group_impl.h File Reference

#include <string.h>
#include "field.h"
#include "group.h"
#include "util.h"

Include dependency graph for group_impl.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros
#define	SECP256K1_G_ORDER_7
#define	SECP256K1_G_ORDER_13
#define	SECP256K1_G_ORDER_199
#define	SECP256K1_G
	Generator for secp256k1, value 'g' defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1.
#define	SECP256K1_B   7

Functions
static void	secp256k1_ge_verify (const secp256k1_ge *a)
static void	secp256k1_gej_verify (const secp256k1_gej *a)
static void	secp256k1_ge_set_gej_zinv (secp256k1_ge *r, const secp256k1_gej *a, const secp256k1_fe *zi)
static void	secp256k1_ge_set_ge_zinv (secp256k1_ge *r, const secp256k1_ge *a, const secp256k1_fe *zi)
static void	secp256k1_ge_set_xy (secp256k1_ge *r, const secp256k1_fe *x, const secp256k1_fe *y)
static int	secp256k1_ge_is_infinity (const secp256k1_ge *a)
static void	secp256k1_ge_neg (secp256k1_ge *r, const secp256k1_ge *a)
static void	secp256k1_ge_set_gej (secp256k1_ge *r, secp256k1_gej *a)
static void	secp256k1_ge_set_gej_var (secp256k1_ge *r, secp256k1_gej *a)
static void	secp256k1_ge_set_all_gej (secp256k1_ge *r, const secp256k1_gej *a, size_t len)
static void	secp256k1_ge_set_all_gej_var (secp256k1_ge *r, const secp256k1_gej *a, size_t len)
static void	secp256k1_ge_table_set_globalz (size_t len, secp256k1_ge *a, const secp256k1_fe *zr)
static void	secp256k1_gej_set_infinity (secp256k1_gej *r)
static void	secp256k1_ge_set_infinity (secp256k1_ge *r)
static void	secp256k1_gej_clear (secp256k1_gej *r)
static void	secp256k1_ge_clear (secp256k1_ge *r)
static int	secp256k1_ge_set_xo_var (secp256k1_ge *r, const secp256k1_fe *x, int odd)
static void	secp256k1_gej_set_ge (secp256k1_gej *r, const secp256k1_ge *a)
static int	secp256k1_gej_eq_var (const secp256k1_gej *a, const secp256k1_gej *b)
static int	secp256k1_gej_eq_ge_var (const secp256k1_gej *a, const secp256k1_ge *b)
static int	secp256k1_ge_eq_var (const secp256k1_ge *a, const secp256k1_ge *b)
static int	secp256k1_gej_eq_x_var (const secp256k1_fe *x, const secp256k1_gej *a)
static void	secp256k1_gej_neg (secp256k1_gej *r, const secp256k1_gej *a)
static int	secp256k1_gej_is_infinity (const secp256k1_gej *a)
static int	secp256k1_ge_is_valid_var (const secp256k1_ge *a)
static SECP256K1_INLINE void	secp256k1_gej_double (secp256k1_gej *r, const secp256k1_gej *a)
static void	secp256k1_gej_double_var (secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr)
static void	secp256k1_gej_add_var (secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr)
static void	secp256k1_gej_add_ge_var (secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr)
static void	secp256k1_gej_add_zinv_var (secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, const secp256k1_fe *bzinv)
static void	secp256k1_gej_add_ge (secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b)
static void	secp256k1_gej_rescale (secp256k1_gej *r, const secp256k1_fe *s)
static void	secp256k1_ge_to_storage (secp256k1_ge_storage *r, const secp256k1_ge *a)
static void	secp256k1_ge_from_storage (secp256k1_ge *r, const secp256k1_ge_storage *a)
static SECP256K1_INLINE void	secp256k1_gej_cmov (secp256k1_gej *r, const secp256k1_gej *a, int flag)
static SECP256K1_INLINE void	secp256k1_ge_storage_cmov (secp256k1_ge_storage *r, const secp256k1_ge_storage *a, int flag)
static void	secp256k1_ge_mul_lambda (secp256k1_ge *r, const secp256k1_ge *a)
static int	secp256k1_ge_is_in_correct_subgroup (const secp256k1_ge *ge)
static int	secp256k1_ge_x_on_curve_var (const secp256k1_fe *x)
static int	secp256k1_ge_x_frac_on_curve_var (const secp256k1_fe *xn, const secp256k1_fe *xd)
static void	secp256k1_ge_to_bytes (unsigned char *buf, const secp256k1_ge *a)
static void	secp256k1_ge_from_bytes (secp256k1_ge *r, const unsigned char *buf)
static void	secp256k1_ge_to_bytes_ext (unsigned char *data, const secp256k1_ge *ge)
static void	secp256k1_ge_from_bytes_ext (secp256k1_ge *ge, const unsigned char *data)

Variables
static const secp256k1_ge	secp256k1_ge_const_g = SECP256K1_G

Macro Definition Documentation

SECP256K1_B

#define SECP256K1_B   7

Definition at line 73 of file group_impl.h.

SECP256K1_G

#define SECP256K1_G

Value:

    SECP256K1_GE_CONST(\
    0x79be667e, 0xf9dcbbac, 0x55a06295, 0xce870b07,\
    0x029bfcdb, 0x2dce28d9, 0x59f2815b, 0x16f81798,\
    0x483ada77, 0x26a3c465, 0x5da4fbfc, 0x0e1108a8,\
    0xfd17b448, 0xa6855419, 0x9c47d08f, 0xfb10d4b8\
)

Generator for secp256k1, value 'g' defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1.

Definition at line 38 of file group_impl.h.

SECP256K1_G_ORDER_13

#define SECP256K1_G_ORDER_13

Value:

    SECP256K1_GE_CONST(\
    0xa2482ff8, 0x4bf34edf, 0xa51262fd, 0xe57921db,\
    0xe0dd2cb7, 0xa5914790, 0xbc71631f, 0xc09704fb,\
    0x942536cb, 0xa3e49492, 0x3a701cc3, 0xee3e443f,\
    0xdf182aa9, 0x15b8aa6a, 0x166d3b19, 0xba84b045\
)

Definition at line 23 of file group_impl.h.

SECP256K1_G_ORDER_199

#define SECP256K1_G_ORDER_199

Value:

    SECP256K1_GE_CONST(\
    0x7fb07b5c, 0xd07c3bda, 0x553902e2, 0x7a87ea2c,\
    0x35108a7f, 0x051f41e5, 0xb76abad5, 0x1f2703ad,\
    0x0a251539, 0x5b4c4438, 0x952a634f, 0xac10dd4d,\
    0x6d6f4745, 0x98990c27, 0x3a4f3116, 0xd32ff969\
)

Definition at line 29 of file group_impl.h.

SECP256K1_G_ORDER_7

#define SECP256K1_G_ORDER_7

Value:

    SECP256K1_GE_CONST(\
    0x66625d13, 0x317ffe44, 0x63d32cff, 0x1ca02b9b,\
    0xe5c6d070, 0x50b4b05e, 0x81cc30db, 0xf5166f0a,\
    0x1e60e897, 0xa7c00c7c, 0x2df53eb6, 0x98274ff4,\
    0x64252f42, 0x8ca44e17, 0x3b25418c, 0xff4ab0cf\
)

Definition at line 17 of file group_impl.h.

Function Documentation

secp256k1_ge_clear()

static void secp256k1_ge_clear ( secp256k1_ge * r )

static

Definition at line 343 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_eq_var()

static int secp256k1_ge_eq_var ( const secp256k1_ge * a, const secp256k1_ge * b )

static

Definition at line 398 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_from_bytes()

static void secp256k1_ge_from_bytes ( secp256k1_ge * r, const unsigned char * buf )

static

Definition at line 989 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_ge_from_bytes_ext()

static void secp256k1_ge_from_bytes_ext ( secp256k1_ge * ge, const unsigned char * data )

static

Definition at line 1005 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_from_storage()

static void secp256k1_ge_from_storage ( secp256k1_ge * r, const secp256k1_ge_storage * a )

static

Definition at line 890 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_ge_is_in_correct_subgroup()

static int secp256k1_ge_is_in_correct_subgroup ( const secp256k1_ge * ge )

static

Definition at line 926 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_is_infinity()

static int secp256k1_ge_is_infinity ( const secp256k1_ge * a )

static

Definition at line 143 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_ge_is_valid_var()

static int secp256k1_ge_is_valid_var ( const secp256k1_ge * a )

static

Definition at line 446 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_mul_lambda()

static void secp256k1_ge_mul_lambda ( secp256k1_ge * r, const secp256k1_ge * a )

static

Definition at line 917 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_neg()

static void secp256k1_ge_neg ( secp256k1_ge * r, const secp256k1_ge * a )

static

Definition at line 149 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_set_all_gej()

static void secp256k1_ge_set_all_gej ( secp256k1_ge * r, const secp256k1_gej * a, size_t len )

static

Definition at line 198 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_set_all_gej_var()

static void secp256k1_ge_set_all_gej_var ( secp256k1_ge * r, const secp256k1_gej * a, size_t len )

static

Definition at line 236 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_set_ge_zinv()

static void secp256k1_ge_set_ge_zinv ( secp256k1_ge * r, const secp256k1_ge * a, const secp256k1_fe * zi )

static

Definition at line 116 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_ge_set_gej()

static void secp256k1_ge_set_gej ( secp256k1_ge * r, secp256k1_gej * a )

static

Definition at line 159 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_set_gej_var()

static void secp256k1_ge_set_gej_var ( secp256k1_ge * r, secp256k1_gej * a )

static

Definition at line 177 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_set_gej_zinv()

static void secp256k1_ge_set_gej_zinv ( secp256k1_ge * r, const secp256k1_gej * a, const secp256k1_fe * zi )

static

Definition at line 99 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_ge_set_infinity()

static void secp256k1_ge_set_infinity ( secp256k1_ge * r )

static

Definition at line 331 of file group_impl.h.

Here is the caller graph for this function:

secp256k1_ge_set_xo_var()

static int secp256k1_ge_set_xo_var ( secp256k1_ge * r, const secp256k1_fe * x, int odd )

static

Definition at line 347 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_set_xy()

static void secp256k1_ge_set_xy ( secp256k1_ge * r, const secp256k1_fe * x, const secp256k1_fe * y )

static

Definition at line 132 of file group_impl.h.

Here is the caller graph for this function:

secp256k1_ge_storage_cmov()

static SECP256K1_INLINE void secp256k1_ge_storage_cmov ( secp256k1_ge_storage * r, const secp256k1_ge_storage * a, int flag )

static

Definition at line 911 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_table_set_globalz()

static void secp256k1_ge_table_set_globalz ( size_t len, secp256k1_ge * a, const secp256k1_fe * zr )

static

Definition at line 289 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_to_bytes()

static void secp256k1_ge_to_bytes ( unsigned char * buf, const secp256k1_ge * a )

static

Definition at line 977 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_ge_to_bytes_ext()

static void secp256k1_ge_to_bytes_ext ( unsigned char * data, const secp256k1_ge * ge )

static

Definition at line 997 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_to_storage()

static void secp256k1_ge_to_storage ( secp256k1_ge_storage * r, const secp256k1_ge * a )

static

Definition at line 877 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_ge_verify()

static void secp256k1_ge_verify ( const secp256k1_ge * a )

static

Definition at line 78 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_x_frac_on_curve_var()

static int secp256k1_ge_x_frac_on_curve_var ( const secp256k1_fe * xn, const secp256k1_fe * xd )

static

Definition at line 958 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_x_on_curve_var()

static int secp256k1_ge_x_on_curve_var ( const secp256k1_fe * x )

static

Definition at line 950 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_add_ge()

static void secp256k1_gej_add_ge ( secp256k1_gej * r, const secp256k1_gej * a, const secp256k1_ge * b )

static

Definition at line 724 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_add_ge_var()

static void secp256k1_gej_add_ge_var ( secp256k1_gej * r, const secp256k1_gej * a, const secp256k1_ge * b, secp256k1_fe * rzr )

static

Definition at line 590 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_gej_add_var()

static void secp256k1_gej_add_var ( secp256k1_gej * r, const secp256k1_gej * a, const secp256k1_gej * b, secp256k1_fe * rzr )

static

Definition at line 526 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_gej_add_zinv_var()

static void secp256k1_gej_add_zinv_var ( secp256k1_gej * r, const secp256k1_gej * a, const secp256k1_ge * b, const secp256k1_fe * bzinv )

static

We need to calculate (rx,ry,rz) = (ax,ay,az) + (bx,by,1/bzinv). Due to secp256k1's isomorphism we can multiply the Z coordinates on both sides by bzinv, and get: (rx,ry,rz*bzinv) = (ax,ay,az*bzinv) + (bx,by,1). This means that (rx,ry,rz) can be calculated as (ax,ay,az*bzinv) + (bx,by,1), when not applying the bzinv factor to rz. The variable az below holds the modified Z coordinate for a, which is used for the computation of rx and ry, but not for rz.

Definition at line 653 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_clear()

static void secp256k1_gej_clear ( secp256k1_gej * r )

static

Definition at line 339 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_cmov()

static SECP256K1_INLINE void secp256k1_gej_cmov ( secp256k1_gej * r, const secp256k1_gej * a, int flag )

static

Definition at line 898 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_double()

static SECP256K1_INLINE void secp256k1_gej_double ( secp256k1_gej * r, const secp256k1_gej * a )

static

Definition at line 460 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_gej_double_var()

static void secp256k1_gej_double_var ( secp256k1_gej * r, const secp256k1_gej * a, secp256k1_fe * rzr )

static

For secp256k1, 2Q is infinity if and only if Q is infinity. This is because if 2Q = infinity, Q must equal -Q, or that Q.y == -(Q.y), or Q.y is 0. For a point on y^2 = x^3 + 7 to have y=0, x^3 must be -7 mod p. However, -7 has no cube root mod p.

Having said this, if this function receives a point on a sextic twist, e.g. by a fault attack, it is possible for y to be 0. This happens for y^2 = x^3 + 6, since -6 does have a cube root mod p. For this point, this function will not set the infinity flag even though the point doubles to infinity, and the result point will be gibberish (z = 0 but infinity = 0).

Definition at line 495 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_gej_eq_ge_var()

static int secp256k1_gej_eq_ge_var ( const secp256k1_gej * a, const secp256k1_ge * b )

static

Definition at line 388 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_eq_var()

static int secp256k1_gej_eq_var ( const secp256k1_gej * a, const secp256k1_gej * b )

static

Definition at line 378 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_eq_x_var()

static int secp256k1_gej_eq_x_var ( const secp256k1_fe * x, const secp256k1_gej * a )

static

Definition at line 417 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_is_infinity()

static int secp256k1_gej_is_infinity ( const secp256k1_gej * a )

static

Definition at line 440 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_gej_neg()

static void secp256k1_gej_neg ( secp256k1_gej * r, const secp256k1_gej * a )

static

Definition at line 427 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_gej_rescale()

static void secp256k1_gej_rescale ( secp256k1_gej * r, const secp256k1_fe * s )

static

Definition at line 861 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_set_ge()

static void secp256k1_gej_set_ge ( secp256k1_gej * r, const secp256k1_ge * a )

static

Definition at line 367 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_gej_set_infinity()

static void secp256k1_gej_set_infinity ( secp256k1_gej * r )

static

Definition at line 322 of file group_impl.h.

Here is the caller graph for this function:

secp256k1_gej_verify()

static void secp256k1_gej_verify ( const secp256k1_gej * a )

static

Definition at line 87 of file group_impl.h.

Here is the call graph for this function:

Variable Documentation

secp256k1_ge_const_g

const secp256k1_ge secp256k1_ge_const_g = SECP256K1_G

static

Definition at line 72 of file group_impl.h.