PRCYCoin  2.0.0.7rc1
P2P Digital Currency
field_5x52_impl.h
Go to the documentation of this file.
1 /**********************************************************************
2  * Copyright (c) 2013, 2014 Pieter Wuille *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5  **********************************************************************/
6 
7 #ifndef _SECP256K1_FIELD_REPR_IMPL_H_
8 #define _SECP256K1_FIELD_REPR_IMPL_H_
9 
10 #if defined HAVE_CONFIG_H
11 #include "libsecp256k1-config.h"
12 #endif
13 
14 #include <string.h>
15 #include "util.h"
16 #include "num.h"
17 #include "field.h"
18 
19 #if defined(USE_FIELD_5X52_ASM)
20 #include "field_5x52_asm_impl.h"
21 #elif defined(USE_FIELD_5X52_INT128)
22 #include "field_5x52_int128_impl.h"
23 #else
24 #error "Please select field_5x52 implementation"
25 #endif
26 
35 static void secp256k1_fe_inner_start(void) {}
36 static void secp256k1_fe_inner_stop(void) {}
37 
38 #ifdef VERIFY
39 static void secp256k1_fe_verify(const secp256k1_fe_t *a) {
40  const uint64_t *d = a->n;
41  int m = a->normalized ? 1 : 2 * a->magnitude, r = 1;
42  r &= (d[0] <= 0xFFFFFFFFFFFFFULL * m);
43  r &= (d[1] <= 0xFFFFFFFFFFFFFULL * m);
44  r &= (d[2] <= 0xFFFFFFFFFFFFFULL * m);
45  r &= (d[3] <= 0xFFFFFFFFFFFFFULL * m);
46  r &= (d[4] <= 0x0FFFFFFFFFFFFULL * m);
47  r &= (a->magnitude >= 0);
48  if (a->normalized) {
49  r &= (a->magnitude <= 1);
50  if (r && (d[4] == 0x0FFFFFFFFFFFFULL) && ((d[3] & d[2] & d[1]) == 0xFFFFFFFFFFFFFULL)) {
51  r &= (d[0] < 0xFFFFEFFFFFC2FULL);
52  }
53  }
54  VERIFY_CHECK(r == 1);
55 }
56 #else
57 static void secp256k1_fe_verify(const secp256k1_fe_t *a) {
58  (void)a;
59 }
60 #endif
61 
62 static void secp256k1_fe_normalize(secp256k1_fe_t *r) {
63  uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4];
64 
65  /* Reduce t4 at the start so there will be at most a single carry from the first pass */
66  uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL;
67  uint64_t m;
68 
69  /* The first pass ensures the magnitude is 1, ... */
70  t0 += x * 0x1000003D1ULL;
71  t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL;
72  t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; m = t1;
73  t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; m &= t2;
74  t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; m &= t3;
75 
76  /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */
77  VERIFY_CHECK(t4 >> 49 == 0);
78 
79  /* At most a single final reduction is needed; check if the value is >= the field characteristic */
80  x = (t4 >> 48) | ((t4 == 0x0FFFFFFFFFFFFULL) & (m == 0xFFFFFFFFFFFFFULL)
81  & (t0 >= 0xFFFFEFFFFFC2FULL));
82 
83  /* Apply the final reduction (for constant-time behaviour, we do it always) */
84  t0 += x * 0x1000003D1ULL;
85  t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL;
86  t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL;
87  t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL;
88  t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL;
89 
90  /* If t4 didn't carry to bit 48 already, then it should have after any final reduction */
91  VERIFY_CHECK(t4 >> 48 == x);
92 
93  /* Mask off the possible multiple of 2^256 from the final reduction */
94  t4 &= 0x0FFFFFFFFFFFFULL;
95 
96  r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4;
97 
98 #ifdef VERIFY
99  r->magnitude = 1;
100  r->normalized = 1;
101  secp256k1_fe_verify(r);
102 #endif
103 }
104 
105 SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe_t *r, int a) {
106  r->n[0] = a;
107  r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0;
108 #ifdef VERIFY
109  r->magnitude = 1;
110  r->normalized = 1;
111  secp256k1_fe_verify(r);
112 #endif
113 }
114 
115 SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe_t *a) {
116 #ifdef VERIFY
117  VERIFY_CHECK(a->normalized);
118  secp256k1_fe_verify(a);
119 #endif
120  const uint64_t *t = a->n;
121  return (t[0] | t[1] | t[2] | t[3] | t[4]) == 0;
122 }
123 
124 SECP256K1_INLINE static int secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
125 #ifdef VERIFY
126  VERIFY_CHECK(a->normalized);
127  secp256k1_fe_verify(a);
128 #endif
129  return a->n[0] & 1;
130 }
131 
132 SECP256K1_INLINE static void secp256k1_fe_clear(secp256k1_fe_t *a) {
133 #ifdef VERIFY
134  a->magnitude = 0;
135  a->normalized = 1;
136 #endif
137  for (int i=0; i<5; i++) {
138  a->n[i] = 0;
139  }
140 }
141 
142 SECP256K1_INLINE static int secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
143 #ifdef VERIFY
144  VERIFY_CHECK(a->normalized);
145  VERIFY_CHECK(b->normalized);
146  secp256k1_fe_verify(a);
147  secp256k1_fe_verify(b);
148 #endif
149  const uint64_t *t = a->n, *u = b->n;
150  return ((t[0]^u[0]) | (t[1]^u[1]) | (t[2]^u[2]) | (t[3]^u[3]) | (t[4]^u[4])) == 0;
151 }
152 
153 static int secp256k1_fe_cmp_var(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
154 #ifdef VERIFY
155  VERIFY_CHECK(a->normalized);
156  VERIFY_CHECK(b->normalized);
157  secp256k1_fe_verify(a);
158  secp256k1_fe_verify(b);
159 #endif
160  for (int i = 4; i >= 0; i--) {
161  if (a->n[i] > b->n[i]) return 1;
162  if (a->n[i] < b->n[i]) return -1;
163  }
164  return 0;
165 }
166 
167 static int secp256k1_fe_set_b32(secp256k1_fe_t *r, const unsigned char *a) {
168  r->n[0] = r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0;
169  for (int i=0; i<32; i++) {
170  for (int j=0; j<2; j++) {
171  int limb = (8*i+4*j)/52;
172  int shift = (8*i+4*j)%52;
173  r->n[limb] |= (uint64_t)((a[31-i] >> (4*j)) & 0xF) << shift;
174  }
175  }
176  if (r->n[4] == 0x0FFFFFFFFFFFFULL && (r->n[3] & r->n[2] & r->n[1]) == 0xFFFFFFFFFFFFFULL && r->n[0] >= 0xFFFFEFFFFFC2FULL) {
177  return 0;
178  }
179 #ifdef VERIFY
180  r->magnitude = 1;
181  r->normalized = 1;
182  secp256k1_fe_verify(r);
183 #endif
184  return 1;
185 }
186 
188 static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe_t *a) {
189 #ifdef VERIFY
190  VERIFY_CHECK(a->normalized);
191  secp256k1_fe_verify(a);
192 #endif
193  for (int i=0; i<32; i++) {
194  int c = 0;
195  for (int j=0; j<2; j++) {
196  int limb = (8*i+4*j)/52;
197  int shift = (8*i+4*j)%52;
198  c |= ((a->n[limb] >> shift) & 0xF) << (4 * j);
199  }
200  r[31-i] = c;
201  }
202 }
203 
204 SECP256K1_INLINE static void secp256k1_fe_negate(secp256k1_fe_t *r, const secp256k1_fe_t *a, int m) {
205 #ifdef VERIFY
206  VERIFY_CHECK(a->magnitude <= m);
207  secp256k1_fe_verify(a);
208 #endif
209  r->n[0] = 0xFFFFEFFFFFC2FULL * 2 * (m + 1) - a->n[0];
210  r->n[1] = 0xFFFFFFFFFFFFFULL * 2 * (m + 1) - a->n[1];
211  r->n[2] = 0xFFFFFFFFFFFFFULL * 2 * (m + 1) - a->n[2];
212  r->n[3] = 0xFFFFFFFFFFFFFULL * 2 * (m + 1) - a->n[3];
213  r->n[4] = 0x0FFFFFFFFFFFFULL * 2 * (m + 1) - a->n[4];
214 #ifdef VERIFY
215  r->magnitude = m + 1;
216  r->normalized = 0;
217  secp256k1_fe_verify(r);
218 #endif
219 }
220 
221 SECP256K1_INLINE static void secp256k1_fe_mul_int(secp256k1_fe_t *r, int a) {
222  r->n[0] *= a;
223  r->n[1] *= a;
224  r->n[2] *= a;
225  r->n[3] *= a;
226  r->n[4] *= a;
227 #ifdef VERIFY
228  r->magnitude *= a;
229  r->normalized = 0;
230  secp256k1_fe_verify(r);
231 #endif
232 }
233 
234 SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
235 #ifdef VERIFY
236  secp256k1_fe_verify(a);
237 #endif
238  r->n[0] += a->n[0];
239  r->n[1] += a->n[1];
240  r->n[2] += a->n[2];
241  r->n[3] += a->n[3];
242  r->n[4] += a->n[4];
243 #ifdef VERIFY
244  r->magnitude += a->magnitude;
245  r->normalized = 0;
246  secp256k1_fe_verify(r);
247 #endif
248 }
249 
250 static void secp256k1_fe_mul(secp256k1_fe_t *r, const secp256k1_fe_t *a, const secp256k1_fe_t * SECP256K1_RESTRICT b) {
251 #ifdef VERIFY
252  VERIFY_CHECK(a->magnitude <= 8);
253  VERIFY_CHECK(b->magnitude <= 8);
254  secp256k1_fe_verify(a);
255  secp256k1_fe_verify(b);
256  VERIFY_CHECK(r != b);
257 #endif
258  secp256k1_fe_mul_inner(a->n, b->n, r->n);
259 #ifdef VERIFY
260  r->magnitude = 1;
261  r->normalized = 0;
262  secp256k1_fe_verify(r);
263 #endif
264 }
265 
266 static void secp256k1_fe_sqr(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
267 #ifdef VERIFY
268  VERIFY_CHECK(a->magnitude <= 8);
269  secp256k1_fe_verify(a);
270 #endif
271  secp256k1_fe_sqr_inner(a->n, r->n);
272 #ifdef VERIFY
273  r->magnitude = 1;
274  r->normalized = 0;
275  secp256k1_fe_verify(r);
276 #endif
277 }
278 
279 static void secp256k1_fe_cmov(secp256k1_fe_t *r, const secp256k1_fe_t *a, int flag) {
280  uint64_t mask0 = flag + ~((uint64_t)0), mask1 = ~mask0;
281  r->n[0] = (r->n[0] & mask0) | (a->n[0] & mask1);
282  r->n[1] = (r->n[1] & mask0) | (a->n[1] & mask1);
283  r->n[2] = (r->n[2] & mask0) | (a->n[2] & mask1);
284  r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1);
285  r->n[4] = (r->n[4] & mask0) | (a->n[4] & mask1);
286 #ifdef VERIFY
287  if (flag) {
288  r->magnitude = a->magnitude;
289  r->normalized = a->normalized;
290  }
291 #endif
292 }
293 
294 #endif
VERIFY_CHECK
#define VERIFY_CHECK(cond)
Definition: util.h:61
b
void const uint64_t * b
Definition: field_5x52_asm_impl.h:10
SECP256K1_RESTRICT
#define SECP256K1_RESTRICT
Definition: util.h:74
secp256k1_fe_t::n
uint32_t n[10]
Definition: field_10x26.h:18
util.h
r
void const uint64_t uint64_t * r
Definition: field_5x52_asm_impl.h:10
secp256k1_fe_t
Definition: field_10x26.h:12
num.h
SECP256K1_INLINE
#define SECP256K1_INLINE
Definition: secp256k1.h:23
field.h
Generated on Tue Apr 28 2026 00:02:58 for PRCYCoin by   doxygen 1.8.17