mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-02-10 10:52:31 -05:00
20b8877be1
We observe that when changing the b-value in the elliptic curve formula `y^2 = x^3 + ax + b`, the group law is unchanged. Therefore our functions for secp256k1 will be correct if and only if they are correct when applied to the curve defined by `y^2 = x^3 + 4` defined over the same field. This curve has a point P of order 199. This commit adds a test which computes the subgroup generated by P and exhaustively checks that addition of every pair of points gives the correct result. Unfortunately we cannot test const-time scalar multiplication by the same mechanism. The reason is that these ecmult functions both compute a wNAF representation of the scalar, and this representation is tied to the order of the group. Testing with the incomplete version of gej_add_ge (found in 5de4c5dff^) shows that this detects the incompleteness when adding P - 106P, which is exactly what we expected since 106 is a cube root of 1 mod 199.
49 lines
700 B
Text
49 lines
700 B
Text
bench_inv
|
|
bench_ecdh
|
|
bench_sign
|
|
bench_verify
|
|
bench_schnorr_verify
|
|
bench_recover
|
|
bench_internal
|
|
tests
|
|
exhaustive_tests
|
|
gen_context
|
|
*.exe
|
|
*.so
|
|
*.a
|
|
!.gitignore
|
|
|
|
Makefile
|
|
configure
|
|
.libs/
|
|
Makefile.in
|
|
aclocal.m4
|
|
autom4te.cache/
|
|
config.log
|
|
config.status
|
|
*.tar.gz
|
|
*.la
|
|
libtool
|
|
.deps/
|
|
.dirstamp
|
|
*.lo
|
|
*.o
|
|
*~
|
|
src/libsecp256k1-config.h
|
|
src/libsecp256k1-config.h.in
|
|
src/ecmult_static_context.h
|
|
build-aux/config.guess
|
|
build-aux/config.sub
|
|
build-aux/depcomp
|
|
build-aux/install-sh
|
|
build-aux/ltmain.sh
|
|
build-aux/m4/libtool.m4
|
|
build-aux/m4/lt~obsolete.m4
|
|
build-aux/m4/ltoptions.m4
|
|
build-aux/m4/ltsugar.m4
|
|
build-aux/m4/ltversion.m4
|
|
build-aux/missing
|
|
build-aux/compile
|
|
build-aux/test-driver
|
|
src/stamp-h1
|
|
libsecp256k1.pc
|