#include "field.h"

Include dependency graph for group.h:

This graph shows which files directly or indirectly include this file:

Classes
struct	secp256k1_ge
	A group element in affine coordinates on the secp256k1 curve, or occasionally on an isomorphic curve of the form y^2 = x^3 + 7*t^6. More...

struct	secp256k1_gej
	A group element of the secp256k1 curve, in jacobian coordinates. More...

struct	secp256k1_ge_storage

Macros
#define	SECP256K1_GE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), 0}

#define	SECP256K1_GE_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1}

#define	SECP256K1_GEJ_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1), 0}

#define	SECP256K1_GEJ_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1}

#define	SECP256K1_GE_STORAGE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_STORAGE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_STORAGE_CONST((i),(j),(k),(l),(m),(n),(o),(p))}

#define	SECP256K1_GE_STORAGE_CONST_GET(t) SECP256K1_FE_STORAGE_CONST_GET(t.x), SECP256K1_FE_STORAGE_CONST_GET(t.y)

#define	SECP256K1_GE_X_MAGNITUDE_MAX 4
	Maximum allowed magnitudes for group element coordinates in affine (x, y) and jacobian (x, y, z) representation. More...

#define	SECP256K1_GE_Y_MAGNITUDE_MAX 3

#define	SECP256K1_GEJ_X_MAGNITUDE_MAX 4

#define	SECP256K1_GEJ_Y_MAGNITUDE_MAX 4

#define	SECP256K1_GEJ_Z_MAGNITUDE_MAX 1

#define	SECP256K1_GE_VERIFY(a) secp256k1_ge_verify(a)

#define	SECP256K1_GEJ_VERIFY(a) secp256k1_gej_verify(a)

Functions
static void	secp256k1_ge_set_xy (secp256k1_ge r, const secp256k1_fe x, const secp256k1_fe *y)
	Set a group element equal to the point with given X and Y coordinates. More...

static int	secp256k1_ge_set_xo_var (secp256k1_ge r, const secp256k1_fe x, int odd)
	Set a group element (affine) equal to the point with the given X coordinate, and given oddness for Y. More...

static int	secp256k1_ge_x_on_curve_var (const secp256k1_fe *x)
	Determine whether x is a valid X coordinate on the curve. More...

static int	secp256k1_ge_x_frac_on_curve_var (const secp256k1_fe xn, const secp256k1_fe xd)
	Determine whether fraction xn/xd is a valid X coordinate on the curve (xd != 0). More...

static int	secp256k1_ge_is_infinity (const secp256k1_ge *a)
	Check whether a group element is the point at infinity. More...

static int	secp256k1_ge_is_valid_var (const secp256k1_ge *a)
	Check whether a group element is valid (i.e., on the curve). More...

static void	secp256k1_ge_neg (secp256k1_ge r, const secp256k1_ge a)
	Set r equal to the inverse of a (i.e., mirrored around the X axis) More...

static void	secp256k1_ge_set_gej (secp256k1_ge r, secp256k1_gej a)
	Set a group element equal to another which is given in jacobian coordinates. More...

static void	secp256k1_ge_set_gej_var (secp256k1_ge r, secp256k1_gej a)
	Set a group element equal to another which is given in jacobian coordinates. More...

static void	secp256k1_ge_set_all_gej_var (secp256k1_ge r, const secp256k1_gej a, size_t len)
	Set a batch of group elements equal to the inputs given in jacobian coordinates. More...

static void	secp256k1_ge_table_set_globalz (size_t len, secp256k1_ge a, const secp256k1_fe zr)
	Bring a batch of inputs to the same global z "denominator", based on ratios between (omitted) z coordinates of adjacent elements. More...

static int	secp256k1_ge_eq_var (const secp256k1_ge a, const secp256k1_ge b)
	Check two group elements (affine) for equality in variable time. More...

static void	secp256k1_ge_set_infinity (secp256k1_ge *r)
	Set a group element (affine) equal to the point at infinity. More...

static void	secp256k1_gej_set_infinity (secp256k1_gej *r)
	Set a group element (jacobian) equal to the point at infinity. More...

static void	secp256k1_gej_set_ge (secp256k1_gej r, const secp256k1_ge a)
	Set a group element (jacobian) equal to another which is given in affine coordinates. More...

static int	secp256k1_gej_eq_var (const secp256k1_gej a, const secp256k1_gej b)
	Check two group elements (jacobian) for equality in variable time. More...

static int	secp256k1_gej_eq_ge_var (const secp256k1_gej a, const secp256k1_ge b)
	Check two group elements (jacobian and affine) for equality in variable time. More...

static int	secp256k1_gej_eq_x_var (const secp256k1_fe x, const secp256k1_gej a)
	Compare the X coordinate of a group element (jacobian). More...

static void	secp256k1_gej_neg (secp256k1_gej r, const secp256k1_gej a)
	Set r equal to the inverse of a (i.e., mirrored around the X axis) More...

static int	secp256k1_gej_is_infinity (const secp256k1_gej *a)
	Check whether a group element is the point at infinity. More...

static void	secp256k1_gej_double (secp256k1_gej r, const secp256k1_gej a)
	Set r equal to the double of a. More...

static void	secp256k1_gej_double_var (secp256k1_gej r, const secp256k1_gej a, secp256k1_fe *rzr)
	Set r equal to the double of a. More...

static void	secp256k1_gej_add_var (secp256k1_gej r, const secp256k1_gej a, const secp256k1_gej b, secp256k1_fe rzr)
	Set r equal to the sum of a and b. More...

static void	secp256k1_gej_add_ge (secp256k1_gej r, const secp256k1_gej a, const secp256k1_ge *b)
	Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity). More...

static void	secp256k1_gej_add_ge_var (secp256k1_gej r, const secp256k1_gej a, const secp256k1_ge b, secp256k1_fe rzr)
	Set r equal to the sum of a and b (with b given in affine coordinates). More...

static void	secp256k1_gej_add_zinv_var (secp256k1_gej r, const secp256k1_gej a, const secp256k1_ge b, const secp256k1_fe bzinv)
	Set r equal to the sum of a and b (with the inverse of b's Z coordinate passed as bzinv). More...

static void	secp256k1_ge_mul_lambda (secp256k1_ge r, const secp256k1_ge a)
	Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast. More...

static void	secp256k1_gej_clear (secp256k1_gej *r)
	Clear a secp256k1_gej to prevent leaking sensitive information. More...

static void	secp256k1_ge_clear (secp256k1_ge *r)
	Clear a secp256k1_ge to prevent leaking sensitive information. More...

static void	secp256k1_ge_to_storage (secp256k1_ge_storage r, const secp256k1_ge a)
	Convert a group element to the storage type. More...

static void	secp256k1_ge_from_storage (secp256k1_ge r, const secp256k1_ge_storage a)
	Convert a group element back from the storage type. More...

static void	secp256k1_gej_cmov (secp256k1_gej r, const secp256k1_gej a, int flag)
	If flag is true, set r equal to a; otherwise leave it. More...

static void	secp256k1_ge_storage_cmov (secp256k1_ge_storage r, const secp256k1_ge_storage a, int flag)
	If flag is true, set r equal to a; otherwise leave it. More...

static void	secp256k1_gej_rescale (secp256k1_gej r, const secp256k1_fe b)
	Rescale a jacobian point by b which must be non-zero. More...

static void	secp256k1_ge_to_bytes (unsigned char buf, const secp256k1_ge a)
	Convert a group element that is not infinity to a 64-byte array. More...

static void	secp256k1_ge_from_bytes (secp256k1_ge r, const unsigned char buf)
	Convert a 64-byte array into group element. More...

static void	secp256k1_ge_to_bytes_ext (unsigned char data, const secp256k1_ge ge)
	Convert a group element (that is allowed to be infinity) to a 64-byte array. More...

static void	secp256k1_ge_from_bytes_ext (secp256k1_ge ge, const unsigned char data)
	Convert a 64-byte array into a group element. More...

static int	secp256k1_ge_is_in_correct_subgroup (const secp256k1_ge *ge)
	Determine if a point (which is assumed to be on the curve) is in the correct (sub)group of the curve. More...

static void	secp256k1_ge_verify (const secp256k1_ge *a)
	Check invariants on an affine group element (no-op unless VERIFY is enabled). More...

static void	secp256k1_gej_verify (const secp256k1_gej *a)
	Check invariants on a Jacobian group element (no-op unless VERIFY is enabled). More...

Macro Definition Documentation

◆ SECP256K1_GE_CONST

#define SECP256K1_GE_CONST	(	a,
		b,
		c,
		d,
		e,
		f,
		g,
		h,
		i,
		j,
		k,
		l,
		m,
		n,
		o,
		p
	)	{SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), 0}

Definition at line 22 of file group.h.

◆ SECP256K1_GE_CONST_INFINITY

#define SECP256K1_GE_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1}

Definition at line 23 of file group.h.

◆ SECP256K1_GE_STORAGE_CONST

#define SECP256K1_GE_STORAGE_CONST	(	a,
		b,
		c,
		d,
		e,
		f,
		g,
		h,
		i,
		j,
		k,
		l,
		m,
		n,
		o,
		p
	)	{SECP256K1_FE_STORAGE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_STORAGE_CONST((i),(j),(k),(l),(m),(n),(o),(p))}

Definition at line 43 of file group.h.

◆ SECP256K1_GE_STORAGE_CONST_GET

#define SECP256K1_GE_STORAGE_CONST_GET ( t ) SECP256K1_FE_STORAGE_CONST_GET(t.x), SECP256K1_FE_STORAGE_CONST_GET(t.y)

Definition at line 45 of file group.h.

◆ SECP256K1_GE_VERIFY

#define SECP256K1_GE_VERIFY ( a ) secp256k1_ge_verify(a)

Definition at line 206 of file group.h.

◆ SECP256K1_GE_X_MAGNITUDE_MAX

#define SECP256K1_GE_X_MAGNITUDE_MAX 4

Maximum allowed magnitudes for group element coordinates in affine (x, y) and jacobian (x, y, z) representation.

Definition at line 49 of file group.h.

◆ SECP256K1_GE_Y_MAGNITUDE_MAX

#define SECP256K1_GE_Y_MAGNITUDE_MAX 3

Definition at line 50 of file group.h.

◆ SECP256K1_GEJ_CONST

#define SECP256K1_GEJ_CONST	(	a,
		b,
		c,
		d,
		e,
		f,
		g,
		h,
		i,
		j,
		k,
		l,
		m,
		n,
		o,
		p
	)	{SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1), 0}

Definition at line 35 of file group.h.

◆ SECP256K1_GEJ_CONST_INFINITY

#define SECP256K1_GEJ_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1}

Definition at line 36 of file group.h.

◆ SECP256K1_GEJ_VERIFY

#define SECP256K1_GEJ_VERIFY ( a ) secp256k1_gej_verify(a)

Definition at line 210 of file group.h.

◆ SECP256K1_GEJ_X_MAGNITUDE_MAX

#define SECP256K1_GEJ_X_MAGNITUDE_MAX 4

Definition at line 51 of file group.h.

◆ SECP256K1_GEJ_Y_MAGNITUDE_MAX

#define SECP256K1_GEJ_Y_MAGNITUDE_MAX 4

Definition at line 52 of file group.h.

◆ SECP256K1_GEJ_Z_MAGNITUDE_MAX

#define SECP256K1_GEJ_Z_MAGNITUDE_MAX 1

Definition at line 53 of file group.h.

Function Documentation

◆ secp256k1_ge_clear()

static void secp256k1_ge_clear ( secp256k1_ge * r )

static

Clear a secp256k1_ge to prevent leaking sensitive information.

Here is the caller graph for this function:

◆ secp256k1_ge_eq_var()

static int secp256k1_ge_eq_var	(	const secp256k1_ge *	a,
		const secp256k1_ge *	b
	)

static

Check two group elements (affine) for equality in variable time.

Here is the caller graph for this function:

◆ secp256k1_ge_from_bytes()

static void secp256k1_ge_from_bytes	(	secp256k1_ge *	r,
		const unsigned char *	buf
	)

static

Convert a 64-byte array into group element.

This function assumes that the provided buffer correctly encodes a group element.

Here is the caller graph for this function:

◆ secp256k1_ge_from_bytes_ext()

static void secp256k1_ge_from_bytes_ext	(	secp256k1_ge *	ge,
		const unsigned char *	data
	)

static

Convert a 64-byte array into a group element.

This function assumes that the provided buffer is the output of secp256k1_ge_to_bytes_ext.

Here is the caller graph for this function:

◆ secp256k1_ge_from_storage()

static void secp256k1_ge_from_storage	(	secp256k1_ge *	r,
		const secp256k1_ge_storage *	a
	)

static

Convert a group element back from the storage type.

Here is the caller graph for this function:

◆ secp256k1_ge_is_in_correct_subgroup()

static int secp256k1_ge_is_in_correct_subgroup ( const secp256k1_ge * ge )

static

Determine if a point (which is assumed to be on the curve) is in the correct (sub)group of the curve.

In normal mode, the used group is secp256k1, which has cofactor=1 meaning that every point on the curve is in the group, and this function returns always true.

When compiling in exhaustive test mode, a slightly different curve equation is used, leading to a group with a (very) small subgroup, and that subgroup is what is used for all cryptographic operations. In that mode, this function checks whether a point that is on the curve is in fact also in that subgroup.

Here is the caller graph for this function:

◆ secp256k1_ge_is_infinity()

static int secp256k1_ge_is_infinity ( const secp256k1_ge * a )

static

Check whether a group element is the point at infinity.

Here is the caller graph for this function:

◆ secp256k1_ge_is_valid_var()

static int secp256k1_ge_is_valid_var ( const secp256k1_ge * a )

static

Check whether a group element is valid (i.e., on the curve).

Here is the caller graph for this function:

◆ secp256k1_ge_mul_lambda()

static void secp256k1_ge_mul_lambda	(	secp256k1_ge *	r,
		const secp256k1_ge *	a
	)

static

Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast.

Here is the caller graph for this function:

◆ secp256k1_ge_neg()

static void secp256k1_ge_neg	(	secp256k1_ge *	r,
		const secp256k1_ge *	a
	)

static

Set r equal to the inverse of a (i.e., mirrored around the X axis)

Here is the caller graph for this function:

◆ secp256k1_ge_set_all_gej_var()

static void secp256k1_ge_set_all_gej_var	(	secp256k1_ge *	r,
		const secp256k1_gej *	a,
		size_t	len
	)

static

Set a batch of group elements equal to the inputs given in jacobian coordinates.

Here is the caller graph for this function:

◆ secp256k1_ge_set_gej()

static void secp256k1_ge_set_gej	(	secp256k1_ge *	r,
		secp256k1_gej *	a
	)

static

Set a group element equal to another which is given in jacobian coordinates.

Constant time.

Here is the caller graph for this function:

◆ secp256k1_ge_set_gej_var()

static void secp256k1_ge_set_gej_var	(	secp256k1_ge *	r,
		secp256k1_gej *	a
	)

static

Set a group element equal to another which is given in jacobian coordinates.

Here is the caller graph for this function:

◆ secp256k1_ge_set_infinity()

static void secp256k1_ge_set_infinity ( secp256k1_ge * r )

static

Set a group element (affine) equal to the point at infinity.

Here is the caller graph for this function:

◆ secp256k1_ge_set_xo_var()

static int secp256k1_ge_set_xo_var	(	secp256k1_ge *	r,
		const secp256k1_fe *	x,
		int	odd
	)

static

Set a group element (affine) equal to the point with the given X coordinate, and given oddness for Y.

Return value indicates whether the result is valid.

Here is the caller graph for this function:

◆ secp256k1_ge_set_xy()

static void secp256k1_ge_set_xy	(	secp256k1_ge *	r,
		const secp256k1_fe *	x,
		const secp256k1_fe *	y
	)

static

Set a group element equal to the point with given X and Y coordinates.

Here is the caller graph for this function:

◆ secp256k1_ge_storage_cmov()

static void secp256k1_ge_storage_cmov	(	secp256k1_ge_storage *	r,
		const secp256k1_ge_storage *	a,
		int	flag
	)

static

If flag is true, set *r equal to *a; otherwise leave it.

Constant-time. Both *r and *a must be initialized.

Here is the caller graph for this function:

◆ secp256k1_ge_table_set_globalz()

static void secp256k1_ge_table_set_globalz	(	size_t	len,
		secp256k1_ge *	a,
		const secp256k1_fe *	zr
	)

static

Bring a batch of inputs to the same global z "denominator", based on ratios between (omitted) z coordinates of adjacent elements.

Although the elements a[i] are _ge rather than _gej, they actually represent elements in Jacobian coordinates with their z coordinates omitted.

Using the notation z(b) to represent the omitted z coordinate of b, the array zr of z coordinate ratios must satisfy zr[i] == z(a[i]) / z(a[i-1]) for 0 < 'i' < len. The zr[0] value is unused.

This function adjusts the coordinates of 'a' in place so that for all 'i', z(a[i]) == z(a[len-1]). In other words, the initial value of z(a[len-1]) becomes the global z "denominator". Only the a[i].x and a[i].y coordinates are explicitly modified; the adjustment of the omitted z coordinate is implicit.

The coordinates of the final element a[len-1] are not changed.

Here is the caller graph for this function:

◆ secp256k1_ge_to_bytes()

static void secp256k1_ge_to_bytes	(	unsigned char *	buf,
		const secp256k1_ge *	a
	)

static

Convert a group element that is not infinity to a 64-byte array.

The output array is platform-dependent.

Here is the caller graph for this function:

◆ secp256k1_ge_to_bytes_ext()

static void secp256k1_ge_to_bytes_ext	(	unsigned char *	data,
		const secp256k1_ge *	ge
	)

static

Convert a group element (that is allowed to be infinity) to a 64-byte array.

The output array is platform-dependent.

Here is the caller graph for this function:

◆ secp256k1_ge_to_storage()

static void secp256k1_ge_to_storage	(	secp256k1_ge_storage *	r,
		const secp256k1_ge *	a
	)

static

Convert a group element to the storage type.

Here is the caller graph for this function:

◆ secp256k1_ge_verify()

static void secp256k1_ge_verify ( const secp256k1_ge * a )

static

Check invariants on an affine group element (no-op unless VERIFY is enabled).

◆ secp256k1_ge_x_frac_on_curve_var()

static int secp256k1_ge_x_frac_on_curve_var	(	const secp256k1_fe *	xn,
		const secp256k1_fe *	xd
	)

static

Determine whether fraction xn/xd is a valid X coordinate on the curve (xd != 0).

Here is the caller graph for this function:

◆ secp256k1_ge_x_on_curve_var()

static int secp256k1_ge_x_on_curve_var ( const secp256k1_fe * x )

static

Determine whether x is a valid X coordinate on the curve.

Here is the caller graph for this function:

◆ secp256k1_gej_add_ge()

static void secp256k1_gej_add_ge	(	secp256k1_gej *	r,
		const secp256k1_gej *	a,
		const secp256k1_ge *	b
	)

static

Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity).

Here is the caller graph for this function:

◆ secp256k1_gej_add_ge_var()

static void secp256k1_gej_add_ge_var	(	secp256k1_gej *	r,
		const secp256k1_gej *	a,
		const secp256k1_ge *	b,
		secp256k1_fe *	rzr
	)

static

Set r equal to the sum of a and b (with b given in affine coordinates).

This is more efficient than secp256k1_gej_add_var. It is identical to secp256k1_gej_add_ge but without constant-time guarantee, and b is allowed to be infinity. If rzr is non-NULL this sets *rzr such that r->z == a->z * *rzr (a cannot be infinity in that case).

Here is the caller graph for this function:

◆ secp256k1_gej_add_var()

static void secp256k1_gej_add_var	(	secp256k1_gej *	r,
		const secp256k1_gej *	a,
		const secp256k1_gej *	b,
		secp256k1_fe *	rzr
	)

static

Set r equal to the sum of a and b.

If rzr is non-NULL this sets *rzr such that r->z == a->z * *rzr (a cannot be infinity in that case).

Here is the caller graph for this function:

◆ secp256k1_gej_add_zinv_var()

static void secp256k1_gej_add_zinv_var	(	secp256k1_gej *	r,
		const secp256k1_gej *	a,
		const secp256k1_ge *	b,
		const secp256k1_fe *	bzinv
	)

static

Set r equal to the sum of a and b (with the inverse of b's Z coordinate passed as bzinv).

Here is the caller graph for this function:

◆ secp256k1_gej_clear()

static void secp256k1_gej_clear ( secp256k1_gej * r )

static

Clear a secp256k1_gej to prevent leaking sensitive information.

Here is the caller graph for this function:

◆ secp256k1_gej_cmov()

static void secp256k1_gej_cmov	(	secp256k1_gej *	r,
		const secp256k1_gej *	a,
		int	flag
	)

static

If flag is true, set *r equal to *a; otherwise leave it.

Constant-time. Both *r and *a must be initialized.

Here is the caller graph for this function:

◆ secp256k1_gej_double()

static void secp256k1_gej_double	(	secp256k1_gej *	r,
		const secp256k1_gej *	a
	)

static

Set r equal to the double of a.

Constant time.

Here is the caller graph for this function:

◆ secp256k1_gej_double_var()

static void secp256k1_gej_double_var	(	secp256k1_gej *	r,
		const secp256k1_gej *	a,
		secp256k1_fe *	rzr
	)

static

Set r equal to the double of a.

If rzr is not-NULL this sets *rzr such that r->z == a->z * *rzr (where infinity means an implicit z = 0).

Here is the caller graph for this function:

◆ secp256k1_gej_eq_ge_var()

static int secp256k1_gej_eq_ge_var	(	const secp256k1_gej *	a,
		const secp256k1_ge *	b
	)

static

Check two group elements (jacobian and affine) for equality in variable time.

Here is the caller graph for this function:

◆ secp256k1_gej_eq_var()

static int secp256k1_gej_eq_var	(	const secp256k1_gej *	a,
		const secp256k1_gej *	b
	)

static

Check two group elements (jacobian) for equality in variable time.

Here is the caller graph for this function:

◆ secp256k1_gej_eq_x_var()

static int secp256k1_gej_eq_x_var	(	const secp256k1_fe *	x,
		const secp256k1_gej *	a
	)

static

Compare the X coordinate of a group element (jacobian).

The magnitude of the group element's X coordinate must not exceed 31.

Here is the caller graph for this function:

◆ secp256k1_gej_is_infinity()

static int secp256k1_gej_is_infinity ( const secp256k1_gej * a )

static

Check whether a group element is the point at infinity.

Here is the caller graph for this function:

◆ secp256k1_gej_neg()

static void secp256k1_gej_neg	(	secp256k1_gej *	r,
		const secp256k1_gej *	a
	)

static

Set r equal to the inverse of a (i.e., mirrored around the X axis)

Here is the caller graph for this function:

◆ secp256k1_gej_rescale()

static void secp256k1_gej_rescale	(	secp256k1_gej *	r,
		const secp256k1_fe *	b
	)

static

Rescale a jacobian point by b which must be non-zero.

Constant-time.

Here is the caller graph for this function:

◆ secp256k1_gej_set_ge()

static void secp256k1_gej_set_ge	(	secp256k1_gej *	r,
		const secp256k1_ge *	a
	)

static

Set a group element (jacobian) equal to another which is given in affine coordinates.

Here is the caller graph for this function:

◆ secp256k1_gej_set_infinity()

static void secp256k1_gej_set_infinity ( secp256k1_gej * r )

static

Set a group element (jacobian) equal to the point at infinity.

Here is the caller graph for this function:

◆ secp256k1_gej_verify()

static void secp256k1_gej_verify ( const secp256k1_gej * a )

static

Check invariants on a Jacobian group element (no-op unless VERIFY is enabled).

Classes

Macros

Functions

Macro Definition Documentation

◆ SECP256K1_GE_CONST

◆ SECP256K1_GE_CONST_INFINITY

◆ SECP256K1_GE_STORAGE_CONST

◆ SECP256K1_GE_STORAGE_CONST_GET

◆ SECP256K1_GE_VERIFY

◆ SECP256K1_GE_X_MAGNITUDE_MAX

◆ SECP256K1_GE_Y_MAGNITUDE_MAX

◆ SECP256K1_GEJ_CONST

◆ SECP256K1_GEJ_CONST_INFINITY

◆ SECP256K1_GEJ_VERIFY

◆ SECP256K1_GEJ_X_MAGNITUDE_MAX

◆ SECP256K1_GEJ_Y_MAGNITUDE_MAX

◆ SECP256K1_GEJ_Z_MAGNITUDE_MAX

Function Documentation

◆ secp256k1_ge_clear()

◆ secp256k1_ge_eq_var()

◆ secp256k1_ge_from_bytes()

◆ secp256k1_ge_from_bytes_ext()

◆ secp256k1_ge_from_storage()

◆ secp256k1_ge_is_in_correct_subgroup()

◆ secp256k1_ge_is_infinity()

◆ secp256k1_ge_is_valid_var()

◆ secp256k1_ge_mul_lambda()

◆ secp256k1_ge_neg()

◆ secp256k1_ge_set_all_gej_var()

◆ secp256k1_ge_set_gej()

◆ secp256k1_ge_set_gej_var()

◆ secp256k1_ge_set_infinity()

◆ secp256k1_ge_set_xo_var()

◆ secp256k1_ge_set_xy()

◆ secp256k1_ge_storage_cmov()

◆ secp256k1_ge_table_set_globalz()

◆ secp256k1_ge_to_bytes()

◆ secp256k1_ge_to_bytes_ext()

◆ secp256k1_ge_to_storage()

◆ secp256k1_ge_verify()

◆ secp256k1_ge_x_frac_on_curve_var()

◆ secp256k1_ge_x_on_curve_var()

◆ secp256k1_gej_add_ge()

◆ secp256k1_gej_add_ge_var()

◆ secp256k1_gej_add_var()

◆ secp256k1_gej_add_zinv_var()

◆ secp256k1_gej_clear()

◆ secp256k1_gej_cmov()

◆ secp256k1_gej_double()

◆ secp256k1_gej_double_var()

◆ secp256k1_gej_eq_ge_var()

◆ secp256k1_gej_eq_var()

◆ secp256k1_gej_eq_x_var()

◆ secp256k1_gej_is_infinity()

◆ secp256k1_gej_neg()

◆ secp256k1_gej_rescale()

◆ secp256k1_gej_set_ge()

◆ secp256k1_gej_set_infinity()

◆ secp256k1_gej_verify()