Skip to content

Commit

Permalink
Tighten secp256k1_fe_mul_inner's VERIFY_BITS checks
Browse files Browse the repository at this point in the history 
These changes bring the checks to the same values used at the corresponding positions in secp256k1_fe_sqr_inner.
  • Loading branch information
@roconnor-blockstream
roconnor-blockstream committed Nov 14, 2023
1 parent 8e2a5fe commit dcdda31
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/field_5x52_int128_impl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,11 +89,11 @@ SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint64_t *r, const uint64_t
secp256k1_u128_accum_mul(&d, a2, b[3]);
secp256k1_u128_accum_mul(&d, a3, b[2]);
secp256k1_u128_accum_mul(&d, a4, b[1]);
VERIFY_BITS_128(&d, 115);
VERIFY_BITS_128(&d, 114);
/* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */
u0 = secp256k1_u128_to_u64(&d) & M; secp256k1_u128_rshift(&d, 52);
VERIFY_BITS(u0, 52);
VERIFY_BITS_128(&d, 63);
VERIFY_BITS_128(&d, 62);
/* [d u0 t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */
/* [d 0 t4+(tx<<48)+(u0<<52) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */
u0 = (u0 << 4) | tx;
Expand Down

0 comments on commit dcdda31

Please sign in to comment.