Browse Source

First step in converting to C: num

master
Pieter Wuille 10 years ago
parent
commit
4adf6b2a32
  1. 6
      Makefile
  2. 27
      bench.cpp
  3. 103
      ecdsa.cpp
  4. 19
      ecdsa.h
  5. 51
      ecmult.cpp
  6. 4
      ecmult.h
  7. 20
      field.cpp
  8. 3
      field.h
  9. 80
      group.cpp
  10. 7
      group.h
  11. 28
      num.h
  12. 183
      num_gmp.cpp
  13. 44
      num_gmp.h
  14. 209
      num_openssl.cpp
  15. 46
      num_openssl.h
  16. 29
      secp256k1.cpp
  17. 119
      tests.cpp

6
Makefile

@ -54,8 +54,8 @@ clean-$(CONF): @@ -54,8 +54,8 @@ clean-$(CONF):
obj/secp256k1-$(CONF).o: $(SECP256K1_FILES)
$(CXX) $(FLAGS_COMMON) $(FLAGS_PROD) $(FLAGS_CONF) secp256k1.cpp -c -o obj/secp256k1-$(CONF).o
bench-$(CONF): obj/secp256k1-$(CONF).o bench.cpp
$(CXX) $(FLAGS_COMMON) $(FLAGS_PROD) $(FLAGS_CONF) obj/secp256k1-$(CONF).o bench.cpp $(LIBS) -o bench-$(CONF)
bench-$(CONF): $(SECP256K1_FILES) bench.cpp
$(CXX) $(FLAGS_COMMON) $(FLAGS_PROD) $(FLAGS_CONF) bench.cpp $(LIBS) -o bench-$(CONF)
tests-$(CONF): $(SECP256K1_FILES) tests.cpp
$(CXX) $(FLAGS_COMMON) $(FLAGS_TEST) $(FLAGS_CONF) tests.cpp $(LIBS) -o tests-$(CONF)
$(CXX) $(FLAGS_COMMON) $(FLAGS_DEBUG) $(FLAGS_CONF) tests.cpp $(LIBS) -o tests-$(CONF)

27
bench.cpp

@ -1,25 +1,29 @@ @@ -1,25 +1,29 @@
#include <stdio.h>
#include "num.h"
#include "field.h"
#include "group.h"
#include "ecmult.h"
#include "ecdsa.h"
#include "num.cpp"
#include "field.cpp"
#include "group.cpp"
#include "ecmult.cpp"
#include "ecdsa.cpp"
using namespace secp256k1;
int main() {
FieldElem x;
const Number &order = GetGroupConst().order;
Number r, s, m;
const secp256k1_num_t &order = GetGroupConst().order;
secp256k1_num_t r, s, m;
secp256k1_num_start();
secp256k1_num_init(&r);
secp256k1_num_init(&s);
secp256k1_num_init(&m);
Signature sig;
x.SetHex("a357ae915c4a65281309edf20504740f0eb3343990216b4f81063cb65f2f7e0f");
int cnt = 0;
int good = 0;
for (int i=0; i<1000000; i++) {
r.SetPseudoRand(order);
s.SetPseudoRand(order);
m.SetPseudoRand(order);
secp256k1_num_set_rand(&r, &order);
secp256k1_num_set_rand(&s, &order);
secp256k1_num_set_rand(&m, &order);
sig.SetRS(r,s);
GroupElemJac pubkey; pubkey.SetCompressed(x, true);
if (pubkey.IsValid()) {
@ -28,5 +32,8 @@ int main() { @@ -28,5 +32,8 @@ int main() {
}
}
printf("%i/%i\n", good, cnt);
secp256k1_num_free(&r);
secp256k1_num_free(&s);
secp256k1_num_free(&m);
return 0;
}

103
ecdsa.cpp

@ -35,17 +35,17 @@ bool Signature::Parse(const unsigned char *sig, int size) { @@ -35,17 +35,17 @@ bool Signature::Parse(const unsigned char *sig, int size) {
if (lenr == 0) return false;
if (sig[lenr+4] != 0x02) return false;
if (lens == 0) return false;
r.SetBytes(sig+4, lenr);
s.SetBytes(sig+6+lenr, lens);
secp256k1_num_set_bin(&r, sig+4, lenr);
secp256k1_num_set_bin(&s, sig+6+lenr, lens);
return true;
}
bool Signature::Serialize(unsigned char *sig, int *size) {
int lenR = (r.GetBits() + 7)/8;
if (lenR == 0 || r.CheckBit(lenR*8-1))
int lenR = (secp256k1_num_bits(&r) + 7)/8;
if (lenR == 0 || secp256k1_num_get_bit(&r, lenR*8-1))
lenR++;
int lenS = (s.GetBits() + 7)/8;
if (lenS == 0 || s.CheckBit(lenS*8-1))
int lenS = (secp256k1_num_bits(&s) + 7)/8;
if (lenS == 0 || secp256k1_num_get_bit(&s, lenS*8-1))
lenS++;
if (*size < 6+lenS+lenR)
return false;
@ -54,45 +54,56 @@ bool Signature::Serialize(unsigned char *sig, int *size) { @@ -54,45 +54,56 @@ bool Signature::Serialize(unsigned char *sig, int *size) {
sig[1] = 4 + lenS + lenR;
sig[2] = 0x02;
sig[3] = lenR;
r.GetBytes(sig+4, lenR);
secp256k1_num_get_bin(sig+4, lenR, &r);
sig[4+lenR] = 0x02;
sig[5+lenR] = lenS;
s.GetBytes(sig+6, lenS);
secp256k1_num_get_bin(sig+lenR+6, lenS, &s);
return true;
}
bool Signature::RecomputeR(Number &r2, const GroupElemJac &pubkey, const Number &message) const {
bool Signature::RecomputeR(secp256k1_num_t &r2, const GroupElemJac &pubkey, const secp256k1_num_t &message) const {
const GroupConstants &c = GetGroupConst();
if (r.IsNeg() || s.IsNeg())
if (secp256k1_num_is_neg(&r) || secp256k1_num_is_neg(&s))
return false;
if (r.IsZero() || s.IsZero())
if (secp256k1_num_is_zero(&r) || secp256k1_num_is_zero(&s))
return false;
if (r.Compare(c.order) >= 0 || s.Compare(c.order) >= 0)
if (secp256k1_num_cmp(&r, &c.order) >= 0 || secp256k1_num_cmp(&s, &c.order) >= 0)
return false;
Number sn, u1, u2;
sn.SetModInverse(s, c.order);
u1.SetModMul(sn, message, c.order);
u2.SetModMul(sn, r, c.order);
bool ret = false;
secp256k1_num_t sn, u1, u2;
secp256k1_num_init(&sn);
secp256k1_num_init(&u1);
secp256k1_num_init(&u2);
secp256k1_num_mod_inverse(&sn, &s, &c.order);
secp256k1_num_mod_mul(&u1, &sn, &message, &c.order);
secp256k1_num_mod_mul(&u2, &sn, &r, &c.order);
GroupElemJac pr; ECMult(pr, pubkey, u2, u1);
if (pr.IsInfinity())
return false;
FieldElem xr; pr.GetX(xr);
xr.Normalize();
unsigned char xrb[32]; xr.GetBytes(xrb);
r2.SetBytes(xrb,32); r2.SetMod(r2,c.order);
return true;
if (!pr.IsInfinity()) {
FieldElem xr; pr.GetX(xr);
xr.Normalize();
unsigned char xrb[32]; xr.GetBytes(xrb);
secp256k1_num_set_bin(&r2, xrb, 32);
secp256k1_num_mod(&r2, &r2, &c.order);
ret = true;
}
secp256k1_num_free(&sn);
secp256k1_num_free(&u1);
secp256k1_num_free(&u2);
return ret;
}
bool Signature::Verify(const GroupElemJac &pubkey, const Number &message) const {
Number r2;
if (!RecomputeR(r2, pubkey, message))
return false;
return r2.Compare(r) == 0;
bool Signature::Verify(const GroupElemJac &pubkey, const secp256k1_num_t &message) const {
secp256k1_num_t r2;
secp256k1_num_init(&r2);
bool ret = false;
ret = RecomputeR(r2, pubkey, message) && secp256k1_num_cmp(&r, &r2) == 0;
secp256k1_num_free(&r2);
return ret;
}
bool Signature::Sign(const Number &seckey, const Number &message, const Number &nonce) {
bool Signature::Sign(const secp256k1_num_t &seckey, const secp256k1_num_t &message, const secp256k1_num_t &nonce) {
const GroupConstants &c = GetGroupConst();
GroupElemJac rp;
@ -102,27 +113,33 @@ bool Signature::Sign(const Number &seckey, const Number &message, const Number & @@ -102,27 +113,33 @@ bool Signature::Sign(const Number &seckey, const Number &message, const Number &
unsigned char b[32];
rx.Normalize();
rx.GetBytes(b);
r.SetBytes(b, 32);
r.SetMod(r, c.order);
Number n;
n.SetModMul(r, seckey, c.order);
n.SetAdd(message, n);
s.SetModInverse(nonce, c.order);
s.SetModMul(s, n, c.order);
if (s.IsZero())
secp256k1_num_set_bin(&r, b, 32);
secp256k1_num_mod(&r, &r, &c.order);
secp256k1_num_t n;
secp256k1_num_init(&n);
secp256k1_num_mod_mul(&n, &r, &seckey, &c.order);
secp256k1_num_add(&n, &n, &message);
secp256k1_num_mod_inverse(&s, &nonce, &c.order);
secp256k1_num_mod_mul(&s, &s, &n, &c.order);
secp256k1_num_free(&n);
if (secp256k1_num_is_zero(&s))
return false;
if (s.IsOdd())
s.SetSub(c.order, s);
if (secp256k1_num_is_odd(&s))
secp256k1_num_sub(&s, &c.order, &s);
return true;
}
void Signature::SetRS(const Number &rin, const Number &sin) {
r = rin;
s = sin;
void Signature::SetRS(const secp256k1_num_t &rin, const secp256k1_num_t &sin) {
secp256k1_num_copy(&r, &rin);
secp256k1_num_copy(&s, &sin);
}
std::string Signature::ToString() const {
return "(" + r.ToString() + "," + s.ToString() + ")";
char rs[65], ss[65];
int rl = 65, sl = 65;
secp256k1_num_get_hex(rs, &rl, &r);
secp256k1_num_get_hex(ss, &sl, &s);
return "(" + std::string(rs) + "," + std::string(ss) + ")";
}
}

19
ecdsa.h

@ -5,15 +5,24 @@ namespace secp256k1 { @@ -5,15 +5,24 @@ namespace secp256k1 {
class Signature {
private:
Number r,s;
secp256k1_num_t r,s;
public:
Signature() {
secp256k1_num_init(&r);
secp256k1_num_init(&s);
}
~Signature() {
secp256k1_num_free(&r);
secp256k1_num_free(&s);
}
bool Parse(const unsigned char *sig, int size);
bool Serialize(unsigned char *sig, int *size);
bool RecomputeR(Number &r2, const GroupElemJac &pubkey, const Number &message) const;
bool Verify(const GroupElemJac &pubkey, const Number &message) const;
bool Sign(const Number &seckey, const Number &message, const Number &nonce);
void SetRS(const Number &rin, const Number &sin);
bool RecomputeR(secp256k1_num_t &r2, const GroupElemJac &pubkey, const secp256k1_num_t &message) const;
bool Verify(const GroupElemJac &pubkey, const secp256k1_num_t &message) const;
bool Sign(const secp256k1_num_t &seckey, const secp256k1_num_t &message, const secp256k1_num_t &nonce);
void SetRS(const secp256k1_num_t &rin, const secp256k1_num_t &sin);
std::string ToString() const;
};

51
ecmult.cpp

@ -61,29 +61,31 @@ private: @@ -61,29 +61,31 @@ private:
}
public:
WNAF(const Number &exp, int w) : used(0) {
WNAF(const secp256k1_num_t &exp, int w) : used(0) {
int zeroes = 0;
Number x;
x.SetNumber(exp);
secp256k1_num_t x;
secp256k1_num_init(&x);
secp256k1_num_copy(&x, &exp);
int sign = 1;
if (x.IsNeg()) {
if (secp256k1_num_is_neg(&x)) {
sign = -1;
x.Negate();
secp256k1_num_negate(&x);
}
while (!x.IsZero()) {
while (!x.IsOdd()) {
while (!secp256k1_num_is_zero(&x)) {
while (!secp256k1_num_is_odd(&x)) {
zeroes++;
x.Shift1();
secp256k1_num_shift(&x, 1);
}
int word = x.ShiftLowBits(w);
int word = secp256k1_num_shift(&x, w);
if (word & (1 << (w-1))) {
x.Inc();
secp256k1_num_inc(&x);
PushNAF(sign * (word - (1 << w)), zeroes);
} else {
PushNAF(sign * word, zeroes);
}
zeroes = w-1;
}
secp256k1_num_free(&x);
}
int GetSize() const {
@ -145,19 +147,27 @@ const ECMultConsts &GetECMultConsts() { @@ -145,19 +147,27 @@ const ECMultConsts &GetECMultConsts() {
return ecmult_consts;
}
void ECMultBase(GroupElemJac &out, const Number &gn) {
Number n; n.SetNumber(gn);
void ECMultBase(GroupElemJac &out, const secp256k1_num_t &gn) {
secp256k1_num_t n;
secp256k1_num_init(&n);
secp256k1_num_copy(&n, &gn);
const ECMultConsts &c = GetECMultConsts();
out.SetAffine(c.prec[0][n.ShiftLowBits(4)]);
out.SetAffine(c.prec[0][secp256k1_num_shift(&n, 4)]);
for (int j=1; j<64; j++) {
out.SetAdd(out, c.prec[j][n.ShiftLowBits(4)]);
out.SetAdd(out, c.prec[j][secp256k1_num_shift(&n, 4)]);
}
secp256k1_num_free(&n);
out.SetAdd(out, c.fin);
}
void ECMult(GroupElemJac &out, const GroupElemJac &a, const Number &an, const Number &gn) {
Number an1, an2;
Number gn1, gn2;
void ECMult(GroupElemJac &out, const GroupElemJac &a, const secp256k1_num_t &an, const secp256k1_num_t &gn) {
secp256k1_num_t an1, an2;
secp256k1_num_t gn1, gn2;
secp256k1_num_init(&an1);
secp256k1_num_init(&an2);
secp256k1_num_init(&gn1);
secp256k1_num_init(&gn2);
SplitExp(an, an1, an2);
// printf("an=%s\n", an.ToString().c_str());
@ -165,7 +175,7 @@ void ECMult(GroupElemJac &out, const GroupElemJac &a, const Number &an, const Nu @@ -165,7 +175,7 @@ void ECMult(GroupElemJac &out, const GroupElemJac &a, const Number &an, const Nu
// printf("an2=%s\n", an2.ToString().c_str());
// printf("an1.len=%i\n", an1.GetBits());
// printf("an2.len=%i\n", an2.GetBits());
gn.SplitInto(128, gn1, gn2);
secp256k1_num_split(&gn1, &gn2, &gn, 128);
WNAF<128> wa1(an1, WINDOW_A);
WNAF<128> wa2(an2, WINDOW_A);
@ -206,6 +216,11 @@ void ECMult(GroupElemJac &out, const GroupElemJac &a, const Number &an, const Nu @@ -206,6 +216,11 @@ void ECMult(GroupElemJac &out, const GroupElemJac &a, const Number &an, const Nu
out.SetAdd(out, tmpa);
}
}
secp256k1_num_free(&an1);
secp256k1_num_free(&an2);
secp256k1_num_free(&gn1);
secp256k1_num_free(&gn2);
}
}

4
ecmult.h

@ -6,8 +6,8 @@ @@ -6,8 +6,8 @@
namespace secp256k1 {
void ECMultBase(GroupElemJac &out, const Number &gn);
void ECMult(GroupElemJac &out, const GroupElemJac &a, const Number &an, const Number &gn);
void ECMultBase(GroupElemJac &out, const secp256k1_num_t &gn);
void ECMult(GroupElemJac &out, const GroupElemJac &a, const secp256k1_num_t &an, const secp256k1_num_t &gn);
}

20
field.cpp

@ -363,7 +363,14 @@ static const unsigned char field_p_[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF @@ -363,7 +363,14 @@ static const unsigned char field_p_[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F};
FieldConstants::FieldConstants() : field_p(field_p_, sizeof(field_p_)) {}
FieldConstants::FieldConstants() {
secp256k1_num_init(&field_p);
secp256k1_num_set_bin(&field_p, field_p_, sizeof(field_p_));
}
FieldConstants::~FieldConstants() {
secp256k1_num_free(&field_p);
}
const FieldConstants &GetFieldConst() {
static const FieldConstants field_const;
@ -408,10 +415,13 @@ void FieldElem::SetInverse(FieldElem &a) { @@ -408,10 +415,13 @@ void FieldElem::SetInverse(FieldElem &a) {
a.Normalize();
a.GetBytes(b);
{
const Number &p = GetFieldConst().field_p;
Number n; n.SetBytes(b, 32);
n.SetModInverse(n, p);
n.GetBytes(b, 32);
const secp256k1_num_t &p = GetFieldConst().field_p;
secp256k1_num_t n;
secp256k1_num_init(&n);
secp256k1_num_set_bin(&n, b, 32);
secp256k1_num_mod_inverse(&n, &n, &p);
secp256k1_num_get_bin(b, 32, &n);
secp256k1_num_free(&n);
}
SetBytes(b);
#endif

3
field.h

@ -77,9 +77,10 @@ public: @@ -77,9 +77,10 @@ public:
class FieldConstants {
public:
const Number field_p;
secp256k1_num_t field_p;
FieldConstants();
~FieldConstants();
};
const FieldConstants &GetFieldConst();

80
group.cpp

@ -291,13 +291,28 @@ static const unsigned char a2_[] = {0x01, @@ -291,13 +291,28 @@ static const unsigned char a2_[] = {0x01,
0x57,0xc1,0x10,0x8d,0x9d,0x44,0xcf,0xd8};
GroupConstants::GroupConstants() : g_x(g_x_), g_y(g_y_),
order(order_, sizeof(order_)),
g(g_x,g_y),
beta(beta_),
lambda(lambda_, sizeof(lambda_)),
a1b2(a1b2_, sizeof(a1b2_)),
b1(b1_, sizeof(b1_)),
a2(a2_, sizeof(a2_)) {}
beta(beta_) {
secp256k1_num_init(&order);
secp256k1_num_init(&lambda);
secp256k1_num_init(&a1b2);
secp256k1_num_init(&b1);
secp256k1_num_init(&a2);
secp256k1_num_set_bin(&order, order_, sizeof(order_));
secp256k1_num_set_bin(&lambda, lambda_, sizeof(lambda_));
secp256k1_num_set_bin(&a1b2, a1b2_, sizeof(a1b2_));
secp256k1_num_set_bin(&b1, b1_, sizeof(b1_));
secp256k1_num_set_bin(&a2, a2_, sizeof(a2_));
}
GroupConstants::~GroupConstants() {
secp256k1_num_free(&order);
secp256k1_num_free(&lambda);
secp256k1_num_free(&a1b2);
secp256k1_num_free(&b1);
secp256k1_num_free(&a2);
}
const GroupConstants &GetGroupConst() {
static const GroupConstants group_const;
@ -310,27 +325,40 @@ void GroupElemJac::SetMulLambda(const GroupElemJac &p) { @@ -310,27 +325,40 @@ void GroupElemJac::SetMulLambda(const GroupElemJac &p) {
x.SetMult(x, beta);
}
void SplitExp(const Number &exp, Number &exp1, Number &exp2) {
void SplitExp(const secp256k1_num_t &exp, secp256k1_num_t &exp1, secp256k1_num_t &exp2) {
const GroupConstants &c = GetGroupConst();
Number bnc1, bnc2, bnt1, bnt2, bnn2;
bnn2.SetNumber(c.order);
bnn2.Shift1();
bnc1.SetMult(exp, c.a1b2);
bnc1.SetAdd(bnc1, bnn2);
bnc1.SetDiv(bnc1, c.order);
bnc2.SetMult(exp, c.b1);
bnc2.SetAdd(bnc2, bnn2);
bnc2.SetDiv(bnc2, c.order);
bnt1.SetMult(bnc1, c.a1b2);
bnt2.SetMult(bnc2, c.a2);
bnt1.SetAdd(bnt1, bnt2);
exp1.SetSub(exp, bnt1);
bnt1.SetMult(bnc1, c.b1);
bnt2.SetMult(bnc2, c.a1b2);
exp2.SetSub(bnt1, bnt2);
secp256k1_num_t bnc1, bnc2, bnt1, bnt2, bnn2;
secp256k1_num_init(&bnc1);
secp256k1_num_init(&bnc2);
secp256k1_num_init(&bnt1);
secp256k1_num_init(&bnt2);
secp256k1_num_init(&bnn2);
secp256k1_num_copy(&bnn2, &c.order);
secp256k1_num_shift(&bnn2, 1);
secp256k1_num_mul(&bnc1, &exp, &c.a1b2);
secp256k1_num_add(&bnc1, &bnc1, &bnn2);
secp256k1_num_div(&bnc1, &bnc1, &c.order);
secp256k1_num_mul(&bnc2, &exp, &c.b1);
secp256k1_num_add(&bnc2, &bnc2, &bnn2);
secp256k1_num_div(&bnc2, &bnc2, &c.order);
secp256k1_num_mul(&bnt1, &bnc1, &c.a1b2);
secp256k1_num_mul(&bnt2, &bnc2, &c.a2);
secp256k1_num_add(&bnt1, &bnt1, &bnt2);
secp256k1_num_sub(&exp1, &exp, &bnt1);
secp256k1_num_mul(&bnt1, &bnc1, &c.b1);
secp256k1_num_mul(&bnt2, &bnc2, &c.a1b2);
secp256k1_num_sub(&exp2, &bnt1, &bnt2);
secp256k1_num_free(&bnc1);
secp256k1_num_free(&bnc2);
secp256k1_num_free(&bnt1);
secp256k1_num_free(&bnt2);
secp256k1_num_free(&bnn2);
}
}

7
group.h

@ -95,17 +95,18 @@ private: @@ -95,17 +95,18 @@ private:
const FieldElem g_y;
public:
const Number order;
secp256k1_num_t order;
const GroupElem g;
const FieldElem beta;
const Number lambda, a1b2, b1, a2;
secp256k1_num_t lambda, a1b2, b1, a2;
GroupConstants();
~GroupConstants();
};
const GroupConstants &GetGroupConst();
void SplitExp(const Number &exp, Number &exp1, Number &exp2);
void SplitExp(const secp256k1_num_t &exp, secp256k1_num_t &exp1, secp256k1_num_t &exp2);
}

28
num.h

@ -9,4 +9,32 @@ @@ -9,4 +9,32 @@
#error "Please select num implementation"
#endif
void static secp256k1_num_start(void);
void static secp256k1_num_init(secp256k1_num_t *r);
void static secp256k1_num_free(secp256k1_num_t *r);
void static secp256k1_num_copy(secp256k1_num_t *r, const secp256k1_num_t *a);
void static secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num_t *a);
void static secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, unsigned int alen);
void static secp256k1_num_set_int(secp256k1_num_t *r, int a);
void static secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *m);
void static secp256k1_num_mod_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, const secp256k1_num_t *m);
int static secp256k1_num_cmp(const secp256k1_num_t *a, const secp256k1_num_t *b);
void static secp256k1_num_add(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
void static secp256k1_num_sub(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
void static secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
void static secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
void static secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
int static secp256k1_num_bits(const secp256k1_num_t *a);
int static secp256k1_num_shift(secp256k1_num_t *r, int bits);
int static secp256k1_num_is_zero(const secp256k1_num_t *a);
int static secp256k1_num_is_odd(const secp256k1_num_t *a);
int static secp256k1_num_is_neg(const secp256k1_num_t *a);
int static secp256k1_num_get_bit(const secp256k1_num_t *a, int pos);
void static secp256k1_num_inc(secp256k1_num_t *r);
void static secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen);
void static secp256k1_num_get_hex(char *r, int *rlen, const secp256k1_num_t *a);
void static secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const secp256k1_num_t *a, int bits);
void static secp256k1_num_negate(secp256k1_num_t *r);
void static secp256k1_num_set_rand(secp256k1_num_t *r, const secp256k1_num_t *a);
#endif

183
num_gmp.cpp

@ -1,171 +1,148 @@ @@ -1,171 +1,148 @@
#include <assert.h>
#include <string>
#include <string.h>
#include <stdlib.h>
#include <gmp.h>
#include "num_gmp.h"
#include "num.h"
namespace secp256k1 {
class NumberState {
private:
typedef struct {
int initialized;
gmp_randstate_t rng;
} secp256k1_num_state_t;
public:
NumberState() {
gmp_randinit_default(rng);
}
~NumberState() {
gmp_randclear(rng);
}
void gen(mpz_t out, mpz_t size) {
mpz_urandomm(out, rng, size);
}
};
static NumberState number_state;
Number::Number(const Number &x) {
mpz_init_set(bn, x.bn);
}
Number::Number() {
mpz_init(bn);
}
static secp256k1_num_state_t secp256k1_num_state = {};
Number::~Number() {
mpz_clear(bn);
void static secp256k1_num_start(void) {
if (secp256k1_num_state.initialized)
return;
secp256k1_num_state.initialized = 1;
gmp_randinit_default(secp256k1_num_state.rng);
}
Number &Number::operator=(const Number &x) {
mpz_set(bn, x.bn);
return *this;
void static secp256k1_num_init(secp256k1_num_t *r) {
mpz_init(r->bn);
}
void Number::SetNumber(const Number &x) {
mpz_set(bn, x.bn);
void static secp256k1_num_free(secp256k1_num_t *r) {
mpz_clear(r->bn);
}
Number::Number(const unsigned char *bin, int len) {
mpz_init(bn);
SetBytes(bin,len);
void static secp256k1_num_copy(secp256k1_num_t *r, const secp256k1_num_t *a) {
mpz_set(r->bn, a->bn);
}
void Number::SetBytes(const unsigned char *bin, unsigned int len) {
mpz_import(bn, len, 1, 1, 1, 0, bin);
}
bool Number::CheckBit(int pos) const {
return mpz_tstbit(bn, pos);
}
void Number::GetBytes(unsigned char *bin, unsigned int len) {
unsigned int size = (mpz_sizeinbase(bn,2)+7)/8;
assert(size <= len);
memset(bin,0,len);
void static secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num_t *a) {
unsigned int size = (mpz_sizeinbase(a->bn,2)+7)/8;
assert(size <= rlen);
memset(r,0,rlen);
size_t count = 0;
mpz_export(bin + len - size, &count, 1, 1, 1, 0, bn);
mpz_export(r + rlen - size, &count, 1, 1, 1, 0, a->bn);
assert(count == 0 || size == count);
}
void Number::SetInt(int x) {
mpz_set_si(bn, x);
void static secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, unsigned int alen) {
mpz_import(r->bn, alen, 1, 1, 1, 0, a);
}
void Number::SetModInverse(const Number &x, const Number &m) {
mpz_invert(bn, x.bn, m.bn);
void static secp256k1_num_set_int(secp256k1_num_t *r, int a) {
mpz_set_si(r->bn, a);
}
void Number::SetModMul(const Number &a, const Number &b, const Number &m) {
mpz_mul(bn, a.bn, b.bn);
mpz_mod(bn, bn, m.bn);
void static secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *m) {
mpz_invert(r->bn, a->bn, m->bn);
}
void Number::SetAdd(const Number &a1, const Number &a2) {
mpz_add(bn, a1.bn, a2.bn);
void static secp256k1_num_mod_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, const secp256k1_num_t *m) {
mpz_mul(r->bn, a->bn, b->bn);
mpz_mod(r->bn, r->bn, m->bn);
}
void Number::SetSub(const Number &a1, const Number &a2) {
mpz_sub(bn, a1.bn, a2.bn);
int static secp256k1_num_cmp(const secp256k1_num_t *a, const secp256k1_num_t *b) {
return mpz_cmp(a->bn, b->bn);
}
void Number::SetMult(const Number &a1, const Number &a2) {
mpz_mul(bn, a1.bn, a2.bn);
void static secp256k1_num_add(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
mpz_add(r->bn, a->bn, b->bn);
}
void Number::SetDiv(const Number &a1, const Number &a2) {
mpz_tdiv_q(bn, a1.bn, a2.bn);
void static secp256k1_num_sub(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
mpz_sub(r->bn, a->bn, b->bn);
}
void Number::SetMod(const Number &a, const Number &m) {
mpz_mod(bn, a.bn, m.bn);
void static secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
mpz_mul(r->bn, a->bn, b->bn);
}
int Number::Compare(const Number &a) const {
return mpz_cmp(bn, a.bn);
void static secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
mpz_tdiv_q(r->bn, a->bn, b->bn);
}
int Number::GetBits() const {
return mpz_sizeinbase(bn,2);
void static secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
mpz_mod(r->bn, a->bn, b->bn);
}
int Number::ShiftLowBits(int bits) {
int ret = mpz_get_ui(bn) & ((1 << bits) - 1);
mpz_fdiv_q_2exp(bn, bn, bits);
return ret;
int static secp256k1_num_bits(const secp256k1_num_t *a) {
return mpz_sizeinbase(a->bn,2);
}
bool Number::IsZero() const {
return mpz_size(bn) == 0;
int static secp256k1_num_shift(secp256k1_num_t *r, int bits) {
int ret = mpz_get_ui(r->bn) & ((1 << bits) - 1);
mpz_fdiv_q_2exp(r->bn, r->bn, bits);
return ret;
}
bool Number::IsOdd() const {
return mpz_get_ui(bn) & 1;
int static secp256k1_num_is_zero(const secp256k1_num_t *a) {
return mpz_size(a->bn) == 0;
}
bool Number::IsNeg() const {
return mpz_sgn(bn) < 0;
int static secp256k1_num_is_odd(const secp256k1_num_t *a) {
return mpz_get_ui(a->bn) & 1;
}
void Number::Negate() {
mpz_neg(bn, bn);
int static secp256k1_num_is_neg(const secp256k1_num_t *a) {
return mpz_sgn(a->bn) < 0;
}
void Number::Shift1() {
mpz_fdiv_q_2exp(bn, bn, 1);
int static secp256k1_num_get_bit(const secp256k1_num_t *a, int pos) {
return mpz_tstbit(a->bn, pos);
}
void Number::Inc() {
mpz_add_ui(bn, bn, 1);
void static secp256k1_num_inc(secp256k1_num_t *r) {
mpz_add_ui(r->bn, r->bn, 1);
}
void Number::SetHex(const std::string &str) {
mpz_set_str(bn, str.c_str(), 16);
void static secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen) {
char *str = (char*)malloc(alen+1);
memcpy(str, a, alen);
str[alen] = 0;
mpz_set_str(r->bn, str, 16);
free(str);
}
void Number::SetPseudoRand(const Number &max) {
number_state.gen(bn, max.bn);
void static secp256k1_num_get_hex(char *r, int *rlen, const secp256k1_num_t *a) {
int len = mpz_sizeinbase(a->bn, 16) + 2;
if (*rlen < len) {
*rlen = len;
return;
}
mpz_get_str(r, 16, a->bn);
*rlen = len;
}
void Number::SplitInto(int bits, Number &low, Number &high) const {
void static secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const secp256k1_num_t *a, int bits) {
mpz_t tmp;
mpz_init_set_ui(tmp,1);
mpz_mul_2exp(tmp,tmp,bits);
mpz_mul_2exp(tmp, tmp, bits);
mpz_sub_ui(tmp,tmp,1);
mpz_and(low.bn, bn, tmp);
mpz_and(rl->bn, a->bn, tmp);
mpz_clear(tmp);
mpz_fdiv_q_2exp(high.bn, bn, bits);
mpz_fdiv_q_2exp(rh->bn, a->bn, bits);
}
std::string Number::ToString() const {
char *str = (char*)malloc(mpz_sizeinbase(bn,16) + 2);
mpz_get_str(str, 16, bn);
std::string ret(str);
free(str);
return ret;
void static secp256k1_num_negate(secp256k1_num_t *r) {
mpz_neg(r->bn, r->bn);
}
void static secp256k1_num_set_rand(secp256k1_num_t *r, const secp256k1_num_t *a) {
mpz_urandomm(r->bn, secp256k1_num_state.rng, a->bn);
}

44
num_gmp.h

@ -1,48 +1,10 @@ @@ -1,48 +1,10 @@
#ifndef _SECP256K1_NUM_GMP_
#define _SECP256K1_NUM_GMP_
#include <string>
#include <gmp.h>
namespace secp256k1 {
class Number {
private:
mutable mpz_t bn;
Number(const Number &x);
public:
Number();
~Number();
Number(const unsigned char *bin, int len);
Number &operator=(const Number &x);
void SetNumber(const Number &x);
void SetBytes(const unsigned char *bin, unsigned int len);
void GetBytes(unsigned char *bin, unsigned int len);
void SetInt(int x);
void SetModInverse(const Number &x, const Number &m);
void SetModMul(const Number &a, const Number &b, const Number &m);
void SetAdd(const Number &a1, const Number &a2);
void SetSub(const Number &a1, const Number &a2);
void SetMult(const Number &a1, const Number &a2);
void SetDiv(const Number &a1, const Number &a2);
void SetMod(const Number &a, const Number &m);
int Compare(const Number &a) const;
int GetBits() const;
int ShiftLowBits(int bits);
bool IsZero() const;
bool IsOdd() const;
bool IsNeg() const;
bool CheckBit(int pos) const;
void Negate();
void Shift1();
void Inc();
void SetHex(const std::string &str);
void SetPseudoRand(const Number &max);
void SplitInto(int bits, Number &low, Number &high) const;
std::string ToString() const;
};
}
typedef struct {
mpz_t bn;
} secp256k1_num_t;
#endif

209
num_openssl.cpp

@ -1,183 +1,146 @@ @@ -1,183 +1,146 @@
#include <assert.h>
#include <string>
#include <string.h>
#include <stdlib.h>
#include <openssl/bn.h>
#include <openssl/crypto.h>
#include "num_openssl.h"
#include "num.h"
namespace secp256k1 {
class Context {
private:
BN_CTX *ctx;
operator BN_CTX*() {
return ctx;
}
friend class Number;
public:
Context() {
ctx = BN_CTX_new();
}
~Context() {
BN_CTX_free(ctx);
}
};
Number::operator const BIGNUM*() const {
return &b;
}
Number::operator BIGNUM*() {
return &b;
void static secp256k1_num_start() {
}
Number::Number() {
BN_init(*this);
void static secp256k1_num_init(secp256k1_num_t *r) {
BN_init(&r->bn);
}
Number::~Number() {
BN_free(*this);
void static secp256k1_num_free(secp256k1_num_t *r) {
BN_free(&r->bn);
}
Number::Number(const unsigned char *bin, int len) {
BN_init(*this);
SetBytes(bin,len);
void static secp256k1_num_copy(secp256k1_num_t *r, const secp256k1_num_t *a) {
BN_copy(&r->bn, &a->bn);
}
void Number::SetNumber(const Number &x) {
BN_copy(*this, x);
void static secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num_t *a) {
unsigned int size = BN_num_bytes(&a->bn);
assert(size <= rlen);
memset(r,0,rlen);
BN_bn2bin(&a->bn, r + rlen - size);
}
Number::Number(const Number &x) {
BN_init(*this);
BN_copy(*this, x);
void static secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, unsigned int alen) {
BN_bin2bn(a, alen, &r->bn);
}
Number &Number::operator=(const Number &x) {
BN_copy(*this, x);
return *this;
void static secp256k1_num_set_int(secp256k1_num_t *r, int a) {
BN_set_word(&r->bn, a < 0 ? -a : a);
BN_set_negative(&r->bn, a < 0);
}
void Number::SetBytes(const unsigned char *bin, int len) {
BN_bin2bn(bin, len, *this);
void static secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *m) {
BN_CTX *ctx = BN_CTX_new();
BN_mod_inverse(&r->bn, &a->bn, &m->bn, ctx);
BN_CTX_free(ctx);
}
void Number::GetBytes(unsigned char *bin, int len) {
int size = BN_num_bytes(*this);
assert(size <= len);
memset(bin,0,len);
BN_bn2bin(*this, bin + len - size);
}
void Number::SetInt(int x) {
if (x >= 0) {
BN_set_word(*this, x);
} else {
BN_set_word(*this, -x);
BN_set_negative(*this, 1);
}
void static secp256k1_num_mod_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, const secp256k1_num_t *m) {
BN_CTX *ctx = BN_CTX_new();
BN_mod_mul(&r->bn, &a->bn, &b->bn, &m->bn, ctx);
BN_CTX_free(ctx);
}
void Number::SetModInverse(const Number &x, const Number &m) {
Context ctx;
BN_mod_inverse(*this, x, m, ctx);
int static secp256k1_num_cmp(const secp256k1_num_t *a, const secp256k1_num_t *b) {
return BN_cmp(&a->bn, &b->bn);
}
void Number::SetModMul(const Number &a, const Number &b, const Number &m) {
Context ctx;
BN_mod_mul(*this, a, b, m, ctx);
void static secp256k1_num_add(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
BN_add(&r->bn, &a->bn, &b->bn);
}
void Number::SetAdd(const Number &a1, const Number &a2) {
BN_add(*this, a1, a2);
void static secp256k1_num_sub(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
BN_sub(&r->bn, &a->bn, &b->bn);
}
void Number::SetSub(const Number &a1, const Number &a2) {
BN_sub(*this, a1, a2);
void static secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
BN_CTX *ctx = BN_CTX_new();
BN_mul(&r->bn, &a->bn, &b->bn, ctx);
BN_CTX_free(ctx);
}
void Number::SetMult(const Number &a1, const Number &a2) {
Context ctx;
BN_mul(*this, a1, a2, ctx);
void static secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
BN_CTX *ctx = BN_CTX_new();
BN_div(&r->bn, NULL, &a->bn, &b->bn, ctx);
BN_CTX_free(ctx);
}
void Number::SetDiv(const Number &a1, const Number &a2) {
Context ctx;
BN_div(*this, NULL, a1, a2, ctx);
void static secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
BN_CTX *ctx = BN_CTX_new();
BN_nnmod(&r->bn, &a->bn, &b->bn, ctx);
BN_CTX_free(ctx);
}
void Number::SetMod(const Number &a, const Number &m) {
Context ctx;
BN_nnmod(*this, a, m, ctx);
int static secp256k1_num_bits(const secp256k1_num_t *a) {
return BN_num_bits(&a->bn);
}
int Number::Compare(const Number &a) const {
return BN_cmp(*this, a);
}
int Number::GetBits() const {
return BN_num_bits(*this);
}
int Number::ShiftLowBits(int bits) {
BIGNUM *bn = *this;
int ret = BN_is_zero(bn) ? 0 : bn->d[0] & ((1 << bits) - 1);
BN_rshift(*this, *this, bits);
int static secp256k1_num_shift(secp256k1_num_t *r, int bits) {
int ret = BN_is_zero(&r->bn) ? 0 : r->bn.d[0] & ((1 << bits) - 1);
BN_rshift(&r->bn, &r->bn, bits);
return ret;
}
bool Number::IsZero() const {
return BN_is_zero((const BIGNUM*)*this);
}
bool Number::IsOdd() const {
return BN_is_odd((const BIGNUM*)*this);
int static secp256k1_num_is_zero(const secp256k1_num_t *a) {
return BN_is_zero(&a->bn);
}
bool Number::CheckBit(int pos) const {
return BN_is_bit_set((const BIGNUM*)*this, pos);
int static secp256k1_num_is_odd(const secp256k1_num_t *a) {
return BN_is_odd(&a->bn);
}
bool Number::IsNeg() const {
return BN_is_negative((const BIGNUM*)*this);
int static secp256k1_num_is_neg(const secp256k1_num_t *a) {
return BN_is_negative(&a->bn);
}
void Number::Negate() {
BN_set_negative(*this, !IsNeg());
int static secp256k1_num_get_bit(const secp256k1_num_t *a, int pos) {
return BN_is_bit_set(&a->bn, pos);
}
void Number::Shift1() {
BN_rshift1(*this,*this);
void static secp256k1_num_inc(secp256k1_num_t *r) {
BN_add_word(&r->bn, 1);
}
void Number::Inc() {
BN_add_word(*this,1);
void static secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen) {
char *str = (char*)malloc(alen+1);
memcpy(str, a, alen);
str[alen] = 0;
BIGNUM *pbn = &r->bn;
BN_hex2bn(&pbn, str);
free(str);
}
void Number::SetHex(const std::string &str) {
BIGNUM *bn = *this;
BN_hex2bn(&bn, str.c_str());
}
void Number::SetPseudoRand(const Number &max) {
BN_pseudo_rand_range(*this, max);
void static secp256k1_num_get_hex(char *r, int *rlen, const secp256k1_num_t *a) {
char *str = BN_bn2hex(&a->bn);
int len = strlen(str) + 1;
if (len > *rlen) {
*rlen = strlen(str);
OPENSSL_free(str);
return;
}
memcpy(r, str, len);
OPENSSL_free(str);
*rlen = len;
}
void Number::SplitInto(int bits, Number &low, Number &high) const {
BN_copy(low, *this);
BN_mask_bits(low, bits);
BN_rshift(high, *this, bits);
void static secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const secp256k1_num_t *a, int bits) {
BN_copy(&rl->bn, &a->bn);
BN_rshift(&rh->bn, &a->bn, bits);
BN_mask_bits(&rl->bn, bits);
}
std::string Number::ToString() const {
char *str = BN_bn2hex(*this);
std::string ret(str);
OPENSSL_free(str);
return ret;
void static secp256k1_num_negate(secp256k1_num_t *r) {
BN_set_negative(&r->bn, !BN_is_negative(&r->bn));
}
void static secp256k1_num_set_rand(secp256k1_num_t *r, const secp256k1_num_t *a) {
BN_pseudo_rand_range(&r->bn, &a->bn);
}

46
num_openssl.h

@ -1,50 +1,10 @@ @@ -1,50 +1,10 @@
#ifndef _SECP256K1_NUM_OPENSSL_
#define _SECP256K1_NUM_OPENSSL_
#include <string>
#include <openssl/bn.h>
namespace secp256k1 {
class Number {
private:
BIGNUM b;
Number(const Number &x);
operator const BIGNUM*() const;
operator BIGNUM*();
public:
Number();
~Number();
Number(const unsigned char *bin, int len);
void SetNumber(const Number &x);
Number &operator=(const Number &x);
void SetBytes(const unsigned char *bin, int len);
void GetBytes(unsigned char *bin, int len);
void SetInt(int x);
void SetModInverse(const Number &x, const Number &m);
void SetModMul(const Number &a, const Number &b, const Number &m);
void SetAdd(const Number &a1, const Number &a2);
void SetSub(const Number &a1, const Number &a2);
void SetMult(const Number &a1, const Number &a2);
void SetDiv(const Number &a1, const Number &a2);
void SetMod(const Number &a, const Number &m);
int Compare(const Number &a) const;
int GetBits() const;
int ShiftLowBits(int bits);
bool IsZero() const;
bool IsOdd() const;
bool IsNeg() const;
bool CheckBit(int pos) const;
void Negate();
void Shift1();
void Inc();
void SetHex(const std::string &str);
void SetPseudoRand(const Number &max);
void SplitInto(int bits, Number &low, Number &high) const;
std::string ToString() const;
};
}
typedef struct {
BIGNUM bn;
} secp256k1_num_t;
#endif

29
secp256k1.cpp

@ -7,23 +7,32 @@ @@ -7,23 +7,32 @@
namespace secp256k1 {
int VerifyECDSA(const unsigned char *msg, int msglen, const unsigned char *sig, int siglen, const unsigned char *pubkey, int pubkeylen) {
Number m;
int ret = -3;
secp256k1_num_t m;
secp256k1_num_init(&m);
Signature s;
GroupElemJac q;
m.SetBytes(msg, msglen);
if (!ParsePubKey(q, pubkey, pubkeylen))
return -1;
secp256k1_num_set_bin(&m, msg, msglen);
if (!ParsePubKey(q, pubkey, pubkeylen)) {
ret = -1;
goto end;
}
if (!s.Parse(sig, siglen)) {
fprintf(stderr, "Can't parse signature: ");
for (int i=0; i<siglen; i++) fprintf(stderr,"%02x", sig[i]);
fprintf(stderr, "\n");
return -2;
ret = -2;
goto end;
}
if (!s.Verify(q, m)) {
ret = 0;
goto end;
}
// fprintf(stderr, "Verifying ECDSA: msg=%s pubkey=%s sig=%s\n", m.ToString().c_str(), q.ToString().c_str(), s.ToString().c_str());
if (!s.Verify(q, m))
return 0;
return 1;
ret = 1;
end:
secp256k1_num_free(&m);
return ret;
}
}
}

119
tests.cpp

@ -6,6 +6,9 @@ @@ -6,6 +6,9 @@
#include "ecmult.cpp"
#include "ecdsa.cpp"
// #define COUNT 2
#define COUNT 100
using namespace secp256k1;
void test_run_ecmult_chain() {
@ -14,36 +17,56 @@ void test_run_ecmult_chain() { @@ -14,36 +17,56 @@ void test_run_ecmult_chain() {
FieldElem ay; ay.SetHex("a357ae915c4a65281309edf20504740f0eb3343990216b4f81063cb65f2f7e0f");
GroupElemJac a(ax,ay);
// two random initial factors xn and gn
Number xn; xn.SetHex("84cc5452f7fde1edb4d38a8ce9b1b84ccef31f146e569be9705d357a42985407");
Number gn; gn.SetHex("a1e58d22553dcd42b23980625d4c57a96e9323d42b3152e5ca2c3990edc7c9de");
secp256k1_num_t xn;
secp256k1_num_init(&xn);
secp256k1_num_set_hex(&xn, "84cc5452f7fde1edb4d38a8ce9b1b84ccef31f146e569be9705d357a42985407", 64);
secp256k1_num_t gn;
secp256k1_num_init(&gn);
secp256k1_num_set_hex(&gn, "a1e58d22553dcd42b23980625d4c57a96e9323d42b3152e5ca2c3990edc7c9de", 64);
// two small multipliers to be applied to xn and gn in every iteration:
Number xf; xf.SetHex("1337");
Number gf; gf.SetHex("7113");
secp256k1_num_t xf;
secp256k1_num_init(&xf);
secp256k1_num_set_hex(&xf, "1337", 4);
secp256k1_num_t gf;
secp256k1_num_init(&gf);
secp256k1_num_set_hex(&gf, "7113", 4);
// accumulators with the resulting coefficients to A and G
Number ae; ae.SetHex("01");
Number ge; ge.SetHex("00");
secp256k1_num_t ae;
secp256k1_num_init(&ae);
secp256k1_num_set_int(&ae, 1);
secp256k1_num_t ge;
secp256k1_num_init(&ge);
secp256k1_num_set_int(&ge, 0);
// the point being computed
GroupElemJac x = a;
const Number &order = GetGroupConst().order;
for (int i=0; i<20000; i++) {
const secp256k1_num_t &order = GetGroupConst().order;
for (int i=0; i<200*COUNT; i++) {
// in each iteration, compute X = xn*X + gn*G;
ECMult(x, x, xn, gn);
// also compute ae and ge: the actual accumulated factors for A and G
// if X was (ae*A+ge*G), xn*X + gn*G results in (xn*ae*A + (xn*ge+gn)*G)
ae.SetModMul(ae, xn, order);
ge.SetModMul(ge, xn, order);
ge.SetAdd(ge, gn);
ge.SetMod(ge, order);
secp256k1_num_mod_mul(&ae, &ae, &xn, &order);
secp256k1_num_mod_mul(&ge, &ge, &xn, &order);
secp256k1_num_add(&ge, &ge, &gn);
secp256k1_num_mod(&ge, &ge, &order);
// modify xn and gn
xn.SetModMul(xn, xf, order);
gn.SetModMul(gn, gf, order);
secp256k1_num_mod_mul(&xn, &xn, &xf, &order);
secp256k1_num_mod_mul(&gn, &gn, &gf, &order);
}
std::string res = x.ToString();