group_impl.h File Reference

#include "field.h"
#include "group.h"

Include dependency graph for group_impl.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros
#define	SECP256K1_G_ORDER_7
#define	SECP256K1_G_ORDER_13
#define	SECP256K1_G_ORDER_199
#define	SECP256K1_G
	Generator for secp256k1, value 'g' defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. More...
#define	SECP256K1_B   7

Functions
static void	secp256k1_ge_set_gej_zinv (secp256k1_ge *r, const secp256k1_gej *a, const secp256k1_fe *zi)
static void	secp256k1_ge_set_xy (secp256k1_ge *r, const secp256k1_fe *x, const secp256k1_fe *y)
static int	secp256k1_ge_is_infinity (const secp256k1_ge *a)
static void	secp256k1_ge_neg (secp256k1_ge *r, const secp256k1_ge *a)
static void	secp256k1_ge_set_gej (secp256k1_ge *r, secp256k1_gej *a)
static void	secp256k1_ge_set_gej_var (secp256k1_ge *r, secp256k1_gej *a)
static void	secp256k1_ge_set_all_gej_var (secp256k1_ge *r, const secp256k1_gej *a, size_t len)
static void	secp256k1_ge_table_set_globalz (size_t len, secp256k1_ge *a, const secp256k1_fe *zr)
static void	secp256k1_gej_set_infinity (secp256k1_gej *r)
static void	secp256k1_ge_set_infinity (secp256k1_ge *r)
static void	secp256k1_gej_clear (secp256k1_gej *r)
static void	secp256k1_ge_clear (secp256k1_ge *r)
static int	secp256k1_ge_set_xo_var (secp256k1_ge *r, const secp256k1_fe *x, int odd)
static void	secp256k1_gej_set_ge (secp256k1_gej *r, const secp256k1_ge *a)
static int	secp256k1_gej_eq_var (const secp256k1_gej *a, const secp256k1_gej *b)
static int	secp256k1_gej_eq_x_var (const secp256k1_fe *x, const secp256k1_gej *a)
static void	secp256k1_gej_neg (secp256k1_gej *r, const secp256k1_gej *a)
static int	secp256k1_gej_is_infinity (const secp256k1_gej *a)
static int	secp256k1_ge_is_valid_var (const secp256k1_ge *a)
static SECP256K1_INLINE void	secp256k1_gej_double (secp256k1_gej *r, const secp256k1_gej *a)
static void	secp256k1_gej_double_var (secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr)
static void	secp256k1_gej_add_var (secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr)
static void	secp256k1_gej_add_ge_var (secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr)
static void	secp256k1_gej_add_zinv_var (secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, const secp256k1_fe *bzinv)
static void	secp256k1_gej_add_ge (secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b)
static void	secp256k1_gej_rescale (secp256k1_gej *r, const secp256k1_fe *s)
static void	secp256k1_ge_to_storage (secp256k1_ge_storage *r, const secp256k1_ge *a)
static void	secp256k1_ge_from_storage (secp256k1_ge *r, const secp256k1_ge_storage *a)
static SECP256K1_INLINE void	secp256k1_gej_cmov (secp256k1_gej *r, const secp256k1_gej *a, int flag)
static SECP256K1_INLINE void	secp256k1_ge_storage_cmov (secp256k1_ge_storage *r, const secp256k1_ge_storage *a, int flag)
static void	secp256k1_ge_mul_lambda (secp256k1_ge *r, const secp256k1_ge *a)
static int	secp256k1_ge_is_in_correct_subgroup (const secp256k1_ge *ge)

Variables
static const secp256k1_ge	secp256k1_ge_const_g = SECP256K1_G
static const secp256k1_fe	secp256k1_fe_const_b = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, SECP256K1_B)

Macro Definition Documentation

SECP256K1_B

#define SECP256K1_B   7

Definition at line 70 of file group_impl.h.

SECP256K1_G

#define SECP256K1_G

Value:

    SECP256K1_GE_CONST(\
    0x79be667e, 0xf9dcbbac, 0x55a06295, 0xce870b07,\
    0x029bfcdb, 0x2dce28d9, 0x59f2815b, 0x16f81798,\
    0x483ada77, 0x26a3c465, 0x5da4fbfc, 0x0e1108a8,\
    0xfd17b448, 0xa6855419, 0x9c47d08f, 0xfb10d4b8\
)

Generator for secp256k1, value 'g' defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1.

Definition at line 35 of file group_impl.h.

SECP256K1_G_ORDER_13

#define SECP256K1_G_ORDER_13

Value:

    SECP256K1_GE_CONST(\
    0xa2482ff8, 0x4bf34edf, 0xa51262fd, 0xe57921db,\
    0xe0dd2cb7, 0xa5914790, 0xbc71631f, 0xc09704fb,\
    0x942536cb, 0xa3e49492, 0x3a701cc3, 0xee3e443f,\
    0xdf182aa9, 0x15b8aa6a, 0x166d3b19, 0xba84b045\
)

Definition at line 20 of file group_impl.h.

SECP256K1_G_ORDER_199

#define SECP256K1_G_ORDER_199

Value:

    SECP256K1_GE_CONST(\
    0x7fb07b5c, 0xd07c3bda, 0x553902e2, 0x7a87ea2c,\
    0x35108a7f, 0x051f41e5, 0xb76abad5, 0x1f2703ad,\
    0x0a251539, 0x5b4c4438, 0x952a634f, 0xac10dd4d,\
    0x6d6f4745, 0x98990c27, 0x3a4f3116, 0xd32ff969\
)

Definition at line 26 of file group_impl.h.

SECP256K1_G_ORDER_7

#define SECP256K1_G_ORDER_7

Value:

    SECP256K1_GE_CONST(\
    0x66625d13, 0x317ffe44, 0x63d32cff, 0x1ca02b9b,\
    0xe5c6d070, 0x50b4b05e, 0x81cc30db, 0xf5166f0a,\
    0x1e60e897, 0xa7c00c7c, 0x2df53eb6, 0x98274ff4,\
    0x64252f42, 0x8ca44e17, 0x3b25418c, 0xff4ab0cf\
)

Definition at line 14 of file group_impl.h.

Function Documentation

secp256k1_ge_clear()

static void secp256k1_ge_clear ( secp256k1_ge *  r )

static

Definition at line 218 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_from_storage()

static void secp256k1_ge_from_storage ( secp256k1_ge *  r, const secp256k1_ge_storage *  a  )

static

Definition at line 685 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_is_in_correct_subgroup()

static int secp256k1_ge_is_in_correct_subgroup ( const secp256k1_ge *  ge )

static

Definition at line 709 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_is_infinity()

static int secp256k1_ge_is_infinity ( const secp256k1_ge *  a )

static

Definition at line 94 of file group_impl.h.

secp256k1_ge_is_valid_var()

static int secp256k1_ge_is_valid_var ( const secp256k1_ge *  a )

static

Definition at line 277 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_mul_lambda()

static void secp256k1_ge_mul_lambda ( secp256k1_ge *  r, const secp256k1_ge *  a  )

static

Definition at line 704 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_neg()

static void secp256k1_ge_neg ( secp256k1_ge *  r, const secp256k1_ge *  a  )

static

Definition at line 98 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_set_all_gej_var()

static void secp256k1_ge_set_all_gej_var ( secp256k1_ge *  r, const secp256k1_gej *  a, size_t  len  )

static

Definition at line 132 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_set_gej()

static void secp256k1_ge_set_gej ( secp256k1_ge *  r, secp256k1_gej *  a  )

static

Definition at line 104 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_set_gej_var()

static void secp256k1_ge_set_gej_var ( secp256k1_ge *  r, secp256k1_gej *  a  )

static

Definition at line 117 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_set_gej_zinv()

static void secp256k1_ge_set_gej_zinv ( secp256k1_ge *  r, const secp256k1_gej *  a, const secp256k1_fe *  zi  )

static

Definition at line 77 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_ge_set_infinity()

static void secp256k1_ge_set_infinity ( secp256k1_ge *  r )

static

Definition at line 205 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_ge_set_xo_var()

static int secp256k1_ge_set_xo_var ( secp256k1_ge *  r, const secp256k1_fe *  x, int  odd  )

static

Definition at line 224 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_set_xy()

static void secp256k1_ge_set_xy ( secp256k1_ge *  r, const secp256k1_fe *  x, const secp256k1_fe *  y  )

static

Definition at line 88 of file group_impl.h.

Here is the caller graph for this function:

secp256k1_ge_storage_cmov()

static SECP256K1_INLINE void secp256k1_ge_storage_cmov ( secp256k1_ge_storage *  r, const secp256k1_ge_storage *  a, int  flag  )

static

Definition at line 699 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_table_set_globalz()

static void secp256k1_ge_table_set_globalz ( size_t  len, secp256k1_ge *  a, const secp256k1_fe *  zr  )

static

Definition at line 174 of file group_impl.h.

Here is the call graph for this function:

secp256k1_ge_to_storage()

static void secp256k1_ge_to_storage ( secp256k1_ge_storage *  r, const secp256k1_ge *  a  )

static

Definition at line 674 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_add_ge()

static void secp256k1_gej_add_ge ( secp256k1_gej *  r, const secp256k1_gej *  a, const secp256k1_ge *  b  )

static

Definition at line 531 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_add_ge_var()

static void secp256k1_gej_add_ge_var ( secp256k1_gej *  r, const secp256k1_gej *  a, const secp256k1_ge *  b, secp256k1_fe *  rzr  )

static

Definition at line 409 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_gej_add_var()

static void secp256k1_gej_add_var ( secp256k1_gej *  r, const secp256k1_gej *  a, const secp256k1_gej *  b, secp256k1_fe *  rzr  )

static

Definition at line 349 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_gej_add_zinv_var()

static void secp256k1_gej_add_zinv_var ( secp256k1_gej *  r, const secp256k1_gej *  a, const secp256k1_ge *  b, const secp256k1_fe *  bzinv  )

static

We need to calculate (rx,ry,rz) = (ax,ay,az) + (bx,by,1/bzinv). Due to secp256k1's isomorphism we can multiply the Z coordinates on both sides by bzinv, and get: (rx,ry,rz*bzinv) = (ax,ay,az*bzinv) + (bx,by,1). This means that (rx,ry,rz) can be calculated as (ax,ay,az*bzinv) + (bx,by,1), when not applying the bzinv factor to rz. The variable az below holds the modified Z coordinate for a, which is used for the computation of rx and ry, but not for rz.

Definition at line 466 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_clear()

static void secp256k1_gej_clear ( secp256k1_gej *  r )

static

Definition at line 211 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_cmov()

static SECP256K1_INLINE void secp256k1_gej_cmov ( secp256k1_gej *  r, const secp256k1_gej *  a, int  flag  )

static

Definition at line 691 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_double()

static SECP256K1_INLINE void secp256k1_gej_double ( secp256k1_gej *  r, const secp256k1_gej *  a  )

static

Definition at line 290 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_gej_double_var()

static void secp256k1_gej_double_var ( secp256k1_gej *  r, const secp256k1_gej *  a, secp256k1_fe *  rzr  )

static

For secp256k1, 2Q is infinity if and only if Q is infinity. This is because if 2Q = infinity, Q must equal -Q, or that Q.y == -(Q.y), or Q.y is 0. For a point on y^2 = x^3 + 7 to have y=0, x^3 must be -7 mod p. However, -7 has no cube root mod p.

Having said this, if this function receives a point on a sextic twist, e.g. by a fault attack, it is possible for y to be 0. This happens for y^2 = x^3 + 6, since -6 does have a cube root mod p. For this point, this function will not set the infinity flag even though the point doubles to infinity, and the result point will be gibberish (z = 0 but infinity = 0).

Definition at line 322 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_gej_eq_var()

static int secp256k1_gej_eq_var ( const secp256k1_gej *  a, const secp256k1_gej *  b  )

static

Definition at line 249 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_eq_x_var()

static int secp256k1_gej_eq_x_var ( const secp256k1_fe *  x, const secp256k1_gej *  a  )

static

Definition at line 256 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_is_infinity()

static int secp256k1_gej_is_infinity ( const secp256k1_gej *  a )

static

Definition at line 273 of file group_impl.h.

Here is the caller graph for this function:

secp256k1_gej_neg()

static void secp256k1_gej_neg ( secp256k1_gej *  r, const secp256k1_gej *  a  )

static

Definition at line 264 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_gej_rescale()

static void secp256k1_gej_rescale ( secp256k1_gej *  r, const secp256k1_fe *  s  )

static

Definition at line 663 of file group_impl.h.

Here is the call graph for this function:

secp256k1_gej_set_ge()

static void secp256k1_gej_set_ge ( secp256k1_gej *  r, const secp256k1_ge *  a  )

static

Definition at line 242 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

secp256k1_gej_set_infinity()

static void secp256k1_gej_set_infinity ( secp256k1_gej *  r )

static

Definition at line 198 of file group_impl.h.

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

secp256k1_fe_const_b

const secp256k1_fe secp256k1_fe_const_b = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, SECP256K1_B)

static

Definition at line 75 of file group_impl.h.

secp256k1_ge_const_g

const secp256k1_ge secp256k1_ge_const_g = SECP256K1_G

static

Definition at line 69 of file group_impl.h.