Add utilities from uncompressed Bulletproofs PR

BlockstreamResearch · Nov 22, 2022 · e9491da · e9491da
1 parent a27160f
commit e9491da
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 7 deletions.
diff --git a/src/modules/bulletproofs/Makefile.am.include b/src/modules/bulletproofs/Makefile.am.include
@@ -1,6 +1,7 @@
 include_HEADERS += include/secp256k1_bulletproofs.h
-noinst_HEADERS += src/modules/bulletproofs/tests_impl.h
+noinst_HEADERS += src/modules/bulletproofs/bulletproofs_util.h
 noinst_HEADERS += src/modules/bulletproofs/main_impl.h
+noinst_HEADERS += src/modules/bulletproofs/tests_impl.h
 
 if USE_BENCHMARK
 noinst_PROGRAMS += bench_bulletproofs

diff --git a/src/modules/bulletproofs/bulletproofs_util.h b/src/modules/bulletproofs/bulletproofs_util.h
@@ -0,0 +1,51 @@
+/**********************************************************************
+ * Copyright (c) 2020 Andrew Poelstra                                 *
+ * Distributed under the MIT software license, see the accompanying   *
+ * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
+ **********************************************************************/
+
+#ifndef _SECP256K1_MODULE_BULLETPROOFS_UTIL_
+#define _SECP256K1_MODULE_BULLETPROOFS_UTIL_
+
+#include "field.h"
+#include "group.h"
+#include "hash.h"
+
+/* Outputs a pair of points, amortizing the parity byte between them
+ * Assumes both points' coordinates have been normalized.
+ */
+static void secp256k1_bulletproofs_serialize_points(unsigned char *output, const secp256k1_ge *lpt, const secp256k1_ge *rpt) {
+    output[0] = (secp256k1_fe_is_odd(&lpt->y) << 1) + secp256k1_fe_is_odd(&rpt->y);
+    secp256k1_fe_get_b32(&output[1], &lpt->x);
+    secp256k1_fe_get_b32(&output[33], &rpt->x);
+}
+
+/* Initializes SHA256 with fixed midstate. This midstate was computed by applying
+ * SHA256 to SHA256("Bulletproofs/commitment")||SHA256("Bulletproofs/commitment"). */
+static void secp256k1_bulletproofs_sha256_tagged_commitment(secp256k1_sha256 *sha) {
+    secp256k1_sha256_initialize(sha);
+    sha->s[0] = 0x50b6a879ul;
+    sha->s[1] = 0x0d9a7470ul;
+    sha->s[2] = 0xb4400e54ul;
+    sha->s[3] = 0x32d29ac7ul;
+    sha->s[4] = 0xde938408ul;
+    sha->s[5] = 0x923fc797ul;
+    sha->s[6] = 0x29f973a6ul;
+    sha->s[7] = 0xa25e1a1cul;
+
+    sha->bytes = 64;
+}
+
+/* little-endian encodes a uint64 */
+static void secp256k1_bulletproofs_le64(unsigned char *output, const uint64_t n) {
+    output[0] = n;
+    output[1] = n >> 8;
+    output[2] = n >> 16;
+    output[3] = n >> 24;
+    output[4] = n >> 32;
+    output[5] = n >> 40;
+    output[6] = n >> 48;
+    output[7] = n >> 56;
+}
+
+#endif
diff --git a/src/modules/bulletproofs/main_impl.h b/src/modules/bulletproofs/main_impl.h
@@ -7,18 +7,19 @@
 #ifndef _SECP256K1_MODULE_BULLETPROOFS_MAIN_
 #define _SECP256K1_MODULE_BULLETPROOFS_MAIN_
 
-#include "include/secp256k1_bulletproofs.h"
-#include "include/secp256k1_generator.h"
-#include "modules/generator/main_impl.h" /* for generator_{load, save} */
-#include "hash.h"
-#include "util.h"
-
+/* this type must be completed before any of the modules/bulletproofs includes */
 struct secp256k1_bulletproofs_generators {
     size_t n;
     /* n total generators; set n = 2*k to get G_i and H_i values for i in [1..k] */
     secp256k1_ge* gens;
 };
 
+#include "include/secp256k1_bulletproofs.h"
+#include "include/secp256k1_generator.h"
+#include "modules/generator/main_impl.h" /* for generator_{load, save} */
+#include "hash.h"
+#include "util.h"
+
 secp256k1_bulletproofs_generators *secp256k1_bulletproofs_generators_create(const secp256k1_context *ctx, size_t n) {
     secp256k1_bulletproofs_generators *ret;
     secp256k1_rfc6979_hmac_sha256 rng;