PRCYCoin  2.0.0.7rc1
P2P Digital Currency
scalar_impl.h
Go to the documentation of this file.
1 /**********************************************************************
2  * Copyright (c) 2014 Pieter Wuille *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5  **********************************************************************/
6 
7 #ifndef _SECP256K1_SCALAR_IMPL_H_
8 #define _SECP256K1_SCALAR_IMPL_H_
9 
10 #include <string.h>
11 
12 #include "group.h"
13 #include "scalar.h"
14 
15 #if defined HAVE_CONFIG_H
16 #include "libsecp256k1-config.h"
17 #endif
18 
19 #if defined(USE_SCALAR_4X64)
20 #include "scalar_4x64_impl.h"
21 #elif defined(USE_SCALAR_8X32)
22 #include "scalar_8x32_impl.h"
23 #else
24 #error "Please select scalar implementation"
25 #endif
26 
27 typedef struct {
28 #ifndef USE_NUM_NONE
29  secp256k1_num_t order;
30 #endif
31 #ifdef USE_ENDOMORPHISM
32  secp256k1_scalar_t minus_lambda, minus_b1, minus_b2, g1, g2;
33 #endif
34 } secp256k1_scalar_consts_t;
35 
36 static const secp256k1_scalar_consts_t *secp256k1_scalar_consts = NULL;
37 
38 static void secp256k1_scalar_start(void) {
39  if (secp256k1_scalar_consts != NULL)
40  return;
41 
42  /* Allocate. */
43  secp256k1_scalar_consts_t *ret = (secp256k1_scalar_consts_t*)malloc(sizeof(secp256k1_scalar_consts_t));
44 
45 #ifndef USE_NUM_NONE
46  static const unsigned char secp256k1_scalar_consts_order[] = {
47  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
48  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
49  0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,
50  0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41
51  };
52  secp256k1_num_set_bin(&ret->order, secp256k1_scalar_consts_order, sizeof(secp256k1_scalar_consts_order));
53 #endif
54 #ifdef USE_ENDOMORPHISM
55 
58  static const unsigned char secp256k1_scalar_consts_lambda[32] = {
59  0x53,0x63,0xad,0x4c,0xc0,0x5c,0x30,0xe0,
60  0xa5,0x26,0x1c,0x02,0x88,0x12,0x64,0x5a,
61  0x12,0x2e,0x22,0xea,0x20,0x81,0x66,0x78,
62  0xdf,0x02,0x96,0x7c,0x1b,0x23,0xbd,0x72
63  };
95  static const unsigned char secp256k1_scalar_consts_minus_b1[32] = {
96  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
97  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
98  0xe4,0x43,0x7e,0xd6,0x01,0x0e,0x88,0x28,
99  0x6f,0x54,0x7f,0xa9,0x0a,0xbf,0xe4,0xc3
100  };
101  static const unsigned char secp256k1_scalar_consts_b2[32] = {
102  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
103  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
104  0x30,0x86,0xd2,0x21,0xa7,0xd4,0x6b,0xcd,
105  0xe8,0x6c,0x90,0xe4,0x92,0x84,0xeb,0x15
106  };
107  static const unsigned char secp256k1_scalar_consts_g1[32] = {
108  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
109  0x00,0x00,0x00,0x00,0x00,0x00,0x30,0x86,
110  0xd2,0x21,0xa7,0xd4,0x6b,0xcd,0xe8,0x6c,
111  0x90,0xe4,0x92,0x84,0xeb,0x15,0x3d,0xab
112  };
113  static const unsigned char secp256k1_scalar_consts_g2[32] = {
114  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
115  0x00,0x00,0x00,0x00,0x00,0x00,0xe4,0x43,
116  0x7e,0xd6,0x01,0x0e,0x88,0x28,0x6f,0x54,
117  0x7f,0xa9,0x0a,0xbf,0xe4,0xc4,0x22,0x12
118  };
119 
120  secp256k1_scalar_set_b32(&ret->minus_lambda, secp256k1_scalar_consts_lambda, NULL);
121  secp256k1_scalar_negate(&ret->minus_lambda, &ret->minus_lambda);
122  secp256k1_scalar_set_b32(&ret->minus_b1, secp256k1_scalar_consts_minus_b1, NULL);
123  secp256k1_scalar_set_b32(&ret->minus_b2, secp256k1_scalar_consts_b2, NULL);
124  secp256k1_scalar_negate(&ret->minus_b2, &ret->minus_b2);
125  secp256k1_scalar_set_b32(&ret->g1, secp256k1_scalar_consts_g1, NULL);
126  secp256k1_scalar_set_b32(&ret->g2, secp256k1_scalar_consts_g2, NULL);
127 #endif
128 
129  /* Set the global pointer. */
130  secp256k1_scalar_consts = ret;
131 }
132 
133 static void secp256k1_scalar_stop(void) {
134  if (secp256k1_scalar_consts == NULL)
135  return;
136 
137  secp256k1_scalar_consts_t *c = (secp256k1_scalar_consts_t*)secp256k1_scalar_consts;
138  secp256k1_scalar_consts = NULL;
139  free(c);
140 }
141 
142 #ifndef USE_NUM_NONE
143 static void secp256k1_scalar_get_num(secp256k1_num_t *r, const secp256k1_scalar_t *a) {
144  unsigned char c[32];
145  secp256k1_scalar_get_b32(c, a);
146  secp256k1_num_set_bin(r, c, 32);
147 }
148 
149 static void secp256k1_scalar_order_get_num(secp256k1_num_t *r) {
150  *r = secp256k1_scalar_consts->order;
151 }
152 #endif
153 
154 static void secp256k1_scalar_inverse(secp256k1_scalar_t *r, const secp256k1_scalar_t *x) {
155  /* First compute x ^ (2^N - 1) for some values of N. */
156  secp256k1_scalar_t x2, x3, x4, x6, x7, x8, x15, x30, x60, x120, x127;
157 
158  secp256k1_scalar_sqr(&x2, x);
159  secp256k1_scalar_mul(&x2, &x2, x);
160 
161  secp256k1_scalar_sqr(&x3, &x2);
162  secp256k1_scalar_mul(&x3, &x3, x);
163 
164  secp256k1_scalar_sqr(&x4, &x3);
165  secp256k1_scalar_mul(&x4, &x4, x);
166 
167  secp256k1_scalar_sqr(&x6, &x4);
168  secp256k1_scalar_sqr(&x6, &x6);
169  secp256k1_scalar_mul(&x6, &x6, &x2);
170 
171  secp256k1_scalar_sqr(&x7, &x6);
172  secp256k1_scalar_mul(&x7, &x7, x);
173 
174  secp256k1_scalar_sqr(&x8, &x7);
175  secp256k1_scalar_mul(&x8, &x8, x);
176 
177  secp256k1_scalar_sqr(&x15, &x8);
178  for (int i=0; i<6; i++)
179  secp256k1_scalar_sqr(&x15, &x15);
180  secp256k1_scalar_mul(&x15, &x15, &x7);
181 
182  secp256k1_scalar_sqr(&x30, &x15);
183  for (int i=0; i<14; i++)
184  secp256k1_scalar_sqr(&x30, &x30);
185  secp256k1_scalar_mul(&x30, &x30, &x15);
186 
187  secp256k1_scalar_sqr(&x60, &x30);
188  for (int i=0; i<29; i++)
189  secp256k1_scalar_sqr(&x60, &x60);
190  secp256k1_scalar_mul(&x60, &x60, &x30);
191 
192  secp256k1_scalar_sqr(&x120, &x60);
193  for (int i=0; i<59; i++)
194  secp256k1_scalar_sqr(&x120, &x120);
195  secp256k1_scalar_mul(&x120, &x120, &x60);
196 
197  secp256k1_scalar_sqr(&x127, &x120);
198  for (int i=0; i<6; i++)
199  secp256k1_scalar_sqr(&x127, &x127);
200  secp256k1_scalar_mul(&x127, &x127, &x7);
201 
202  /* Then accumulate the final result (t starts at x127). */
203  secp256k1_scalar_t *t = &x127;
204  for (int i=0; i<2; i++) /* 0 */
205  secp256k1_scalar_sqr(t, t);
206  secp256k1_scalar_mul(t, t, x); /* 1 */
207  for (int i=0; i<4; i++) /* 0 */
208  secp256k1_scalar_sqr(t, t);
209  secp256k1_scalar_mul(t, t, &x3); /* 111 */
210  for (int i=0; i<2; i++) /* 0 */
211  secp256k1_scalar_sqr(t, t);
212  secp256k1_scalar_mul(t, t, x); /* 1 */
213  for (int i=0; i<2; i++) /* 0 */
214  secp256k1_scalar_sqr(t, t);
215  secp256k1_scalar_mul(t, t, x); /* 1 */
216  for (int i=0; i<2; i++) /* 0 */
217  secp256k1_scalar_sqr(t, t);
218  secp256k1_scalar_mul(t, t, x); /* 1 */
219  for (int i=0; i<4; i++) /* 0 */
220  secp256k1_scalar_sqr(t, t);
221  secp256k1_scalar_mul(t, t, &x3); /* 111 */
222  for (int i=0; i<3; i++) /* 0 */
223  secp256k1_scalar_sqr(t, t);
224  secp256k1_scalar_mul(t, t, &x2); /* 11 */
225  for (int i=0; i<4; i++) /* 0 */
226  secp256k1_scalar_sqr(t, t);
227  secp256k1_scalar_mul(t, t, &x3); /* 111 */
228  for (int i=0; i<5; i++) /* 00 */
229  secp256k1_scalar_sqr(t, t);
230  secp256k1_scalar_mul(t, t, &x3); /* 111 */
231  for (int i=0; i<4; i++) /* 00 */
232  secp256k1_scalar_sqr(t, t);
233  secp256k1_scalar_mul(t, t, &x2); /* 11 */
234  for (int i=0; i<2; i++) /* 0 */
235  secp256k1_scalar_sqr(t, t);
236  secp256k1_scalar_mul(t, t, x); /* 1 */
237  for (int i=0; i<2; i++) /* 0 */
238  secp256k1_scalar_sqr(t, t);
239  secp256k1_scalar_mul(t, t, x); /* 1 */
240  for (int i=0; i<5; i++) /* 0 */
241  secp256k1_scalar_sqr(t, t);
242  secp256k1_scalar_mul(t, t, &x4); /* 1111 */
243  for (int i=0; i<2; i++) /* 0 */
244  secp256k1_scalar_sqr(t, t);
245  secp256k1_scalar_mul(t, t, x); /* 1 */
246  for (int i=0; i<3; i++) /* 00 */
247  secp256k1_scalar_sqr(t, t);
248  secp256k1_scalar_mul(t, t, x); /* 1 */
249  for (int i=0; i<4; i++) /* 000 */
250  secp256k1_scalar_sqr(t, t);
251  secp256k1_scalar_mul(t, t, x); /* 1 */
252  for (int i=0; i<2; i++) /* 0 */
253  secp256k1_scalar_sqr(t, t);
254  secp256k1_scalar_mul(t, t, x); /* 1 */
255  for (int i=0; i<10; i++) /* 0000000 */
256  secp256k1_scalar_sqr(t, t);
257  secp256k1_scalar_mul(t, t, &x3); /* 111 */
258  for (int i=0; i<4; i++) /* 0 */
259  secp256k1_scalar_sqr(t, t);
260  secp256k1_scalar_mul(t, t, &x3); /* 111 */
261  for (int i=0; i<9; i++) /* 0 */
262  secp256k1_scalar_sqr(t, t);
263  secp256k1_scalar_mul(t, t, &x8); /* 11111111 */
264  for (int i=0; i<2; i++) /* 0 */
265  secp256k1_scalar_sqr(t, t);
266  secp256k1_scalar_mul(t, t, x); /* 1 */
267  for (int i=0; i<3; i++) /* 00 */
268  secp256k1_scalar_sqr(t, t);
269  secp256k1_scalar_mul(t, t, x); /* 1 */
270  for (int i=0; i<3; i++) /* 00 */
271  secp256k1_scalar_sqr(t, t);
272  secp256k1_scalar_mul(t, t, x); /* 1 */
273  for (int i=0; i<5; i++) /* 0 */
274  secp256k1_scalar_sqr(t, t);
275  secp256k1_scalar_mul(t, t, &x4); /* 1111 */
276  for (int i=0; i<2; i++) /* 0 */
277  secp256k1_scalar_sqr(t, t);
278  secp256k1_scalar_mul(t, t, x); /* 1 */
279  for (int i=0; i<5; i++) /* 000 */
280  secp256k1_scalar_sqr(t, t);
281  secp256k1_scalar_mul(t, t, &x2); /* 11 */
282  for (int i=0; i<4; i++) /* 00 */
283  secp256k1_scalar_sqr(t, t);
284  secp256k1_scalar_mul(t, t, &x2); /* 11 */
285  for (int i=0; i<2; i++) /* 0 */
286  secp256k1_scalar_sqr(t, t);
287  secp256k1_scalar_mul(t, t, x); /* 1 */
288  for (int i=0; i<8; i++) /* 000000 */
289  secp256k1_scalar_sqr(t, t);
290  secp256k1_scalar_mul(t, t, &x2); /* 11 */
291  for (int i=0; i<3; i++) /* 0 */
292  secp256k1_scalar_sqr(t, t);
293  secp256k1_scalar_mul(t, t, &x2); /* 11 */
294  for (int i=0; i<3; i++) /* 00 */
295  secp256k1_scalar_sqr(t, t);
296  secp256k1_scalar_mul(t, t, x); /* 1 */
297  for (int i=0; i<6; i++) /* 00000 */
298  secp256k1_scalar_sqr(t, t);
299  secp256k1_scalar_mul(t, t, x); /* 1 */
300  for (int i=0; i<8; i++) /* 00 */
301  secp256k1_scalar_sqr(t, t);
302  secp256k1_scalar_mul(r, t, &x6); /* 111111 */
303 }
304 
305 static void secp256k1_scalar_inverse_var(secp256k1_scalar_t *r, const secp256k1_scalar_t *x) {
306 #if defined(USE_SCALAR_INV_BUILTIN)
307  secp256k1_scalar_inverse(r, x);
308 #elif defined(USE_SCALAR_INV_NUM)
309  unsigned char b[32];
310  secp256k1_scalar_get_b32(b, x);
311  secp256k1_num_t n;
312  secp256k1_num_set_bin(&n, b, 32);
313  secp256k1_num_mod_inverse(&n, &n, &secp256k1_scalar_consts->order);
314  secp256k1_num_get_bin(b, 32, &n);
315  secp256k1_scalar_set_b32(r, b, NULL);
316 #else
317 #error "Please select scalar inverse implementation"
318 #endif
319 }
320 
321 #ifdef USE_ENDOMORPHISM
322 static void secp256k1_scalar_split_lambda_var(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a) {
323  VERIFY_CHECK(r1 != a);
324  VERIFY_CHECK(r2 != a);
325  secp256k1_scalar_t c1, c2;
326  secp256k1_scalar_mul_shift_var(&c1, a, &secp256k1_scalar_consts->g1, 272);
327  secp256k1_scalar_mul_shift_var(&c2, a, &secp256k1_scalar_consts->g2, 272);
328  secp256k1_scalar_mul(&c1, &c1, &secp256k1_scalar_consts->minus_b1);
329  secp256k1_scalar_mul(&c2, &c2, &secp256k1_scalar_consts->minus_b2);
330  secp256k1_scalar_add(r2, &c1, &c2);
331  secp256k1_scalar_mul(r1, r2, &secp256k1_scalar_consts->minus_lambda);
332  secp256k1_scalar_add(r1, r1, a);
333 }
334 #endif
335 
336 #endif
secp256k1_scalar_consts_t::order
secp256k1_num_t order
Definition: scalar_impl.h:33
VERIFY_CHECK
#define VERIFY_CHECK(cond)
Definition: util.h:61
b
void const uint64_t * b
Definition: field_5x52_asm_impl.h:10
secp256k1_num_t
Definition: num_gmp.h:14
scalar.h
r
void const uint64_t uint64_t * r
Definition: field_5x52_asm_impl.h:10
group.h
secp256k1_scalar_consts_t
Definition: scalar_impl.h:27
secp256k1_scalar_t
A scalar modulo the group order of the secp256k1 curve.
Definition: scalar_4x64.h:13
Generated on Tue Apr 28 2026 00:02:59 for PRCYCoin by   doxygen 1.8.17