Skip to content

Commit

Permalink
Abstract out verify logic for fe_half
Browse files Browse the repository at this point in the history
  • Loading branch information
sipa committed Jan 5, 2023
1 parent ee48e53 commit d86adb1
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 28 deletions.
1 change: 1 addition & 0 deletions src/field.h
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ static void secp256k1_fe_verify(const secp256k1_fe *a);
# define secp256k1_fe_inv secp256k1_fe_impl_inv
# define secp256k1_fe_inv_var secp256k1_fe_impl_inv_var
# define secp256k1_fe_get_bounds secp256k1_fe_impl_get_bounds
# define secp256k1_fe_half secp256k1_fe_impl_half
#endif /* defined(VERIFY) */

/** Normalize a field element.
Expand Down
17 changes: 3 additions & 14 deletions src/field_10x26_impl.h
Original file line number Diff line number Diff line change
Expand Up @@ -1031,17 +1031,12 @@ SECP256K1_INLINE static void secp256k1_fe_impl_cmov(secp256k1_fe *r, const secp2
r->n[9] = (r->n[9] & mask0) | (a->n[9] & mask1);
}

static SECP256K1_INLINE void secp256k1_fe_half(secp256k1_fe *r) {
static SECP256K1_INLINE void secp256k1_fe_impl_half(secp256k1_fe *r) {
uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4],
t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9];
uint32_t one = (uint32_t)1;
uint32_t mask = -(t0 & one) >> 6;

#ifdef VERIFY
secp256k1_fe_verify(r);
VERIFY_CHECK(r->magnitude < 32);
#endif

/* Bounds analysis (over the rationals).
*
* Let m = r->magnitude
Expand Down Expand Up @@ -1088,10 +1083,8 @@ static SECP256K1_INLINE void secp256k1_fe_half(secp256k1_fe *r) {
*
* Current bounds: t0..t8 <= C * (m/2 + 1/2)
* t9 <= D * (m/2 + 1/4)
*/

#ifdef VERIFY
/* Therefore the output magnitude (M) has to be set such that:
*
* Therefore the output magnitude (M) has to be set such that:
* t0..t8: C * M >= C * (m/2 + 1/2)
* t9: D * M >= D * (m/2 + 1/4)
*
Expand All @@ -1101,10 +1094,6 @@ static SECP256K1_INLINE void secp256k1_fe_half(secp256k1_fe *r) {
* and since we want the smallest such integer value for M:
* M == floor(m/2) + 1
*/
r->magnitude = (r->magnitude >> 1) + 1;
r->normalized = 0;
secp256k1_fe_verify(r);
#endif
}

static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag) {
Expand Down
17 changes: 3 additions & 14 deletions src/field_5x52_impl.h
Original file line number Diff line number Diff line change
Expand Up @@ -360,16 +360,11 @@ SECP256K1_INLINE static void secp256k1_fe_impl_cmov(secp256k1_fe *r, const secp2
r->n[4] = (r->n[4] & mask0) | (a->n[4] & mask1);
}

static SECP256K1_INLINE void secp256k1_fe_half(secp256k1_fe *r) {
static SECP256K1_INLINE void secp256k1_fe_impl_half(secp256k1_fe *r) {
uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4];
uint64_t one = (uint64_t)1;
uint64_t mask = -(t0 & one) >> 12;

#ifdef VERIFY
secp256k1_fe_verify(r);
VERIFY_CHECK(r->magnitude < 32);
#endif

/* Bounds analysis (over the rationals).
*
* Let m = r->magnitude
Expand Down Expand Up @@ -406,10 +401,8 @@ static SECP256K1_INLINE void secp256k1_fe_half(secp256k1_fe *r) {
*
* Current bounds: t0..t3 <= C * (m/2 + 1/2)
* t4 <= D * (m/2 + 1/4)
*/

#ifdef VERIFY
/* Therefore the output magnitude (M) has to be set such that:
*
* Therefore the output magnitude (M) has to be set such that:
* t0..t3: C * M >= C * (m/2 + 1/2)
* t4: D * M >= D * (m/2 + 1/4)
*
Expand All @@ -419,10 +412,6 @@ static SECP256K1_INLINE void secp256k1_fe_half(secp256k1_fe *r) {
* and since we want the smallest such integer value for M:
* M == floor(m/2) + 1
*/
r->magnitude = (r->magnitude >> 1) + 1;
r->normalized = 0;
secp256k1_fe_verify(r);
#endif
}

static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag) {
Expand Down
10 changes: 10 additions & 0 deletions src/field_impl.h
Original file line number Diff line number Diff line change
Expand Up @@ -372,6 +372,16 @@ SECP256K1_INLINE static void secp256k1_fe_get_bounds(secp256k1_fe* r, int m) {
secp256k1_fe_verify(r);
}

static void secp256k1_fe_impl_half(secp256k1_fe *r);
SECP256K1_INLINE static void secp256k1_fe_half(secp256k1_fe *r) {
secp256k1_fe_verify(r);
VERIFY_CHECK(r->magnitude < 32);
secp256k1_fe_impl_half(r);
r->magnitude = (r->magnitude >> 1) + 1;
r->normalized = 0;
secp256k1_fe_verify(r);
}

#endif /* defined(VERIFY) */

#endif /* SECP256K1_FIELD_IMPL_H */

0 comments on commit d86adb1

Please sign in to comment.