7 #ifndef SECP256K1_FIELD_IMPL_H 8 #define SECP256K1_FIELD_IMPL_H 10 #if defined HAVE_CONFIG_H 16 #if defined(USE_FIELD_10X26) 18 #elif defined(USE_FIELD_5X52) 21 #error "Please select field implementation" 26 secp256k1_fe_negate(&na, a, 1);
27 secp256k1_fe_add(&na, b);
28 return secp256k1_fe_normalizes_to_zero(&na);
33 secp256k1_fe_negate(&na, a, 1);
34 secp256k1_fe_add(&na, b);
35 return secp256k1_fe_normalizes_to_zero_var(&na);
48 secp256k1_fe x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1;
56 secp256k1_fe_sqr(&x2, a);
57 secp256k1_fe_mul(&x2, &x2, a);
59 secp256k1_fe_sqr(&x3, &x2);
60 secp256k1_fe_mul(&x3, &x3, a);
64 secp256k1_fe_sqr(&x6, &x6);
66 secp256k1_fe_mul(&x6, &x6, &x3);
70 secp256k1_fe_sqr(&x9, &x9);
72 secp256k1_fe_mul(&x9, &x9, &x3);
76 secp256k1_fe_sqr(&x11, &x11);
78 secp256k1_fe_mul(&x11, &x11, &x2);
81 for (j=0; j<11; j++) {
82 secp256k1_fe_sqr(&x22, &x22);
84 secp256k1_fe_mul(&x22, &x22, &x11);
87 for (j=0; j<22; j++) {
88 secp256k1_fe_sqr(&x44, &x44);
90 secp256k1_fe_mul(&x44, &x44, &x22);
93 for (j=0; j<44; j++) {
94 secp256k1_fe_sqr(&x88, &x88);
96 secp256k1_fe_mul(&x88, &x88, &x44);
99 for (j=0; j<88; j++) {
100 secp256k1_fe_sqr(&x176, &x176);
102 secp256k1_fe_mul(&x176, &x176, &x88);
105 for (j=0; j<44; j++) {
106 secp256k1_fe_sqr(&x220, &x220);
108 secp256k1_fe_mul(&x220, &x220, &x44);
111 for (j=0; j<3; j++) {
112 secp256k1_fe_sqr(&x223, &x223);
114 secp256k1_fe_mul(&x223, &x223, &x3);
119 for (j=0; j<23; j++) {
120 secp256k1_fe_sqr(&t1, &t1);
122 secp256k1_fe_mul(&t1, &t1, &x22);
123 for (j=0; j<6; j++) {
124 secp256k1_fe_sqr(&t1, &t1);
126 secp256k1_fe_mul(&t1, &t1, &x2);
127 secp256k1_fe_sqr(&t1, &t1);
128 secp256k1_fe_sqr(r, &t1);
132 secp256k1_fe_sqr(&t1, r);
133 return secp256k1_fe_equal(&t1, a);
137 secp256k1_fe x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1;
145 secp256k1_fe_sqr(&x2, a);
146 secp256k1_fe_mul(&x2, &x2, a);
148 secp256k1_fe_sqr(&x3, &x2);
149 secp256k1_fe_mul(&x3, &x3, a);
152 for (j=0; j<3; j++) {
153 secp256k1_fe_sqr(&x6, &x6);
155 secp256k1_fe_mul(&x6, &x6, &x3);
158 for (j=0; j<3; j++) {
159 secp256k1_fe_sqr(&x9, &x9);
161 secp256k1_fe_mul(&x9, &x9, &x3);
164 for (j=0; j<2; j++) {
165 secp256k1_fe_sqr(&x11, &x11);
167 secp256k1_fe_mul(&x11, &x11, &x2);
170 for (j=0; j<11; j++) {
171 secp256k1_fe_sqr(&x22, &x22);
173 secp256k1_fe_mul(&x22, &x22, &x11);
176 for (j=0; j<22; j++) {
177 secp256k1_fe_sqr(&x44, &x44);
179 secp256k1_fe_mul(&x44, &x44, &x22);
182 for (j=0; j<44; j++) {
183 secp256k1_fe_sqr(&x88, &x88);
185 secp256k1_fe_mul(&x88, &x88, &x44);
188 for (j=0; j<88; j++) {
189 secp256k1_fe_sqr(&x176, &x176);
191 secp256k1_fe_mul(&x176, &x176, &x88);
194 for (j=0; j<44; j++) {
195 secp256k1_fe_sqr(&x220, &x220);
197 secp256k1_fe_mul(&x220, &x220, &x44);
200 for (j=0; j<3; j++) {
201 secp256k1_fe_sqr(&x223, &x223);
203 secp256k1_fe_mul(&x223, &x223, &x3);
208 for (j=0; j<23; j++) {
209 secp256k1_fe_sqr(&t1, &t1);
211 secp256k1_fe_mul(&t1, &t1, &x22);
212 for (j=0; j<5; j++) {
213 secp256k1_fe_sqr(&t1, &t1);
215 secp256k1_fe_mul(&t1, &t1, a);
216 for (j=0; j<3; j++) {
217 secp256k1_fe_sqr(&t1, &t1);
219 secp256k1_fe_mul(&t1, &t1, &x2);
220 for (j=0; j<2; j++) {
221 secp256k1_fe_sqr(&t1, &t1);
223 secp256k1_fe_mul(r, a, &t1);
227 #if defined(USE_FIELD_INV_BUILTIN) 228 secp256k1_fe_inv(r, a);
229 #elif defined(USE_FIELD_INV_NUM) 232 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
233 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, 0xFFFFFC2EUL
236 static const unsigned char prime[32] = {
237 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
238 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
239 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
240 0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F
245 secp256k1_fe_normalize_var(&c);
246 secp256k1_fe_get_b32(b, &c);
247 secp256k1_num_set_bin(&n, b, 32);
248 secp256k1_num_set_bin(&m, prime, 32);
249 secp256k1_num_mod_inverse(&n, &n, &m);
250 secp256k1_num_get_bin(b, 32, &n);
251 res = secp256k1_fe_set_b32(r, b);
255 secp256k1_fe_mul(&c, &c, r);
256 secp256k1_fe_add(&c, &negone);
257 CHECK(secp256k1_fe_normalizes_to_zero_var(&c));
259 #error "Please select field inverse implementation" 276 secp256k1_fe_mul(&r[i], &r[i - 1], &a[i]);
279 secp256k1_fe_inv_var(&u, &r[--i]);
283 secp256k1_fe_mul(&r[j], &r[i], &u);
284 secp256k1_fe_mul(&u, &u, &a[j]);
290 static int secp256k1_fe_is_quad_var(
const secp256k1_fe *a) {
296 static const unsigned char prime[32] = {
297 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
298 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
299 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
300 0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F
304 secp256k1_fe_normalize_var(&c);
305 secp256k1_fe_get_b32(b, &c);
306 secp256k1_num_set_bin(&n, b, 32);
307 secp256k1_num_set_bin(&m, prime, 32);
308 return secp256k1_num_jacobi(&n, &m) >= 0;
311 return secp256k1_fe_sqrt(&r, a);
#define VERIFY_CHECK(cond)
#define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0)