7 #ifndef SECP256K1_SCALAR_IMPL_H 8 #define SECP256K1_SCALAR_IMPL_H 17 #if defined HAVE_CONFIG_H 21 #if defined(EXHAUSTIVE_TEST_ORDER) 23 #elif defined(SECP256K1_WIDEMUL_INT128) 25 #elif defined(SECP256K1_WIDEMUL_INT64) 28 #error "Please select wide multiplication implementation" 43 #if defined(EXHAUSTIVE_TEST_ORDER) 44 static const unsigned char order[32] = {
51 static const unsigned char order[32] = {
52 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
53 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
54 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,
55 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41
69 #if defined(EXHAUSTIVE_TEST_ORDER) 73 if ((i * *x) % EXHAUSTIVE_TEST_ORDER == 1)
104 for (i = 0; i < 5; i++) {
110 for (i = 0; i < 13; i++) {
116 for (i = 0; i < 27; i++) {
122 for (i = 0; i < 55; i++) {
128 for (i = 0; i < 13; i++) {
135 for (i = 0; i < 3; i++) {
139 for (i = 0; i < 4; i++) {
143 for (i = 0; i < 4; i++) {
147 for (i = 0; i < 5; i++) {
151 for (i = 0; i < 4; i++) {
155 for (i = 0; i < 4; i++) {
159 for (i = 0; i < 5; i++) {
163 for (i = 0; i < 6; i++) {
167 for (i = 0; i < 4; i++) {
171 for (i = 0; i < 3; i++) {
175 for (i = 0; i < 5; i++) {
179 for (i = 0; i < 6; i++) {
183 for (i = 0; i < 10; i++) {
187 for (i = 0; i < 4; i++) {
191 for (i = 0; i < 9; i++) {
195 for (i = 0; i < 5; i++) {
199 for (i = 0; i < 6; i++) {
203 for (i = 0; i < 4; i++) {
207 for (i = 0; i < 5; i++) {
211 for (i = 0; i < 6; i++) {
215 for (i = 0; i < 10; i++) {
219 for (i = 0; i < 4; i++) {
223 for (i = 0; i < 6; i++) {
227 for (i = 0; i < 8; i++) {
234 return !(a->
d[0] & 1);
239 #if defined(USE_SCALAR_INV_BUILTIN) 241 #elif defined(USE_SCALAR_INV_NUM) 255 #error "Please select scalar inverse implementation" 260 #if defined(EXHAUSTIVE_TEST_ORDER) 261 # if EXHAUSTIVE_TEST_ORDER == 13 262 # define EXHAUSTIVE_TEST_LAMBDA 9 263 # elif EXHAUSTIVE_TEST_ORDER == 199 264 # define EXHAUSTIVE_TEST_LAMBDA 92 266 # error No known lambda for the specified exhaustive test group order. 284 0x5363AD4CUL, 0xC05C30E0UL, 0xA5261C02UL, 0x8812645AUL,
285 0x122E22EAUL, 0x20816678UL, 0xDF02967CUL, 0x1B23BD72UL
345 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00000000UL,
346 0xE4437ED6UL, 0x010E8828UL, 0x6F547FA9UL, 0x0ABFE4C3UL
349 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL,
350 0x8A280AC5UL, 0x0774346DUL, 0xD765CDA8UL, 0x3DB1562CUL
353 0x3086D221UL, 0xA7D46BCDUL, 0xE86C90E4UL, 0x9284EB15UL,
354 0x3DAA8A14UL, 0x71E8CA7FUL, 0xE893209AUL, 0x45DBB031UL
357 0xE4437ED6UL, 0x010E8828UL, 0x6F547FA9UL, 0x0ABFE4C4UL,
358 0x221208ACUL, 0x9DF506C6UL, 0x1571B4AEUL, 0x8AC47F71UL
373 secp256k1_scalar_split_lambda_verify(r1, r2, k);
484 unsigned char buf1[32];
485 unsigned char buf2[32];
488 static const unsigned char k1_bound[32] = {
489 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
490 0xa2, 0xa8, 0x91, 0x8c, 0xa8, 0x5b, 0xaf, 0xe2, 0x20, 0x16, 0xd0, 0xb9, 0x17, 0xe4, 0xdd, 0x77
494 static const unsigned char k2_bound[32] = {
495 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
496 0x8a, 0x65, 0x28, 0x7b, 0xd4, 0x71, 0x79, 0xfb, 0x2b, 0xe0, 0x88, 0x46, 0xce, 0xa2, 0x67, 0xed
static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b)
Compare two scalars.
static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
Multiply two scalars (modulo the group order).
#define VERIFY_CHECK(cond)
static int secp256k1_scalar_set_b32_seckey(secp256k1_scalar *r, const unsigned char *bin)
static void secp256k1_num_set_bin(secp256k1_num *r, const unsigned char *a, unsigned int alen)
Set a number to the value of a binary big-endian string.
static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *x)
static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the complement of a scalar (modulo the group order).
static int secp256k1_scalar_is_zero(const secp256k1_scalar *a)
Check whether a scalar equals zero.
static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow)
Set a scalar from a big endian byte array.
static void secp256k1_num_mod_inverse(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *m)
Compute a modular inverse.
static const secp256k1_scalar secp256k1_scalar_zero
static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift)
Multiply a and b (without taking the modulus!), divide by 2**shift, and round to the nearest integer...
static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *x)
#define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0)
static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the square of a scalar (modulo the group order).
static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *k)
A scalar modulo the group order of the secp256k1 curve.
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)
Convert a scalar to a byte array.
static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
Add two scalars together (modulo the group order).
#define EXHAUSTIVE_TEST_ORDER
static void secp256k1_scalar_get_num(secp256k1_num *r, const secp256k1_scalar *a)
static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n)
Semantics like memcmp.
static void secp256k1_scalar_order_get_num(secp256k1_num *r)
secp256k1 curve order, see secp256k1_ecdsa_const_order_as_fe in ecdsa_impl.h
static SECP256K1_INLINE int secp256k1_scalar_is_even(const secp256k1_scalar *a)
static const secp256k1_scalar secp256k1_const_lambda
The Secp256k1 curve has an endomorphism, where lambda * (x, y) = (beta * x, y), where lambda is: ...
static const secp256k1_scalar secp256k1_scalar_one
static void secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num *a)
Convert a number's absolute value to a binary big-endian string.
static int secp256k1_scalar_is_one(const secp256k1_scalar *a)
Check whether a scalar equals one.