ellswift_2tests__exhaustive__impl_8h_source.html

/***********************************************************************

 * Distributed under the MIT software license, see the accompanying    *

 * file COPYING or https://www.opensource.org/licenses/mit-license.php.*

 ***********************************************************************/


#ifndef SECP256K1_MODULE_ELLSWIFT_TESTS_EXHAUSTIVE_H

#define SECP256K1_MODULE_ELLSWIFT_TESTS_EXHAUSTIVE_H


#include "../../../include/secp256k1_ellswift.h"

#include "main_impl.h"


static void test_exhaustive_ellswift(const secp256k1_context *ctx, const secp256k1_ge *group) {

    int i;


    /* Note that SwiftEC/ElligatorSwift are inherently curve operations, not

     * group operations, and this test only checks the curve points which are in

     * a tiny subgroup. In that sense it can't be really seen as exhaustive as

     * it doesn't (and for computational reasons obviously cannot) test the

     * entire domain ellswift operates under. */

    for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) {

        secp256k1_scalar scalar_i;

        unsigned char sec32[32];

        unsigned char ell64[64];

        secp256k1_pubkey pub_decoded;

        secp256k1_ge ge_decoded;


        /* Construct ellswift pubkey from exhaustive loop scalar i. */

        secp256k1_scalar_set_int(&scalar_i, i);

        secp256k1_scalar_get_b32(sec32, &scalar_i);

        CHECK(secp256k1_ellswift_create(ctx, ell64, sec32, NULL));


        /* Decode ellswift pubkey and check that it matches the precomputed group element. */

        secp256k1_ellswift_decode(ctx, &pub_decoded, ell64);

        secp256k1_pubkey_load(ctx, &ge_decoded, &pub_decoded);

        CHECK(secp256k1_ge_eq_var(&ge_decoded, &group[i]));

    }

}


#endif

test_exhaustive_ellswift
static void test_exhaustive_ellswift(const secp256k1_context *ctx, const secp256k1_ge *group)
Definition: tests_exhaustive_impl.h:12

secp256k1_ge_eq_var
static int secp256k1_ge_eq_var(const secp256k1_ge *a, const secp256k1_ge *b)
Check two group elements (affine) for equality in variable time.

CHECK
#define CHECK(cond)
Unconditional failure on condition failure.
Definition: util.h:35

tests_wycheproof_generate.group
group
Definition: tests_wycheproof_generate.py:36

secp256k1_scalar_set_int
static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v)
Set a scalar to an unsigned integer.

secp256k1_scalar_get_b32
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)
Convert a scalar to a byte array.

main_impl.h

secp256k1_pubkey_load
static int secp256k1_pubkey_load(const secp256k1_context *ctx, secp256k1_ge *ge, const secp256k1_pubkey *pubkey)
Definition: secp256k1.c:240

secp256k1_ellswift_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ellswift_create(const secp256k1_context *ctx, unsigned char *ell64, const unsigned char *seckey32, const unsigned char *auxrnd32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute an ElligatorSwift public key for a secret key.
Definition: main_impl.h:450

secp256k1_ellswift_decode
SECP256K1_API int secp256k1_ellswift_decode(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *ell64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Decode a 64-bytes ElligatorSwift encoded public key.
Definition: main_impl.h:489

secp256k1_context_struct
Definition: secp256k1.c:61

secp256k1_ge
A group element in affine coordinates on the secp256k1 curve, or occasionally on an isomorphic curve ...
Definition: group.h:16

secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:61

secp256k1_scalar
A scalar modulo the group order of the secp256k1 curve.
Definition: scalar_4x64.h:13

EXHAUSTIVE_TEST_ORDER
#define EXHAUSTIVE_TEST_ORDER
Definition: tests_exhaustive.c:13