Function mulPublic [src]

Multiply an elliptic curve point by a PUBLIC scalar IN VARIABLE TIME This can be used for signature verification.

Prototype

 pub fn mulPublic(p: Secp256k1, s_: [32]u8, endian: std.builtin.Endian) (IdentityElementError || NonCanonicalError)!Secp256k1

Parameters

p: Secp256k1s_: [32]u8endian: std.builtin.Endian

Source

  pub fn mulPublic(p: Secp256k1, s_: [32]u8, endian: std.builtin.Endian) (IdentityElementError || NonCanonicalError)!Secp256k1 {
    const s = if (endian == .little) s_ else Fe.orderSwap(s_);
    const zero = comptime scalar.Scalar.zero.toBytes(.little);
    if (mem.eql(u8, &zero, &s)) {
        return error.IdentityElement;
    }
    const pc = precompute(p, 8);
    var lambda_p = try pcMul(&pc, Endormorphism.lambda_s, true);
    var split_scalar = try Endormorphism.splitScalar(s, .little);
    var px = p;

    // If a key is negative, flip the sign to keep it half-sized,
    // and flip the sign of the Y point coordinate to compensate.
    if (split_scalar.r1[split_scalar.r1.len / 2] != 0) {
        split_scalar.r1 = scalar.neg(split_scalar.r1, .little) catch zero;
        px = px.neg();
    }
    if (split_scalar.r2[split_scalar.r2.len / 2] != 0) {
        split_scalar.r2 = scalar.neg(split_scalar.r2, .little) catch zero;
        lambda_p = lambda_p.neg();
    }
    return mulDoubleBasePublicEndo(px, split_scalar.r1, lambda_p, split_scalar.r2);
}  