Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/README.md
| Show All 32 Lines | * General | ||||
| * Structured to facilitate review and analysis. | * Structured to facilitate review and analysis. | ||||
| * Intended to be portable to any system with a C89 compiler and uint64_t support. | * Intended to be portable to any system with a C89 compiler and uint64_t support. | ||||
| * No use of floating types. | * No use of floating types. | ||||
| * Expose only higher level interfaces to minimize the API surface and improve application security. ("Be difficult to use insecurely.") | * Expose only higher level interfaces to minimize the API surface and improve application security. ("Be difficult to use insecurely.") | ||||
| * Field operations | * Field operations | ||||
| * Optimized implementation of arithmetic modulo the curve's field size (2^256 - 0x1000003D1). | * Optimized implementation of arithmetic modulo the curve's field size (2^256 - 0x1000003D1). | ||||
| * Using 5 52-bit limbs (including hand-optimized assembly for x86_64, by Diederik Huys). | * Using 5 52-bit limbs (including hand-optimized assembly for x86_64, by Diederik Huys). | ||||
| * Using 10 26-bit limbs (including hand-optimized assembly for 32-bit ARM, by Wladimir J. van der Laan). | * Using 10 26-bit limbs (including hand-optimized assembly for 32-bit ARM, by Wladimir J. van der Laan). | ||||
| * Field inverses and square roots using a sliding window over blocks of 1s (by Peter Dettman). | |||||
| * Scalar operations | * Scalar operations | ||||
| * Optimized implementation without data-dependent branches of arithmetic modulo the curve's order. | * Optimized implementation without data-dependent branches of arithmetic modulo the curve's order. | ||||
| * Using 4 64-bit limbs (relying on __int128 support in the compiler). | * Using 4 64-bit limbs (relying on __int128 support in the compiler). | ||||
| * Using 8 32-bit limbs. | * Using 8 32-bit limbs. | ||||
| * Modular inverses (both field elements and scalars) based on [safegcd](https://gcd.cr.yp.to/index.html) with some modifications, and a variable-time variant (by Peter Dettman). | |||||
| * Group operations | * Group operations | ||||
| * Point addition formula specifically simplified for the curve equation (y^2 = x^3 + 7). | * Point addition formula specifically simplified for the curve equation (y^2 = x^3 + 7). | ||||
| * Use addition between points in Jacobian and affine coordinates where possible. | * Use addition between points in Jacobian and affine coordinates where possible. | ||||
| * Use a unified addition/doubling formula where necessary to avoid data-dependent branches. | * Use a unified addition/doubling formula where necessary to avoid data-dependent branches. | ||||
| * Point/x comparison without a field inversion by comparison in the Jacobian coordinate space. | * Point/x comparison without a field inversion by comparison in the Jacobian coordinate space. | ||||
| * Point multiplication for verification (a*P + b*G). | * Point multiplication for verification (a*P + b*G). | ||||
| * Use wNAF notation for point multiplicands. | * Use wNAF notation for point multiplicands. | ||||
| * Use a much larger window for multiples of G, using precomputed multiples. | * Use a much larger window for multiples of G, using precomputed multiples. | ||||
| ▲ Show 20 Lines • Show All 93 Lines • Show Last 20 Lines | |||||