phantom/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-01-27 11:43:26 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make test_point_times_order test meaningful again

Browse source 
As wnaf splitting is scalar based, multiplying with the order directly
would be reduced to multiplication with zero before even converting to
wnaf.
This commit is contained in:
Pieter Wuille 2014-11-26 15:35:06 +01:00
parent 0b73059709
commit b5c9ee756f
1 changed files with 10 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
src/tests.c
View file

@ -794,13 +794,16 @@ void run_ecmult_chain(void) {
}
void test_point_times_order(const secp256k1_gej_t *point) {
/* multiplying a point by the order results in O */
const secp256k1_num_t *order = &secp256k1_ge_consts->order;
secp256k1_num_t zero;
secp256k1_num_set_int(&zero, 0);
secp256k1_gej_t res;
secp256k1_ecmult(&res, point, order, order); /* calc res = order * point + order * G; */
CHECK(secp256k1_gej_is_infinity(&res));
/* X * (point + G) + (order-X) * (pointer + G) = 0 */
secp256k1_num_t x;
random_num_order_test(&x);
secp256k1_num_t nx;
secp256k1_num_sub(&nx, &secp256k1_ge_consts->order, &x);
secp256k1_gej_t res1, res2;
secp256k1_ecmult(&res1, point, &x, &x); /* calc res1 = x * point + x * G; */
secp256k1_ecmult(&res2, point, &nx, &nx); /* calc res2 = (order - x) * point + (order - x) * G; */
secp256k1_gej_add_var(&res1, &res1, &res2);
CHECK(secp256k1_gej_is_infinity(&res1));
}
void run_point_times_order(void) {