From 4e176ad5b94f989d5e2c6cdf9b2761a6f6a971e5 Mon Sep 17 00:00:00 2001 From: Pieter Wuille Date: Thu, 11 May 2023 03:16:00 -0400 Subject: [PATCH] Abstract out verify logic for fe_is_square_var --- src/field.h | 6 +++++- src/field_10x26_impl.h | 6 +----- src/field_5x52_impl.h | 6 +----- src/field_impl.h | 11 +++++++++++ 4 files changed, 18 insertions(+), 11 deletions(-) diff --git a/src/field.h b/src/field.h index a515f38095..2c8fbc28e3 100644 --- a/src/field.h +++ b/src/field.h @@ -100,6 +100,7 @@ static const secp256k1_fe secp256k1_const_beta = SECP256K1_FE_CONST( # define secp256k1_fe_get_bounds secp256k1_fe_impl_get_bounds # define secp256k1_fe_half secp256k1_fe_impl_half # define secp256k1_fe_add_int secp256k1_fe_impl_add_int +# define secp256k1_fe_is_square_var secp256k1_fe_impl_is_square_var #endif /* !defined(VERIFY) */ /** Normalize a field element. @@ -321,7 +322,10 @@ static void secp256k1_fe_half(secp256k1_fe *r); * internal overflows. */ static void secp256k1_fe_get_bounds(secp256k1_fe *r, int m); -/** Determine whether a is a square (modulo p). */ +/** Determine whether a is a square (modulo p). + * + * On input, a must be a valid field element. + */ static int secp256k1_fe_is_square_var(const secp256k1_fe *a); /** Check invariants on a field element (no-op unless VERIFY is enabled). */ diff --git a/src/field_10x26_impl.h b/src/field_10x26_impl.h index 80f32aa460..946c95fb2f 100644 --- a/src/field_10x26_impl.h +++ b/src/field_10x26_impl.h @@ -1215,7 +1215,7 @@ static void secp256k1_fe_impl_inv_var(secp256k1_fe *r, const secp256k1_fe *x) { secp256k1_fe_from_signed30(r, &s); } -static int secp256k1_fe_is_square_var(const secp256k1_fe *x) { +static int secp256k1_fe_impl_is_square_var(const secp256k1_fe *x) { secp256k1_fe tmp; secp256k1_modinv32_signed30 s; int jac, ret; @@ -1233,10 +1233,6 @@ static int secp256k1_fe_is_square_var(const secp256k1_fe *x) { secp256k1_fe dummy; ret = secp256k1_fe_sqrt(&dummy, &tmp); } else { -#ifdef VERIFY - secp256k1_fe dummy; - VERIFY_CHECK(jac == 2*secp256k1_fe_sqrt(&dummy, &tmp) - 1); -#endif ret = jac >= 0; } return ret; diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h index a9a436dec0..f947903675 100644 --- a/src/field_5x52_impl.h +++ b/src/field_5x52_impl.h @@ -504,7 +504,7 @@ static void secp256k1_fe_impl_inv_var(secp256k1_fe *r, const secp256k1_fe *x) { secp256k1_fe_from_signed62(r, &s); } -static int secp256k1_fe_is_square_var(const secp256k1_fe *x) { +static int secp256k1_fe_impl_is_square_var(const secp256k1_fe *x) { secp256k1_fe tmp; secp256k1_modinv64_signed62 s; int jac, ret; @@ -522,10 +522,6 @@ static int secp256k1_fe_is_square_var(const secp256k1_fe *x) { secp256k1_fe dummy; ret = secp256k1_fe_sqrt(&dummy, &tmp); } else { -#ifdef VERIFY - secp256k1_fe dummy; - VERIFY_CHECK(jac == 2*secp256k1_fe_sqrt(&dummy, &tmp) - 1); -#endif ret = jac >= 0; } return ret; diff --git a/src/field_impl.h b/src/field_impl.h index 0d46b313d5..187ffc8d8b 100644 --- a/src/field_impl.h +++ b/src/field_impl.h @@ -384,6 +384,17 @@ SECP256K1_INLINE static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256 secp256k1_fe_verify(r); } +static int secp256k1_fe_impl_is_square_var(const secp256k1_fe *x); +SECP256K1_INLINE static int secp256k1_fe_is_square_var(const secp256k1_fe *x) { + int ret; + secp256k1_fe tmp = *x, sqrt; + secp256k1_fe_verify(x); + ret = secp256k1_fe_impl_is_square_var(x); + secp256k1_fe_normalize_weak(&tmp); + VERIFY_CHECK(ret == secp256k1_fe_sqrt(&sqrt, &tmp)); + return ret; +} + static void secp256k1_fe_impl_get_bounds(secp256k1_fe* r, int m); SECP256K1_INLINE static void secp256k1_fe_get_bounds(secp256k1_fe* r, int m) { VERIFY_CHECK(m >= 0);