doxygen/html/schnorr__impl_8h_source.html

 /***********************************************************************
  * Copyright (c) 2014-2015 Pieter Wuille                               *
  * Distributed under the MIT software license, see the accompanying    *
  * file COPYING or http://www.opensource.org/licenses/mit-license.php. *
  ***********************************************************************/

 #ifndef _SECP256K1_SCHNORR_IMPL_H_
 #define _SECP256K1_SCHNORR_IMPL_H_

 #include <string.h>

 #include "schnorr.h"
 #include "num.h"
 #include "field.h"
 #include "group.h"
 #include "ecmult.h"
 #include "ecmult_gen.h"

 static int secp256k1_schnorr_sig_sign(const secp256k1_ecmult_gen_context* ctx, unsigned char *sig64, const secp256k1_scalar *key, const secp256k1_scalar *nonce, const secp256k1_ge *pubnonce, secp256k1_schnorr_msghash hash, const unsigned char *msg32) {
     secp256k1_gej Rj;
     secp256k1_ge Ra;
     unsigned char h32[32];
     secp256k1_scalar h, s;
     int overflow;
     secp256k1_scalar n;

     if (secp256k1_scalar_is_zero(key) || secp256k1_scalar_is_zero(nonce)) {
         return 0;
     }
     n = *nonce;

     secp256k1_ecmult_gen(ctx, &Rj, &n);
     if (pubnonce != NULL) {
         secp256k1_gej_add_ge(&Rj, &Rj, pubnonce);
     }
     secp256k1_ge_set_gej(&Ra, &Rj);
     secp256k1_fe_normalize(&Ra.y);
     if (secp256k1_fe_is_odd(&Ra.y)) {
         /* R's y coordinate is odd, which is not allowed (see rationale above).
            Force it to be even by negating the nonce. Note that this even works
            for multiparty signing, as the R point is known to all participants,
            which can all decide to flip the sign in unison, resulting in the
            overall R point to be negated too. */
         secp256k1_scalar_negate(&n, &n);
     }
     secp256k1_fe_normalize(&Ra.x);
     secp256k1_fe_get_b32(sig64, &Ra.x);
     hash(h32, sig64, msg32);
     overflow = 0;
     secp256k1_scalar_set_b32(&h, h32, &overflow);
     if (overflow || secp256k1_scalar_is_zero(&h)) {
         secp256k1_scalar_clear(&n);
         return 0;
     }
     secp256k1_scalar_mul(&s, &h, key);
     secp256k1_scalar_negate(&s, &s);
     secp256k1_scalar_add(&s, &s, &n);
     secp256k1_scalar_clear(&n);
     secp256k1_scalar_get_b32(sig64 + 32, &s);
     return 1;
 }

 static int secp256k1_schnorr_sig_verify(const secp256k1_ecmult_context* ctx, const unsigned char *sig64, const secp256k1_ge *pubkey, secp256k1_schnorr_msghash hash, const unsigned char *msg32) {
     secp256k1_gej Qj, Rj;
     secp256k1_ge Ra;
     secp256k1_fe Rx;
     secp256k1_scalar h, s;
     unsigned char hh[32];
     int overflow;

     if (secp256k1_ge_is_infinity(pubkey)) {
         return 0;
     }
     hash(hh, sig64, msg32);
     overflow = 0;
     secp256k1_scalar_set_b32(&h, hh, &overflow);
     if (overflow || secp256k1_scalar_is_zero(&h)) {
         return 0;
     }
     overflow = 0;
     secp256k1_scalar_set_b32(&s, sig64 + 32, &overflow);
     if (overflow) {
         return 0;
     }
     if (!secp256k1_fe_set_b32(&Rx, sig64)) {
         return 0;
     }
     secp256k1_gej_set_ge(&Qj, pubkey);
     secp256k1_ecmult(ctx, &Rj, &Qj, &h, &s);
     if (secp256k1_gej_is_infinity(&Rj)) {
         return 0;
     }
     secp256k1_ge_set_gej_var(&Ra, &Rj);
     secp256k1_fe_normalize_var(&Ra.y);
     if (secp256k1_fe_is_odd(&Ra.y)) {
         return 0;
     }
     return secp256k1_fe_equal_var(&Rx, &Ra.x);
 }

 static int secp256k1_schnorr_sig_recover(const secp256k1_ecmult_context* ctx, const unsigned char *sig64, secp256k1_ge *pubkey, secp256k1_schnorr_msghash hash, const unsigned char *msg32) {
     secp256k1_gej Qj, Rj;
     secp256k1_ge Ra;
     secp256k1_fe Rx;
     secp256k1_scalar h, s;
     unsigned char hh[32];
     int overflow;

     hash(hh, sig64, msg32);
     overflow = 0;
     secp256k1_scalar_set_b32(&h, hh, &overflow);
     if (overflow || secp256k1_scalar_is_zero(&h)) {
         return 0;
     }
     overflow = 0;
     secp256k1_scalar_set_b32(&s, sig64 + 32, &overflow);
     if (overflow) {
         return 0;
     }
     if (!secp256k1_fe_set_b32(&Rx, sig64)) {
         return 0;
     }
     if (!secp256k1_ge_set_xo_var(&Ra, &Rx, 0)) {
         return 0;
     }
     secp256k1_gej_set_ge(&Rj, &Ra);
     secp256k1_scalar_inverse_var(&h, &h);
     secp256k1_scalar_negate(&s, &s);
     secp256k1_scalar_mul(&s, &s, &h);
     secp256k1_ecmult(ctx, &Qj, &Rj, &h, &s);
     if (secp256k1_gej_is_infinity(&Qj)) {
         return 0;
     }
     secp256k1_ge_set_gej(pubkey, &Qj);
     return 1;
 }

 static int secp256k1_schnorr_sig_combine(unsigned char *sig64, size_t n, const unsigned char * const *sig64ins) {
     secp256k1_scalar s = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0);
     size_t i;
     for (i = 0; i < n; i++) {
         secp256k1_scalar si;
         int overflow;
         secp256k1_scalar_set_b32(&si, sig64ins[i] + 32, &overflow);
         if (overflow) {
             return -1;
         }
         if (i) {
             if (memcmp(sig64ins[i - 1], sig64ins[i], 32) != 0) {
                 return -1;
             }
         }
         secp256k1_scalar_add(&s, &s, &si);
     }
     if (secp256k1_scalar_is_zero(&s)) {
         return 0;
     }
     memcpy(sig64, sig64ins[0], 32);
     secp256k1_scalar_get_b32(sig64 + 32, &s);
     secp256k1_scalar_clear(&s);
     return 1;
 }

 #endif
secp256k1_scalar_mul
static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)

secp256k1_ge_is_infinity
static int secp256k1_ge_is_infinity(const secp256k1_ge *a)

secp256k1_gej_is_infinity
static int secp256k1_gej_is_infinity(const secp256k1_gej *a)

secp256k1_fe
Definition: field_10x26.h:12

secp256k1_ecmult_gen
static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context *ctx, secp256k1_gej *r, const secp256k1_scalar *a)

secp256k1_fe_normalize_var
static void secp256k1_fe_normalize_var(secp256k1_fe *r)

group.h

secp256k1_ge_set_gej_var
static void secp256k1_ge_set_gej_var(secp256k1_ge *r, secp256k1_gej *a)
Definition: group_impl.h:65

secp256k1_scalar_negate
static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a)

secp256k1_scalar_is_zero
static int secp256k1_scalar_is_zero(const secp256k1_scalar *a)

secp256k1_ecmult
static void secp256k1_ecmult(const secp256k1_ecmult_context *ctx, secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng)

secp256k1_scalar_set_b32
static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow)

secp256k1_gej
Definition: group.h:24

secp256k1_fe_is_odd
static int secp256k1_fe_is_odd(const secp256k1_fe *a)

secp256k1_schnorr_sig_sign
static int secp256k1_schnorr_sig_sign(const secp256k1_ecmult_gen_context *ctx, unsigned char *sig64, const secp256k1_scalar *key, const secp256k1_scalar *nonce, const secp256k1_ge *pubnonce, secp256k1_schnorr_msghash hash, const unsigned char *msg32)
Definition: schnorr_impl.h:62

secp256k1_schnorr_sig_combine
static int secp256k1_schnorr_sig_combine(unsigned char *sig64, size_t n, const unsigned char *const *sig64ins)
Definition: schnorr_impl.h:181

fix-copyright-headers.n
int n
Definition: fix-copyright-headers.py:46

SECP256K1_SCALAR_CONST
#define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0)
Definition: scalar_4x64.h:17

ctx
static secp256k1_context * ctx
Definition: tests.c:42

secp256k1_ge_set_gej
static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a)

ecmult_gen.h

secp256k1_scalar_clear
static void secp256k1_scalar_clear(secp256k1_scalar *r)

secp256k1_ge
Definition: group.h:14

secp256k1_ge::x
secp256k1_fe x
Definition: group.h:15

secp256k1_schnorr_sig_recover
static int secp256k1_schnorr_sig_recover(const secp256k1_ecmult_context *ctx, const unsigned char *sig64, secp256k1_ge *pubkey, secp256k1_schnorr_msghash hash, const unsigned char *msg32)
Definition: schnorr_impl.h:144

secp256k1_ecmult_gen_context
Definition: ecmult_gen.h:13

secp256k1_scalar
Definition: scalar_4x64.h:13

secp256k1_scalar_get_b32
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)

secp256k1_ge_set_xo_var
static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd)

secp256k1_fe_set_b32
static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a)

secp256k1_fe_equal_var
static int secp256k1_fe_equal_var(const secp256k1_fe *a, const secp256k1_fe *b)

secp256k1_scalar_add
static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)

secp256k1_scalar_inverse_var
static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *a)

memcpy
void * memcpy(void *a, const void *b, size_t c)
Definition: glibc_compat.cpp:17

secp256k1_fe_normalize
static void secp256k1_fe_normalize(secp256k1_fe *r)

field.h

ecmult.h

num.h

secp256k1_schnorr_msghash
void(* secp256k1_schnorr_msghash)(unsigned char *h32, const unsigned char *r32, const unsigned char *msg32)
Definition: schnorr.h:13

secp256k1_fe_get_b32
static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a)

secp256k1_gej_add_ge
static void secp256k1_gej_add_ge(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b)

secp256k1_ecmult_context
Definition: ecmult.h:13

schnorr.h

secp256k1_gej_set_ge
static void secp256k1_gej_set_ge(secp256k1_gej *r, const secp256k1_ge *a)

secp256k1_ge::y
secp256k1_fe y
Definition: group.h:16

secp256k1_schnorr_sig_verify
static int secp256k1_schnorr_sig_verify(const secp256k1_ecmult_context *ctx, const unsigned char *sig64, const secp256k1_ge *pubkey, secp256k1_schnorr_msghash hash, const unsigned char *msg32)
Definition: schnorr_impl.h:106

extract_strings_qt.key
key
Definition: extract_strings_qt.py:73