pull/11871/head
Pieter Wuille 12 years ago
parent cbd3617ea1
commit 4e0ed53985

@ -8,7 +8,7 @@
#include "num.h"
#define WINDOW_A 5
#define WINDOW_G 15
#define WINDOW_G 13
namespace secp256k1 {
@ -51,6 +51,7 @@ private:
int used;
void PushNAF(int num, int zeroes) {
assert(used < B+1);
for (int i=0; i<zeroes; i++) {
naf[used++]=0;
}
@ -73,7 +74,7 @@ public:
zeroes++;
x.Shift1();
}
int word = x.ShiftLowBits(ctx,w);
int word = x.ShiftLowBits(ct,w);
if (word & (1 << (w-1))) {
x.Inc();
PushNAF(sign * (word - (1 << w)), zeroes);
@ -112,7 +113,6 @@ public:
WNAFPrecomp<GroupElem,WINDOW_G> wpg128;
ECMultConsts() {
printf("Precomputing G multiplies...\n");
const GroupElem &g = GetGroupConst().g;
GroupElemJac g128j(g);
for (int i=0; i<128; i++)
@ -120,7 +120,6 @@ public:
GroupElem g128; g128.SetJac(g128j);
wpg.Build(g);
wpg128.Build(g128);
printf("Done precomputing\n");
}
};
@ -129,7 +128,7 @@ const ECMultConsts &GetECMultConsts() {
return ecmult_consts;
}
void ECMult(Context &ctx, GroupElemJac &out, const GroupElemJac &a, Number &an, Number &gn) {
void ECMult(Context &ctx, GroupElemJac &out, const GroupElemJac &a, const Number &an, const Number &gn) {
Context ct(ctx);
Number an1(ct), an2(ct);
Number gn1(ct), gn2(ct);

@ -78,7 +78,7 @@ public:
}
/** Checks whether this is a non-infinite point on the curve */
bool IsValid() {
bool IsValid() const {
if (IsInfinity())
return false;
// y^2 = x^3 + 7

@ -74,7 +74,12 @@ public:
BN_bn2bin(bn, bin + size - len);
}
void SetInt(int x) {
BN_set_word(bn, x);
if (x >= 0) {
BN_set_word(bn, x);
} else {
BN_set_word(bn, -x);
BN_set_negative(bn, 1);
}
}
void SetModInverse(Context &ctx, const Number &x, const Number &m) {
BN_mod_inverse(bn, x.bn, m.bn, ctx);

@ -8,7 +8,7 @@
using namespace secp256k1;
void test_ecmult() {
void test_run_ecmult_chain() {
Context ctx;
// random starting point A (on the curve)
FieldElem ax; ax.SetHex("8b30bbe9ae2a990696b22f670709dff3727fd8bc04d3362c6c7bf458e2846004");
@ -47,8 +47,69 @@ void test_ecmult() {
assert(res == res2);
}
void test_point_times_order(const GroupElemJac &point) {
// either the point is not on the curve, or multiplying it by the order results in O
if (!point.IsValid())
return;
const GroupConstants &c = GetGroupConst();
Context ctx;
Number zero(ctx); zero.SetInt(0);
GroupElemJac res;
ECMult(ctx, res, point, c.order, zero); // calc res = order * point + 0 * G;
assert(res.IsInfinity());
}
void test_run_point_times_order() {
Context ctx;
FieldElem x; x.SetHex("0000000000000000000000000000000000000000000000000000000000000002");
for (int i=0; i<500; i++) {
GroupElemJac j; j.SetCompressed(x, true);
test_point_times_order(j);
x.SetSquare(x);
}
}
void test_wnaf(const Number &number, int w) {
Context ctx;
Number x(ctx), two(ctx), t(ctx);
x.SetInt(0);
two.SetInt(2);
WNAF<1023> wnaf(ctx, number, w);
int zeroes = -1;
for (int i=wnaf.GetSize()-1; i>=0; i--) {
x.SetMult(ctx, x, two);
int v = wnaf.Get(i);
if (v) {
assert(zeroes == -1 || zeroes >= w-1); // check that distance between non-zero elements is at least w-1
zeroes=0;
assert((v & 1) == 1); // check non-zero elements are odd
assert(v <= (1 << (w-1)) - 1); // check range below
assert(v >= -(1 << (w-1)) - 1); // check range above
} else {
assert(zeroes != -1); // check that no unnecessary zero padding exists
zeroes++;
}
t.SetInt(v);
x.SetAdd(ctx, x, t);
}
assert(x.Compare(number) == 0); // check that wnaf represents number
}
void test_run_wnaf() {
Context ctx;
Number range(ctx), min(ctx), n(ctx);
range.SetHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
min = range; min.Shift1(); min.Negate();
for (int i=0; i<100; i++) {
n.SetPseudoRand(range); n.SetAdd(ctx,n,min);
test_wnaf(n, 4+(i%10));
}
}
int main(void) {
test_ecmult();
test_run_wnaf();
test_run_point_times_order();
test_run_ecmult_chain();
return 0;
}

Loading…
Cancel
Save