Bitcoin ABC  0.26.3
P2P Digital Currency
main_impl.h
Go to the documentation of this file.
1 /***********************************************************************
2  * Copyright (c) 2017 Tomas van der Wansem *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5  ***********************************************************************/
6 
7 #ifndef SECP256K1_MODULE_MULTISET_MAIN_H
8 #define SECP256K1_MODULE_MULTISET_MAIN_H
9 
10 
11 #include "include/secp256k1_multiset.h"
12 
13 #include "hash.h"
14 #include "field.h"
15 #include "group.h"
16 
21 static void multiset_from_gej_var(secp256k1_multiset *target, const secp256k1_gej *input) {
22  if (input->infinity) {
23  memset(&target->d, 0, sizeof(target->d));
24  } else {
25  secp256k1_fe_get_b32(target->d, &input->x);
26  secp256k1_fe_get_b32(target->d+32, &input->y);
27  secp256k1_fe_get_b32(target->d+64, &input->z);
28  }
29 }
30 
34 static void gej_from_multiset_var(secp256k1_gej *target, const secp256k1_multiset *input) {
35  secp256k1_fe_set_b32(&target->x, input->d);
36  secp256k1_fe_set_b32(&target->y, input->d+32);
37  secp256k1_fe_set_b32(&target->z, input->d+64);
38 
39  target->infinity = secp256k1_fe_is_zero(&target->z) ? 1 : 0;
40 }
41 
50 static void ge_from_data_var(secp256k1_ge *target, const unsigned char *input, size_t inputLen, int inverse) {
51  secp256k1_sha256 hasher;
52  unsigned char buffer[8+32];
53  unsigned char trial[32];
54  uint64_t prefix;
55 
56  /* Hash to buffer, leaving space for 8-byte prefix */
57  secp256k1_sha256_initialize(&hasher);
58  secp256k1_sha256_write(&hasher, input, inputLen);
59  secp256k1_sha256_finalize(&hasher, buffer+8);
60 
61  /* Loop through trials, with 50% success per loop
62  * We can assume it ends within 2^64. */
63  for(prefix=0; 1; prefix++)
64  {
65  secp256k1_fe x;
66 
67  /* Set prefix in little-endian */
68  buffer[0] = prefix & 0xFF;
69  buffer[1] = (prefix>>8) & 0xFF;
70  buffer[2] = (prefix>>16) & 0xFF;
71  buffer[3] = (prefix>>24) & 0xFF;
72  buffer[4] = (prefix>>32) & 0xFF;
73  buffer[5] = (prefix>>40) & 0xFF;
74  buffer[6] = (prefix>>48) & 0xFF;
75  buffer[7] = (prefix>>56) & 0xFF;
76 
77  /* Hash to trial */
78  secp256k1_sha256_initialize(&hasher);
79  secp256k1_sha256_write(&hasher, buffer, sizeof(buffer));
80  secp256k1_sha256_finalize(&hasher, trial);
81 
82  if (!secp256k1_fe_set_b32(&x, trial)) {
83  continue;
84  }
85 
86  /* We let y is even be the element and odd be its inverse */
87  if (!secp256k1_ge_set_xo_var(target, &x, inverse)) {
88  continue;
89  }
90 
91  VERIFY_CHECK(secp256k1_ge_is_valid_var(target));
92  VERIFY_CHECK(!secp256k1_ge_is_infinity(target));
93  break;
94  }
95 }
96 
98 static int multiset_add_remove(const secp256k1_context* ctx, secp256k1_multiset *multiset, const unsigned char *input, size_t inputLen, int remove) {
99  secp256k1_ge newelm;
100  secp256k1_gej source, target;
101 
102  VERIFY_CHECK(ctx != NULL);
103  ARG_CHECK(multiset != NULL);
104  ARG_CHECK(input != NULL);
105 
106  gej_from_multiset_var(&source, multiset);
107  ge_from_data_var(&newelm, input, inputLen, remove);
108 
109  /*
110  * The `target` group element needs to be initialized.
111  * If the result of the addition is infinity, the field elements won't be
112  * set and the `secp256k1_fe_normalize` calls below will branch on
113  * uninitialized data.
114  */
115  secp256k1_gej_set_infinity(&target);
116  secp256k1_gej_add_ge_var(&target, &source, &newelm, NULL);
117 
118  secp256k1_fe_normalize(&target.x);
119  secp256k1_fe_normalize(&target.y);
120  secp256k1_fe_normalize(&target.z);
121  multiset_from_gej_var(multiset, &target);
122 
123  return 1;
124 }
125 
127 int secp256k1_multiset_add(const secp256k1_context* ctx, secp256k1_multiset *multiset, const unsigned char *input, size_t inputLen) {
128  return multiset_add_remove(ctx, multiset, input, inputLen, 0);
129 }
130 
132 int secp256k1_multiset_remove(const secp256k1_context* ctx, secp256k1_multiset *multiset, const unsigned char *input, size_t inputLen) {
133  return multiset_add_remove(ctx, multiset, input, inputLen, 1);
134 }
135 
137 int secp256k1_multiset_combine(const secp256k1_context* ctx, secp256k1_multiset *multiset, const secp256k1_multiset *input) {
138  secp256k1_gej gej_multiset, gej_input, gej_result;
139 
140  VERIFY_CHECK(ctx != NULL);
141  ARG_CHECK(multiset != NULL);
142  ARG_CHECK(input != NULL);
143 
144  gej_from_multiset_var(&gej_multiset, multiset);
145  gej_from_multiset_var(&gej_input, input);
146 
147  /*
148  * The `gej_result` group element needs to be initialized.
149  * If the result of the addition is infinity, the field elements won't be
150  * set and the `secp256k1_fe_normalize` calls below will branch on
151  * uninitialized data.
152  */
153  secp256k1_gej_set_infinity(&gej_result);
154  secp256k1_gej_add_var(&gej_result, &gej_multiset, &gej_input, NULL);
155 
156  secp256k1_fe_normalize(&gej_result.x);
157  secp256k1_fe_normalize(&gej_result.y);
158  secp256k1_fe_normalize(&gej_result.z);
159  multiset_from_gej_var(multiset, &gej_result);
160 
161  return 1;
162 }
163 
165 int secp256k1_multiset_finalize(const secp256k1_context* ctx, unsigned char *resultHash, const secp256k1_multiset *multiset) {
166  secp256k1_sha256 hasher;
167  unsigned char buffer[64];
168  secp256k1_gej gej;
169  secp256k1_ge ge;
170 
171  VERIFY_CHECK(ctx != NULL);
172  ARG_CHECK(resultHash != NULL);
173  ARG_CHECK(multiset != NULL);
174 
175  gej_from_multiset_var(&gej, multiset);
176 
177  if (gej.infinity) {
178  /* empty set is encoded as zeros */
179  memset(resultHash, 0x00, 32);
180  return 1;
181  }
182 
183  /* we must normalize to affine first */
184  secp256k1_ge_set_gej(&ge, &gej);
185  secp256k1_fe_normalize(&ge.x);
186  secp256k1_fe_normalize(&ge.y);
187  secp256k1_fe_get_b32(buffer, &ge.x);
188  secp256k1_fe_get_b32(buffer+32, &ge.y);
189 
190  secp256k1_sha256_initialize(&hasher);
191  secp256k1_sha256_write(&hasher, buffer, sizeof(buffer));
192  secp256k1_sha256_finalize(&hasher, resultHash);
193 
194  return 1;
195 }
196 
200 int secp256k1_multiset_init(const secp256k1_context* ctx, secp256k1_multiset *multiset) {
201  const secp256k1_gej inf = SECP256K1_GEJ_CONST_INFINITY;
202 
203  VERIFY_CHECK(ctx != NULL);
204 
205  multiset_from_gej_var(multiset, &inf);
206 
207  return 1;
208 }
209 
210 #endif /* SECP256K1_MODULE_MULTISET_MAIN_H */
ctx
secp256k1_context * ctx
Definition: bench_multiset.c:12
secp256k1_fe_set_b32
static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a)
Set a field element equal to 32-byte big endian value.
secp256k1_fe_is_zero
static int secp256k1_fe_is_zero(const secp256k1_fe *a)
Verify whether a field element is zero.
secp256k1_fe_normalize
static void secp256k1_fe_normalize(secp256k1_fe *r)
Field element module.
secp256k1_fe_get_b32
static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a)
Convert a field element to a 32-byte big endian value.
SECP256K1_GEJ_CONST_INFINITY
#define SECP256K1_GEJ_CONST_INFINITY
Definition: group.h:31
secp256k1_gej_set_infinity
static void secp256k1_gej_set_infinity(secp256k1_gej *r)
Set a group element (jacobian) equal to the point at infinity.
secp256k1_ge_set_xo_var
static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd)
Set a group element (affine) equal to the point with the given X coordinate, and given oddness for Y.
secp256k1_gej_add_ge_var
static void secp256k1_gej_add_ge_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr)
Set r equal to the sum of a and b (with b given in affine coordinates).
secp256k1_ge_is_valid_var
static int secp256k1_ge_is_valid_var(const secp256k1_ge *a)
Check whether a group element is valid (i.e., on the curve).
secp256k1_gej_add_var
static void secp256k1_gej_add_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr)
Set r equal to the sum of a and b.
secp256k1_ge_set_gej
static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a)
Set a group element equal to another which is given in jacobian coordinates.
secp256k1_ge_is_infinity
static int secp256k1_ge_is_infinity(const secp256k1_ge *a)
Check whether a group element is the point at infinity.
secp256k1_multiset_remove
int secp256k1_multiset_remove(const secp256k1_context *ctx, secp256k1_multiset *multiset, const unsigned char *input, size_t inputLen)
Removes a data element from the multiset.
Definition: main_impl.h:132
ge_from_data_var
static void ge_from_data_var(secp256k1_ge *target, const unsigned char *input, size_t inputLen, int inverse)
Converts a data element to a group element (affine)
Definition: main_impl.h:50
secp256k1_multiset_combine
int secp256k1_multiset_combine(const secp256k1_context *ctx, secp256k1_multiset *multiset, const secp256k1_multiset *input)
Adds input multiset to multiset.
Definition: main_impl.h:137
secp256k1_multiset_add
int secp256k1_multiset_add(const secp256k1_context *ctx, secp256k1_multiset *multiset, const unsigned char *input, size_t inputLen)
Adds a data element to the multiset.
Definition: main_impl.h:127
secp256k1_multiset_init
int secp256k1_multiset_init(const secp256k1_context *ctx, secp256k1_multiset *multiset)
Inits the multiset with the constant for empty data, represented by the Jacobian GE infinite.
Definition: main_impl.h:200
multiset_add_remove
static int multiset_add_remove(const secp256k1_context *ctx, secp256k1_multiset *multiset, const unsigned char *input, size_t inputLen, int remove)
Adds or removes a data element.
Definition: main_impl.h:98
gej_from_multiset_var
static void gej_from_multiset_var(secp256k1_gej *target, const secp256k1_multiset *input)
Converts a multiset to group element (Jacobian) Infinite uses special value, z = 0.
Definition: main_impl.h:34
multiset_from_gej_var
static void multiset_from_gej_var(secp256k1_multiset *target, const secp256k1_gej *input)
Converts a group element (Jacobian) to a multiset.
Definition: main_impl.h:21
secp256k1_multiset_finalize
int secp256k1_multiset_finalize(const secp256k1_context *ctx, unsigned char *resultHash, const secp256k1_multiset *multiset)
Hash the multiset into resultHash.
Definition: main_impl.h:165
prefix
const char * prefix
Definition: rest.cpp:819
source
const char * source
Definition: rpcconsole.cpp:53
secp256k1_sha256_initialize
static void secp256k1_sha256_initialize(secp256k1_sha256 *hash)
secp256k1_sha256_finalize
static void secp256k1_sha256_finalize(secp256k1_sha256 *hash, unsigned char *out32)
secp256k1_sha256_write
static void secp256k1_sha256_write(secp256k1_sha256 *hash, const unsigned char *data, size_t size)
VERIFY_CHECK
#define VERIFY_CHECK(cond)
Definition: util.h:68
ARG_CHECK
#define ARG_CHECK(cond)
Definition: secp256k1.c:28
secp256k1_multiset.h
secp256k1_context_struct
Definition: secp256k1.c:69
secp256k1_fe
Definition: field_10x26.h:12
secp256k1_ge
A group element of the secp256k1 curve, in affine coordinates.
Definition: group.h:13
secp256k1_ge::x
secp256k1_fe x
Definition: group.h:14
secp256k1_ge::y
secp256k1_fe y
Definition: group.h:15
secp256k1_gej
A group element of the secp256k1 curve, in jacobian coordinates.
Definition: group.h:23
secp256k1_gej::y
secp256k1_fe y
Definition: group.h:25
secp256k1_gej::x
secp256k1_fe x
Definition: group.h:24
secp256k1_gej::infinity
int infinity
Definition: group.h:27
secp256k1_gej::z
secp256k1_fe z
Definition: group.h:26
secp256k1_multiset
Opaque multiset; this is actually a group element.
Definition: secp256k1_multiset.h:20
secp256k1_multiset::d
unsigned char d[96]
Definition: secp256k1_multiset.h:21
secp256k1_sha256
Definition: hash.h:13
Generated on Thu Apr 18 2024 02:36:28 for Bitcoin ABC by doxygen 1.9.1