secp256k1EcmultConstXonly static method
int
secp256k1EcmultConstXonly(
- Secp256k1Fe r,
- Secp256k1Fe n,
- Secp256k1Scalar q, {
- Secp256k1Fe? d,
- int knownOnCurve = 0,
Implementation
static int secp256k1EcmultConstXonly(
Secp256k1Fe r, Secp256k1Fe n, Secp256k1Scalar q,
{Secp256k1Fe? d, int knownOnCurve = 0}) {
Secp256k1Fe g = Secp256k1Fe(), i = Secp256k1Fe();
Secp256k1Ge p = Secp256k1Ge();
Secp256k1Gej rj = Secp256k1Gej();
/// Compute g = (n^3 + B*d^3).
secp256k1FeSqr(g, n);
secp256k1FeMul(g, g, n);
if (d != null) {
Secp256k1Fe b = Secp256k1Fe();
_cond(secp256k1FeNormalizesToZero(d) == 0, "secp256k1EcmultConstXonly");
secp256k1FeSqr(b, d);
_cond(Secp256k1Const.secp256k1B <= 8, "secp256k1EcmultConstXonly");
secp256k1FeMulInt(b, Secp256k1Const.secp256k1B);
secp256k1FeMul(b, b, d);
secp256k1FeAdd(g, b);
if (knownOnCurve == 0) {
Secp256k1Fe c = Secp256k1Fe();
secp256k1FeMul(c, g, d);
if (secp256k1FeIsSquareVar(c) == 0) return 0;
}
} else {
secp256k1FeAddInt(g, Secp256k1Const.secp256k1B);
if (knownOnCurve == 0) {
/// g at this point equals x^3 + 7. Test if it is square.
if (secp256k1FeIsSquareVar(g) == 0) return 0;
}
}
secp256k1FeMul(p.x, g, n);
secp256k1FeSqr(p.y, g);
p.infinity = 0;
/// Perform x-only EC multiplication of P with q.
_cond(secp256k1ScalarIsZero(q) == 0, "secp256k1EcmultConstXonly");
secp256k1ECmultConst(rj, p, q);
_cond(secp256k1GejIsInfinity(rj) == 0, "secp256k1EcmultConstXonly");
secp256k1FeSqr(i, rj.z);
secp256k1FeMul(i, i, g);
if (d != null) secp256k1FeMul(i, i, d);
secp256k1FeInv(i, i);
secp256k1FeMul(r, rj.x, i);
return 1;
}