From 764332d05dc72184062d422ed2e866dc52344daa Mon Sep 17 00:00:00 2001 From: Pieter Wuille Date: Sun, 5 May 2013 01:18:23 +0200 Subject: [PATCH] Make pubkeys, set_xo, ... ge instead of gej --- src/bench.c | 4 ++-- src/ecdsa.h | 4 ++-- src/group.h | 14 +++++++------- src/impl/ecdsa.h | 15 ++++++++------- src/impl/group.h | 16 ++++++++++++++-- src/secp256k1.c | 10 ++++------ src/tests.c | 6 ++++-- 7 files changed, 41 insertions(+), 28 deletions(-) diff --git a/src/bench.c b/src/bench.c index 468a454..eeb7134 100644 --- a/src/bench.c +++ b/src/bench.c @@ -45,8 +45,8 @@ int main() { random_num_order(&s); random_num_order(&m); secp256k1_ecdsa_sig_set_rs(&sig, &r, &s); - secp256k1_gej_t pubkey; secp256k1_gej_set_xo(&pubkey, &x, 1); - if (secp256k1_gej_is_valid(&pubkey)) { + secp256k1_ge_t pubkey; secp256k1_ge_set_xo(&pubkey, &x, 1); + if (secp256k1_ge_is_valid(&pubkey)) { cnt++; good += secp256k1_ecdsa_sig_verify(&sig, &pubkey, &m); } diff --git a/src/ecdsa.h b/src/ecdsa.h index 5ddbf65..b18e506 100644 --- a/src/ecdsa.h +++ b/src/ecdsa.h @@ -10,11 +10,11 @@ typedef struct { void static secp256k1_ecdsa_sig_init(secp256k1_ecdsa_sig_t *r); void static secp256k1_ecdsa_sig_free(secp256k1_ecdsa_sig_t *r); -int static secp256k1_ecdsa_pubkey_parse(secp256k1_gej_t *elem, const unsigned char *pub, int size); +int static secp256k1_ecdsa_pubkey_parse(secp256k1_ge_t *elem, const unsigned char *pub, int size); void static secp256k1_ecdsa_pubkey_serialize(secp256k1_ge_t *elem, unsigned char *pub, int *size, int compressed); int static secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned char *sig, int size); int static secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const secp256k1_ecdsa_sig_t *a); -int static secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const secp256k1_gej_t *pubkey, const secp256k1_num_t *message); +int static secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_num_t *message); int static secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *seckey, const secp256k1_num_t *message, const secp256k1_num_t *nonce); void static secp256k1_ecdsa_sig_set_rs(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *r, const secp256k1_num_t *s); diff --git a/src/group.h b/src/group.h index 7dd9a9d..1196299 100644 --- a/src/group.h +++ b/src/group.h @@ -43,9 +43,16 @@ void static secp256k1_ge_set_infinity(secp256k1_ge_t *r); /** Set a group element equal to the point with given X and Y coordinates */ void static secp256k1_ge_set_xy(secp256k1_ge_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y); +/** Set a group element (jacobian) equal to the point with given X coordinate, and given oddness for Y. + The result is not guaranteed to be valid. */ +void static secp256k1_ge_set_xo(secp256k1_ge_t *r, const secp256k1_fe_t *x, int odd); + /** Check whether a group element is the point at infinity. */ int static secp256k1_ge_is_infinity(const secp256k1_ge_t *a); +/** Check whether a group element is valid (i.e., on the curve). */ +int static secp256k1_ge_is_valid(const secp256k1_ge_t *a); + void static secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a); /** Get a hex representation of a point. *rlen will be overwritten with the real length. */ @@ -61,10 +68,6 @@ void static secp256k1_gej_set_infinity(secp256k1_gej_t *r); /** Set a group element (jacobian) equal to the point with given X and Y coordinates. */ void static secp256k1_gej_set_xy(secp256k1_gej_t *r, const secp256k1_fe_t *x, const secp256k1_fe_t *y); -/** Set a group element (jacobian) equal to the point with given X coordinate, and given oddness for Y. - The result is not guaranteed to be valid. */ -void static secp256k1_gej_set_xo(secp256k1_gej_t *r, const secp256k1_fe_t *x, int odd); - /** Set a group element (jacobian) equal to another which is given in affine coordinates. */ void static secp256k1_gej_set_ge(secp256k1_gej_t *r, const secp256k1_ge_t *a); @@ -77,9 +80,6 @@ void static secp256k1_gej_neg(secp256k1_gej_t *r, const secp256k1_gej_t *a); /** Check whether a group element is the point at infinity. */ int static secp256k1_gej_is_infinity(const secp256k1_gej_t *a); -/** Check whether a group element (jacobian) is valid (i.e., on the curve). */ -int static secp256k1_gej_is_valid(const secp256k1_gej_t *a); - /** Set r equal to the double of a. */ void static secp256k1_gej_double(secp256k1_gej_t *r, const secp256k1_gej_t *a); diff --git a/src/impl/ecdsa.h b/src/impl/ecdsa.h index e7dfba4..51afe20 100644 --- a/src/impl/ecdsa.h +++ b/src/impl/ecdsa.h @@ -17,22 +17,22 @@ void static secp256k1_ecdsa_sig_free(secp256k1_ecdsa_sig_t *r) { secp256k1_num_free(&r->s); } -int static secp256k1_ecdsa_pubkey_parse(secp256k1_gej_t *elem, const unsigned char *pub, int size) { +int static secp256k1_ecdsa_pubkey_parse(secp256k1_ge_t *elem, const unsigned char *pub, int size) { if (size == 33 && (pub[0] == 0x02 || pub[0] == 0x03)) { secp256k1_fe_t x; secp256k1_fe_set_b32(&x, pub+1); - secp256k1_gej_set_xo(elem, &x, pub[0] == 0x03); + secp256k1_ge_set_xo(elem, &x, pub[0] == 0x03); } else if (size == 65 && (pub[0] == 0x04 || pub[0] == 0x06 || pub[0] == 0x07)) { secp256k1_fe_t x, y; secp256k1_fe_set_b32(&x, pub+1); secp256k1_fe_set_b32(&y, pub+33); - secp256k1_gej_set_xy(elem, &x, &y); + secp256k1_ge_set_xy(elem, &x, &y); if ((pub[0] == 0x06 || pub[0] == 0x07) && secp256k1_fe_is_odd(&y) != (pub[0] == 0x07)) return 0; } else { return 0; } - return secp256k1_gej_is_valid(elem); + return secp256k1_ge_is_valid(elem); } int static secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned char *sig, int size) { @@ -72,7 +72,7 @@ int static secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const se return 1; } -int static secp256k1_ecdsa_sig_recompute(secp256k1_num_t *r2, const secp256k1_ecdsa_sig_t *sig, const secp256k1_gej_t *pubkey, const secp256k1_num_t *message) { +int static secp256k1_ecdsa_sig_recompute(secp256k1_num_t *r2, const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_num_t *message) { const secp256k1_ge_consts_t *c = secp256k1_ge_consts; if (secp256k1_num_is_neg(&sig->r) || secp256k1_num_is_neg(&sig->s)) @@ -90,7 +90,8 @@ int static secp256k1_ecdsa_sig_recompute(secp256k1_num_t *r2, const secp256k1_ec secp256k1_num_mod_inverse(&sn, &sig->s, &c->order); secp256k1_num_mod_mul(&u1, &sn, message, &c->order); secp256k1_num_mod_mul(&u2, &sn, &sig->r, &c->order); - secp256k1_gej_t pr; secp256k1_ecmult(&pr, pubkey, &u2, &u1); + secp256k1_gej_t pubkeyj; secp256k1_gej_set_ge(&pubkeyj, pubkey); + secp256k1_gej_t pr; secp256k1_ecmult(&pr, &pubkeyj, &u2, &u1); if (!secp256k1_gej_is_infinity(&pr)) { secp256k1_fe_t xr; secp256k1_gej_get_x(&xr, &pr); secp256k1_fe_normalize(&xr); @@ -105,7 +106,7 @@ int static secp256k1_ecdsa_sig_recompute(secp256k1_num_t *r2, const secp256k1_ec return ret; } -int static secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const secp256k1_gej_t *pubkey, const secp256k1_num_t *message) { +int static secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const secp256k1_ge_t *pubkey, const secp256k1_num_t *message) { secp256k1_num_t r2; secp256k1_num_init(&r2); int ret = 0; diff --git a/src/impl/group.h b/src/impl/group.h index f7b3c51..c4ffbf6 100644 --- a/src/impl/group.h +++ b/src/impl/group.h @@ -73,7 +73,7 @@ void static secp256k1_gej_set_xy(secp256k1_gej_t *r, const secp256k1_fe_t *x, co secp256k1_fe_set_int(&r->z, 1); } -void static secp256k1_gej_set_xo(secp256k1_gej_t *r, const secp256k1_fe_t *x, int odd) { +void static secp256k1_ge_set_xo(secp256k1_ge_t *r, const secp256k1_fe_t *x, int odd) { r->x = *x; secp256k1_fe_t x2; secp256k1_fe_sqr(&x2, x); secp256k1_fe_t x3; secp256k1_fe_mul(&x3, x, &x2); @@ -81,7 +81,6 @@ void static secp256k1_gej_set_xo(secp256k1_gej_t *r, const secp256k1_fe_t *x, in secp256k1_fe_t c; secp256k1_fe_set_int(&c, 7); secp256k1_fe_add(&c, &x3); secp256k1_fe_sqrt(&r->y, &c); - secp256k1_fe_set_int(&r->z, 1); secp256k1_fe_normalize(&r->y); if (secp256k1_fe_is_odd(&r->y) != odd) secp256k1_fe_negate(&r->y, &r->y, 1); @@ -130,6 +129,19 @@ int static secp256k1_gej_is_valid(const secp256k1_gej_t *a) { return secp256k1_fe_equal(&y2, &x3); } +int static secp256k1_ge_is_valid(const secp256k1_ge_t *a) { + if (a->infinity) + return 0; + // y^2 = x^3 + 7 + secp256k1_fe_t y2; secp256k1_fe_sqr(&y2, &a->y); + secp256k1_fe_t x3; secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x); + secp256k1_fe_t c; secp256k1_fe_set_int(&c, 7); + secp256k1_fe_add(&x3, &c); + secp256k1_fe_normalize(&y2); + secp256k1_fe_normalize(&x3); + return secp256k1_fe_equal(&y2, &x3); +} + void static secp256k1_gej_double(secp256k1_gej_t *r, const secp256k1_gej_t *a) { secp256k1_fe_t t5 = a->y; secp256k1_fe_normalize(&t5); diff --git a/src/secp256k1.c b/src/secp256k1.c index be896a9..64ce6d0 100644 --- a/src/secp256k1.c +++ b/src/secp256k1.c @@ -22,7 +22,7 @@ int secp256k1_ecdsa_verify(const unsigned char *msg, int msglen, const unsigned secp256k1_num_init(&m); secp256k1_ecdsa_sig_t s; secp256k1_ecdsa_sig_init(&s); - secp256k1_gej_t q; + secp256k1_ge_t q; secp256k1_num_set_bin(&m, msg, msglen); if (!secp256k1_ecdsa_pubkey_parse(&q, pubkey, pubkeylen)) { @@ -76,7 +76,7 @@ int secp256k1_ecdsa_seckey_verify(const unsigned char *seckey) { } int secp256k1_ecdsa_pubkey_verify(const unsigned char *pubkey, int pubkeylen) { - secp256k1_gej_t q; + secp256k1_ge_t q; return secp256k1_ecdsa_pubkey_parse(&q, pubkey, pubkeylen); } @@ -93,11 +93,9 @@ int secp256k1_ecdsa_pubkey_create(unsigned char *pubkey, int *pubkeylen, const u } int secp256k1_ecdsa_pubkey_decompress(unsigned char *pubkey, int *pubkeylen) { - secp256k1_gej_t pj; - if (!secp256k1_ecdsa_pubkey_parse(&pj, pubkey, *pubkeylen)) - return 0; secp256k1_ge_t p; - secp256k1_ge_set_gej(&p, &pj); + if (!secp256k1_ecdsa_pubkey_parse(&p, pubkey, *pubkeylen)) + return 0; secp256k1_ecdsa_pubkey_serialize(&p, pubkey, pubkeylen, 0); return 1; } diff --git a/src/tests.c b/src/tests.c index 70c50bd..547c902 100644 --- a/src/tests.c +++ b/src/tests.c @@ -276,7 +276,8 @@ void test_point_times_order(const secp256k1_gej_t *point) { void run_point_times_order() { secp256k1_fe_t x; secp256k1_fe_set_hex(&x, "02", 2); for (int i=0; i<500; i++) { - secp256k1_gej_t j; secp256k1_gej_set_xo(&j, &x, 1); + secp256k1_ge_t p; secp256k1_ge_set_xo(&p, &x, 1); + secp256k1_gej_t j; secp256k1_gej_set_ge(&j, &p); test_point_times_order(&j); secp256k1_fe_sqr(&x, &x); } @@ -337,7 +338,8 @@ void test_ecdsa_sign_verify() { secp256k1_num_init(&key); random_num_order_test(&key); secp256k1_num_init(&nonce); - secp256k1_gej_t pub; secp256k1_ecmult_gen(&pub, &key); + secp256k1_gej_t pubj; secp256k1_ecmult_gen(&pubj, &key); + secp256k1_ge_t pub; secp256k1_ge_set_gej(&pub, &pubj); secp256k1_ecdsa_sig_t sig; secp256k1_ecdsa_sig_init(&sig); do {