static void secp256k1_gej_add_ge_bl(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b, secp256k1_fe_t *rzr) {
secp256k1_fe_t z1z1, z1, u2, x1, y1, t0, s2, h, hh, i, j, t1, rr, v, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11;
// 7M + 4S + 2 normalize + 22 mul_int/add/negate
if (a->infinity) {
VERIFY_CHECK(rzr == NULL);
secp256k1_gej_set_ge(r, b);
return;
}
if (b->infinity) {
if (rzr) {
secp256k1_fe_set_int(rzr, 1);
}
*r = *a;
return;
}
r->infinity = 0;
x1 = a->x; secp256k1_fe_normalize_weak(&x1);
y1 = a->y; secp256k1_fe_normalize_weak(&y1);
secp256k1_fe_sqr(&z1z1, &a->z); // z1z1 = z1^2
secp256k1_fe_mul(&u2, &b->x, &z1z1); // u2 = x2*z1z1
secp256k1_fe_mul(&t0, &a->z, &z1z1); // t0 = z1*z1z1
secp256k1_fe_mul(&s2, &b->y, &t0); // s2 = y2 * t0
secp256k1_fe_negate(&h, &x1, 1); secp256k1_fe_add(&h, &u2); // h = u2-x1 (3)
secp256k1_fe_sqr(&hh,&h); // hh = h^2
i = hh; secp256k1_fe_mul_int(&i,4); // i = 4*hh
if (secp256k1_fe_normalizes_to_zero_var(&h)) {
if (secp256k1_fe_normalizes_to_zero_var(&i)) {
secp256k1_gej_double_var(r, a, rzr);
} else {
if (rzr) {
secp256k1_fe_set_int(rzr, 0);
}
r->infinity = 1;
}
return;
}
secp256k1_fe_mul(&j,&h,&i); // j = h*i
secp256k1_fe_negate(&t1, &y1, 1); secp256k1_fe_add(&t1, &s2); // t1 = s2-y1
rr = t1; secp256k1_fe_mul_int(&rr, 2); // rr = 2 * t1;
secp256k1_fe_mul(&v, &x1, &i); // v = x1 * i
secp256k1_fe_sqr(&t2, &rr); // t2 = rr^2
t3 = v; secp256k1_fe_mul_int(&t3, 2); // t3 = 2*v
secp256k1_fe_negate(&t4, &j, 1); secp256k1_fe_add(&t4, &t2); // t4 = t2 - j
secp256k1_fe_negate(&r->x, &t3, 2); secp256k1_fe_add(&r->x, &t4); // x3 = t4 - t3;
//secp256k1_fe_normalize_weak(&r->x);
secp256k1_fe_negate(&t5, &r->x, 6); secp256k1_fe_add(&t5, &v); // t5 = v - x3
secp256k1_fe_mul(&t6,&y1,&j); // t6 = y1 * j
t7 = t6; secp256k1_fe_mul_int(&t7,2); // t7 = 2*t6;
secp256k1_fe_mul(&t8,&rr,&t5); // t8 = rr* t5;
secp256k1_fe_negate(&r->y, &t7, 2); secp256k1_fe_add(&r->y,&t8);// y3 = t8-t7
//secp256k1_fe_normalize_weak(&r->y);
t9 = h; secp256k1_fe_add(&t9, &a->z); // t9 = z1 + h
secp256k1_fe_sqr(&t10, &t9); // t10 = t9^2
secp256k1_fe_negate(&t11, &z1z1, 1); secp256k1_fe_add(&t11, &t10); // t11 = t10-z1z1
secp256k1_fe_negate(&r->z, &hh, 1); secp256k1_fe_add(&r->z, &t11); // z3 = t11 - hh
}
void test_exhaustive_addition(const secp256k1_ge *group, const secp256k1_gej *groupj, int order) {
int i, j;
/* Sanity-check (and check infinity functions) */
CHECK(secp256k1_ge_is_infinity(&group[0]));
CHECK(secp256k1_gej_is_infinity(&groupj[0]));
for (i = 1; i < order; i++) {
CHECK(!secp256k1_ge_is_infinity(&group[i]));
CHECK(!secp256k1_gej_is_infinity(&groupj[i]));
}
/* Check all addition formulae */
for (j = 0; j < order; j++) {
secp256k1_fe fe_inv;
secp256k1_fe_inv(&fe_inv, &groupj[j].z);
for (i = 0; i < order; i++) {
secp256k1_ge zless_gej;
secp256k1_gej tmp;
/* add_var */
secp256k1_gej_add_var(&tmp, &groupj[i], &groupj[j], NULL);
ge_equals_gej(&group[(i + j) % order], &tmp);
/* add_ge */
if (j > 0) {
secp256k1_gej_add_ge(&tmp, &groupj[i], &group[j]);
ge_equals_gej(&group[(i + j) % order], &tmp);
}
/* add_ge_var */
secp256k1_gej_add_ge_var(&tmp, &groupj[i], &group[j], NULL);
ge_equals_gej(&group[(i + j) % order], &tmp);
/* add_zinv_var */
zless_gej.infinity = groupj[j].infinity;
zless_gej.x = groupj[j].x;
zless_gej.y = groupj[j].y;
secp256k1_gej_add_zinv_var(&tmp, &groupj[i], &zless_gej, &fe_inv);
ge_equals_gej(&group[(i + j) % order], &tmp);
}
}
/* Check doubling */
for (i = 0; i < order; i++) {
secp256k1_gej tmp;
if (i > 0) {
secp256k1_gej_double_nonzero(&tmp, &groupj[i], NULL);
ge_equals_gej(&group[(2 * i) % order], &tmp);
}
secp256k1_gej_double_var(&tmp, &groupj[i], NULL);
ge_equals_gej(&group[(2 * i) % order], &tmp);
}
/* Check negation */
for (i = 1; i < order; i++) {
secp256k1_ge tmp;
secp256k1_gej tmpj;
secp256k1_ge_neg(&tmp, &group[i]);
ge_equals_ge(&group[order - i], &tmp);
secp256k1_gej_neg(&tmpj, &groupj[i]);
ge_equals_gej(&group[order - i], &tmpj);
}
}
void bench_group_double_var(void* arg) {
int i;
bench_inv_t *data = (bench_inv_t*)arg;
for (i = 0; i < 200000; i++) {
secp256k1_gej_double_var(&data->gej_x, &data->gej_x, NULL);
}
}
void precomputeTable(int window_size){
secp256k1_gej_t gj; // base point in jacobian coordinates
secp256k1_gej_t *table;
WINDOW_SIZE = window_size;
numberOfValues = (int) pow(2.0,window_size);
if (256 % window_size == 0){
numberOfWindows = (256 / window_size);
}else{
numberOfWindows = (256 / window_size) + 1;
}
remmining = 256 % window_size;
table = (secp256k1_gej_t *)malloc(numberOfWindows*numberOfValues*sizeof(secp256k1_gej_t));
prec = (secp256k1_ge_t *)malloc(numberOfWindows*numberOfValues*sizeof(secp256k1_ge_t));
secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g);
printf("%d %d %d %d\n",window_size,numberOfWindows,numberOfValues,remmining);
secp256k1_ge_const_g;
{
static const unsigned char nums_b32[33] = "The scalar for this x is unknown";
secp256k1_fe_t nums_x;
secp256k1_ge_t nums_ge;
VERIFY_CHECK(secp256k1_fe_set_b32(&nums_x, nums_b32));
VERIFY_CHECK(secp256k1_ge_set_xo_var(&nums_ge, &nums_x, 0));
secp256k1_gej_set_ge(&nums_gej, &nums_ge);
/* Add G to make the bits in x uniformly distributed. */
secp256k1_gej_add_ge_var(&nums_gej, &nums_gej, &secp256k1_ge_const_g, NULL);
}
secp256k1_gej_t gbase;
secp256k1_gej_t numsbase;
gbase = gj; /* (2^w_size)^num_of_windows * G */
numsbase = nums_gej; /* 2^num_of_windows * nums. */
for (int j = 0; j < numberOfWindows; j++) {
//[number of windows][each value from 0 - (2^window_size - 1)]
table[j*numberOfValues] = numsbase;
for (int i = 1; i < numberOfValues; i++) {
secp256k1_gej_add_var(&table[j*numberOfValues + i], &table[j*numberOfValues + i - 1], &gbase, NULL);
}
for (int i = 0; i < window_size; i++) {
secp256k1_gej_double_var(&gbase, &gbase, NULL);
}
/* Multiply numbase by 2. */
secp256k1_gej_double_var(&numsbase, &numsbase, NULL);
if (j == numberOfWindows-2) {
/* In the last iteration, numsbase is (1 - 2^j) * nums instead. */
secp256k1_gej_neg(&numsbase, &numsbase);
secp256k1_gej_add_var(&numsbase, &numsbase, &nums_gej, NULL);
}
}
secp256k1_ge_set_all_gej_var(numberOfWindows*numberOfValues, prec, table, 0);
printf("");
free(table);
}
int main(int argc, char **argv) {
bench_data data;
int i, p;
secp256k1_gej* pubkeys_gej;
size_t scratch_size;
if (argc > 1) {
if(have_flag(argc, argv, "pippenger_wnaf")) {
printf("Using pippenger_wnaf:\n");
data.ecmult_multi = secp256k1_ecmult_pippenger_batch_single;
} else if(have_flag(argc, argv, "strauss_wnaf")) {
printf("Using strauss_wnaf:\n");
data.ecmult_multi = secp256k1_ecmult_strauss_batch_single;
}
} else {
data.ecmult_multi = secp256k1_ecmult_multi_var;
}
/* Allocate stuff */
data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
scratch_size = secp256k1_strauss_scratch_size(POINTS) + STRAUSS_SCRATCH_OBJECTS*16;
data.scratch = secp256k1_scratch_space_create(data.ctx, scratch_size);
data.scalars = malloc(sizeof(secp256k1_scalar) * POINTS);
data.seckeys = malloc(sizeof(secp256k1_scalar) * POINTS);
data.pubkeys = malloc(sizeof(secp256k1_ge) * POINTS);
data.expected_output = malloc(sizeof(secp256k1_gej) * (ITERS + 1));
data.output = malloc(sizeof(secp256k1_gej) * (ITERS + 1));
/* Generate a set of scalars, and private/public keypairs. */
pubkeys_gej = malloc(sizeof(secp256k1_gej) * POINTS);
secp256k1_gej_set_ge(&pubkeys_gej[0], &secp256k1_ge_const_g);
secp256k1_scalar_set_int(&data.seckeys[0], 1);
for (i = 0; i < POINTS; ++i) {
generate_scalar(i, &data.scalars[i]);
if (i) {
secp256k1_gej_double_var(&pubkeys_gej[i], &pubkeys_gej[i - 1], NULL);
secp256k1_scalar_add(&data.seckeys[i], &data.seckeys[i - 1], &data.seckeys[i - 1]);
}
}
secp256k1_ge_set_all_gej_var(data.pubkeys, pubkeys_gej, POINTS);
free(pubkeys_gej);
for (i = 1; i <= 8; ++i) {
run_test(&data, i, 1);
}
for (p = 0; p <= 11; ++p) {
for (i = 9; i <= 16; ++i) {
run_test(&data, i << p, 1);
}
}
secp256k1_context_destroy(data.ctx);
secp256k1_scratch_space_destroy(data.scratch);
free(data.scalars);
free(data.pubkeys);
free(data.seckeys);
free(data.output);
free(data.expected_output);
return(0);
}
