diff options
| author | Pieter Wuille <pieter.wuille@gmail.com> | 2015-04-22 14:03:10 -0700 |
|---|---|---|
| committer | Pieter Wuille <pieter.wuille@gmail.com> | 2015-04-22 14:03:10 -0700 |
| commit | a591d98c322093040d59e152591f0978962f9da7 (patch) | |
| tree | c5e77a24367eba13e9c43dc51dcf970e57d01c5f /src/ecmult_gen.h | |
| parent | 9d09322b41776a0d6ecde182f731eff77d0f052b (diff) | |
Squashed 'src/secp256k1/' changes from 1897b8e..22f60a6
22f60a6 Merge pull request #245
61c1b1e Merge pull request #190
d227579 Add scalar blinding and a secp256k1_context_randomize() call.
c146b4a Add bench_internal to gitignore.
9c4fb23 Add a secp256k1_fe_cmov unit test.
426fa52 Merge pull request #243
d505a89 Merge pull request #244
2d2707a travis: test i686 builds with gmp
cf7f702 travis: update to new build infrastructure
bb0ea50 Replace set/add with cmov in secp256k1_gej_add_ge.
f3d3519 Merge pull request #241
5c2a4fa Fix memory leak in context unit test
14aacdc Merge pull request #239
93226a5 secp256k1.c: Add missing DEBUG_CHECKs for sufficiently capable contexts
6099220 Merge pull request #237
6066bb6 Fix typo: avg -> max
9688030 Merge pull request #236
d899b5b Expose ability to deep-copy a context
3608c7f Merge pull request #208
a9b6595 [API BREAK] Introduce explicit contexts
a0d3b89 Merge pull request #233
9e8d89b Merge pull request #234
65e70e7 Merge pull request #235
5098f62 Improve documentation formatting consistency
4450e24 Add a comment about the avoidance of secret data in array indexes.
6534ee1 initialize variable
d5b53aa Merge pull request #232
c01df1a Avoid some implicit type conversions to make C++ compilers happy.
bfe96ba Merge pull request #231
33270bf Add a couple comments pointing to particular sections of RFC6979.
41603aa Merge pull request #230
2632019 Brace all the if/for/while.
git-subtree-dir: src/secp256k1
git-subtree-split: 22f60a62801a8a49ecd049e7a563f69a41affd8d
Diffstat (limited to 'src/ecmult_gen.h')
| -rw-r--r-- | src/ecmult_gen.h | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/src/ecmult_gen.h b/src/ecmult_gen.h index 42f822f9ce..3745633c47 100644 --- a/src/ecmult_gen.h +++ b/src/ecmult_gen.h @@ -10,10 +10,34 @@ #include "scalar.h" #include "group.h" -static void secp256k1_ecmult_gen_start(void); -static void secp256k1_ecmult_gen_stop(void); +typedef struct { + /* For accelerating the computation of a*G: + * To harden against timing attacks, use the following mechanism: + * * Break up the multiplicand into groups of 4 bits, called n_0, n_1, n_2, ..., n_63. + * * Compute sum(n_i * 16^i * G + U_i, i=0..63), where: + * * U_i = U * 2^i (for i=0..62) + * * U_i = U * (1-2^63) (for i=63) + * where U is a point with no known corresponding scalar. Note that sum(U_i, i=0..63) = 0. + * For each i, and each of the 16 possible values of n_i, (n_i * 16^i * G + U_i) is + * precomputed (call it prec(i, n_i)). The formula now becomes sum(prec(i, n_i), i=0..63). + * None of the resulting prec group elements have a known scalar, and neither do any of + * the intermediate sums while computing a*G. + */ + secp256k1_ge_storage_t (*prec)[64][16]; /* prec[j][i] = 16^j * i * G + U_i */ + secp256k1_scalar_t blind; + secp256k1_gej_t initial; +} secp256k1_ecmult_gen_context_t; + +static void secp256k1_ecmult_gen_context_init(secp256k1_ecmult_gen_context_t* ctx); +static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context_t* ctx); +static void secp256k1_ecmult_gen_context_clone(secp256k1_ecmult_gen_context_t *dst, + const secp256k1_ecmult_gen_context_t* src); +static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context_t* ctx); +static int secp256k1_ecmult_gen_context_is_built(const secp256k1_ecmult_gen_context_t* ctx); /** Multiply with the generator: R = a*G */ -static void secp256k1_ecmult_gen(secp256k1_gej_t *r, const secp256k1_scalar_t *a); +static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context_t* ctx, secp256k1_gej_t *r, const secp256k1_scalar_t *a); + +static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context_t *ctx, const unsigned char *seed32); #endif |