view release on metacpan or  search on metacpan

libsecp256k1/include/secp256k1_ellswift.h  view on Meta::CPAN

 * encodings of field elements u and t concatenated, where f(u,t) = x.
 * The encoding algorithm is described in the paper, and effectively picks a
 * uniformly random pair (u,t) among those which encode x.
 *
 * If the Y coordinate is relevant, it is given the same parity as t.
 *
 * Changes w.r.t. the paper:
 * - The u=0, t=0, and u^3+t^2+7=0 conditions result in decoding to the point
 *   at infinity in the paper. Here they are remapped to finite points.
 * - The paper uses an additional encoding bit for the parity of y. Here the
 *   parity of t is used (negating t does not affect the decoded x coordinate,
 *   so this is possible).
 *
 * For mathematical background about the scheme, see the doc/ellswift.md file.
 */

/** A pointer to a function used by secp256k1_ellswift_xdh to hash the shared X
 *  coordinate along with the encoded public keys to a uniform shared secret.
 *
 *  Returns: 1 if a shared secret was successfully computed.
 *           0 will cause secp256k1_ellswift_xdh to fail and return 0.

libsecp256k1/src/modules/ellswift/tests_exhaustive_impl.h  view on Meta::CPAN

    /* Note that SwiftEC/ElligatorSwift are inherently curve operations, not
     * group operations, and this test only checks the curve points which are in
     * a tiny subgroup. In that sense it can't be really seen as exhaustive as
     * it doesn't (and for computational reasons obviously cannot) test the
     * entire domain ellswift operates under. */
    for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) {
        secp256k1_scalar scalar_i;
        unsigned char sec32[32];
        unsigned char ell64[64];
        secp256k1_pubkey pub_decoded;
        secp256k1_ge ge_decoded;

        /* Construct ellswift pubkey from exhaustive loop scalar i. */
        secp256k1_scalar_set_int(&scalar_i, i);
        secp256k1_scalar_get_b32(sec32, &scalar_i);
        CHECK(secp256k1_ellswift_create(ctx, ell64, sec32, NULL));

        /* Decode ellswift pubkey and check that it matches the precomputed group element. */
        secp256k1_ellswift_decode(ctx, &pub_decoded, ell64);
        secp256k1_pubkey_load(ctx, &ge_decoded, &pub_decoded);
        CHECK(secp256k1_ge_eq_var(&ge_decoded, &group[i]));
    }
}

#endif