Skip to content

Commit

Permalink
make one ecmult_multi out of two
Browse files Browse the repository at this point in the history
  • Loading branch information
jonasnick committed Feb 10, 2023
1 parent 7308459 commit ea5adac
Showing 1 changed file with 42 additions and 30 deletions.
72 changes: 42 additions & 30 deletions src/modules/bulletproofs/bulletproofs_pp_norm_product_impl.h
Original file line number Diff line number Diff line change
Expand Up @@ -468,6 +468,7 @@ static int ec_mult_verify_cb2(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx
if (idx == 0) {
*pt = *data->asset_genp;
*sc = *data->v;
secp256k1_scalar_negate(sc, sc);
return 1;
}
idx -= 1;
Expand All @@ -477,9 +478,31 @@ static int ec_mult_verify_cb2(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx
*sc = data->s_h[idx - data->g_vec_len];
}
*pt = data->g_vec[idx];
secp256k1_scalar_negate(sc, sc);
return 1;
}

typedef struct ec_mult_verify_cb_data3 {
const ec_mult_verify_cb_data1 *cb_data1;
const ec_mult_verify_cb_data2 *cb_data2;
size_t idx2;
} ec_mult_verify_cb_data3;

static int ec_mult_verify_cb3(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata) {
ec_mult_verify_cb_data3 *data = (ec_mult_verify_cb_data3*) cbdata;
if (idx < data->idx2) {
if(!ec_mult_verify_cb1(sc, pt, idx, (void*)data->cb_data1)) {
return 0;
}
} else {
if(!ec_mult_verify_cb2(sc, pt, idx - data->idx2, (void*)data->cb_data2)) {
return 0;
}
}
return 1;
}


/* Verify the proof */
int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
const secp256k1_context* ctx,
Expand All @@ -497,7 +520,7 @@ int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
) {
secp256k1_scalar q, r, v, n, l, r_inv, h_c;
secp256k1_scalar *es, *s_g, *s_h, *r_inv_pows;
secp256k1_gej res1, res2;
secp256k1_gej res;
size_t i = 0, scratch_checkpoint;
int overflow;
size_t log_n = secp256k1_bulletproofs_pp_log2(g_len), log_m = secp256k1_bulletproofs_pp_log2(c_vec_len);
Expand Down Expand Up @@ -569,40 +592,29 @@ int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
secp256k1_scalar_add(&v, &v, &h_c);

{
ec_mult_verify_cb_data1 data;
secp256k1_gej temp1, temp2;
secp256k1_scalar one;
data.proof = proof;
data.commit = commit;
data.challenges = es;

secp256k1_gej_set_ge(&temp2, commit);
secp256k1_scalar_set_int(&one, 1);
secp256k1_ecmult(&temp1, &temp2, &one, NULL);

if (!secp256k1_ecmult_multi_var(&ctx->error_callback, scratch, &res1, NULL, ec_mult_verify_cb1, &data, 2*n_rounds + 1)) {
return 0;
}
}
{
ec_mult_verify_cb_data2 data;
data.g_vec = g_vec->gens;
data.g_vec_len = g_len;
data.s_g = s_g;
data.s_h = s_h;
data.v = &v;
data.asset_genp = asset_genp;

if (!secp256k1_ecmult_multi_var(&ctx->error_callback, scratch, &res2, NULL, ec_mult_verify_cb2, &data, g_len + h_len + 1)) {
ec_mult_verify_cb_data1 data1;
ec_mult_verify_cb_data2 data2;
ec_mult_verify_cb_data3 data3;
data1.proof = proof;
data1.commit = commit;
data1.challenges = es;
data2.g_vec = g_vec->gens;
data2.g_vec_len = g_len;
data2.s_g = s_g;
data2.s_h = s_h;
data2.v = &v;
data2.asset_genp = asset_genp;
data3.cb_data1 = &data1;
data3.cb_data2 = &data2;
data3.idx2 = 2*n_rounds + 1;

if (!secp256k1_ecmult_multi_var(&ctx->error_callback, scratch, &res, NULL, ec_mult_verify_cb3, &data3, 2*n_rounds + 1 + g_len + h_len + 1)) {
return 0;
}
}

secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, scratch_checkpoint);

/* res1 and res2 should be equal. Could not find a simpler way to compare them */
secp256k1_gej_neg(&res1, &res1);
secp256k1_gej_add_var(&res1, &res1, &res2, NULL);
return secp256k1_gej_is_infinity(&res1);
return secp256k1_gej_is_infinity(&res);
}
#endif

0 comments on commit ea5adac

Please sign in to comment.