doc/dev/ecmult__gen__compute__table__impl_8h_source.html

/***********************************************************************

 * Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell       *

 * Distributed under the MIT software license, see the accompanying    *

 * file COPYING or https://www.opensource.org/licenses/mit-license.php.*

 ***********************************************************************/


#ifndef SECP256K1_ECMULT_GEN_COMPUTE_TABLE_IMPL_H

#define SECP256K1_ECMULT_GEN_COMPUTE_TABLE_IMPL_H


#include "ecmult_gen_compute_table.h"

#include "group_impl.h"

#include "field_impl.h"

#include "ecmult_gen.h"

#include "util.h"


static void secp256k1_ecmult_gen_compute_table(secp256k1_ge_storage* table, const secp256k1_ge* gen, int bits) {

    int g = ECMULT_GEN_PREC_G(bits);

    int n = ECMULT_GEN_PREC_N(bits);


    secp256k1_ge* prec = checked_malloc(&default_error_callback, n * g * sizeof(*prec));

    secp256k1_gej gj;

    secp256k1_gej nums_gej;

    int i, j;


    if (n < 1) {

        /* This is unreachable (bits <= 8), but suppresses a -Wmaybe-uninitialized compiler warning */

        return;

    }


    /* get the generator */

    secp256k1_gej_set_ge(&gj, gen);


    /* Construct a group element with no known corresponding scalar (nothing up my sleeve). */

    {

        static const unsigned char nums_b32[33] = "The scalar for this x is unknown";

        secp256k1_fe nums_x;

        secp256k1_ge nums_ge;

        int r;

        r = secp256k1_fe_set_b32_limit(&nums_x, nums_b32);

        (void)r;

        VERIFY_CHECK(r);

        r = secp256k1_ge_set_xo_var(&nums_ge, &nums_x, 0);

        (void)r;

        VERIFY_CHECK(r);

        secp256k1_gej_set_ge(&nums_gej, &nums_ge);

        /* Add G to make the bits in x uniformly distributed. */

        secp256k1_gej_add_ge_var(&nums_gej, &nums_gej, gen, NULL);

    }


    /* compute prec. */

    {

        secp256k1_gej gbase;

        secp256k1_gej numsbase;

        secp256k1_gej* precj = checked_malloc(&default_error_callback, n * g * sizeof(*precj));  /* Jacobian versions of prec. */

        gbase = gj; /* PREC_G^j * G */

        numsbase = nums_gej; /* 2^j * nums. */

        for (j = 0; j < n; j++) {

            /* Set precj[j*PREC_G .. j*PREC_G+(PREC_G-1)] to (numsbase, numsbase + gbase, ..., numsbase + (PREC_G-1)*gbase). */

            precj[j*g] = numsbase;

            for (i = 1; i < g; i++) {

                secp256k1_gej_add_var(&precj[j*g + i], &precj[j*g + i - 1], &gbase, NULL);

            }

            /* Multiply gbase by PREC_G. */

            for (i = 0; i < bits; i++) {

                secp256k1_gej_double_var(&gbase, &gbase, NULL);

            }

            /* Multiply numbase by 2. */

            secp256k1_gej_double_var(&numsbase, &numsbase, NULL);

            if (j == n - 2) {

                /* In the last iteration, numsbase is (1 - 2^j) * nums instead. */

                secp256k1_gej_neg(&numsbase, &numsbase);

                secp256k1_gej_add_var(&numsbase, &numsbase, &nums_gej, NULL);

            }

        }

        secp256k1_ge_set_all_gej_var(prec, precj, n * g);

        free(precj);

    }

    for (j = 0; j < n; j++) {

        for (i = 0; i < g; i++) {

            secp256k1_ge_to_storage(&table[j*g + i], &prec[j*g + i]);

        }

    }

    free(prec);

}


#endif /* SECP256K1_ECMULT_GEN_COMPUTE_TABLE_IMPL_H */

ecmult_gen.h

ECMULT_GEN_PREC_G
#define ECMULT_GEN_PREC_G(bits)
Definition: ecmult_gen.h:28

ECMULT_GEN_PREC_N
#define ECMULT_GEN_PREC_N(bits)
Definition: ecmult_gen.h:29

ecmult_gen_compute_table.h

secp256k1_ecmult_gen_compute_table
static void secp256k1_ecmult_gen_compute_table(secp256k1_ge_storage *table, const secp256k1_ge *gen, int bits)
Definition: ecmult_gen_compute_table_impl.h:16

secp256k1_fe_set_b32_limit
#define secp256k1_fe_set_b32_limit
Definition: field.h:89

field_impl.h

secp256k1_gej_double_var
static void secp256k1_gej_double_var(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr)
Set r equal to the double of a.

secp256k1_ge_set_xo_var
static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd)
Set a group element (affine) equal to the point with the given X coordinate, and given oddness for Y.

secp256k1_gej_add_ge_var
static void secp256k1_gej_add_ge_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr)
Set r equal to the sum of a and b (with b given in affine coordinates).

secp256k1_gej_add_var
static void secp256k1_gej_add_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr)
Set r equal to the sum of a and b.

secp256k1_ge_set_all_gej_var
static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a, size_t len)
Set a batch of group elements equal to the inputs given in jacobian coordinates.

secp256k1_gej_set_ge
static void secp256k1_gej_set_ge(secp256k1_gej *r, const secp256k1_ge *a)
Set a group element (jacobian) equal to another which is given in affine coordinates.

secp256k1_ge_to_storage
static void secp256k1_ge_to_storage(secp256k1_ge_storage *r, const secp256k1_ge *a)
Convert a group element to the storage type.

secp256k1_gej_neg
static void secp256k1_gej_neg(secp256k1_gej *r, const secp256k1_gej *a)
Set r equal to the inverse of a (i.e., mirrored around the X axis)

group_impl.h

default_error_callback
static const secp256k1_callback default_error_callback
Definition: util.h:84

VERIFY_CHECK
#define VERIFY_CHECK(cond)
Definition: util.h:130

checked_malloc
static SECP256K1_INLINE void * checked_malloc(const secp256k1_callback *cb, size_t size)
Definition: util.h:134

secp256k1_fe
This field implementation represents the value as 10 uint32_t limbs in base 2^26.
Definition: field_10x26.h:14

secp256k1_ge_storage
Definition: group.h:38

secp256k1_ge
A group element in affine coordinates on the secp256k1 curve, or occasionally on an isomorphic curve ...
Definition: group.h:16

secp256k1_gej
A group element of the secp256k1 curve, in jacobian coordinates.
Definition: group.h:28

util.h