mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-25 18:53:23 -03:00
Test demonstrating discrepancy in sqr output
This commit is contained in:
Peter Dettman
Pieter Wuille
parent
5e53856862
commit
59447da38d
3 changed files with 47 additions and 0 deletions
|
|
@ -42,6 +42,10 @@ void static secp256k1_fe_start(void);
|
||||||
/** Unload field element precomputation data. */
|
/** Unload field element precomputation data. */
|
||||||
void static secp256k1_fe_stop(void);
|
void static secp256k1_fe_stop(void);
|
||||||
|
|
||||||
|
#ifdef VERIFY
|
||||||
|
int static secp256k1_fe_verify(const secp256k1_fe_t * a);
|
||||||
|
#endif
|
||||||
|
|
||||||
/** Normalize a field element. */
|
/** Normalize a field element. */
|
||||||
void static secp256k1_fe_normalize(secp256k1_fe_t *r);
|
void static secp256k1_fe_normalize(secp256k1_fe_t *r);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -33,6 +33,25 @@
|
||||||
void static secp256k1_fe_inner_start(void) {}
|
void static secp256k1_fe_inner_start(void) {}
|
||||||
void static secp256k1_fe_inner_stop(void) {}
|
void static secp256k1_fe_inner_stop(void) {}
|
||||||
|
|
||||||
|
#ifdef VERIFY
|
||||||
|
int static secp256k1_fe_verify(const secp256k1_fe_t * a) {
|
||||||
|
const uint64_t *d = a->n;
|
||||||
|
int m = a->magnitude, r = 1;
|
||||||
|
r &= (d[0] <= 0xFFFFFFFFFFFFFULL * m);
|
||||||
|
r &= (d[1] <= 0xFFFFFFFFFFFFFULL * m);
|
||||||
|
r &= (d[2] <= 0xFFFFFFFFFFFFFULL * m);
|
||||||
|
r &= (d[3] <= 0xFFFFFFFFFFFFFULL * m);
|
||||||
|
r &= (d[4] <= 0x0FFFFFFFFFFFFULL * m);
|
||||||
|
if (a->normalized) {
|
||||||
|
r &= (m == 1);
|
||||||
|
if (r && (d[4] == 0x0FFFFFFFFFFFFULL) && ((d[3] & d[2] & d[1]) == 0xFFFFFFFFFFFFFULL)) {
|
||||||
|
r &= (d[0] < 0xFFFFEFFFFFC2FULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
void static secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
void static secp256k1_fe_normalize(secp256k1_fe_t *r) {
|
||||||
uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4];
|
uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4];
|
||||||
|
|
||||||
|
|
|
||||||
24
src/tests.c
24
src/tests.c
|
|
@ -312,6 +312,29 @@ void run_field_inv_all_var() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void run_sqr() {
|
||||||
|
secp256k1_fe_t x, s;
|
||||||
|
|
||||||
|
#if defined(USE_FIELD_5X52)
|
||||||
|
// Known issue with reduction part of sqr. For simplicity, we trigger the problem here
|
||||||
|
// with "negative" powers of 2, but the problem exists for large ranges of values.
|
||||||
|
{
|
||||||
|
secp256k1_fe_set_int(&x, 1);
|
||||||
|
secp256k1_fe_negate(&x, &x, 1);
|
||||||
|
|
||||||
|
for (int i=1; i<=512; ++i) {
|
||||||
|
secp256k1_fe_mul_int(&x, 2);
|
||||||
|
secp256k1_fe_normalize(&x);
|
||||||
|
secp256k1_fe_sqr(&s, &x);
|
||||||
|
if (!secp256k1_fe_verify(&s)) {
|
||||||
|
printf("%4i: %016llx %016llx %016llx %016llx %016llx\n",
|
||||||
|
i, s.n[4], s.n[3], s.n[2], s.n[1], s.n[0]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
void test_sqrt(const secp256k1_fe_t *a, const secp256k1_fe_t *k) {
|
void test_sqrt(const secp256k1_fe_t *a, const secp256k1_fe_t *k) {
|
||||||
secp256k1_fe_t r1, r2;
|
secp256k1_fe_t r1, r2;
|
||||||
int v = secp256k1_fe_sqrt(&r1, a);
|
int v = secp256k1_fe_sqrt(&r1, a);
|
||||||
|
|
@ -609,6 +632,7 @@ int main(int argc, char **argv) {
|
||||||
run_field_inv_var();
|
run_field_inv_var();
|
||||||
run_field_inv_all();
|
run_field_inv_all();
|
||||||
run_field_inv_all_var();
|
run_field_inv_all_var();
|
||||||
|
run_sqr();
|
||||||
run_sqrt();
|
run_sqrt();
|
||||||
|
|
||||||
// ecmult tests
|
// ecmult tests
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue