Add scalar splitting functions

Which currently delegate to the lambda-splitter in group.
This commit is contained in:
Pieter Wuille 2014-11-26 16:22:02 +01:00
parent d1502eb459
commit 6794be6080
4 changed files with 60 additions and 0 deletions

View File

@ -72,4 +72,11 @@ static int secp256k1_scalar_is_high(const secp256k1_scalar_t *a);
/** Convert a scalar to a number. */
static void secp256k1_scalar_get_num(secp256k1_num_t *r, const secp256k1_scalar_t *a);
static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a);
#ifdef USE_ENDOMORPHISM
/** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (see secp256k1_gej_mul_lambda). */
static void secp256k1_scalar_split_lambda_var(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a);
#endif
#endif

View File

@ -390,4 +390,15 @@ static void secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t
#undef extract
#undef extract_fast
static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a) {
r1->d[0] = a->d[0];
r1->d[1] = a->d[1];
r1->d[2] = 0;
r1->d[3] = 0;
r2->d[0] = a->d[2];
r2->d[1] = a->d[3];
r2->d[2] = 0;
r2->d[3] = 0;
}
#endif

View File

@ -615,4 +615,23 @@ static void secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t
#undef extract
#undef extract_fast
static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a) {
r1->d[0] = a->d[0];
r1->d[1] = a->d[1];
r1->d[2] = a->d[2];
r1->d[3] = a->d[3];
r1->d[4] = 0;
r1->d[5] = 0;
r1->d[6] = 0;
r1->d[7] = 0;
r2->d[0] = a->d[4];
r2->d[1] = a->d[5];
r2->d[2] = a->d[6];
r2->d[3] = a->d[7];
r2->d[4] = 0;
r2->d[5] = 0;
r2->d[6] = 0;
r2->d[7] = 0;
}
#endif

View File

@ -198,4 +198,27 @@ static void secp256k1_scalar_inverse_var(secp256k1_scalar_t *r, const secp256k1_
#endif
}
#ifdef USE_ENDOMORPHISM
static void secp256k1_scalar_split_lambda_var(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a) {
unsigned char b[32];
secp256k1_scalar_get_b32(b, a);
secp256k1_num_t na;
secp256k1_num_set_bin(&na, b, 32);
secp256k1_num_t rn1, rn2;
secp256k1_gej_split_exp_var(&rn1, &rn2, &na);
secp256k1_num_get_bin(b, 32, &rn1);
secp256k1_scalar_set_b32(r1, b, NULL);
if (secp256k1_num_is_neg(&rn1)) {
secp256k1_scalar_negate(r1, r1);
}
secp256k1_num_get_bin(b, 32, &rn2);
secp256k1_scalar_set_b32(r2, b, NULL);
if (secp256k1_num_is_neg(&rn2)) {
secp256k1_scalar_negate(r2, r2);
}
}
#endif
#endif