Bitcoin Core  27.99.0
P2P Digital Currency
Macros | Functions
scalar.h File Reference
#include "util.h"
#include "scalar_8x32.h"
Include dependency graph for scalar.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define SECP256K1_SCALAR_VERIFY(r)   secp256k1_scalar_verify(r)
 

Functions

static void secp256k1_scalar_clear (secp256k1_scalar *r)
 Clear a scalar to prevent the leak of sensitive data. More...
 
static unsigned int secp256k1_scalar_get_bits (const secp256k1_scalar *a, unsigned int offset, unsigned int count)
 Access bits from a scalar. More...
 
static unsigned int secp256k1_scalar_get_bits_var (const secp256k1_scalar *a, unsigned int offset, unsigned int count)
 Access bits from a scalar. More...
 
static void secp256k1_scalar_set_b32 (secp256k1_scalar *r, const unsigned char *bin, int *overflow)
 Set a scalar from a big endian byte array. More...
 
static int secp256k1_scalar_set_b32_seckey (secp256k1_scalar *r, const unsigned char *bin)
 Set a scalar from a big endian byte array and returns 1 if it is a valid seckey and 0 otherwise. More...
 
static void secp256k1_scalar_set_int (secp256k1_scalar *r, unsigned int v)
 Set a scalar to an unsigned integer. More...
 
static void secp256k1_scalar_get_b32 (unsigned char *bin, const secp256k1_scalar *a)
 Convert a scalar to a byte array. More...
 
static int secp256k1_scalar_add (secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
 Add two scalars together (modulo the group order). More...
 
static void secp256k1_scalar_cadd_bit (secp256k1_scalar *r, unsigned int bit, int flag)
 Conditionally add a power of two to a scalar. More...
 
static void secp256k1_scalar_mul (secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
 Multiply two scalars (modulo the group order). More...
 
static void secp256k1_scalar_inverse (secp256k1_scalar *r, const secp256k1_scalar *a)
 Compute the inverse of a scalar (modulo the group order). More...
 
static void secp256k1_scalar_inverse_var (secp256k1_scalar *r, const secp256k1_scalar *a)
 Compute the inverse of a scalar (modulo the group order), without constant-time guarantee. More...
 
static void secp256k1_scalar_negate (secp256k1_scalar *r, const secp256k1_scalar *a)
 Compute the complement of a scalar (modulo the group order). More...
 
static void secp256k1_scalar_half (secp256k1_scalar *r, const secp256k1_scalar *a)
 Multiply a scalar with the multiplicative inverse of 2. More...
 
static int secp256k1_scalar_is_zero (const secp256k1_scalar *a)
 Check whether a scalar equals zero. More...
 
static int secp256k1_scalar_is_one (const secp256k1_scalar *a)
 Check whether a scalar equals one. More...
 
static int secp256k1_scalar_is_even (const secp256k1_scalar *a)
 Check whether a scalar, considered as an nonnegative integer, is even. More...
 
static int secp256k1_scalar_is_high (const secp256k1_scalar *a)
 Check whether a scalar is higher than the group order divided by 2. More...
 
static int secp256k1_scalar_cond_negate (secp256k1_scalar *a, int flag)
 Conditionally negate a number, in constant time. More...
 
static int secp256k1_scalar_eq (const secp256k1_scalar *a, const secp256k1_scalar *b)
 Compare two scalars. More...
 
static void secp256k1_scalar_split_128 (secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *k)
 Find r1 and r2 such that r1+r2*2^128 = k. More...
 
static void secp256k1_scalar_split_lambda (secp256k1_scalar *SECP256K1_RESTRICT r1, secp256k1_scalar *SECP256K1_RESTRICT r2, const secp256k1_scalar *SECP256K1_RESTRICT k)
 Find r1 and r2 such that r1+r2*lambda = k, where r1 and r2 or their negations are maximum 128 bits long (see secp256k1_ge_mul_lambda). More...
 
static void secp256k1_scalar_mul_shift_var (secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift)
 Multiply a and b (without taking the modulus!), divide by 2**shift, and round to the nearest integer. More...
 
static void secp256k1_scalar_cmov (secp256k1_scalar *r, const secp256k1_scalar *a, int flag)
 If flag is true, set *r equal to *a; otherwise leave it. More...
 
static void secp256k1_scalar_verify (const secp256k1_scalar *r)
 Check invariants on a scalar (no-op unless VERIFY is enabled). More...
 

Macro Definition Documentation

◆ SECP256K1_SCALAR_VERIFY

#define SECP256K1_SCALAR_VERIFY (   r)    secp256k1_scalar_verify(r)

Definition at line 103 of file scalar.h.

Function Documentation

◆ secp256k1_scalar_add()

static int secp256k1_scalar_add ( secp256k1_scalar r,
const secp256k1_scalar a,
const secp256k1_scalar b 
)
static

Add two scalars together (modulo the group order).

Returns whether it overflowed.

Here is the caller graph for this function:

◆ secp256k1_scalar_cadd_bit()

static void secp256k1_scalar_cadd_bit ( secp256k1_scalar r,
unsigned int  bit,
int  flag 
)
static

Conditionally add a power of two to a scalar.

The result is not allowed to overflow.

Here is the caller graph for this function:

◆ secp256k1_scalar_clear()

static void secp256k1_scalar_clear ( secp256k1_scalar r)
static

Clear a scalar to prevent the leak of sensitive data.

Here is the caller graph for this function:

◆ secp256k1_scalar_cmov()

static void secp256k1_scalar_cmov ( secp256k1_scalar r,
const secp256k1_scalar a,
int  flag 
)
static

If flag is true, set *r equal to *a; otherwise leave it.

Constant-time. Both *r and *a must be initialized.

Here is the caller graph for this function:

◆ secp256k1_scalar_cond_negate()

static int secp256k1_scalar_cond_negate ( secp256k1_scalar a,
int  flag 
)
static

Conditionally negate a number, in constant time.

Returns -1 if the number was negated, 1 otherwise

Here is the caller graph for this function:

◆ secp256k1_scalar_eq()

static int secp256k1_scalar_eq ( const secp256k1_scalar a,
const secp256k1_scalar b 
)
static

Compare two scalars.

Here is the caller graph for this function:

◆ secp256k1_scalar_get_b32()

static void secp256k1_scalar_get_b32 ( unsigned char *  bin,
const secp256k1_scalar a 
)
static

Convert a scalar to a byte array.

Here is the caller graph for this function:

◆ secp256k1_scalar_get_bits()

static unsigned int secp256k1_scalar_get_bits ( const secp256k1_scalar a,
unsigned int  offset,
unsigned int  count 
)
static

Access bits from a scalar.

All requested bits must belong to the same 32-bit limb.

Here is the caller graph for this function:

◆ secp256k1_scalar_get_bits_var()

static unsigned int secp256k1_scalar_get_bits_var ( const secp256k1_scalar a,
unsigned int  offset,
unsigned int  count 
)
static

Access bits from a scalar.

Not constant time in offset and count.

Here is the caller graph for this function:

◆ secp256k1_scalar_half()

static void secp256k1_scalar_half ( secp256k1_scalar r,
const secp256k1_scalar a 
)
static

Multiply a scalar with the multiplicative inverse of 2.

Here is the caller graph for this function:

◆ secp256k1_scalar_inverse()

static void secp256k1_scalar_inverse ( secp256k1_scalar r,
const secp256k1_scalar a 
)
static

Compute the inverse of a scalar (modulo the group order).

Here is the caller graph for this function:

◆ secp256k1_scalar_inverse_var()

static void secp256k1_scalar_inverse_var ( secp256k1_scalar r,
const secp256k1_scalar a 
)
static

Compute the inverse of a scalar (modulo the group order), without constant-time guarantee.

Here is the caller graph for this function:

◆ secp256k1_scalar_is_even()

static int secp256k1_scalar_is_even ( const secp256k1_scalar a)
static

Check whether a scalar, considered as an nonnegative integer, is even.

Here is the caller graph for this function:

◆ secp256k1_scalar_is_high()

static int secp256k1_scalar_is_high ( const secp256k1_scalar a)
static

Check whether a scalar is higher than the group order divided by 2.

Here is the caller graph for this function:

◆ secp256k1_scalar_is_one()

static int secp256k1_scalar_is_one ( const secp256k1_scalar a)
static

Check whether a scalar equals one.

Here is the caller graph for this function:

◆ secp256k1_scalar_is_zero()

static int secp256k1_scalar_is_zero ( const secp256k1_scalar a)
static

Check whether a scalar equals zero.

Here is the caller graph for this function:

◆ secp256k1_scalar_mul()

static void secp256k1_scalar_mul ( secp256k1_scalar r,
const secp256k1_scalar a,
const secp256k1_scalar b 
)
static

Multiply two scalars (modulo the group order).

Here is the caller graph for this function:

◆ secp256k1_scalar_mul_shift_var()

static void secp256k1_scalar_mul_shift_var ( secp256k1_scalar r,
const secp256k1_scalar a,
const secp256k1_scalar b,
unsigned int  shift 
)
static

Multiply a and b (without taking the modulus!), divide by 2**shift, and round to the nearest integer.

Shift must be at least 256.

Here is the caller graph for this function:

◆ secp256k1_scalar_negate()

static void secp256k1_scalar_negate ( secp256k1_scalar r,
const secp256k1_scalar a 
)
static

Compute the complement of a scalar (modulo the group order).

Here is the caller graph for this function:

◆ secp256k1_scalar_set_b32()

static void secp256k1_scalar_set_b32 ( secp256k1_scalar r,
const unsigned char *  bin,
int *  overflow 
)
static

Set a scalar from a big endian byte array.

The scalar will be reduced modulo group order n. In: bin: pointer to a 32-byte array. Out: r: scalar to be set. overflow: non-zero if the scalar was bigger or equal to n before reduction, zero otherwise (can be NULL).

Here is the caller graph for this function:

◆ secp256k1_scalar_set_b32_seckey()

static int secp256k1_scalar_set_b32_seckey ( secp256k1_scalar r,
const unsigned char *  bin 
)
static

Set a scalar from a big endian byte array and returns 1 if it is a valid seckey and 0 otherwise.

Here is the caller graph for this function:

◆ secp256k1_scalar_set_int()

static void secp256k1_scalar_set_int ( secp256k1_scalar r,
unsigned int  v 
)
static

Set a scalar to an unsigned integer.

Here is the caller graph for this function:

◆ secp256k1_scalar_split_128()

static void secp256k1_scalar_split_128 ( secp256k1_scalar r1,
secp256k1_scalar r2,
const secp256k1_scalar k 
)
static

Find r1 and r2 such that r1+r2*2^128 = k.

Here is the caller graph for this function:

◆ secp256k1_scalar_split_lambda()

static void secp256k1_scalar_split_lambda ( secp256k1_scalar *SECP256K1_RESTRICT  r1,
secp256k1_scalar *SECP256K1_RESTRICT  r2,
const secp256k1_scalar *SECP256K1_RESTRICT  k 
)
static

Find r1 and r2 such that r1+r2*lambda = k, where r1 and r2 or their negations are maximum 128 bits long (see secp256k1_ge_mul_lambda).

It is required that r1, r2, and k all point to different objects.

Here is the caller graph for this function:

◆ secp256k1_scalar_verify()

static void secp256k1_scalar_verify ( const secp256k1_scalar r)
static

Check invariants on a scalar (no-op unless VERIFY is enabled).