Crate bitcoinsecp256k1_group

Source

Structs§

Ge
| A group element of the secp256k1 curve, | in affine coordinates. |
GeStorage
Gej
| A group element of the secp256k1 curve, | in jacobian coordinates. |

Functions§

ge_clear
| Clear a ge to prevent leaking | sensitive information. |
ge_from_storage
| Convert a group element back from the | storage type. |
ge_globalz_set_table_gej
| Bring a batch inputs given in jacobian | coordinates (with known z-ratios) | to the same global z “denominator”. | zr must contain the known z-ratios such | that mul(a[i].z, zr[i+1]) == a[i+1].z. | zr[0] is ignored. The x and y coordinates | of the result are stored in r, the common | z coordinate is stored in globalz. |
ge_is_in_correct_subgroup
| Determine if a point (which is assumed | to be on the curve) is in the correct (sub)group | of the curve. | | In normal mode, the used group is secp256k1, | which has cofactor=1 meaning that every | point on the curve is in the group, and | this function returns always true. | | When compiling in exhaustive test mode, | a slightly different curve equation | is used, leading to a group with a (very) | small subgroup, and that subgroup is | what is used for all cryptographic operations. | In that mode, this function checks whether | a point that is on the curve is in fact | also in that subgroup. |
ge_is_infinity
| Check whether a group element is the | point at infinity. |
ge_is_valid_var
| Check whether a group element is valid | (i.e., on the curve). |
ge_mul_lambda
| Set r to be equal to lambda times a, where | lambda is chosen in a way such that this | is very fast. |
ge_neg
| Set r equal to the inverse of a (i.e., | mirrored around the X axis) |
ge_set_all_gej_var
| Set a batch of group elements equal to | the inputs given in jacobian coordinates |
ge_set_gej
| Set a group element equal to another | which is given in jacobian coordinates. | Constant time. |
ge_set_gej_var
| Set a group element equal to another | which is given in jacobian coordinates. |
ge_set_gej_zinv
ge_set_infinity
| Set a group element (affine) equal to | the point at infinity. |
ge_set_xo_var
| Set a group element (affine) equal to | the point with the given X coordinate, | and given oddness for Y. Return value | indicates whether the result is valid. |
ge_set_xy
| Set a group element equal to the point | with given X and Y coordinates |
ge_storage_cmov
| If flag is true, set *r equal to *a; otherwise | leave it. Constant-time. Both *r and | *a must be initialized. |
ge_to_storage
| Convert a group element to the storage | type. |
gej_add_ge
| Set r equal to the sum of a and b (with b | given in affine coordinates, and not | infinity). |
gej_add_ge_var
| Set r equal to the sum of a and b (with b | given in affine coordinates). This | is more efficient than gej_add_var. | It is identical to gej_add_ge | but without constant-time guarantee, | and b is allowed to be infinity. If rzr | is non-NULL this sets *rzr such that | r->z == a->z * *rzr (a cannot be infinity | in that case). |
gej_add_var
| Set r equal to the sum of a and b. If rzr | is non-NULL this sets *rzr such that | r->z == a->z * *rzr (a cannot be infinity | in that case). |
gej_add_zinv_var
| Set r equal to the sum of a and b (with the | inverse of b’s Z coordinate passed as | bzinv). |
gej_clear
| Clear a gej to prevent leaking | sensitive information. |
gej_double
| Set r equal to the double of a. Constant | time. |
gej_double_var
| Set r equal to the double of a. If rzr is | not-NULL this sets *rzr such that r->z | == a->z * *rzr (where infinity means | an implicit z = 0). |
gej_eq_x_var
| Compare the X coordinate of a group element | (jacobian). |
gej_is_infinity
| Check whether a group element is the | point at infinity. |
gej_neg
| Set r equal to the inverse of a (i.e., | mirrored around the X axis) |
gej_rescale
| Rescale a jacobian point by b which must | be non-zero. Constant-time. |
gej_set_ge
| Set a group element (jacobian) equal | to another which is given in affine coordinates. |
gej_set_infinity
| Set a group element (jacobian) equal | to the point at infinity. |