSwift encoding (u, t) for point P.

This is similar secp256k1_ellswift_xelligatorswift_var, except it takes a full group element p as input, and returns an encoding that matches the provided Y coordinate rather than a random one.

Definition at line 375 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ellswift_encode()

int secp256k1_ellswift_encode ( const secp256k1_context ctx,
unsigned char *  ell64,
const secp256k1_pubkey pubkey,
const unsigned char *  rnd32 
)

Construct a 64-byte ElligatorSwift encoding of a given pubkey.

Returns: 1 always. Args: ctx: pointer to a context object Out: ell64: pointer to a 64-byte array to be filled In: pubkey: a pointer to a secp256k1_pubkey containing an initialized public key rnd32: pointer to 32 bytes of randomness

It is recommended that rnd32 consists of 32 uniformly random bytes, not known to any adversary trying to detect whether public keys are being encoded, though 16 bytes of randomness (padded to an array of 32 bytes, e.g., with zeros) suffice to make the result indistinguishable from uniform. The randomness in rnd32 must not be a deterministic function of the pubkey (it can be derived from the private key, though).

It is not guaranteed that the computed encoding is stable across versions of the library, even if all arguments to this function (including rnd32) are the same.

This function runs in variable time.

Definition at line 399 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ellswift_prng()

static void secp256k1_ellswift_prng ( unsigned char *  out32,
const secp256k1_sha256 hasher,
uint32_t  cnt 
)
static

Use SHA256 as a PRNG, returning SHA256(hasher || cnt).

hasher is a SHA256 object to which an incrementing 4-byte counter is written to generate randomness. Writing 13 bytes (4 bytes for counter, plus 9 bytes for the SHA256 padding) cannot cross a 64-byte block size boundary (to make sure it only triggers a single SHA256 compression).

Definition at line 310 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ellswift_sha256_init_bip324()

static void secp256k1_ellswift_sha256_init_bip324 ( secp256k1_sha256 hash)
static

Set hash state to the BIP340 tagged hash midstate for "bip324_ellswift_xonly_ecdh".

Definition at line 518 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ellswift_sha256_init_create()

static void secp256k1_ellswift_sha256_init_create ( secp256k1_sha256 hash)
static

Set hash state to the BIP340 tagged hash midstate for "secp256k1_ellswift_create".

Definition at line 436 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ellswift_sha256_init_encode()

static void secp256k1_ellswift_sha256_init_encode ( secp256k1_sha256 hash)
static

Set hash state to the BIP340 tagged hash midstate for "secp256k1_ellswift_encode".

Definition at line 385 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ellswift_swiftec_var()

static void secp256k1_ellswift_swiftec_var ( secp256k1_ge p,
const secp256k1_fe u,
const secp256k1_fe t 
)
static

Decode ElligatorSwift encoding (u, t) to point P.

Definition at line 143 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ellswift_xdh()

int secp256k1_ellswift_xdh ( const secp256k1_context ctx,
unsigned char *  output,
const unsigned char *  ell_a64,
const unsigned char *  ell_b64,
const unsigned char *  seckey32,
int  party,
secp256k1_ellswift_xdh_hash_function  hashfp,
void *  data 
)

Given a private key, and ElligatorSwift public keys sent in both directions, compute a shared secret using x-only Elliptic Curve Diffie-Hellman (ECDH).

Returns: 1: shared secret was successfully computed 0: secret was invalid or hashfp returned 0 Args: ctx: pointer to a context object. Out: output: pointer to an array to be filled by hashfp. In: ell_a64: pointer to the 64-byte encoded public key of party A (will not be NULL) ell_b64: pointer to the 64-byte encoded public key of party B (will not be NULL) seckey32: a pointer to our 32-byte secret key party: boolean indicating which party we are: zero if we are party A, non-zero if we are party B. seckey32 must be the private key corresponding to that party's ell_?64. This correspondence is not checked. hashfp: pointer to a hash function. data: arbitrary data pointer passed through to hashfp.

Constant time in seckey32.

This function is more efficient than decoding the public keys, and performing ECDH on them.

Definition at line 549 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ellswift_xelligatorswift_var()

static void secp256k1_ellswift_xelligatorswift_var ( unsigned char *  u32,
secp256k1_fe t,
const secp256k1_fe x,
const secp256k1_sha256 hasher 
)
static

Find an ElligatorSwift encoding (u, t) for X coordinate x, and random Y coordinate.

u32 is the 32-byte big endian encoding of u; t is the output field element t that still needs encoding.

hasher is a hasher in the secp256k1_ellswift_prng sense, with the same restrictions.

Definition at line 333 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ellswift_xswiftec_frac_var()

static void secp256k1_ellswift_xswiftec_frac_var ( secp256k1_fe xn,
secp256k1_fe xd,
const secp256k1_fe u,
const secp256k1_fe t 
)
static

Decode ElligatorSwift encoding (u, t) to a fraction xn/xd representing a curve X coordinate.

Definition at line 24 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ellswift_xswiftec_inv_var()

static int secp256k1_ellswift_xswiftec_inv_var ( secp256k1_fe t,
const secp256k1_fe x_in,
const secp256k1_fe u_in,
int  c 
)
static

Definition at line 168 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ellswift_xswiftec_var()

static void secp256k1_ellswift_xswiftec_var ( secp256k1_fe x,
const secp256k1_fe u,
const secp256k1_fe t 
)
static

Decode ElligatorSwift encoding (u, t) to X coordinate.

Definition at line 135 of file main_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

Variable Documentation

◆ secp256k1_ellswift_c1

const secp256k1_fe secp256k1_ellswift_c1 = SECP256K1_FE_CONST(0x851695d4, 0x9a83f8ef, 0x919bb861, 0x53cbcb16, 0x630fb68a, 0xed0a766a, 0x3ec693d6, 0x8e6afa40)
static

c1 = (sqrt(-3)-1)/2

Definition at line 15 of file main_impl.h.

◆ secp256k1_ellswift_c2

const secp256k1_fe secp256k1_ellswift_c2 = SECP256K1_FE_CONST(0x7ae96a2b, 0x657c0710, 0x6e64479e, 0xac3434e9, 0x9cf04975, 0x12f58995, 0xc1396c28, 0x719501ee)
static

c2 = (-sqrt(-3)-1)/2 = -(c1+1)

Definition at line 17 of file main_impl.h.

◆ secp256k1_ellswift_c3

const secp256k1_fe secp256k1_ellswift_c3 = SECP256K1_FE_CONST(0x7ae96a2b, 0x657c0710, 0x6e64479e, 0xac3434e9, 0x9cf04975, 0x12f58995, 0xc1396c28, 0x719501ef)
static

c3 = (-sqrt(-3)+1)/2 = -c1 = c2+1

Definition at line 19 of file main_impl.h.

◆ secp256k1_ellswift_c4

const secp256k1_fe secp256k1_ellswift_c4 = SECP256K1_FE_CONST(0x851695d4, 0x9a83f8ef, 0x919bb861, 0x53cbcb16, 0x630fb68a, 0xed0a766a, 0x3ec693d6, 0x8e6afa41)
static

c4 = (sqrt(-3)+1)/2 = -c2 = c1+1

Definition at line 21 of file main_impl.h.

◆ secp256k1_ellswift_xdh_hash_function_bip324

const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_bip324 = ellswift_xdh_hash_function_bip324

Definition at line 547 of file main_impl.h.

◆ secp256k1_ellswift_xdh_hash_function_prefix

const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_prefix = ellswift_xdh_hash_function_prefix

Definition at line 546 of file main_impl.h.