#include "group.h"
#include "scalar.h"
#include "ecmult.h"

Macros
#define	WINDOW_A 5

#define	WINDOW_G 16

#define	ECMULT_TABLE_SIZE(w) (1 << ((w)-2))

#define	ECMULT_TABLE_GET_GE(r, pre, n, w)

#define	ECMULT_TABLE_GET_GE_STORAGE(r, pre, n, w)

Functions
static void	secp256k1_ecmult_odd_multiples_table (int n, secp256k1_gej prej, secp256k1_fe zr, const secp256k1_gej *a)

static void	secp256k1_ecmult_odd_multiples_table_globalz_windowa (secp256k1_ge pre, secp256k1_fe globalz, const secp256k1_gej *a)

static void	secp256k1_ecmult_odd_multiples_table_storage_var (int n, secp256k1_ge_storage pre, const secp256k1_gej a, const secp256k1_callback *cb)

static void	secp256k1_ecmult_context_init (secp256k1_ecmult_context *ctx)

static void	secp256k1_ecmult_context_build (secp256k1_ecmult_context ctx, const secp256k1_callback cb)

static void	secp256k1_ecmult_context_clone (secp256k1_ecmult_context dst, const secp256k1_ecmult_context src, const secp256k1_callback *cb)

static int	secp256k1_ecmult_context_is_built (const secp256k1_ecmult_context *ctx)

static void	secp256k1_ecmult_context_clear (secp256k1_ecmult_context *ctx)

static int	secp256k1_ecmult_wnaf (int wnaf, int len, const secp256k1_scalar a, int w)

static void	secp256k1_ecmult (const secp256k1_ecmult_context ctx, secp256k1_gej r, const secp256k1_gej a, const secp256k1_scalar na, const secp256k1_scalar *ng)

Macro Definition Documentation

◆ ECMULT_TABLE_GET_GE

#define ECMULT_TABLE_GET_GE	(	r,
		pre,
		n,
		w
	)

Value:

do { \
    VERIFY_CHECK(((n) & 1) == 1); \
    VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \
    VERIFY_CHECK((n) <=  ((1 << ((w)-1)) - 1)); \
    if ((n) > 0) { \
        *(r) = (pre)[((n)-1)/2]; \
    } else { \
        secp256k1_ge_neg((r), &(pre)[(-(n)-1)/2]); \
    } \
} while(0)

The following two macro retrieves a particular odd multiple from a table of precomputed multiples.

Definition at line 117 of file ecmult_impl.h.

Referenced by secp256k1_ecmult().

◆ ECMULT_TABLE_GET_GE_STORAGE

#define ECMULT_TABLE_GET_GE_STORAGE	(	r,
		pre,
		n,
		w
	)

Value:

do { \
    VERIFY_CHECK(((n) & 1) == 1); \
    VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \
    VERIFY_CHECK((n) <=  ((1 << ((w)-1)) - 1)); \
    if ((n) > 0) { \
        secp256k1_ge_from_storage((r), &(pre)[((n)-1)/2]); \
    } else { \
        secp256k1_ge_from_storage((r), &(pre)[(-(n)-1)/2]); \
        secp256k1_ge_neg((r), (r)); \
    } \
} while(0)

Definition at line 128 of file ecmult_impl.h.

Referenced by secp256k1_ecmult().

◆ ECMULT_TABLE_SIZE

#define ECMULT_TABLE_SIZE ( w ) (1 << ((w)-2))

The number of entries a table with precomputed multiples needs to have.

Definition at line 28 of file ecmult_impl.h.

Referenced by secp256k1_ecmult(), secp256k1_ecmult_const(), secp256k1_ecmult_context_build(), secp256k1_ecmult_context_clone(), and secp256k1_ecmult_odd_multiples_table_globalz_windowa().

◆ WINDOW_A

#define WINDOW_A 5

Definition at line 15 of file ecmult_impl.h.

Referenced by bench_ecmult_wnaf(), bench_wnaf_const(), secp256k1_ecmult(), secp256k1_ecmult_const(), and secp256k1_ecmult_odd_multiples_table_globalz_windowa().

◆ WINDOW_G

#define WINDOW_G 16

larger numbers may result in slightly better performance, at the cost of exponentially larger precomputed tables. One table for window size 16: 1.375 MiB.

Definition at line 24 of file ecmult_impl.h.

Referenced by secp256k1_ecmult(), secp256k1_ecmult_context_build(), and secp256k1_ecmult_context_clone().

Function Documentation

◆ secp256k1_ecmult()

static void secp256k1_ecmult	(	const secp256k1_ecmult_context *	ctx,
		secp256k1_gej *	r,
		const secp256k1_gej *	a,
		const secp256k1_scalar *	na,
		const secp256k1_scalar *	ng
	)

static

Definition at line 269 of file ecmult_impl.h.

◆ secp256k1_ecmult_context_build()

static void secp256k1_ecmult_context_build	(	secp256k1_ecmult_context *	ctx,
		const secp256k1_callback *	cb
	)

static

Definition at line 147 of file ecmult_impl.h.

◆ secp256k1_ecmult_context_clear()

static void secp256k1_ecmult_context_clear ( secp256k1_ecmult_context * ctx )

static

Definition at line 203 of file ecmult_impl.h.

◆ secp256k1_ecmult_context_clone()

static void secp256k1_ecmult_context_clone	(	secp256k1_ecmult_context *	dst,
		const secp256k1_ecmult_context *	src,
		const secp256k1_callback *	cb
	)

static

Definition at line 179 of file ecmult_impl.h.

◆ secp256k1_ecmult_context_init()

static void secp256k1_ecmult_context_init ( secp256k1_ecmult_context * ctx )

static

Definition at line 140 of file ecmult_impl.h.

Referenced by secp256k1_ecmult_context_clear().

◆ secp256k1_ecmult_context_is_built()

static int secp256k1_ecmult_context_is_built ( const secp256k1_ecmult_context * ctx )

static

Definition at line 199 of file ecmult_impl.h.

◆ secp256k1_ecmult_odd_multiples_table()

static void secp256k1_ecmult_odd_multiples_table	(	int	n,
		secp256k1_gej *	prej,
		secp256k1_fe *	zr,
		const secp256k1_gej *	a
	)

static

Fill a table 'prej' with precomputed odd multiples of a. Prej will contain the values [1*a,3*a,...,(2*n-1)*a], so it space for n values. zr[0] will contain prej[0].z / a.z. The other zr[i] values = prej[i].z / prej[i-1].z. Prej's Z values are undefined, except for the last value.

Definition at line 35 of file ecmult_impl.h.

Referenced by secp256k1_ecmult_odd_multiples_table_globalz_windowa(), and secp256k1_ecmult_odd_multiples_table_storage_var().

◆ secp256k1_ecmult_odd_multiples_table_globalz_windowa()

static void secp256k1_ecmult_odd_multiples_table_globalz_windowa	(	secp256k1_ge *	pre,
		secp256k1_fe *	globalz,
		const secp256k1_gej *	a
	)

static

Fill a table 'pre' with precomputed odd multiples of a.

There are two versions of this function:

secp256k1_ecmult_odd_multiples_table_globalz_windowa which brings its resulting point set to a single constant Z denominator, stores the X and Y coordinates as ge_storage points in pre, and stores the global Z in rz. It only operates on tables sized for WINDOW_A wnaf multiples.
secp256k1_ecmult_odd_multiples_table_storage_var, which converts its resulting point set to actually affine points, and stores those in pre. It operates on tables of any size, but uses heap-allocated temporaries.

To compute a*P + b*G, we compute a table for P using the first function, and for G using the second (which requires an inverse, but it only needs to happen once).

Definition at line 85 of file ecmult_impl.h.

Referenced by secp256k1_ecmult(), and secp256k1_ecmult_const().

◆ secp256k1_ecmult_odd_multiples_table_storage_var()

static void secp256k1_ecmult_odd_multiples_table_storage_var	(	int	n,
		secp256k1_ge_storage *	pre,
		const secp256k1_gej *	a,
		const secp256k1_callback *	cb
	)

static

Definition at line 95 of file ecmult_impl.h.

Referenced by secp256k1_ecmult_context_build().

◆ secp256k1_ecmult_wnaf()

static int secp256k1_ecmult_wnaf	(	int *	wnaf,
		int	len,
		const secp256k1_scalar *	a,
		int	w
	)

static

Convert a number to WNAF notation. The number becomes represented by sum(2^i * wnaf[i], i=0..bits), with the following guarantees:

each wnaf[i] is either 0, or an odd integer between -(1<<(w-1) - 1) and (1<<(w-1) - 1)
two non-zero entries in wnaf are separated by at least w-1 zeroes.
the number of set values in wnaf is returned. This number is at most 256, and at most one more than the number of bits in the (absolute value) of the input.

Definition at line 218 of file ecmult_impl.h.

Referenced by bench_ecmult_wnaf(), secp256k1_ecmult(), and test_wnaf().

Macros

Functions

Macro Definition Documentation

◆ ECMULT_TABLE_GET_GE

◆ ECMULT_TABLE_GET_GE_STORAGE

◆ ECMULT_TABLE_SIZE

◆ WINDOW_A

◆ WINDOW_G

Function Documentation

◆ secp256k1_ecmult()

◆ secp256k1_ecmult_context_build()

◆ secp256k1_ecmult_context_clear()

◆ secp256k1_ecmult_context_clone()

◆ secp256k1_ecmult_context_init()

◆ secp256k1_ecmult_context_is_built()

◆ secp256k1_ecmult_odd_multiples_table()

◆ secp256k1_ecmult_odd_multiples_table_globalz_windowa()

◆ secp256k1_ecmult_odd_multiples_table_storage_var()

◆ secp256k1_ecmult_wnaf()