]> Git Repo - secp256k1.git/blame - src/scalar.h
projects / secp256k1.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Implement endomorphism optimization for secp256k1_ecmult_const
[secp256k1.git] / src / scalar.h
CommitLineData
71712b27
GM		 1/**********************************************************************
2 * Copyright (c) 2014 Pieter Wuille *
3 * Distributed under the MIT software license, see the accompanying *
4 * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 **********************************************************************/
a9f5c8b8
PW		 6
7#ifndef _SECP256K1_SCALAR_
8#define _SECP256K1_SCALAR_
9
10#include "num.h"
11
1d52a8b1
PW		 12#if defined HAVE_CONFIG_H
13#include "libsecp256k1-config.h"
14#endif
15
16#if defined(USE_SCALAR_4X64)
17#include "scalar_4x64.h"
18#elif defined(USE_SCALAR_8X32)
19#include "scalar_8x32.h"
20#else
21#error "Please select scalar implementation"
22#endif
a9f5c8b8 23
a9f5c8b8 24/** Clear a scalar to prevent the leak of sensitive data. */
a4a43d75 25static void secp256k1_scalar_clear(secp256k1_scalar_t *r);
a9f5c8b8 26
1e6c77c3
PW		 27/** Access bits from a scalar. All requested bits must belong to the same 32-bit limb. */
28static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar_t *a, unsigned int offset, unsigned int count);
29
30/** Access bits from a scalar. Not constant time. */
31static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar_t *a, unsigned int offset, unsigned int count);
a9f5c8b8
PW		 32
33/** Set a scalar from a big endian byte array. */
a4a43d75 34static void secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char *bin, int *overflow);
a9f5c8b8 35
1e6c77c3
PW		 36/** Set a scalar to an unsigned integer. */
37static void secp256k1_scalar_set_int(secp256k1_scalar_t *r, unsigned int v);
38
a9f5c8b8 39/** Convert a scalar to a byte array. */
a4a43d75 40static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_t* a);
a9f5c8b8 41
29ae1310
PW		 42/** Add two scalars together (modulo the group order). Returns whether it overflowed. */
43static int secp256k1_scalar_add(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b);
a9f5c8b8 44
ed35d43a
AP		 45/** Conditionally add a power of two to a scalar. The result is not allowed to overflow. */
46static void secp256k1_scalar_cadd_bit(secp256k1_scalar_t *r, unsigned int bit, int flag);
52132078 47
a9f5c8b8 48/** Multiply two scalars (modulo the group order). */
a4a43d75 49static void secp256k1_scalar_mul(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b);
a9f5c8b8 50
44015000
AP		 51/** Shift a scalar right by some amount strictly between 0 and 16, returning
52 * the low bits that were shifted off */
53static int secp256k1_scalar_shr_int(secp256k1_scalar_t *r, int n);
54
1d52a8b1 55/** Compute the square of a scalar (modulo the group order). */
a4a43d75 56static void secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
1d52a8b1 57
a9f5c8b8 58/** Compute the inverse of a scalar (modulo the group order). */
a4a43d75 59static void secp256k1_scalar_inverse(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
a9f5c8b8 60
d1502eb4
PW		 61/** Compute the inverse of a scalar (modulo the group order), without constant-time guarantee. */
62static void secp256k1_scalar_inverse_var(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
63
a9f5c8b8 64/** Compute the complement of a scalar (modulo the group order). */
a4a43d75 65static void secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
a9f5c8b8
PW		 66
67/** Check whether a scalar equals zero. */
a4a43d75 68static int secp256k1_scalar_is_zero(const secp256k1_scalar_t *a);
a9f5c8b8 69
79359302 70/** Check whether a scalar equals one. */
a4a43d75 71static int secp256k1_scalar_is_one(const secp256k1_scalar_t *a);
79359302 72
44015000
AP		 73/** Check whether a scalar, considered as an nonnegative integer, is even. */
74static int secp256k1_scalar_is_even(const secp256k1_scalar_t *a);
75
a9f5c8b8 76/** Check whether a scalar is higher than the group order divided by 2. */
a4a43d75 77static int secp256k1_scalar_is_high(const secp256k1_scalar_t *a);
a9f5c8b8 78
44015000
AP		 79/** Conditionally negate a number, in constant time.
80 * Returns -1 if the number was negated, 1 otherwise */
81static int secp256k1_scalar_cond_negate(secp256k1_scalar_t *a, int flag);
82
597128d3 83#ifndef USE_NUM_NONE
a9f5c8b8 84/** Convert a scalar to a number. */
a4a43d75 85static void secp256k1_scalar_get_num(secp256k1_num_t *r, const secp256k1_scalar_t *a);
a9f5c8b8 86
659b554d
PW		 87/** Get the order of the group as a number. */
88static void secp256k1_scalar_order_get_num(secp256k1_num_t *r);
597128d3 89#endif
659b554d 90
f24041d6
PW		 91/** Compare two scalars. */
92static int secp256k1_scalar_eq(const secp256k1_scalar_t *a, const secp256k1_scalar_t *b);
93
6794be60 94#ifdef USE_ENDOMORPHISM
f735446c
GM		 95/** Find r1 and r2 such that r1+r2*2^128 = a. */
96static void secp256k1_scalar_split_128(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a);
6794be60 97/** Find r1 and r2 such that r1+r2*lambda = a, and r1 and r2 are maximum 128 bits long (see secp256k1_gej_mul_lambda). */
ed35d43a 98static void secp256k1_scalar_split_lambda(secp256k1_scalar_t *r1, secp256k1_scalar_t *r2, const secp256k1_scalar_t *a);
6794be60
PW		 99#endif
100
ff8746d4
PW		 101/** Multiply a and b (without taking the modulus!), divide by 2**shift, and round to the nearest integer. Shift must be at least 256. */
102static void secp256k1_scalar_mul_shift_var(secp256k1_scalar_t *r, const secp256k1_scalar_t *a, const secp256k1_scalar_t *b, unsigned int shift);
103
a9f5c8b8 104#endif
Empty description
This page took 0.041664 seconds and 4 git commands to generate.