mirror of
https://github.com/bitcoin/bitcoin.git
synced 2024-11-20 10:38:42 +01:00
Add scalar splitting functions
Which currently delegate to the lambda-splitter in group.
This commit is contained in:
parent
d1502eb459
commit
6794be6080
@ -72,4 +72,11 @@ static int secp256k1_scalar_is_high(const secp256k1_scalar_t *a);
|
||||
/** Convert a scalar to a number. */
|
||||
static void secp256k1_scalar_get_num(secp256k1_num_t *r, const secp256k1_scalar_t *a);
|
||||
|
||||
static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a);
|
||||
|
||||
#ifdef USE_ENDOMORPHISM
|
||||
/** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (see secp256k1_gej_mul_lambda). */
|
||||
static void secp256k1_scalar_split_lambda_var(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a);
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
@ -390,4 +390,15 @@ static void secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t
|
||||
#undef extract
|
||||
#undef extract_fast
|
||||
|
||||
static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a) {
|
||||
r1->d[0] = a->d[0];
|
||||
r1->d[1] = a->d[1];
|
||||
r1->d[2] = 0;
|
||||
r1->d[3] = 0;
|
||||
r2->d[0] = a->d[2];
|
||||
r2->d[1] = a->d[3];
|
||||
r2->d[2] = 0;
|
||||
r2->d[3] = 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -615,4 +615,23 @@ static void secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t
|
||||
#undef extract
|
||||
#undef extract_fast
|
||||
|
||||
static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a) {
|
||||
r1->d[0] = a->d[0];
|
||||
r1->d[1] = a->d[1];
|
||||
r1->d[2] = a->d[2];
|
||||
r1->d[3] = a->d[3];
|
||||
r1->d[4] = 0;
|
||||
r1->d[5] = 0;
|
||||
r1->d[6] = 0;
|
||||
r1->d[7] = 0;
|
||||
r2->d[0] = a->d[4];
|
||||
r2->d[1] = a->d[5];
|
||||
r2->d[2] = a->d[6];
|
||||
r2->d[3] = a->d[7];
|
||||
r2->d[4] = 0;
|
||||
r2->d[5] = 0;
|
||||
r2->d[6] = 0;
|
||||
r2->d[7] = 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -198,4 +198,27 @@ static void secp256k1_scalar_inverse_var(secp256k1_scalar_t *r, const secp256k1_
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef USE_ENDOMORPHISM
|
||||
static void secp256k1_scalar_split_lambda_var(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a) {
|
||||
unsigned char b[32];
|
||||
secp256k1_scalar_get_b32(b, a);
|
||||
secp256k1_num_t na;
|
||||
secp256k1_num_set_bin(&na, b, 32);
|
||||
|
||||
secp256k1_num_t rn1, rn2;
|
||||
secp256k1_gej_split_exp_var(&rn1, &rn2, &na);
|
||||
|
||||
secp256k1_num_get_bin(b, 32, &rn1);
|
||||
secp256k1_scalar_set_b32(r1, b, NULL);
|
||||
if (secp256k1_num_is_neg(&rn1)) {
|
||||
secp256k1_scalar_negate(r1, r1);
|
||||
}
|
||||
secp256k1_num_get_bin(b, 32, &rn2);
|
||||
secp256k1_scalar_set_b32(r2, b, NULL);
|
||||
if (secp256k1_num_is_neg(&rn2)) {
|
||||
secp256k1_scalar_negate(r2, r2);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user