github.com/piotrnar/gocoin@v0.0.0-20240512203912-faa0448c5e96/lib/secp256k1/xyz.go (about) 1 package secp256k1 2 3 import ( 4 "fmt" 5 // "encoding/hex" 6 ) 7 8 9 type XYZ struct { 10 X, Y, Z Field 11 Infinity bool 12 } 13 14 func (gej XYZ) Print(lab string) { 15 if gej.Infinity { 16 fmt.Println(lab + " - INFINITY") 17 return 18 } 19 fmt.Println(lab + ".X", gej.X.String()) 20 fmt.Println(lab + ".Y", gej.Y.String()) 21 fmt.Println(lab + ".Z", gej.Z.String()) 22 } 23 24 25 func (r *XYZ) SetXY(a *XY) { 26 r.Infinity = a.Infinity 27 r.X = a.X 28 r.Y = a.Y 29 r.Z.SetInt(1) 30 } 31 32 func (r *XYZ) IsInfinity() bool { 33 return r.Infinity 34 } 35 36 func (a *XYZ) IsValid() bool { 37 if a.Infinity { 38 return false 39 } 40 var y2, x3, z2, z6 Field 41 a.Y.Sqr(&y2) 42 a.X.Sqr(&x3); x3.Mul(&x3, &a.X) 43 a.Z.Sqr(&z2) 44 z2.Sqr(&z6); z6.Mul(&z6, &z2) 45 z6.MulInt(7) 46 x3.SetAdd(&z6) 47 y2.Normalize() 48 x3.Normalize() 49 return y2.Equals(&x3) 50 } 51 52 func (a *XYZ) get_x(r *Field) { 53 var zi2 Field 54 a.Z.InvVar(&zi2) 55 zi2.Sqr(&zi2) 56 a.X.Mul(r, &zi2) 57 } 58 59 func (a *XYZ) Normalize() { 60 a.X.Normalize() 61 a.Y.Normalize() 62 a.Z.Normalize() 63 } 64 65 func (a *XYZ) Equals(b *XYZ) bool { 66 if a.Infinity != b.Infinity { 67 return false 68 } 69 // TODO: is the normalize really needed here? 70 a.Normalize() 71 b.Normalize() 72 return a.X.Equals(&b.X) && a.Y.Equals(&b.Y) && a.Z.Equals(&b.Z) 73 } 74 75 76 func (a *XYZ) precomp(w int) (pre []XYZ) { 77 var d XYZ 78 pre = make([]XYZ, (1 << (uint(w)-2))) 79 pre[0] = *a; 80 pre[0].Double(&d) 81 for i:=1 ; i<len(pre); i++ { 82 d.Add(&pre[i], &pre[i-1]) 83 } 84 return 85 } 86 87 88 func ecmult_wnaf(wnaf []int, a *Number, w uint) (ret int) { 89 var zeroes uint 90 var X Number 91 X.Set(&a.Int) 92 93 for X.Sign()!=0 { 94 for X.Bit(0)==0 { 95 zeroes++ 96 X.rsh(1) 97 } 98 word := X.rsh_x(w) 99 for zeroes > 0 { 100 wnaf[ret] = 0 101 ret++ 102 zeroes-- 103 } 104 if (word & (1 << (w-1))) != 0 { 105 X.inc() 106 wnaf[ret] = (word - (1 << w)) 107 } else { 108 wnaf[ret] = word 109 } 110 zeroes = w-1 111 ret++ 112 } 113 return 114 } 115 116 // r = na*a + ng*G 117 func (a *XYZ) ECmult(r *XYZ, na, ng *Number) { 118 var na_1, na_lam, ng_1, ng_128 Number 119 120 // split na into na_1 and na_lam (where na = na_1 + na_lam*lambda, and na_1 and na_lam are ~128 bit) 121 na.split_exp(&na_1, &na_lam) 122 123 // split ng into ng_1 and ng_128 (where gn = gn_1 + gn_128*2^128, and gn_1 and gn_128 are ~128 bit) 124 ng.split(&ng_1, &ng_128, 128) 125 126 // build wnaf representation for na_1, na_lam, ng_1, ng_128 127 var wnaf_na_1, wnaf_na_lam, wnaf_ng_1, wnaf_ng_128 [129]int 128 bits_na_1 := ecmult_wnaf(wnaf_na_1[:], &na_1, WINDOW_A) 129 bits_na_lam := ecmult_wnaf(wnaf_na_lam[:], &na_lam, WINDOW_A) 130 bits_ng_1 := ecmult_wnaf(wnaf_ng_1[:], &ng_1, WINDOW_G) 131 bits_ng_128 := ecmult_wnaf(wnaf_ng_128[:], &ng_128, WINDOW_G) 132 133 // calculate a_lam = a*lambda 134 var a_lam XYZ 135 a.mul_lambda(&a_lam) 136 137 // calculate odd multiples of a and a_lam 138 pre_a_1 := a.precomp(WINDOW_A) 139 pre_a_lam := a_lam.precomp(WINDOW_A) 140 141 bits := bits_na_1 142 if bits_na_lam > bits { 143 bits = bits_na_lam 144 } 145 if bits_ng_1 > bits { 146 bits = bits_ng_1 147 } 148 if bits_ng_128 > bits { 149 bits = bits_ng_128 150 } 151 152 r.Infinity = true 153 154 var tmpj XYZ 155 var tmpa XY 156 var n int 157 158 for i:=bits-1; i>=0; i-- { 159 r.Double(r) 160 161 if i < bits_na_1 { 162 n = wnaf_na_1[i] 163 if n > 0 { 164 r.Add(r, &pre_a_1[((n)-1)/2]) 165 } else if n != 0 { 166 pre_a_1[(-(n)-1)/2].Neg(&tmpj) 167 r.Add(r, &tmpj) 168 } 169 } 170 171 if i < bits_na_lam { 172 n = wnaf_na_lam[i] 173 if n > 0 { 174 r.Add(r, &pre_a_lam[((n)-1)/2]) 175 } else if n != 0 { 176 pre_a_lam[(-(n)-1)/2].Neg(&tmpj) 177 r.Add(r, &tmpj) 178 } 179 } 180 181 if i < bits_ng_1 { 182 n = wnaf_ng_1[i] 183 if n > 0 { 184 r.AddXY(r, &pre_g[((n)-1)/2]) 185 } else if n != 0 { 186 pre_g[(-(n)-1)/2].Neg(&tmpa) 187 r.AddXY(r, &tmpa) 188 } 189 } 190 191 if i < bits_ng_128 { 192 n = wnaf_ng_128[i] 193 if n > 0 { 194 r.AddXY(r, &pre_g_128[((n)-1)/2]) 195 } else if n != 0 { 196 pre_g_128[(-(n)-1)/2].Neg(&tmpa) 197 r.AddXY(r, &tmpa) 198 } 199 } 200 } 201 } 202 203 204 func (a *XYZ) Neg(r *XYZ) { 205 r.Infinity = a.Infinity 206 r.X = a.X 207 r.Y = a.Y 208 r.Z = a.Z 209 r.Y.Normalize() 210 r.Y.Negate(&r.Y, 1) 211 } 212 213 func (a *XYZ) mul_lambda(r *XYZ) { 214 *r = *a 215 r.X.Mul(&r.X, &TheCurve.beta) 216 } 217 218 219 func (a *XYZ) Double(r *XYZ) { 220 var t1, t2, t3, t4, t5 Field 221 222 t5 = a.Y 223 t5.Normalize() 224 if (a.Infinity || t5.IsZero()) { 225 r.Infinity = true 226 return 227 } 228 229 t5.Mul(&r.Z, &a.Z) 230 r.Z.MulInt(2) 231 a.X.Sqr(&t1) 232 t1.MulInt(3) 233 t1.Sqr(&t2) 234 t5.Sqr(&t3) 235 t3.MulInt(2) 236 t3.Sqr(&t4) 237 t4.MulInt(2) 238 a.X.Mul(&t3, &t3) 239 r.X = t3 240 r.X.MulInt(4) 241 r.X.Negate(&r.X, 4) 242 r.X.SetAdd(&t2) 243 t2.Negate(&t2, 1) 244 t3.MulInt(6) 245 t3.SetAdd(&t2) 246 t1.Mul(&r.Y, &t3) 247 t4.Negate(&t2, 2) 248 r.Y.SetAdd(&t2) 249 r.Infinity = false 250 } 251 252 253 func (a *XYZ) AddXY(r *XYZ, b *XY) { 254 if a.Infinity { 255 r.Infinity = b.Infinity 256 r.X = b.X 257 r.Y = b.Y 258 r.Z.SetInt(1) 259 return 260 } 261 if b.Infinity { 262 *r = *a 263 return 264 } 265 r.Infinity = false 266 var z12, u1, u2, s1, s2 Field 267 a.Z.Sqr(&z12) 268 u1 = a.X 269 u1.Normalize() 270 b.X.Mul(&u2, &z12) 271 s1 = a.Y 272 s1.Normalize() 273 b.Y.Mul(&s2, &z12) 274 s2.Mul(&s2, &a.Z) 275 u1.Normalize() 276 u2.Normalize() 277 278 if u1.Equals(&u2) { 279 s1.Normalize() 280 s2.Normalize() 281 if (s1.Equals(&s2)) { 282 a.Double(r) 283 } else { 284 r.Infinity = true 285 } 286 return 287 } 288 289 var h, i, i2, h2, h3, t Field 290 u1.Negate(&h, 1) 291 h.SetAdd(&u2) 292 s1.Negate(&i, 1) 293 i.SetAdd(&s2) 294 i.Sqr(&i2) 295 h.Sqr(&h2) 296 h.Mul(&h3, &h2) 297 r.Z = a.Z 298 r.Z.Mul(&r.Z, &h) 299 u1.Mul(&t, &h2) 300 r.X = t 301 r.X.MulInt(2) 302 r.X.SetAdd(&h3) 303 r.X.Negate(&r.X, 3) 304 r.X.SetAdd(&i2) 305 r.X.Negate(&r.Y, 5) 306 r.Y.SetAdd(&t) 307 r.Y.Mul(&r.Y, &i) 308 h3.Mul(&h3, &s1) 309 h3.Negate(&h3, 1) 310 r.Y.SetAdd(&h3) 311 } 312 313 314 func (a *XYZ) Add(r, b *XYZ) { 315 if a.Infinity { 316 *r = *b 317 return 318 } 319 if b.Infinity { 320 *r = *a 321 return 322 } 323 r.Infinity = false 324 var z22, z12, u1, u2, s1, s2 Field 325 326 b.Z.Sqr(&z22) 327 a.Z.Sqr(&z12) 328 a.X.Mul(&u1, &z22) 329 b.X.Mul(&u2, &z12) 330 a.Y.Mul(&s1, &z22) 331 s1.Mul(&s1, &b.Z) 332 b.Y.Mul(&s2, &z12) 333 s2.Mul(&s2, &a.Z) 334 u1.Normalize() 335 u2.Normalize() 336 if u1.Equals(&u2) { 337 s1.Normalize() 338 s2.Normalize() 339 if s1.Equals(&s2) { 340 a.Double(r) 341 } else { 342 r.Infinity = true 343 } 344 return 345 } 346 var h, i, i2, h2, h3, t Field 347 348 u1.Negate(&h, 1) 349 h.SetAdd(&u2) 350 s1.Negate(&i, 1) 351 i.SetAdd(&s2) 352 i.Sqr(&i2) 353 h.Sqr(&h2) 354 h.Mul(&h3, &h2) 355 a.Z.Mul(&r.Z, &b.Z) 356 r.Z.Mul(&r.Z, &h) 357 u1.Mul(&t, &h2) 358 r.X = t 359 r.X.MulInt(2) 360 r.X.SetAdd(&h3) 361 r.X.Negate(&r.X, 3) 362 r.X.SetAdd(&i2) 363 r.X.Negate(&r.Y, 5) 364 r.Y.SetAdd(&t) 365 r.Y.Mul(&r.Y, &i) 366 h3.Mul(&h3, &s1) 367 h3.Negate(&h3, 1) 368 r.Y.SetAdd(&h3) 369 } 370 371 372 // r = a*G 373 func ECmultGen(r *XYZ, a *Number) { 374 var n Number; 375 n.Set(&a.Int) 376 r.SetXY(&prec[0][n.rsh_x(4)]) 377 for j:=1; j<64; j++ { 378 r.AddXY(r, &prec[j][n.rsh_x(4)]) 379 } 380 r.AddXY(r, &fin) 381 }