doc: minor ellswift.md updates
This commit is contained in:
parent
0fa84f869d
commit
c7d900ffd1
@ -88,7 +88,7 @@ $$
|
|||||||
\begin{array}{lcl}
|
\begin{array}{lcl}
|
||||||
X(u, t) & = & \left\\{\begin{array}{ll}
|
X(u, t) & = & \left\\{\begin{array}{ll}
|
||||||
\dfrac{g(u) - t^2}{2t} & a = 0 \\
|
\dfrac{g(u) - t^2}{2t} & a = 0 \\
|
||||||
\dfrac{g(u) + h(u)(Y_0(u) + X_0(u)t)^2}{X_0(u)(1 + h(u)t^2)} & a \neq 0
|
\dfrac{g(u) + h(u)(Y_0(u) - X_0(u)t)^2}{X_0(u)(1 + h(u)t^2)} & a \neq 0
|
||||||
\end{array}\right. \\
|
\end{array}\right. \\
|
||||||
Y(u, t) & = & \left\\{\begin{array}{ll}
|
Y(u, t) & = & \left\\{\begin{array}{ll}
|
||||||
\dfrac{X(u, t) + t}{u \sqrt{-3}} = \dfrac{g(u) + t^2}{2tu\sqrt{-3}} & a = 0 \\
|
\dfrac{X(u, t) + t}{u \sqrt{-3}} = \dfrac{g(u) + t^2}{2tu\sqrt{-3}} & a = 0 \\
|
||||||
@ -329,7 +329,7 @@ $t$ value for multiple $c$ inputs (thereby biasing that encoding):
|
|||||||
it requires $g(u)=0$ which is already outlawed on even-ordered curves and impossible on others; in the second it would trigger division by zero.
|
it requires $g(u)=0$ which is already outlawed on even-ordered curves and impossible on others; in the second it would trigger division by zero.
|
||||||
* Curve-specific special cases also exist that need to be rejected, because they result in $(u,t)$ which is invalid to the decoder, or because of division by zero in the encoder:
|
* Curve-specific special cases also exist that need to be rejected, because they result in $(u,t)$ which is invalid to the decoder, or because of division by zero in the encoder:
|
||||||
* For $a=0$ curves, when $u=0$ or when $t=0$. The latter can only be reached by the encoder when $g(u)=0$, which requires an even-ordered curve.
|
* For $a=0$ curves, when $u=0$ or when $t=0$. The latter can only be reached by the encoder when $g(u)=0$, which requires an even-ordered curve.
|
||||||
* For $a \neq 0$ curves, when $X_0(u)=0$, when $h(u)t^2 = -1$, or when $2w(u + 2v) = 2X_0(u)$ while also either $w \neq 2Y_0(u)$ or $h(u)=0$.
|
* For $a \neq 0$ curves, when $X_0(u)=0$, when $h(u)t^2 = -1$, or when $w(u + 2v) = 2X_0(u)$ while also either $w \neq 2Y_0(u)$ or $h(u)=0$.
|
||||||
|
|
||||||
**Define** a version of $G_{c,u}(x)$ which deals with all these cases:
|
**Define** a version of $G_{c,u}(x)$ which deals with all these cases:
|
||||||
* If $a=0$ and $u=0$, return $\bot.$
|
* If $a=0$ and $u=0$, return $\bot.$
|
||||||
|
@ -161,7 +161,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ellswift_create(
|
|||||||
/** Given a private key, and ElligatorSwift public keys sent in both directions,
|
/** Given a private key, and ElligatorSwift public keys sent in both directions,
|
||||||
* compute a shared secret using x-only Elliptic Curve Diffie-Hellman (ECDH).
|
* compute a shared secret using x-only Elliptic Curve Diffie-Hellman (ECDH).
|
||||||
*
|
*
|
||||||
* Returns: 1: shared secret was succesfully computed
|
* Returns: 1: shared secret was successfully computed
|
||||||
* 0: secret was invalid or hashfp returned 0
|
* 0: secret was invalid or hashfp returned 0
|
||||||
* Args: ctx: pointer to a context object.
|
* Args: ctx: pointer to a context object.
|
||||||
* Out: output: pointer to an array to be filled by hashfp.
|
* Out: output: pointer to an array to be filled by hashfp.
|
||||||
|
Loading…
x
Reference in New Issue
Block a user