version 2.1.0 (#5)

Author: anderspkd

CMakeLists.txt

@@ -16,7 +16,7 @@
 
 cmake_minimum_required( VERSION 3.14 )
 
-project( scl VERSION 2.0.0 DESCRIPTION "Secure Computation Library" )
+project( scl VERSION 2.1.0 DESCRIPTION "Secure Computation Library" )
 
 if(NOT CMAKE_BUILD_TYPE)
   set(CMAKE_BUILD_TYPE Release)
@@ -53,8 +53,10 @@ set(SCL_SOURCE_FILES
 
 if(WITH_EC MATCHES ON)
   set(SCL_SOURCE_FILES ${SCL_SOURCE_FILES}
+    src/scl/math/ops_gmp_ff.cc
     src/scl/math/secp256k1_field.cc
     src/scl/math/secp256k1_curve.cc
+    src/scl/math/secp256k1_order.cc
     src/scl/math/number.cc)
 endif()
 

RELEASE.txt

@@ -1,3 +1,8 @@
+2.1: More Finite Fields
+- Provide a FF implementation for computations modulo the order of Secp256k1
+- Extend EC with support for scalar multiplications with scalars from a finite
+  field of size the order of a subgroup.
+
 2.0: Elliptic curves and finite field refactoring
 - Make it simpler to define new finite fields
 - Include optional (but enabled by default) support for elliptic curves

include/scl/math/curves/secp256k1.h

@@ -58,6 +58,31 @@ struct Secp256k1 {
     constexpr static const std::size_t kBitSize = 8 * kByteSize;
   };
 
+  /**
+   * @brief Finite field modulo a Secp256k1 prime order sub-group.
+   */
+  struct Order {
+    /**
+     * @brief Internal type of elements.
+     */
+    using ValueType = std::array<mp_limb_t, 4>;
+
+    /**
+     * @brief Name of the field.
+     */
+    constexpr static const char* kName = "secp256k1_order";
+
+    /**
+     * @brief Size of an element in bytes.
+     */
+    constexpr static const std::size_t kByteSize = 4 * sizeof(mp_limb_t);
+
+    /**
+     * @brief Size of an element in bits.
+     */
+    constexpr static const std::size_t kBitSize = 8 * kByteSize;
+  };
+
   /**
    * @brief Secp256k1 curve elements are stored in projective coordinates.
    */

include/scl/math/ec.h

@@ -168,6 +168,16 @@ class EC {
     return *this;
   };
 
+  /**
+   * @brief Perform a scalar multiplication.
+   * @param scalar the scalar
+   * @return this.
+   */
+  EC& operator*=(const FF<typename Curve::Order>& scalar) {
+    details::CurveScalarMultiply<Curve>(mValue, scalar);
+    return *this;
+  };
+
   /**
    * @brief Multiply a point with a scalar from the right.
    * @param point the point
@@ -179,6 +189,18 @@ class EC {
     return copy *= scalar;
   };
 
+  /**
+   * @brief Multiply a point with a scalar from the right.
+   * @param point the point
+   * @param scalar the scalar
+   * @return the point multiplied with the scalar.
+   */
+  friend EC operator*(const EC& point,
+                      const FF<typename Curve::Order>& scalar) {
+    EC copy(point);
+    return copy *= scalar;
+  };
+
   /**
    * @brief Multiply a point with a scalar from the left.
    * @param point the point
@@ -189,6 +211,17 @@ class EC {
     return point * scalar;
   };
 
+  /**
+   * @brief Multiply a point with a scalar from the left.
+   * @param point the point
+   * @param scalar the scalar
+   * @return the point multiplied with the scalar.
+   */
+  friend EC operator*(const FF<typename Curve::Order>& scalar,
+                      const EC& point) {
+    return point * scalar;
+  };
+
   /**
    * @brief Negate this point.
    * @return this.

include/scl/math/ec_ops.h

@@ -97,6 +97,15 @@ void CurveNegate(typename C::ValueType& out);
 template <typename C>
 void CurveScalarMultiply(typename C::ValueType& out, const Number& scalar);
 
+/**
+ * @brief Scalar multiply an elliptic curve point in-place.
+ * @param out the point
+ * @param scalar the scalar
+ */
+template <typename C>
+void CurveScalarMultiply(typename C::ValueType& out,
+                         const FF<typename C::Order>& scalar);
+
 /**
  * @brief Check if two elliptic curve points are equal.
  * @param in1 the first point

src/scl/math/ops_gmp_ff.cc

@@ -0,0 +1,41 @@
+/**
+ * @file ops_gmp_ff.cc
+ *
+ * SCL --- Secure Computation Library
+ * Copyright (C) 2022 Anders Dalskov
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include "./ops_gmp_ff.h"
+
+void scl::details::ReadLimb(mp_limb_t &lmb, const unsigned char *bytes,
+                            std::size_t bits_per_limbs) {
+  std::size_t c = 0;
+  lmb = 0;
+  for (std::size_t i = 0; i < bits_per_limbs; i += 8) {
+    lmb |= static_cast<mp_limb_t>(bytes[c++]) << i;
+  }
+}
+
+std::size_t scl::details::FindFirstNonZero(const std::string &s) {
+  int n = 0;
+  for (const auto c : s) {
+    if (c != '0') {
+      return n;
+    }
+    n++;
+  }
+  return n;
+}