Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/sage/group_prover.sage
| # This code supports verifying group implementations which have branches | # This code supports verifying group implementations which have branches | ||||
| # or conditional statements (like cmovs), by allowing each execution path | # or conditional statements (like cmovs), by allowing each execution path | ||||
| # to independently set assumptions on input or intermediary variables. | # to independently set assumptions on input or intermediary variables. | ||||
| # | # | ||||
| # The general approach is: | # The general approach is: | ||||
| # * A constraint is a tuple of two sets of of symbolic expressions: | # * A constraint is a tuple of two sets of symbolic expressions: | ||||
| # the first of which are required to evaluate to zero, the second of which | # the first of which are required to evaluate to zero, the second of which | ||||
| # are required to evaluate to nonzero. | # are required to evaluate to nonzero. | ||||
| # - A constraint is said to be conflicting if any of its nonzero expressions | # - A constraint is said to be conflicting if any of its nonzero expressions | ||||
| # is in the ideal with basis the zero expressions (in other words: when the | # is in the ideal with basis the zero expressions (in other words: when the | ||||
| # zero expressions imply that one of the nonzero expressions are zero). | # zero expressions imply that one of the nonzero expressions are zero). | ||||
| # * There is a list of laws that describe the intended behaviour, including | # * There is a list of laws that describe the intended behaviour, including | ||||
| # laws for addition and doubling. Each law is called with the symbolic point | # laws for addition and doubling. Each law is called with the symbolic point | ||||
| # coordinates as arguments, and returns: | # coordinates as arguments, and returns: | ||||
| ▲ Show 20 Lines • Show All 308 Lines • Show Last 20 Lines | |||||