starwels
/
secp256k1
mirror of https://github.com/starwels/secp256k1
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

First step in converting to C: num

master
Pieter Wuille 10 years ago
parent
21b74c7e5f
commit
4adf6b2a32
17 changed files with 507 additions and 471 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      Makefile
  2. 27
      bench.cpp
  3. 103
      ecdsa.cpp
  4. 19
      ecdsa.h
  5. 51
      ecmult.cpp
  6. 4
      ecmult.h
  7. 20
      field.cpp
  8. 3
      field.h
  9. 80
      group.cpp
  10. 7
      group.h
  11. 28
      num.h
  12. 183
      num_gmp.cpp
  13. 44
      num_gmp.h
  14. 209
      num_openssl.cpp
  15. 46
      num_openssl.h
  16. 29
      secp256k1.cpp
  17. 119
      tests.cpp

6
Makefile
Unescape View File

@ -54,8 +54,8 @@ clean-$(CONF): @@ -54,8 +54,8 @@ clean-$(CONF):
obj/secp256k1-$(CONF).o: $(SECP256K1_FILES)
$(CXX) $(FLAGS_COMMON) $(FLAGS_PROD) $(FLAGS_CONF) secp256k1.cpp -c -o obj/secp256k1-$(CONF).o
bench-$(CONF): obj/secp256k1-$(CONF).o bench.cpp
$(CXX) $(FLAGS_COMMON) $(FLAGS_PROD) $(FLAGS_CONF) obj/secp256k1-$(CONF).o bench.cpp $(LIBS) -o bench-$(CONF)
bench-$(CONF): $(SECP256K1_FILES) bench.cpp
$(CXX) $(FLAGS_COMMON) $(FLAGS_PROD) $(FLAGS_CONF) bench.cpp $(LIBS) -o bench-$(CONF)
tests-$(CONF): $(SECP256K1_FILES) tests.cpp
$(CXX) $(FLAGS_COMMON) $(FLAGS_TEST) $(FLAGS_CONF) tests.cpp $(LIBS) -o tests-$(CONF)
$(CXX) $(FLAGS_COMMON) $(FLAGS_DEBUG) $(FLAGS_CONF) tests.cpp $(LIBS) -o tests-$(CONF)

27
bench.cpp
Unescape View File

@ -1,25 +1,29 @@ @@ -1,25 +1,29 @@
#include <stdio.h>
#include "num.h"
#include "field.h"
#include "group.h"
#include "ecmult.h"
#include "ecdsa.h"
#include "num.cpp"
#include "field.cpp"
#include "group.cpp"
#include "ecmult.cpp"
#include "ecdsa.cpp"
using namespace secp256k1;
int main() {
FieldElem x;
const Number &order = GetGroupConst().order;
Number r, s, m;
const secp256k1_num_t &order = GetGroupConst().order;
secp256k1_num_t r, s, m;
secp256k1_num_start();
secp256k1_num_init(&r);
secp256k1_num_init(&s);
secp256k1_num_init(&m);
Signature sig;
x.SetHex("a357ae915c4a65281309edf20504740f0eb3343990216b4f81063cb65f2f7e0f");
int cnt = 0;
int good = 0;
for (int i=0; i<1000000; i++) {
r.SetPseudoRand(order);
s.SetPseudoRand(order);
m.SetPseudoRand(order);
secp256k1_num_set_rand(&r, &order);
secp256k1_num_set_rand(&s, &order);
secp256k1_num_set_rand(&m, &order);
sig.SetRS(r,s);
GroupElemJac pubkey; pubkey.SetCompressed(x, true);
if (pubkey.IsValid()) {
@ -28,5 +32,8 @@ int main() { @@ -28,5 +32,8 @@ int main() {
}
}
printf("%i/%i\n", good, cnt);
secp256k1_num_free(&r);
secp256k1_num_free(&s);
secp256k1_num_free(&m);
return 0;
}

103
ecdsa.cpp
Unescape View File

@ -35,17 +35,17 @@ bool Signature::Parse(const unsigned char *sig, int size) { @@ -35,17 +35,17 @@ bool Signature::Parse(const unsigned char *sig, int size) {
if (lenr == 0) return false;
if (sig[lenr+4] != 0x02) return false;
if (lens == 0) return false;
r.SetBytes(sig+4, lenr);
s.SetBytes(sig+6+lenr, lens);
secp256k1_num_set_bin(&r, sig+4, lenr);
secp256k1_num_set_bin(&s, sig+6+lenr, lens);
return true;
}
bool Signature::Serialize(unsigned char *sig, int *size) {
int lenR = (r.GetBits() + 7)/8;
if (lenR == 0 || r.CheckBit(lenR*8-1))
int lenR = (secp256k1_num_bits(&r) + 7)/8;
if (lenR == 0 || secp256k1_num_get_bit(&r, lenR*8-1))
lenR++;
int lenS = (s.GetBits() + 7)/8;
if (lenS == 0 || s.CheckBit(lenS*8-1))
int lenS = (secp256k1_num_bits(&s) + 7)/8;
if (lenS == 0 || secp256k1_num_get_bit(&s, lenS*8-1))
lenS++;
if (*size < 6+lenS+lenR)
return false;
@ -54,45 +54,56 @@ bool Signature::Serialize(unsigned char *sig, int *size) { @@ -54,45 +54,56 @@ bool Signature::Serialize(unsigned char *sig, int *size) {
sig[1] = 4 + lenS + lenR;
sig[2] = 0x02;
sig[3] = lenR;
r.GetBytes(sig+4, lenR);
secp256k1_num_get_bin(sig+4, lenR, &r);
sig[4+lenR] = 0x02;
sig[5+lenR] = lenS;
s.GetBytes(sig+6, lenS);
secp256k1_num_get_bin(sig+lenR+6, lenS, &s);
return true;
}
bool Signature::RecomputeR(Number &r2, const GroupElemJac &pubkey, const Number &message) const {
bool Signature::RecomputeR(secp256k1_num_t &r2, const GroupElemJac &pubkey, const secp256k1_num_t &message) const {
const GroupConstants &c = GetGroupConst();
if (r.IsNeg() || s.IsNeg())
if (secp256k1_num_is_neg(&r) || secp256k1_num_is_neg(&s))
return false;
if (r.IsZero() || s.IsZero())
if (secp256k1_num_is_zero(&r) || secp256k1_num_is_zero(&s))
return false;
if (r.Compare(c.order) >= 0 || s.Compare(c.order) >= 0)
if (secp256k1_num_cmp(&r, &c.order) >= 0 || secp256k1_num_cmp(&s, &c.order) >= 0)
return false;
Number sn, u1, u2;
sn.SetModInverse(s, c.order);
u1.SetModMul(sn, message, c.order);
u2.SetModMul(sn, r, c.order);
bool ret = false;
secp256k1_num_t sn, u1, u2;
secp256k1_num_init(&sn);
secp256k1_num_init(&u1);
secp256k1_num_init(&u2);
secp256k1_num_mod_inverse(&sn, &s, &c.order);
secp256k1_num_mod_mul(&u1, &sn, &message, &c.order);
secp256k1_num_mod_mul(&u2, &sn, &r, &c.order);
GroupElemJac pr; ECMult(pr, pubkey, u2, u1);
if (pr.IsInfinity())
return false;
FieldElem xr; pr.GetX(xr);
xr.Normalize();
unsigned char xrb[32]; xr.GetBytes(xrb);
r2.SetBytes(xrb,32); r2.SetMod(r2,c.order);
return true;
if (!pr.IsInfinity()) {
FieldElem xr; pr.GetX(xr);
xr.Normalize();
unsigned char xrb[32]; xr.GetBytes(xrb);
secp256k1_num_set_bin(&r2, xrb, 32);
secp256k1_num_mod(&r2, &r2, &c.order);
ret = true;
}
secp256k1_num_free(&sn);
secp256k1_num_free(&u1);
secp256k1_num_free(&u2);
return ret;
}
bool Signature::Verify(const GroupElemJac &pubkey, const Number &message) const {
Number r2;
if (!RecomputeR(r2, pubkey, message))
return false;
return r2.Compare(r) == 0;
bool Signature::Verify(const GroupElemJac &pubkey, const secp256k1_num_t &message) const {
secp256k1_num_t r2;
secp256k1_num_init(&r2);
bool ret = false;
ret = RecomputeR(r2, pubkey, message) && secp256k1_num_cmp(&r, &r2) == 0;
secp256k1_num_free(&r2);
return ret;
}
bool Signature::Sign(const Number &seckey, const Number &message, const Number &nonce) {
bool Signature::Sign(const secp256k1_num_t &seckey, const secp256k1_num_t &message, const secp256k1_num_t &nonce) {
const GroupConstants &c = GetGroupConst();
GroupElemJac rp;
@ -102,27 +113,33 @@ bool Signature::Sign(const Number &seckey, const Number &message, const Number & @@ -102,27 +113,33 @@ bool Signature::Sign(const Number &seckey, const Number &message, const Number &
unsigned char b[32];
rx.Normalize();
rx.GetBytes(b);
r.SetBytes(b, 32);
r.SetMod(r, c.order);
Number n;
n.SetModMul(r, seckey, c.order);
n.SetAdd(message, n);
s.SetModInverse(nonce, c.order);
s.SetModMul(s, n, c.order);
if (s.IsZero())
secp256k1_num_set_bin(&r, b, 32);
secp256k1_num_mod(&r, &r, &c.order);
secp256k1_num_t n;
secp256k1_num_init(&n);
secp256k1_num_mod_mul(&n, &r, &seckey, &c.order);
secp256k1_num_add(&n, &n, &message);
secp256k1_num_mod_inverse(&s, &nonce, &c.order);
secp256k1_num_mod_mul(&s, &s, &n, &c.order);
secp256k1_num_free(&n);
if (secp256k1_num_is_zero(&s))
return false;
if (s.IsOdd())
s.SetSub(c.order, s);
if (secp256k1_num_is_odd(&s))
secp256k1_num_sub(&s, &c.order, &s);
return true;
}
void Signature::SetRS(const Number &rin, const Number &sin) {
r = rin;
s = sin;
void Signature::SetRS(const secp256k1_num_t &rin, const secp256k1_num_t &sin) {
secp256k1_num_copy(&r, &rin);
secp256k1_num_copy(&s, &sin);
}
std::string Signature::ToString() const {
return "(" + r.ToString() + "," + s.ToString() + ")";
char rs[65], ss[65];
int rl = 65, sl = 65;
secp256k1_num_get_hex(rs, &rl, &r);
secp256k1_num_get_hex(ss, &sl, &s);
return "(" + std::string(rs) + "," + std::string(ss) + ")";
}
}

19
ecdsa.h
Unescape View File

@ -5,15 +5,24 @@ namespace secp256k1 { @@ -5,15 +5,24 @@ namespace secp256k1 {
class Signature {
private:
Number r,s;
secp256k1_num_t r,s;
public:
Signature() {
secp256k1_num_init(&r);
secp256k1_num_init(&s);
}
~Signature() {
secp256k1_num_free(&r);
secp256k1_num_free(&s);
}
bool Parse(const unsigned char *sig, int size);
bool Serialize(unsigned char *sig, int *size);
bool RecomputeR(Number &r2, const GroupElemJac &pubkey, const Number &message) const;
bool Verify(const GroupElemJac &pubkey, const Number &message) const;
bool Sign(const Number &seckey, const Number &message, const Number &nonce);
void SetRS(const Number &rin, const Number &sin);
bool RecomputeR(secp256k1_num_t &r2, const GroupElemJac &pubkey, const secp256k1_num_t &message) const;
bool Verify(const GroupElemJac &pubkey, const secp256k1_num_t &message) const;
bool Sign(const secp256k1_num_t &seckey, const secp256k1_num_t &message, const secp256k1_num_t &nonce);
void SetRS(const secp256k1_num_t &rin, const secp256k1_num_t &sin);
std::string ToString() const;
};

51
ecmult.cpp
Unescape View File

@ -61,29 +61,31 @@ private: @@ -61,29 +61,31 @@ private:
}
public:
WNAF(const Number &exp, int w) : used(0) {
WNAF(const secp256k1_num_t &exp, int w) : used(0) {
int zeroes = 0;
Number x;
x.SetNumber(exp);
secp256k1_num_t x;
secp256k1_num_init(&x);
secp256k1_num_copy(&x, &exp);
int sign = 1;
if (x.IsNeg()) {
if (secp256k1_num_is_neg(&x)) {
sign = -1;
x.Negate();
secp256k1_num_negate(&x);
}
while (!x.IsZero()) {
while (!x.IsOdd()) {
while (!secp256k1_num_is_zero(&x)) {
while (!secp256k1_num_is_odd(&x)) {
zeroes++;
x.Shift1();
secp256k1_num_shift(&x, 1);
}
int word = x.ShiftLowBits(w);
int word = secp256k1_num_shift(&x, w);
if (word & (1 << (w-1))) {
x.Inc();
secp256k1_num_inc(&x);
PushNAF(sign * (word - (1 << w)), zeroes);
} else {
PushNAF(sign * word, zeroes);
}
zeroes = w-1;
}
secp256k1_num_free(&x);
}
int GetSize() const {
@ -145,19 +147,27 @@ const ECMultConsts &GetECMultConsts() { @@ -145,19 +147,27 @@ const ECMultConsts &GetECMultConsts() {
return ecmult_consts;
}
void ECMultBase(GroupElemJac &out, const Number &gn) {
Number n; n.SetNumber(gn);
void ECMultBase(GroupElemJac &out, const secp256k1_num_t &gn) {
secp256k1_num_t n;
secp256k1_num_init(&n);
secp256k1_num_copy(&n, &gn);
const ECMultConsts &c = GetECMultConsts();
out.SetAffine(c.prec[0][n.ShiftLowBits(4)]);
out.SetAffine(c.prec[0][secp256k1_num_shift(&n, 4)]);
for (int j=1; j<64; j++) {
out.SetAdd(out, c.prec[j][n.ShiftLowBits(4)]);
out.SetAdd(out, c.prec[j][secp256k1_num_shift(&n, 4)]);
}
secp256k1_num_free(&n);
out.SetAdd(out, c.fin);
}
void ECMult(GroupElemJac &out, const GroupElemJac &a, const Number &an, const Number &gn) {
Number an1, an2;
Number gn1, gn2;
void ECMult(GroupElemJac &out, const GroupElemJac &a, const secp256k1_num_t &an, const secp256k1_num_t &gn) {
secp256k1_num_t an1, an2;
secp256k1_num_t gn1, gn2;
secp256k1_num_init(&an1);
secp256k1_num_init(&an2);
secp256k1_num_init(&gn1);
secp256k1_num_init(&gn2);
SplitExp(an, an1, an2);
// printf("an=%s\n", an.ToString().c_str());
@ -165,7 +175,7 @@ void ECMult(GroupElemJac &out, const GroupElemJac &a, const Number &an, const Nu @@ -165,7 +175,7 @@ void ECMult(GroupElemJac &out, const GroupElemJac &a, const Number &an, const Nu
// printf("an2=%s\n", an2.ToString().c_str());
// printf("an1.len=%i\n", an1.GetBits());
// printf("an2.len=%i\n", an2.GetBits());
gn.SplitInto(128, gn1, gn2);
secp256k1_num_split(&gn1, &gn2, &gn, 128);
WNAF<128> wa1(an1, WINDOW_A);
WNAF<128> wa2(an2, WINDOW_A);
@ -206,6 +216,11 @@ void ECMult(GroupElemJac &out, const GroupElemJac &a, const Number &an, const Nu @@ -206,6 +216,11 @@ void ECMult(GroupElemJac &out, const GroupElemJac &a, const Number &an, const Nu
out.SetAdd(out, tmpa);
}
}
secp256k1_num_free(&an1);
secp256k1_num_free(&an2);
secp256k1_num_free(&gn1);
secp256k1_num_free(&gn2);
}
}

4
ecmult.h
Unescape View File

@ -6,8 +6,8 @@ @@ -6,8 +6,8 @@
namespace secp256k1 {
void ECMultBase(GroupElemJac &out, const Number &gn);
void ECMult(GroupElemJac &out, const GroupElemJac &a, const Number &an, const Number &gn);
void ECMultBase(GroupElemJac &out, const secp256k1_num_t &gn);
void ECMult(GroupElemJac &out, const GroupElemJac &a, const secp256k1_num_t &an, const secp256k1_num_t &gn);
}

20
field.cpp
Unescape View File

@ -363,7 +363,14 @@ static const unsigned char field_p_[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF @@ -363,7 +363,14 @@ static const unsigned char field_p_[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F};
FieldConstants::FieldConstants() : field_p(field_p_, sizeof(field_p_)) {}
FieldConstants::FieldConstants() {
secp256k1_num_init(&field_p);
secp256k1_num_set_bin(&field_p, field_p_, sizeof(field_p_));
}
FieldConstants::~FieldConstants() {
secp256k1_num_free(&field_p);
}
const FieldConstants &GetFieldConst() {
static const FieldConstants field_const;
@ -408,10 +415,13 @@ void FieldElem::SetInverse(FieldElem &a) { @@ -408,10 +415,13 @@ void FieldElem::SetInverse(FieldElem &a) {
a.Normalize();
a.GetBytes(b);
{
const Number &p = GetFieldConst().field_p;
Number n; n.SetBytes(b, 32);
n.SetModInverse(n, p);
n.GetBytes(b, 32);
const secp256k1_num_t &p = GetFieldConst().field_p;
secp256k1_num_t n;
secp256k1_num_init(&n);
secp256k1_num_set_bin(&n, b, 32);
secp256k1_num_mod_inverse(&n, &n, &p);
secp256k1_num_get_bin(b, 32, &n);
secp256k1_num_free(&n);
}
SetBytes(b);
#endif

3
field.h
Unescape View File

@ -77,9 +77,10 @@ public: @@ -77,9 +77,10 @@ public:
class FieldConstants {
public:
const Number field_p;
secp256k1_num_t field_p;
FieldConstants();
~FieldConstants();
};
const FieldConstants &GetFieldConst();

80
group.cpp
Unescape View File

@ -291,13 +291,28 @@ static const unsigned char a2_[] = {0x01, @@ -291,13 +291,28 @@ static const unsigned char a2_[] = {0x01,
0x57,0xc1,0x10,0x8d,0x9d,0x44,0xcf,0xd8};
GroupConstants::GroupConstants() : g_x(g_x_), g_y(g_y_),
order(order_, sizeof(order_)),
g(g_x,g_y),
beta(beta_),
lambda(lambda_, sizeof(lambda_)),
a1b2(a1b2_, sizeof(a1b2_)),
b1(b1_, sizeof(b1_)),
a2(a2_, sizeof(a2_)) {}
beta(beta_) {
secp256k1_num_init(&order);
secp256k1_num_init(&lambda);
secp256k1_num_init(&a1b2);
secp256k1_num_init(&b1);
secp256k1_num_init(&a2);
secp256k1_num_set_bin(&order, order_, sizeof(order_));
secp256k1_num_set_bin(&lambda, lambda_, sizeof(lambda_));
secp256k1_num_set_bin(&a1b2, a1b2_, sizeof(a1b2_));
secp256k1_num_set_bin(&b1, b1_, sizeof(b1_));
secp256k1_num_set_bin(&a2, a2_, sizeof(a2_));
}
GroupConstants::~GroupConstants() {
secp256k1_num_free(&order);
secp256k1_num_free(&lambda);
secp256k1_num_free(&a1b2);
secp256k1_num_free(&b1);
secp256k1_num_free(&a2);
}
const GroupConstants &GetGroupConst() {
static const GroupConstants group_const;
@ -310,27 +325,40 @@ void GroupElemJac::SetMulLambda(const GroupElemJac &p) { @@ -310,27 +325,40 @@ void GroupElemJac::SetMulLambda(const GroupElemJac &p) {
x.SetMult(x, beta);
}
void SplitExp(const Number &exp, Number &exp1, Number &exp2) {
void SplitExp(const secp256k1_num_t &exp, secp256k1_num_t &exp1, secp256k1_num_t &exp2) {
const GroupConstants &c = GetGroupConst();
Number bnc1, bnc2, bnt1, bnt2, bnn2;
bnn2.SetNumber(c.order);
bnn2.Shift1();
bnc1.SetMult(exp, c.a1b2);
bnc1.SetAdd(bnc1, bnn2);
bnc1.SetDiv(bnc1, c.order);
bnc2.SetMult(exp, c.b1);
bnc2.SetAdd(bnc2, bnn2);
bnc2.SetDiv(bnc2, c.order);
bnt1.SetMult(bnc1, c.a1b2);
bnt2.SetMult(bnc2, c.a2);
bnt1.SetAdd(bnt1, bnt2);
exp1.SetSub(exp, bnt1);
bnt1.SetMult(bnc1, c.b1);
bnt2.SetMult(bnc2, c.a1b2);
exp2.SetSub(bnt1, bnt2);
secp256k1_num_t bnc1, bnc2, bnt1, bnt2, bnn2;
secp256k1_num_init(&bnc1);
secp256k1_num_init(&bnc2);
secp256k1_num_init(&bnt1);
secp256k1_num_init(&bnt2);
secp256k1_num_init(&bnn2);
secp256k1_num_copy(&bnn2, &c.order);
secp256k1_num_shift(&bnn2, 1);
secp256k1_num_mul(&bnc1, &exp, &c.a1b2);
secp256k1_num_add(&bnc1, &bnc1, &bnn2);
secp256k1_num_div(&bnc1, &bnc1, &c.order);
secp256k1_num_mul(&bnc2, &exp, &c.b1);
secp256k1_num_add(&bnc2, &bnc2, &bnn2);
secp256k1_num_div(&bnc2, &bnc2, &c.order);
secp256k1_num_mul(&bnt1, &bnc1, &c.a1b2);
secp256k1_num_mul(&bnt2, &bnc2, &c.a2);
secp256k1_num_add(&bnt1, &bnt1, &bnt2);
secp256k1_num_sub(&exp1, &exp, &bnt1);
secp256k1_num_mul(&bnt1, &bnc1, &c.b1);
secp256k1_num_mul(&bnt2, &bnc2, &c.a1b2);
secp256k1_num_sub(&exp2, &bnt1, &bnt2);
secp256k1_num_free(&bnc1);
secp256k1_num_free(&bnc2);
secp256k1_num_free(&bnt1);
secp256k1_num_free(&bnt2);
secp256k1_num_free(&bnn2);
}
}

7
group.h
Unescape View File

@ -95,17 +95,18 @@ private: @@ -95,17 +95,18 @@ private:
const FieldElem g_y;
public:
const Number order;
secp256k1_num_t order;
const GroupElem g;
const FieldElem beta;
const Number lambda, a1b2, b1, a2;
secp256k1_num_t lambda, a1b2, b1, a2;
GroupConstants();
~GroupConstants();
};
const GroupConstants &GetGroupConst();
void SplitExp(const Number &exp, Number &exp1, Number &exp2);
void SplitExp(const secp256k1_num_t &exp, secp256k1_num_t &exp1, secp256k1_num_t &exp2);
}

28
num.h
Unescape View File

@ -9,4 +9,32 @@ @@ -9,4 +9,32 @@
#error "Please select num implementation"
#endif
void static secp256k1_num_start(void);
void static secp256k1_num_init(secp256k1_num_t *r);
void static secp256k1_num_free(secp256k1_num_t *r);
void static secp256k1_num_copy(secp256k1_num_t *r, const secp256k1_num_t *a);
void static secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num_t *a);
void static secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, unsigned int alen);
void static secp256k1_num_set_int(secp256k1_num_t *r, int a);
void static secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *m);
void static secp256k1_num_mod_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, const secp256k1_num_t *m);
int static secp256k1_num_cmp(const secp256k1_num_t *a, const secp256k1_num_t *b);
void static secp256k1_num_add(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
void static secp256k1_num_sub(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
void static secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
void static secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
void static secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b);
int static secp256k1_num_bits(const secp256k1_num_t *a);
int static secp256k1_num_shift(secp256k1_num_t *r, int bits);
int static secp256k1_num_is_zero(const secp256k1_num_t *a);
int static secp256k1_num_is_odd(const secp256k1_num_t *a);
int static secp256k1_num_is_neg(const secp256k1_num_t *a);
int static secp256k1_num_get_bit(const secp256k1_num_t *a, int pos);
void static secp256k1_num_inc(secp256k1_num_t *r);
void static secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen);
void static secp256k1_num_get_hex(char *r, int *rlen, const secp256k1_num_t *a);
void static secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const secp256k1_num_t *a, int bits);
void static secp256k1_num_negate(secp256k1_num_t *r);
void static secp256k1_num_set_rand(secp256k1_num_t *r, const secp256k1_num_t *a);
#endif

183
num_gmp.cpp
Unescape View File

@ -1,171 +1,148 @@ @@ -1,171 +1,148 @@
#include <assert.h>
#include <string>
#include <string.h>
#include <stdlib.h>
#include <gmp.h>
#include "num_gmp.h"
#include "num.h"
namespace secp256k1 {
class NumberState {
private:
typedef struct {
int initialized;
gmp_randstate_t rng;
} secp256k1_num_state_t;
public:
NumberState() {
gmp_randinit_default(rng);
}
~NumberState() {
gmp_randclear(rng);
}
void gen(mpz_t out, mpz_t size) {
mpz_urandomm(out, rng, size);
}
};
static NumberState number_state;
Number::Number(const Number &x) {
mpz_init_set(bn, x.bn);
}
Number::Number() {
mpz_init(bn);
}
static secp256k1_num_state_t secp256k1_num_state = {};
Number::~Number() {
mpz_clear(bn);
void static secp256k1_num_start(void) {
if (secp256k1_num_state.initialized)
return;
secp256k1_num_state.initialized = 1;
gmp_randinit_default(secp256k1_num_state.rng);
}
Number &Number::operator=(const Number &x) {
mpz_set(bn, x.bn);
return *this;
void static secp256k1_num_init(secp256k1_num_t *r) {
mpz_init(r->bn);
}
void Number::SetNumber(const Number &x) {
mpz_set(bn, x.bn);
void static secp256k1_num_free(secp256k1_num_t *r) {
mpz_clear(r->bn);
}
Number::Number(const unsigned char *bin, int len) {
mpz_init(bn);
SetBytes(bin,len);
void static secp256k1_num_copy(secp256k1_num_t *r, const secp256k1_num_t *a) {
mpz_set(r->bn, a->bn);
}
void Number::SetBytes(const unsigned char *bin, unsigned int len) {
mpz_import(bn, len, 1, 1, 1, 0, bin);
}
bool Number::CheckBit(int pos) const {
return mpz_tstbit(bn, pos);
}
void Number::GetBytes(unsigned char *bin, unsigned int len) {
unsigned int size = (mpz_sizeinbase(bn,2)+7)/8;
assert(size <= len);
memset(bin,0,len);
void static secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num_t *a) {
unsigned int size = (mpz_sizeinbase(a->bn,2)+7)/8;
assert(size <= rlen);
memset(r,0,rlen);
size_t count = 0;
mpz_export(bin + len - size, &count, 1, 1, 1, 0, bn);
mpz_export(r + rlen - size, &count, 1, 1, 1, 0, a->bn);
assert(count == 0 || size == count);
}
void Number::SetInt(int x) {
mpz_set_si(bn, x);
void static secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, unsigned int alen) {
mpz_import(r->bn, alen, 1, 1, 1, 0, a);
}
void Number::SetModInverse(const Number &x, const Number &m) {
mpz_invert(bn, x.bn, m.bn);
void static secp256k1_num_set_int(secp256k1_num_t *r, int a) {
mpz_set_si(r->bn, a);
}
void Number::SetModMul(const Number &a, const Number &b, const Number &m) {
mpz_mul(bn, a.bn, b.bn);
mpz_mod(bn, bn, m.bn);
void static secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *m) {
mpz_invert(r->bn, a->bn, m->bn);
}
void Number::SetAdd(const Number &a1, const Number &a2) {
mpz_add(bn, a1.bn, a2.bn);
void static secp256k1_num_mod_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, const secp256k1_num_t *m) {
mpz_mul(r->bn, a->bn, b->bn);
mpz_mod(r->bn, r->bn, m->bn);
}
void Number::SetSub(const Number &a1, const Number &a2) {
mpz_sub(bn, a1.bn, a2.bn);
int static secp256k1_num_cmp(const secp256k1_num_t *a, const secp256k1_num_t *b) {
return mpz_cmp(a->bn, b->bn);
}
void Number::SetMult(const Number &a1, const Number &a2) {
mpz_mul(bn, a1.bn, a2.bn);
void static secp256k1_num_add(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
mpz_add(r->bn, a->bn, b->bn);
}
void Number::SetDiv(const Number &a1, const Number &a2) {
mpz_tdiv_q(bn, a1.bn, a2.bn);
void static secp256k1_num_sub(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
mpz_sub(r->bn, a->bn, b->bn);
}
void Number::SetMod(const Number &a, const Number &m) {
mpz_mod(bn, a.bn, m.bn);
void static secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
mpz_mul(r->bn, a->bn, b->bn);
}
int Number::Compare(const Number &a) const {
return mpz_cmp(bn, a.bn);
void static secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
mpz_tdiv_q(r->bn, a->bn, b->bn);
}
int Number::GetBits() const {
return mpz_sizeinbase(bn,2);
void static secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
mpz_mod(r->bn, a->bn, b->bn);
}
int Number::ShiftLowBits(int bits) {
int ret = mpz_get_ui(bn) & ((1 << bits) - 1);
mpz_fdiv_q_2exp(bn, bn, bits);
return ret;
int static secp256k1_num_bits(const secp256k1_num_t *a) {
return mpz_sizeinbase(a->bn,2);
}
bool Number::IsZero() const {
return mpz_size(bn) == 0;
int static secp256k1_num_shift(secp256k1_num_t *r, int bits) {
int ret = mpz_get_ui(r->bn) & ((1 << bits) - 1);
mpz_fdiv_q_2exp(r->bn, r->bn, bits);
return ret;
}
bool Number::IsOdd() const {
return mpz_get_ui(bn) & 1;
int static secp256k1_num_is_zero(const secp256k1_num_t *a) {
return mpz_size(a->bn) == 0;
}
bool Number::IsNeg() const {
return mpz_sgn(bn) < 0;
int static secp256k1_num_is_odd(const secp256k1_num_t *a) {
return mpz_get_ui(a->bn) & 1;
}
void Number::Negate() {
mpz_neg(bn, bn);
int static secp256k1_num_is_neg(const secp256k1_num_t *a) {
return mpz_sgn(a->bn) < 0;
}
void Number::Shift1() {
mpz_fdiv_q_2exp(bn, bn, 1);
int static secp256k1_num_get_bit(const secp256k1_num_t *a, int pos) {
return mpz_tstbit(a->bn, pos);
}
void Number::Inc() {
mpz_add_ui(bn, bn, 1);
void static secp256k1_num_inc(secp256k1_num_t *r) {
mpz_add_ui(r->bn, r->bn, 1);
}
void Number::SetHex(const std::string &str) {
mpz_set_str(bn, str.c_str(), 16);
void static secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen) {
char *str = (char*)malloc(alen+1);
memcpy(str, a, alen);
str[alen] = 0;
mpz_set_str(r->bn, str, 16);
free(str);
}
void Number::SetPseudoRand(const Number &max) {
number_state.gen(bn, max.bn);
void static secp256k1_num_get_hex(char *r, int *rlen, const secp256k1_num_t *a) {
int len = mpz_sizeinbase(a->bn, 16) + 2;
if (*rlen < len) {
*rlen = len;
return;
}
mpz_get_str(r, 16, a->bn);
*rlen = len;
}
void Number::SplitInto(int bits, Number &low, Number &high) const {
void static secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const secp256k1_num_t *a, int bits) {
mpz_t tmp;
mpz_init_set_ui(tmp,1);
mpz_mul_2exp(tmp,tmp,bits);
mpz_mul_2exp(tmp, tmp, bits);
mpz_sub_ui(tmp,tmp,1);
mpz_and(low.bn, bn, tmp);
mpz_and(rl->bn, a->bn, tmp);
mpz_clear(tmp);
mpz_fdiv_q_2exp(high.bn, bn, bits);
mpz_fdiv_q_2exp(rh->bn, a->bn, bits);
}
std::string Number::ToString() const {
char *str = (char*)malloc(mpz_sizeinbase(bn,16) + 2);
mpz_get_str(str, 16, bn);
std::string ret(str);
free(str);
return ret;
void static secp256k1_num_negate(secp256k1_num_t *r) {
mpz_neg(r->bn, r->bn);
}
void static secp256k1_num_set_rand(secp256k1_num_t *r, const secp256k1_num_t *a) {
mpz_urandomm(r->bn, secp256k1_num_state.rng, a->bn);
}

44
num_gmp.h
Unescape View File

@ -1,48 +1,10 @@ @@ -1,48 +1,10 @@
#ifndef _SECP256K1_NUM_GMP_
#define _SECP256K1_NUM_GMP_
#include <string>
#include <gmp.h>
namespace secp256k1 {
class Number {
private:
mutable mpz_t bn;
Number(const Number &x);
public:
Number();
~Number();
Number(const unsigned char *bin, int len);
Number &operator=(const Number &x);
void SetNumber(const Number &x);
void SetBytes(const unsigned char *bin, unsigned int len);
void GetBytes(unsigned char *bin, unsigned int len);
void SetInt(int x);
void SetModInverse(const Number &x, const Number &m);
void SetModMul(const Number &a, const Number &b, const Number &m);
void SetAdd(const Number &a1, const Number &a2);
void SetSub(const Number &a1, const Number &a2);
void SetMult(const Number &a1, const Number &a2);
void SetDiv(const Number &a1, const Number &a2);
void SetMod(const Number &a, const Number &m);
int Compare(const Number &a) const;
int GetBits() const;
int ShiftLowBits(int bits);
bool IsZero() const;
bool IsOdd() const;
bool IsNeg() const;
bool CheckBit(int pos) const;
void Negate();
void Shift1();
void Inc();
void SetHex(const std::string &str);
void SetPseudoRand(const Number &max);
void SplitInto(int bits, Number &low, Number &high) const;
std::string ToString() const;
};
}
typedef struct {
mpz_t bn;
} secp256k1_num_t;
#endif

209
num_openssl.cpp
Unescape View File

@ -1,183 +1,146 @@ @@ -1,183 +1,146 @@
#include <assert.h>
#include <string>
#include <string.h>
#include <stdlib.h>
#include <openssl/bn.h>
#include <openssl/crypto.h>
#include "num_openssl.h"
#include "num.h"
namespace secp256k1 {
class Context {
private:
BN_CTX *ctx;
operator BN_CTX*() {
return ctx;
}
friend class Number;
public:
Context() {
ctx = BN_CTX_new();
}
~Context() {
BN_CTX_free(ctx);
}
};
Number::operator const BIGNUM*() const {
return &b;
}
Number::operator BIGNUM*() {
return &b;
void static secp256k1_num_start() {
}
Number::Number() {
BN_init(*this);
void static secp256k1_num_init(secp256k1_num_t *r) {
BN_init(&r->bn);
}
Number::~Number() {
BN_free(*this);
void static secp256k1_num_free(secp256k1_num_t *r) {
BN_free(&r->bn);
}
Number::Number(const unsigned char *bin, int len) {
BN_init(*this);
SetBytes(bin,len);
void static secp256k1_num_copy(secp256k1_num_t *r, const secp256k1_num_t *a) {
BN_copy(&r->bn, &a->bn);
}
void Number::SetNumber(const Number &x) {
BN_copy(*this, x);
void static secp256k1_num_get_bin(unsigned char *r, unsigned int rlen, const secp256k1_num_t *a) {
unsigned int size = BN_num_bytes(&a->bn);
assert(size <= rlen);
memset(r,0,rlen);
BN_bn2bin(&a->bn, r + rlen - size);
}
Number::Number(const Number &x) {
BN_init(*this);
BN_copy(*this, x);
void static secp256k1_num_set_bin(secp256k1_num_t *r, const unsigned char *a, unsigned int alen) {
BN_bin2bn(a, alen, &r->bn);
}
Number &Number::operator=(const Number &x) {
BN_copy(*this, x);
return *this;
void static secp256k1_num_set_int(secp256k1_num_t *r, int a) {
BN_set_word(&r->bn, a < 0 ? -a : a);
BN_set_negative(&r->bn, a < 0);
}
void Number::SetBytes(const unsigned char *bin, int len) {
BN_bin2bn(bin, len, *this);
void static secp256k1_num_mod_inverse(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *m) {
BN_CTX *ctx = BN_CTX_new();
BN_mod_inverse(&r->bn, &a->bn, &m->bn, ctx);
BN_CTX_free(ctx);
}
void Number::GetBytes(unsigned char *bin, int len) {
int size = BN_num_bytes(*this);
assert(size <= len);
memset(bin,0,len);
BN_bn2bin(*this, bin + len - size);
}
void Number::SetInt(int x) {
if (x >= 0) {
BN_set_word(*this, x);
} else {
BN_set_word(*this, -x);
BN_set_negative(*this, 1);
}
void static secp256k1_num_mod_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b, const secp256k1_num_t *m) {
BN_CTX *ctx = BN_CTX_new();
BN_mod_mul(&r->bn, &a->bn, &b->bn, &m->bn, ctx);
BN_CTX_free(ctx);
}
void Number::SetModInverse(const Number &x, const Number &m) {
Context ctx;
BN_mod_inverse(*this, x, m, ctx);
int static secp256k1_num_cmp(const secp256k1_num_t *a, const secp256k1_num_t *b) {
return BN_cmp(&a->bn, &b->bn);
}
void Number::SetModMul(const Number &a, const Number &b, const Number &m) {
Context ctx;
BN_mod_mul(*this, a, b, m, ctx);
void static secp256k1_num_add(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
BN_add(&r->bn, &a->bn, &b->bn);
}
void Number::SetAdd(const Number &a1, const Number &a2) {
BN_add(*this, a1, a2);
void static secp256k1_num_sub(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
BN_sub(&r->bn, &a->bn, &b->bn);
}
void Number::SetSub(const Number &a1, const Number &a2) {
BN_sub(*this, a1, a2);
void static secp256k1_num_mul(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
BN_CTX *ctx = BN_CTX_new();
BN_mul(&r->bn, &a->bn, &b->bn, ctx);
BN_CTX_free(ctx);
}
void Number::SetMult(const Number &a1, const Number &a2) {
Context ctx;
BN_mul(*this, a1, a2, ctx);
void static secp256k1_num_div(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
BN_CTX *ctx = BN_CTX_new();
BN_div(&r->bn, NULL, &a->bn, &b->bn, ctx);
BN_CTX_free(ctx);
}
void Number::SetDiv(const Number &a1, const Number &a2) {
Context ctx;
BN_div(*this, NULL, a1, a2, ctx);
void static secp256k1_num_mod(secp256k1_num_t *r, const secp256k1_num_t *a, const secp256k1_num_t *b) {
BN_CTX *ctx = BN_CTX_new();
BN_nnmod(&r->bn, &a->bn, &b->bn, ctx);
BN_CTX_free(ctx);
}
void Number::SetMod(const Number &a, const Number &m) {
Context ctx;
BN_nnmod(*this, a, m, ctx);
int static secp256k1_num_bits(const secp256k1_num_t *a) {
return BN_num_bits(&a->bn);
}
int Number::Compare(const Number &a) const {
return BN_cmp(*this, a);
}
int Number::GetBits() const {
return BN_num_bits(*this);
}
int Number::ShiftLowBits(int bits) {
BIGNUM *bn = *this;
int ret = BN_is_zero(bn) ? 0 : bn->d[0] & ((1 << bits) - 1);
BN_rshift(*this, *this, bits);
int static secp256k1_num_shift(secp256k1_num_t *r, int bits) {
int ret = BN_is_zero(&r->bn) ? 0 : r->bn.d[0] & ((1 << bits) - 1);
BN_rshift(&r->bn, &r->bn, bits);
return ret;
}
bool Number::IsZero() const {
return BN_is_zero((const BIGNUM*)*this);
}
bool Number::IsOdd() const {
return BN_is_odd((const BIGNUM*)*this);
int static secp256k1_num_is_zero(const secp256k1_num_t *a) {
return BN_is_zero(&a->bn);
}
bool Number::CheckBit(int pos) const {
return BN_is_bit_set((const BIGNUM*)*this, pos);
int static secp256k1_num_is_odd(const secp256k1_num_t *a) {
return BN_is_odd(&a->bn);
}
bool Number::IsNeg() const {
return BN_is_negative((const BIGNUM*)*this);
int static secp256k1_num_is_neg(const secp256k1_num_t *a) {
return BN_is_negative(&a->bn);
}
void Number::Negate() {
BN_set_negative(*this, !IsNeg());
int static secp256k1_num_get_bit(const secp256k1_num_t *a, int pos) {
return BN_is_bit_set(&a->bn, pos);
}
void Number::Shift1() {
BN_rshift1(*this,*this);
void static secp256k1_num_inc(secp256k1_num_t *r) {
BN_add_word(&r->bn, 1);
}
void Number::Inc() {
BN_add_word(*this,1);
void static secp256k1_num_set_hex(secp256k1_num_t *r, const char *a, int alen) {
char *str = (char*)malloc(alen+1);
memcpy(str, a, alen);
str[alen] = 0;
BIGNUM *pbn = &r->bn;
BN_hex2bn(&pbn, str);
free(str);
}
void Number::SetHex(const std::string &str) {
BIGNUM *bn = *this;
BN_hex2bn(&bn, str.c_str());
}
void Number::SetPseudoRand(const Number &max) {
BN_pseudo_rand_range(*this, max);
void static secp256k1_num_get_hex(char *r, int *rlen, const secp256k1_num_t *a) {
char *str = BN_bn2hex(&a->bn);
int len = strlen(str) + 1;
if (len > *rlen) {
*rlen = strlen(str);
OPENSSL_free(str);
return;
}
memcpy(r, str, len);
OPENSSL_free(str);
*rlen = len;
}
void Number::SplitInto(int bits, Number &low, Number &high) const {
BN_copy(low, *this);
BN_mask_bits(low, bits);
BN_rshift(high, *this, bits);
void static secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const secp256k1_num_t *a, int bits) {
BN_copy(&rl->bn, &a->bn);
BN_rshift(&rh->bn, &a->bn, bits);
BN_mask_bits(&rl->bn, bits);
}
std::string Number::ToString() const {
char *str = BN_bn2hex(*this);
std::string ret(str);
OPENSSL_free(str);
return ret;
void static secp256k1_num_negate(secp256k1_num_t *r) {
BN_set_negative(&r->bn, !BN_is_negative(&r->bn));
}
void static secp256k1_num_set_rand(secp256k1_num_t *r, const secp256k1_num_t *a) {
BN_pseudo_rand_range(&r->bn, &a->bn);
}

46
num_openssl.h
Unescape View File

@ -1,50 +1,10 @@ @@ -1,50 +1,10 @@
#ifndef _SECP256K1_NUM_OPENSSL_
#define _SECP256K1_NUM_OPENSSL_
#include <string>
#include <openssl/bn.h>
namespace secp256k1 {
class Number {
private:
BIGNUM b;
Number(const Number &x);
operator const BIGNUM*() const;
operator BIGNUM*();
public:
Number();
~Number();
Number(const unsigned char *bin, int len);
void SetNumber(const Number &x);
Number &operator=(const Number &x);
void SetBytes(const unsigned char *bin, int len);
void GetBytes(unsigned char *bin, int len);
void SetInt(int x);
void SetModInverse(const Number &x, const Number &m);
void SetModMul(const Number &a, const Number &b, const Number &m);
void SetAdd(const Number &a1, const Number &a2);
void SetSub(const Number &a1, const Number &a2);
void SetMult(const Number &a1, const Number &a2);
void SetDiv(const Number &a1, const Number &a2);
void SetMod(const Number &a, const Number &m);
int Compare(const Number &a) const;
int GetBits() const;
int ShiftLowBits(int bits);
bool IsZero() const;
bool IsOdd() const;
bool IsNeg() const;
bool CheckBit(int pos) const;
void Negate();
void Shift1();
void Inc();
void SetHex(const std::string &str);
void SetPseudoRand(const Number &max);
void SplitInto(int bits, Number &low, Number &high) const;
std::string ToString() const;
};
}
typedef struct {
BIGNUM bn;
} secp256k1_num_t;
#endif

29
secp256k1.cpp
Unescape View File

@ -7,23 +7,32 @@ @@ -7,23 +7,32 @@
namespace secp256k1 {
int VerifyECDSA(const unsigned char *msg, int msglen, const unsigned char *sig, int siglen, const unsigned char *pubkey, int pubkeylen) {
Number m;
int ret = -3;
secp256k1_num_t m;
secp256k1_num_init(&m);
Signature s;
GroupElemJac q;
m.SetBytes(msg, msglen);
if (!ParsePubKey(q, pubkey, pubkeylen))
return -1;
secp256k1_num_set_bin(&m, msg, msglen);
if (!ParsePubKey(q, pubkey, pubkeylen)) {
ret = -1;
goto end;
}
if (!s.Parse(sig, siglen)) {
fprintf(stderr, "Can't parse signature: ");
for (int i=0; i<siglen; i++) fprintf(stderr,"%02x", sig[i]);
fprintf(stderr, "\n");
return -2;
ret = -2;
goto end;
}
if (!s.Verify(q, m)) {
ret = 0;
goto end;
}
// fprintf(stderr, "Verifying ECDSA: msg=%s pubkey=%s sig=%s\n", m.ToString().c_str(), q.ToString().c_str(), s.ToString().c_str());
if (!s.Verify(q, m))
return 0;
return 1;
ret = 1;
end:
secp256k1_num_free(&m);
return ret;
}
}
}

119
tests.cpp
Unescape View File

@ -6,6 +6,9 @@ @@ -6,6 +6,9 @@
#include "ecmult.cpp"
#include "ecdsa.cpp"
// #define COUNT 2
#define COUNT 100
using namespace secp256k1;
void test_run_ecmult_chain() {
@ -14,36 +17,56 @@ void test_run_ecmult_chain() { @@ -14,36 +17,56 @@ void test_run_ecmult_chain() {
FieldElem ay; ay.SetHex("a357ae915c4a65281309edf20504740f0eb3343990216b4f81063cb65f2f7e0f");
GroupElemJac a(ax,ay);
// two random initial factors xn and gn
Number xn; xn.SetHex("84cc5452f7fde1edb4d38a8ce9b1b84ccef31f146e569be9705d357a42985407");
Number gn; gn.SetHex("a1e58d22553dcd42b23980625d4c57a96e9323d42b3152e5ca2c3990edc7c9de");
secp256k1_num_t xn;
secp256k1_num_init(&xn);
secp256k1_num_set_hex(&xn, "84cc5452f7fde1edb4d38a8ce9b1b84ccef31f146e569be9705d357a42985407", 64);
secp256k1_num_t gn;
secp256k1_num_init(&gn);
secp256k1_num_set_hex(&gn, "a1e58d22553dcd42b23980625d4c57a96e9323d42b3152e5ca2c3990edc7c9de", 64);
// two small multipliers to be applied to xn and gn in every iteration:
Number xf; xf.SetHex("1337");
Number gf; gf.SetHex("7113");
secp256k1_num_t xf;
secp256k1_num_init(&xf);
secp256k1_num_set_hex(&xf, "1337", 4);
secp256k1_num_t gf;
secp256k1_num_init(&gf);
secp256k1_num_set_hex(&gf, "7113", 4);
// accumulators with the resulting coefficients to A and G
Number ae; ae.SetHex("01");
Number ge; ge.SetHex("00");
secp256k1_num_t ae;
secp256k1_num_init(&ae);
secp256k1_num_set_int(&ae, 1);
secp256k1_num_t ge;
secp256k1_num_init(&ge);
secp256k1_num_set_int(&ge, 0);
// the point being computed
GroupElemJac x = a;
const Number &order = GetGroupConst().order;
for (int i=0; i<20000; i++) {
const secp256k1_num_t &order = GetGroupConst().order;
for (int i=0; i<200*COUNT; i++) {
// in each iteration, compute X = xn*X + gn*G;
ECMult(x, x, xn, gn);
// also compute ae and ge: the actual accumulated factors for A and G
// if X was (ae*A+ge*G), xn*X + gn*G results in (xn*ae*A + (xn*ge+gn)*G)
ae.SetModMul(ae, xn, order);
ge.SetModMul(ge, xn, order);
ge.SetAdd(ge, gn);
ge.SetMod(ge, order);
secp256k1_num_mod_mul(&ae, &ae, &xn, &order);
secp256k1_num_mod_mul(&ge, &ge, &xn, &order);
secp256k1_num_add(&ge, &ge, &gn);
secp256k1_num_mod(&ge, &ge, &order);
// modify xn and gn
xn.SetModMul(xn, xf, order);
gn.SetModMul(gn, gf, order);
secp256k1_num_mod_mul(&xn, &xn, &xf, &order);
secp256k1_num_mod_mul(&gn, &gn, &gf, &order);
}
std::string res = x.ToString();