frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make the curve B constant a secp256k1_fe

Browse Source
This commit is contained in:
Pieter Wuille 2020-09-06 16:24:43 -07:00
parent d7f39ae4b6
commit 78f6cdfaae
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/group_impl.h
View File

@ -14,7 +14,7 @@
/* These points can be generated in sage as follows: /* These points can be generated in sage as follows:
* *
* 0. Setup a worksheet with the following parameters. * 0. Setup a worksheet with the following parameters.
* b = 4 # whatever CURVE_B will be set to * b = 4 # whatever secp256k1_fe_const_b will be set to
* F = FiniteField (0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F) * F = FiniteField (0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F)
* C = EllipticCurve ([F (0), F (b)]) * C = EllipticCurve ([F (0), F (b)])
* *
@ -45,7 +45,8 @@ static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST(
0x48DF246C, 0x808DAE72, 0xCFE52572, 0x7F0501ED 0x48DF246C, 0x808DAE72, 0xCFE52572, 0x7F0501ED
); );
static const int CURVE_B = 4; static const secp256k1_fe secp256k1_fe_const_b = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 4);
# elif EXHAUSTIVE_TEST_ORDER == 13 # elif EXHAUSTIVE_TEST_ORDER == 13
static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST( static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST(
0xedc60018, 0xa51a786b, 0x2ea91f4d, 0x4c9416c0, 0xedc60018, 0xa51a786b, 0x2ea91f4d, 0x4c9416c0,
@ -53,7 +54,9 @@ static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST(
0x54cb1b6b, 0xdc8c1273, 0x087844ea, 0x43f4603e, 0x54cb1b6b, 0xdc8c1273, 0x087844ea, 0x43f4603e,
0x0eaf9a43, 0xf6effe55, 0x939f806d, 0x37adf8ac 0x0eaf9a43, 0xf6effe55, 0x939f806d, 0x37adf8ac
); );
static const int CURVE_B = 2;
static const secp256k1_fe secp256k1_fe_const_b = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 2);
# else # else
# error No known generator for the specified exhaustive test group order. # error No known generator for the specified exhaustive test group order.
# endif # endif
@ -68,7 +71,7 @@ static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST(
0xFD17B448UL, 0xA6855419UL, 0x9C47D08FUL, 0xFB10D4B8UL 0xFD17B448UL, 0xA6855419UL, 0x9C47D08FUL, 0xFB10D4B8UL
); );
static const int CURVE_B = 7; static const secp256k1_fe secp256k1_fe_const_b = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 7);
#endif #endif
static void secp256k1_ge_set_gej_zinv(secp256k1_ge *r, const secp256k1_gej *a, const secp256k1_fe *zi) { static void secp256k1_ge_set_gej_zinv(secp256k1_ge *r, const secp256k1_gej *a, const secp256k1_fe *zi) {
@ -219,14 +222,13 @@ static void secp256k1_ge_clear(secp256k1_ge *r) {
} }
static int secp256k1_ge_set_xquad(secp256k1_ge *r, const secp256k1_fe *x) { static int secp256k1_ge_set_xquad(secp256k1_ge *r, const secp256k1_fe *x) {
secp256k1_fe x2, x3, c; secp256k1_fe x2, x3;
r->x = *x; r->x = *x;
secp256k1_fe_sqr(&x2, x); secp256k1_fe_sqr(&x2, x);
secp256k1_fe_mul(&x3, x, &x2); secp256k1_fe_mul(&x3, x, &x2);
r->infinity = 0; r->infinity = 0;
secp256k1_fe_set_int(&c, CURVE_B); secp256k1_fe_add(&x3, &secp256k1_fe_const_b);
secp256k1_fe_add(&c, &x3); return secp256k1_fe_sqrt(&r->y, &x3);
return secp256k1_fe_sqrt(&r->y, &c);
} }
static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd) { static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd) {
@ -270,15 +272,14 @@ static int secp256k1_gej_is_infinity(const secp256k1_gej *a) {
} }
static int secp256k1_ge_is_valid_var(const secp256k1_ge *a) { static int secp256k1_ge_is_valid_var(const secp256k1_ge *a) {
secp256k1_fe y2, x3, c; secp256k1_fe y2, x3;
if (a->infinity) { if (a->infinity) {
return 0; return 0;
} }
/* y^2 = x^3 + 7 */ /* y^2 = x^3 + 7 */
secp256k1_fe_sqr(&y2, &a->y); secp256k1_fe_sqr(&y2, &a->y);
secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x); secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x);
secp256k1_fe_set_int(&c, CURVE_B); secp256k1_fe_add(&x3, &secp256k1_fe_const_b);
secp256k1_fe_add(&x3, &c);
secp256k1_fe_normalize_weak(&x3); secp256k1_fe_normalize_weak(&x3);
return secp256k1_fe_equal_var(&y2, &x3); return secp256k1_fe_equal_var(&y2, &x3);
} }