Bitcoin Core  26.99.0
P2P Digital Currency
Go to the documentation of this file.
1 /***********************************************************************
2  * Distributed under the MIT software license, see the accompanying *
3  * file COPYING or*
4  ***********************************************************************/
9 #include "../../../include/secp256k1_ellswift.h"
10 #include "main_impl.h"
13  int i;
15  /* Note that SwiftEC/ElligatorSwift are inherently curve operations, not
16  * group operations, and this test only checks the curve points which are in
17  * a tiny subgroup. In that sense it can't be really seen as exhaustive as
18  * it doesn't (and for computational reasons obviously cannot) test the
19  * entire domain ellswift operates under. */
20  for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) {
21  secp256k1_scalar scalar_i;
22  unsigned char sec32[32];
23  unsigned char ell64[64];
24  secp256k1_pubkey pub_decoded;
25  secp256k1_ge ge_decoded;
27  /* Construct ellswift pubkey from exhaustive loop scalar i. */
28  secp256k1_scalar_set_int(&scalar_i, i);
29  secp256k1_scalar_get_b32(sec32, &scalar_i);
30  CHECK(secp256k1_ellswift_create(ctx, ell64, sec32, NULL));
32  /* Decode ellswift pubkey and check that it matches the precomputed group element. */
33  secp256k1_ellswift_decode(ctx, &pub_decoded, ell64);
34  secp256k1_pubkey_load(ctx, &ge_decoded, &pub_decoded);
35  CHECK(secp256k1_ge_eq_var(&ge_decoded, &group[i]));
36  }
37 }
39 #endif
static void test_exhaustive_ellswift(const secp256k1_context *ctx, const secp256k1_ge *group)
static int secp256k1_ge_eq_var(const secp256k1_ge *a, const secp256k1_ge *b)
Check two group elements (affine) for equality in variable time.
#define CHECK(cond)
Unconditional failure on condition failure.
Definition: util.h:35
static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v)
Set a scalar to an unsigned integer.
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)
Convert a scalar to a byte array.
static int secp256k1_pubkey_load(const secp256k1_context *ctx, secp256k1_ge *ge, const secp256k1_pubkey *pubkey)
Definition: secp256k1.c:239
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ellswift_create(const secp256k1_context *ctx, unsigned char *ell64, const unsigned char *seckey32, const unsigned char *auxrnd32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute an ElligatorSwift public key for a secret key.
Definition: main_impl.h:450
SECP256K1_API int secp256k1_ellswift_decode(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *ell64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Decode a 64-bytes ElligatorSwift encoded public key.
Definition: main_impl.h:489
A group element in affine coordinates on the secp256k1 curve, or occasionally on an isomorphic curve ...
Definition: group.h:16
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:74
A scalar modulo the group order of the secp256k1 curve.
Definition: scalar_4x64.h:13