UltrafastSecp256k1 3.50.0
Ultra high-performance secp256k1 elliptic curve cryptography library
Loading...
Searching...
No Matches
multiscalar.hpp
Go to the documentation of this file.
1#ifndef SECP256K1_MULTISCALAR_HPP
2#define SECP256K1_MULTISCALAR_HPP
3#pragma once
4
5// ============================================================================
6// Multi-Scalar Multiplication for secp256k1
7// ============================================================================
8// Computes: R = s1*P1 + s2*P2 + ... + sN*PN
9//
10// Algorithms:
11// - Strauss (interleaved wNAF): optimal for N <= ~128
12// - Naive (sequential): fallback / reference
13//
14// Also provides Shamir's trick (2-point special case, used by ECDSA verify).
15// ============================================================================
16
17#include <cstddef>
18#include <cstdint>
19#include "secp256k1/scalar.hpp"
20#include "secp256k1/point.hpp"
21
22namespace secp256k1 {
23
24// -- Shamir's Trick (2-point) -------------------------------------------------
25// Computes: R = a*P + b*Q in a single pass (joint double-and-add).
26// ~1.5x faster than two separate scalar_mul + add.
27fast::Point shamir_trick(const fast::Scalar& a, const fast::Point& P,
28 const fast::Scalar& b, const fast::Point& Q);
29
30// -- Multi-Scalar Multiplication (Strauss) ------------------------------------
31// Computes: R = sum( scalars[i] * points[i] ) for i in [0, n).
32// Uses interleaved wNAF (Strauss' algorithm) for efficiency.
33//
34// Parameters:
35// scalars - array of n scalars
36// points - array of n points (affine or Jacobian)
37// n - number of scalar-point pairs
38//
39// Returns the resulting point (may be infinity if the sum cancels).
40//
41// Performance: O(256 + n * 2^(w-1)) instead of O(256 * n) for naive.
42fast::Point multi_scalar_mul(const fast::Scalar* scalars,
43 const fast::Point* points,
44 std::size_t n);
45
46// Convenience: vector version
47fast::Point multi_scalar_mul(const std::vector<fast::Scalar>& scalars,
48 const std::vector<fast::Point>& points);
49
50// -- Strauss Window Width Selection -------------------------------------------
51// Returns optimal wNAF window width for n points.
52// w=4 for n<32, w=5 for n<128, w=6 for n>=128.
53unsigned strauss_optimal_window(std::size_t n);
54
55} // namespace secp256k1
56
57#endif // SECP256K1_MULTISCALAR_HPP
secp256k1::shamir_trick
fast::Point shamir_trick(const fast::Scalar &a, const fast::Point &P, const fast::Scalar &b, const fast::Point &Q)
secp256k1::multi_scalar_mul
fast::Point multi_scalar_mul(const fast::Scalar *scalars, const fast::Point *points, std::size_t n)
secp256k1::strauss_optimal_window
unsigned strauss_optimal_window(std::size_t n)