#include "field.h"
#include "group.h"
#include "util.h"

Include dependency graph for group_impl.h:

This graph shows which files directly or indirectly include this file:

Macros
#define	SECP256K1_G_ORDER_7

#define	SECP256K1_G_ORDER_13

#define	SECP256K1_G_ORDER_199

#define	SECP256K1_G
	Generator for secp256k1, value 'g' defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. More...

#define	SECP256K1_B 7

Functions
static void	secp256k1_ge_verify (const secp256k1_ge *a)

static void	secp256k1_gej_verify (const secp256k1_gej *a)

static void	secp256k1_ge_set_gej_zinv (secp256k1_ge r, const secp256k1_gej a, const secp256k1_fe *zi)

static void	secp256k1_ge_set_ge_zinv (secp256k1_ge r, const secp256k1_ge a, const secp256k1_fe *zi)

static void	secp256k1_ge_set_xy (secp256k1_ge r, const secp256k1_fe x, const secp256k1_fe *y)

static int	secp256k1_ge_is_infinity (const secp256k1_ge *a)

static void	secp256k1_ge_neg (secp256k1_ge r, const secp256k1_ge a)

static void	secp256k1_ge_set_gej (secp256k1_ge r, secp256k1_gej a)

static void	secp256k1_ge_set_gej_var (secp256k1_ge r, secp256k1_gej a)

static void	secp256k1_ge_set_all_gej_var (secp256k1_ge r, const secp256k1_gej a, size_t len)

static void	secp256k1_ge_table_set_globalz (size_t len, secp256k1_ge a, const secp256k1_fe zr)

static void	secp256k1_gej_set_infinity (secp256k1_gej *r)

static void	secp256k1_ge_set_infinity (secp256k1_ge *r)

static void	secp256k1_gej_clear (secp256k1_gej *r)

static void	secp256k1_ge_clear (secp256k1_ge *r)

static int	secp256k1_ge_set_xo_var (secp256k1_ge r, const secp256k1_fe x, int odd)

static void	secp256k1_gej_set_ge (secp256k1_gej r, const secp256k1_ge a)

static int	secp256k1_gej_eq_var (const secp256k1_gej a, const secp256k1_gej b)

static int	secp256k1_gej_eq_ge_var (const secp256k1_gej a, const secp256k1_ge b)

static int	secp256k1_ge_eq_var (const secp256k1_ge a, const secp256k1_ge b)

static int	secp256k1_gej_eq_x_var (const secp256k1_fe x, const secp256k1_gej a)

static void	secp256k1_gej_neg (secp256k1_gej r, const secp256k1_gej a)

static int	secp256k1_gej_is_infinity (const secp256k1_gej *a)

static int	secp256k1_ge_is_valid_var (const secp256k1_ge *a)

static SECP256K1_INLINE void	secp256k1_gej_double (secp256k1_gej r, const secp256k1_gej a)

static void	secp256k1_gej_double_var (secp256k1_gej r, const secp256k1_gej a, secp256k1_fe *rzr)

static void	secp256k1_gej_add_var (secp256k1_gej r, const secp256k1_gej a, const secp256k1_gej b, secp256k1_fe rzr)

static void	secp256k1_gej_add_ge_var (secp256k1_gej r, const secp256k1_gej a, const secp256k1_ge b, secp256k1_fe rzr)

static void	secp256k1_gej_add_zinv_var (secp256k1_gej r, const secp256k1_gej a, const secp256k1_ge b, const secp256k1_fe bzinv)

static void	secp256k1_gej_add_ge (secp256k1_gej r, const secp256k1_gej a, const secp256k1_ge *b)

static void	secp256k1_gej_rescale (secp256k1_gej r, const secp256k1_fe s)

static void	secp256k1_ge_to_storage (secp256k1_ge_storage r, const secp256k1_ge a)

static void	secp256k1_ge_from_storage (secp256k1_ge r, const secp256k1_ge_storage a)

static SECP256K1_INLINE void	secp256k1_gej_cmov (secp256k1_gej r, const secp256k1_gej a, int flag)

static SECP256K1_INLINE void	secp256k1_ge_storage_cmov (secp256k1_ge_storage r, const secp256k1_ge_storage a, int flag)

static void	secp256k1_ge_mul_lambda (secp256k1_ge r, const secp256k1_ge a)

static int	secp256k1_ge_is_in_correct_subgroup (const secp256k1_ge *ge)

static int	secp256k1_ge_x_on_curve_var (const secp256k1_fe *x)

static int	secp256k1_ge_x_frac_on_curve_var (const secp256k1_fe xn, const secp256k1_fe xd)

Variables
static const secp256k1_ge	secp256k1_ge_const_g = SECP256K1_G

Macro Definition Documentation

◆ SECP256K1_B

#define SECP256K1_B 7

Definition at line 71 of file group_impl.h.

◆ SECP256K1_G

#define SECP256K1_G

Value:

    SECP256K1_GE_CONST(\
    0x79be667e, 0xf9dcbbac, 0x55a06295, 0xce870b07,\
    0x029bfcdb, 0x2dce28d9, 0x59f2815b, 0x16f81798,\
    0x483ada77, 0x26a3c465, 0x5da4fbfc, 0x0e1108a8,\
    0xfd17b448, 0xa6855419, 0x9c47d08f, 0xfb10d4b8\
)

Generator for secp256k1, value 'g' defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1.

Definition at line 36 of file group_impl.h.

◆ SECP256K1_G_ORDER_13

#define SECP256K1_G_ORDER_13

Value:

    SECP256K1_GE_CONST(\
    0xa2482ff8, 0x4bf34edf, 0xa51262fd, 0xe57921db,\
    0xe0dd2cb7, 0xa5914790, 0xbc71631f, 0xc09704fb,\
    0x942536cb, 0xa3e49492, 0x3a701cc3, 0xee3e443f,\
    0xdf182aa9, 0x15b8aa6a, 0x166d3b19, 0xba84b045\
)

Definition at line 21 of file group_impl.h.

◆ SECP256K1_G_ORDER_199

#define SECP256K1_G_ORDER_199

Value:

    SECP256K1_GE_CONST(\
    0x7fb07b5c, 0xd07c3bda, 0x553902e2, 0x7a87ea2c,\
    0x35108a7f, 0x051f41e5, 0xb76abad5, 0x1f2703ad,\
    0x0a251539, 0x5b4c4438, 0x952a634f, 0xac10dd4d,\
    0x6d6f4745, 0x98990c27, 0x3a4f3116, 0xd32ff969\
)

Definition at line 27 of file group_impl.h.

◆ SECP256K1_G_ORDER_7

#define SECP256K1_G_ORDER_7

Value:

    SECP256K1_GE_CONST(\
    0x66625d13, 0x317ffe44, 0x63d32cff, 0x1ca02b9b,\
    0xe5c6d070, 0x50b4b05e, 0x81cc30db, 0xf5166f0a,\
    0x1e60e897, 0xa7c00c7c, 0x2df53eb6, 0x98274ff4,\
    0x64252f42, 0x8ca44e17, 0x3b25418c, 0xff4ab0cf\
)

Definition at line 15 of file group_impl.h.

Function Documentation

◆ secp256k1_ge_clear()

static void secp256k1_ge_clear ( secp256k1_ge * r )

static

Definition at line 308 of file group_impl.h.

◆ secp256k1_ge_eq_var()

static int secp256k1_ge_eq_var	(	const secp256k1_ge *	a,
		const secp256k1_ge *	b
	)

static

Definition at line 367 of file group_impl.h.

Here is the call graph for this function:

◆ secp256k1_ge_from_storage()

static void secp256k1_ge_from_storage	(	secp256k1_ge *	r,
		const secp256k1_ge_storage *	a
	)

static

Definition at line 859 of file group_impl.h.

◆ secp256k1_ge_is_in_correct_subgroup()

static int secp256k1_ge_is_in_correct_subgroup ( const secp256k1_ge * ge )

static

Definition at line 893 of file group_impl.h.

Here is the call graph for this function:

◆ secp256k1_ge_is_infinity()

static int secp256k1_ge_is_infinity ( const secp256k1_ge * a )

static

Definition at line 141 of file group_impl.h.

◆ secp256k1_ge_is_valid_var()

static int secp256k1_ge_is_valid_var ( const secp256k1_ge * a )

static

Definition at line 415 of file group_impl.h.

Here is the call graph for this function:

◆ secp256k1_ge_mul_lambda()

static void secp256k1_ge_mul_lambda	(	secp256k1_ge *	r,
		const secp256k1_ge *	a
	)

static

Definition at line 884 of file group_impl.h.

◆ secp256k1_ge_neg()

static void secp256k1_ge_neg	(	secp256k1_ge *	r,
		const secp256k1_ge *	a
	)

static

Definition at line 147 of file group_impl.h.

◆ secp256k1_ge_set_all_gej_var()

static void secp256k1_ge_set_all_gej_var	(	secp256k1_ge *	r,
		const secp256k1_gej *	a,
		size_t	len
	)

static

Definition at line 196 of file group_impl.h.

Here is the call graph for this function:

◆ secp256k1_ge_set_ge_zinv()

static void secp256k1_ge_set_ge_zinv	(	secp256k1_ge *	r,
		const secp256k1_ge *	a,
		const secp256k1_fe *	zi
	)

static

Definition at line 114 of file group_impl.h.

Here is the caller graph for this function:

◆ secp256k1_ge_set_gej()

static void secp256k1_ge_set_gej	(	secp256k1_ge *	r,
		secp256k1_gej *	a
	)

static

Definition at line 157 of file group_impl.h.

◆ secp256k1_ge_set_gej_var()

static void secp256k1_ge_set_gej_var	(	secp256k1_ge *	r,
		secp256k1_gej *	a
	)

static

Definition at line 175 of file group_impl.h.

Here is the call graph for this function:

◆ secp256k1_ge_set_gej_zinv()

static void secp256k1_ge_set_gej_zinv	(	secp256k1_ge *	r,
		const secp256k1_gej *	a,
		const secp256k1_fe *	zi
	)

static

Definition at line 97 of file group_impl.h.

Here is the caller graph for this function:

◆ secp256k1_ge_set_infinity()

static void secp256k1_ge_set_infinity ( secp256k1_ge * r )

static

Definition at line 291 of file group_impl.h.

Here is the caller graph for this function:

◆ secp256k1_ge_set_xo_var()

static int secp256k1_ge_set_xo_var	(	secp256k1_ge *	r,
		const secp256k1_fe *	x,
		int	odd
	)

static

Definition at line 316 of file group_impl.h.

Here is the call graph for this function:

◆ secp256k1_ge_set_xy()

static void secp256k1_ge_set_xy	(	secp256k1_ge *	r,
		const secp256k1_fe *	x,
		const secp256k1_fe *	y
	)

static

Definition at line 130 of file group_impl.h.

Here is the caller graph for this function:

◆ secp256k1_ge_storage_cmov()

static SECP256K1_INLINE void secp256k1_ge_storage_cmov	(	secp256k1_ge_storage *	r,
		const secp256k1_ge_storage *	a,
		int	flag
	)

static

Definition at line 879 of file group_impl.h.

Here is the call graph for this function:

◆ secp256k1_ge_table_set_globalz()

static void secp256k1_ge_table_set_globalz	(	size_t	len,
		secp256k1_ge *	a,
		const secp256k1_fe *	zr
	)

static

Definition at line 249 of file group_impl.h.

Here is the call graph for this function:

◆ secp256k1_ge_to_storage()

static void secp256k1_ge_to_storage	(	secp256k1_ge_storage *	r,
		const secp256k1_ge *	a
	)

static

Definition at line 846 of file group_impl.h.

◆ secp256k1_ge_verify()

static void secp256k1_ge_verify ( const secp256k1_ge * a )

static

Definition at line 76 of file group_impl.h.

◆ secp256k1_ge_x_frac_on_curve_var()

static int secp256k1_ge_x_frac_on_curve_var	(	const secp256k1_fe *	xn,
		const secp256k1_fe *	xd
	)

static

Definition at line 925 of file group_impl.h.

◆ secp256k1_ge_x_on_curve_var()

static int secp256k1_ge_x_on_curve_var ( const secp256k1_fe * x )

static

Definition at line 917 of file group_impl.h.

◆ secp256k1_gej_add_ge()

static void secp256k1_gej_add_ge	(	secp256k1_gej *	r,
		const secp256k1_gej *	a,
		const secp256k1_ge *	b
	)

static

Definition at line 693 of file group_impl.h.

◆ secp256k1_gej_add_ge_var()

static void secp256k1_gej_add_ge_var	(	secp256k1_gej *	r,
		const secp256k1_gej *	a,
		const secp256k1_ge *	b,
		secp256k1_fe *	rzr
	)

static

Definition at line 559 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ secp256k1_gej_add_var()

static void secp256k1_gej_add_var	(	secp256k1_gej *	r,
		const secp256k1_gej *	a,
		const secp256k1_gej *	b,
		secp256k1_fe *	rzr
	)

static

Definition at line 495 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ secp256k1_gej_add_zinv_var()

static void secp256k1_gej_add_zinv_var	(	secp256k1_gej *	r,
		const secp256k1_gej *	a,
		const secp256k1_ge *	b,
		const secp256k1_fe *	bzinv
	)

static

We need to calculate (rx,ry,rz) = (ax,ay,az) + (bx,by,1/bzinv). Due to secp256k1's isomorphism we can multiply the Z coordinates on both sides by bzinv, and get: (rx,ry,rz*bzinv) = (ax,ay,az*bzinv) + (bx,by,1). This means that (rx,ry,rz) can be calculated as (ax,ay,az*bzinv) + (bx,by,1), when not applying the bzinv factor to rz. The variable az below holds the modified Z coordinate for a, which is used for the computation of rx and ry, but not for rz.

Definition at line 622 of file group_impl.h.

Here is the call graph for this function:

◆ secp256k1_gej_clear()

static void secp256k1_gej_clear ( secp256k1_gej * r )

static

Definition at line 299 of file group_impl.h.

◆ secp256k1_gej_cmov()

static SECP256K1_INLINE void secp256k1_gej_cmov	(	secp256k1_gej *	r,
		const secp256k1_gej *	a,
		int	flag
	)

static

Definition at line 867 of file group_impl.h.

◆ secp256k1_gej_double()

static SECP256K1_INLINE void secp256k1_gej_double	(	secp256k1_gej *	r,
		const secp256k1_gej *	a
	)

static

Definition at line 429 of file group_impl.h.

Here is the caller graph for this function:

◆ secp256k1_gej_double_var()

static void secp256k1_gej_double_var	(	secp256k1_gej *	r,
		const secp256k1_gej *	a,
		secp256k1_fe *	rzr
	)

static

For secp256k1, 2Q is infinity if and only if Q is infinity. This is because if 2Q = infinity, Q must equal -Q, or that Q.y == -(Q.y), or Q.y is 0. For a point on y^2 = x^3 + 7 to have y=0, x^3 must be -7 mod p. However, -7 has no cube root mod p.

Having said this, if this function receives a point on a sextic twist, e.g. by a fault attack, it is possible for y to be 0. This happens for y^2 = x^3 + 6, since -6 does have a cube root mod p. For this point, this function will not set the infinity flag even though the point doubles to infinity, and the result point will be gibberish (z = 0 but infinity = 0).

Definition at line 464 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ secp256k1_gej_eq_ge_var()

static int secp256k1_gej_eq_ge_var	(	const secp256k1_gej *	a,
		const secp256k1_ge *	b
	)

static

Definition at line 357 of file group_impl.h.

Here is the call graph for this function:

◆ secp256k1_gej_eq_var()

static int secp256k1_gej_eq_var	(	const secp256k1_gej *	a,
		const secp256k1_gej *	b
	)

static

Definition at line 347 of file group_impl.h.

Here is the call graph for this function:

◆ secp256k1_gej_eq_x_var()

static int secp256k1_gej_eq_x_var	(	const secp256k1_fe *	x,
		const secp256k1_gej *	a
	)

static

Definition at line 386 of file group_impl.h.

Here is the call graph for this function:

◆ secp256k1_gej_is_infinity()

static int secp256k1_gej_is_infinity ( const secp256k1_gej * a )

static

Definition at line 409 of file group_impl.h.

Here is the caller graph for this function:

◆ secp256k1_gej_neg()

static void secp256k1_gej_neg	(	secp256k1_gej *	r,
		const secp256k1_gej *	a
	)

static

Definition at line 396 of file group_impl.h.

Here is the caller graph for this function:

◆ secp256k1_gej_rescale()

static void secp256k1_gej_rescale	(	secp256k1_gej *	r,
		const secp256k1_fe *	s
	)

static

Definition at line 830 of file group_impl.h.

◆ secp256k1_gej_set_ge()

static void secp256k1_gej_set_ge	(	secp256k1_gej *	r,
		const secp256k1_ge *	a
	)

static

Definition at line 336 of file group_impl.h.

Here is the caller graph for this function:

◆ secp256k1_gej_set_infinity()

static void secp256k1_gej_set_infinity ( secp256k1_gej * r )

static

Definition at line 282 of file group_impl.h.

Here is the caller graph for this function:

◆ secp256k1_gej_verify()

static void secp256k1_gej_verify ( const secp256k1_gej * a )

static

Definition at line 85 of file group_impl.h.

Variable Documentation

◆ secp256k1_ge_const_g

const secp256k1_ge secp256k1_ge_const_g = SECP256K1_G

static

Definition at line 70 of file group_impl.h.

Macros

Functions

Variables

Macro Definition Documentation

◆ SECP256K1_B

◆ SECP256K1_G

◆ SECP256K1_G_ORDER_13

◆ SECP256K1_G_ORDER_199

◆ SECP256K1_G_ORDER_7

Function Documentation

◆ secp256k1_ge_clear()

◆ secp256k1_ge_eq_var()

◆ secp256k1_ge_from_storage()

◆ secp256k1_ge_is_in_correct_subgroup()

◆ secp256k1_ge_is_infinity()

◆ secp256k1_ge_is_valid_var()

◆ secp256k1_ge_mul_lambda()

◆ secp256k1_ge_neg()

◆ secp256k1_ge_set_all_gej_var()

◆ secp256k1_ge_set_ge_zinv()

◆ secp256k1_ge_set_gej()

◆ secp256k1_ge_set_gej_var()

◆ secp256k1_ge_set_gej_zinv()

◆ secp256k1_ge_set_infinity()

◆ secp256k1_ge_set_xo_var()

◆ secp256k1_ge_set_xy()

◆ secp256k1_ge_storage_cmov()

◆ secp256k1_ge_table_set_globalz()

◆ secp256k1_ge_to_storage()

◆ secp256k1_ge_verify()

◆ secp256k1_ge_x_frac_on_curve_var()

◆ secp256k1_ge_x_on_curve_var()

◆ secp256k1_gej_add_ge()

◆ secp256k1_gej_add_ge_var()

◆ secp256k1_gej_add_var()

◆ secp256k1_gej_add_zinv_var()

◆ secp256k1_gej_clear()

◆ secp256k1_gej_cmov()

◆ secp256k1_gej_double()

◆ secp256k1_gej_double_var()

◆ secp256k1_gej_eq_ge_var()

◆ secp256k1_gej_eq_var()

◆ secp256k1_gej_eq_x_var()

◆ secp256k1_gej_is_infinity()

◆ secp256k1_gej_neg()

◆ secp256k1_gej_rescale()

◆ secp256k1_gej_set_ge()

◆ secp256k1_gej_set_infinity()

◆ secp256k1_gej_verify()

Variable Documentation

◆ secp256k1_ge_const_g