Namespaces
namespace	debug

namespace	detail

namespace	fe26_constants

namespace	fe52_constants

namespace	glv_constants

namespace	montgomery

Classes
struct	AffinePointCompact

struct	CombAffinePoint

class	CombGenContext

class	FieldElement

struct	FieldElement26

struct	FieldElement52

struct	FixedBaseConfig

struct	GLVDecomposition

struct	KPlan

struct	MidFieldElement

class	Point

struct	PrecomputedScalar

struct	PrecomputedScalarOptimized

class	Scalar

struct	ScalarDecomposition

struct	SelftestCaseResult

struct	SelftestReport

Typedefs
using	OptimalFieldElement = FieldElement

using	ProgressCallback = void(*)(size_t, size_t, unsigned, unsigned)

Enumerations
enum class	FieldTier : std::uint8_t { FE64 , FE52 , FE26 }

enum class	SelftestMode : uint8_t { smoke = 0 , ci = 1 , stress = 2 }

Functions
void	batch_add_affine_x (const FieldElement &base_x, const FieldElement &base_y, const AffinePointCompact offsets, FieldElement out_x, std::size_t count, std::vector< FieldElement > &scratch)

void	batch_add_affine_xy (const FieldElement &base_x, const FieldElement &base_y, const AffinePointCompact offsets, FieldElement out_x, FieldElement *out_y, std::size_t count, std::vector< FieldElement > &scratch)

void	batch_add_affine_x (const FieldElement &base_x, const FieldElement &base_y, const AffinePointCompact offsets, FieldElement out_x, std::size_t count)

std::vector< AffinePointCompact >	precompute_g_multiples (std::size_t count)

std::vector< AffinePointCompact >	precompute_point_multiples (const FieldElement &qx, const FieldElement &qy, std::size_t count)

void	batch_add_affine_x_bidirectional (const FieldElement &base_x, const FieldElement &base_y, const AffinePointCompact offsets_fwd, const AffinePointCompact offsets_bwd, FieldElement out_x_fwd, FieldElement out_x_bwd, std::size_t count, std::vector< FieldElement > &scratch)

std::vector< AffinePointCompact >	negate_affine_table (const AffinePointCompact *table, std::size_t count)

void	batch_add_affine_x_with_parity (const FieldElement &base_x, const FieldElement &base_y, const AffinePointCompact offsets, FieldElement out_x, uint8_t *out_parity, std::size_t count, std::vector< FieldElement > &scratch)

void	init_comb_gen (unsigned teeth=15)

bool	comb_gen_ready ()

Point	comb_gen_mul (const Scalar &k)

Point	comb_gen_mul_ct (const Scalar &k)

MidFieldElement	toMid (const FieldElement &fe) noexcept

FieldElement	fe_inverse_binary (const FieldElement &value)

FieldElement	fe_inverse_window4 (const FieldElement &value)

FieldElement	fe_inverse_addchain (const FieldElement &value)

FieldElement	fe_inverse_eea (const FieldElement &value)

FieldElement	pow_p_minus_2_binary (FieldElement base)

FieldElement	pow_p_minus_2_window4 (FieldElement base)

FieldElement	pow_p_minus_2_addchain (FieldElement base)

FieldElement	pow_p_minus_2_eea (FieldElement base)

FieldElement	pow_p_minus_2_window_naf_v2 (FieldElement base)

FieldElement	pow_p_minus_2_hybrid_eea (FieldElement base)

FieldElement	pow_p_minus_2_yao (FieldElement base)

FieldElement	pow_p_minus_2_bos_coster (FieldElement base)

FieldElement	pow_p_minus_2_ltr_precomp (FieldElement base)

FieldElement	pow_p_minus_2_pippenger (FieldElement base)

FieldElement	pow_p_minus_2_karatsuba (FieldElement base)

FieldElement	pow_p_minus_2_booth (FieldElement base)

FieldElement	pow_p_minus_2_strauss (FieldElement base)

FieldElement	pow_p_minus_2_kary16 (FieldElement base)

FieldElement	pow_p_minus_2_fixed_window5 (FieldElement base)

FieldElement	pow_p_minus_2_rtl_binary (FieldElement base)

FieldElement	pow_p_minus_2_addchain_unrolled (FieldElement base)

FieldElement	pow_p_minus_2_binary_opt (FieldElement base)

FieldElement	pow_p_minus_2_sliding_dynamic (FieldElement base)

FieldElement	pow_p_minus_2_fermat_gpu (FieldElement base)

FieldElement	pow_p_minus_2_montgomery_redc (FieldElement base)

FieldElement	pow_p_minus_2_branchless (FieldElement base)

FieldElement	pow_p_minus_2_parallel_window (FieldElement base)

FieldElement	pow_p_minus_2_binary_euclidean (FieldElement base)

FieldElement	pow_p_minus_2_lehmer (FieldElement base)

FieldElement	pow_p_minus_2_stein (FieldElement base)

FieldElement	pow_p_minus_2_secp256k1_special (FieldElement base)

FieldElement	pow_p_minus_2_warp_optimized (FieldElement base)

FieldElement	pow_p_minus_2_double_base (const FieldElement &base)

FieldElement	pow_p_minus_2_compact_table (FieldElement base)

FieldElement	fe_inverse_window_naf_v2 (const FieldElement &value)

FieldElement	fe_inverse_hybrid_eea (const FieldElement &value)

FieldElement	fe_inverse_safegcd (const FieldElement &value)

FieldElement	fe_inverse_yao (const FieldElement &value)

FieldElement	fe_inverse_bos_coster (const FieldElement &value)

FieldElement	fe_inverse_ltr_precomp (const FieldElement &value)

FieldElement	fe_inverse_pippenger (const FieldElement &value)

FieldElement	fe_inverse_karatsuba (const FieldElement &value)

FieldElement	fe_inverse_booth (const FieldElement &value)

FieldElement	fe_inverse_strauss (const FieldElement &value)

FieldElement	fe_inverse_kary16 (const FieldElement &value)

FieldElement	fe_inverse_fixed_window5 (const FieldElement &value)

FieldElement	fe_inverse_rtl_binary (const FieldElement &value)

FieldElement	fe_inverse_addchain_unrolled (const FieldElement &value)

FieldElement	fe_inverse_binary_opt (const FieldElement &value)

FieldElement	fe_inverse_sliding_dynamic (const FieldElement &value)

FieldElement	fe_inverse_fermat_gpu (const FieldElement &value)

FieldElement	fe_inverse_montgomery_redc (const FieldElement &value)

FieldElement	fe_inverse_branchless (const FieldElement &value)

FieldElement	fe_inverse_parallel_window (const FieldElement &value)

FieldElement	fe_inverse_binary_euclidean (const FieldElement &value)

FieldElement	fe_inverse_lehmer (const FieldElement &value)

FieldElement	fe_inverse_stein (const FieldElement &value)

FieldElement	fe_inverse_secp256k1_special (const FieldElement &value)

FieldElement	fe_inverse_warp_optimized (const FieldElement &value)

FieldElement	fe_inverse_double_base (const FieldElement &value)

FieldElement	fe_inverse_compact_table (const FieldElement &value)

void	fe_batch_inverse (FieldElement *elements, size_t count)

void	fe_batch_inverse (FieldElement *elements, size_t count, std::vector< FieldElement > &scratch)

void	fe26_mul_inner (std::uint32_t r, const std::uint32_t a, const std::uint32_t *b) noexcept

void	fe26_sqr_inner (std::uint32_t r, const std::uint32_t a) noexcept

void	fe26_normalize (std::uint32_t *r) noexcept

void	fe26_normalize_weak (std::uint32_t *r) noexcept

void	fe52_normalize (std::uint64_t *r) noexcept

bool	has_bmi2_support ()

bool	has_adx_support ()

FieldElement	field_mul_bmi2 (const FieldElement &a, const FieldElement &b)

FieldElement	field_square_bmi2 (const FieldElement &a)

FieldElement	field_square_karatsuba (const FieldElement &a)

FieldElement	field_add_bmi2 (const FieldElement &a, const FieldElement &b)

FieldElement	field_negate_bmi2 (const FieldElement &a)

void	field_cmov (FieldElement r, const FieldElement a, const FieldElement *b, bool flag) noexcept

void	field_cmovznz (FieldElement r, const FieldElement a, const FieldElement *b, std::uint64_t flag) noexcept

FieldElement	field_select (const FieldElement &a, const FieldElement &b, bool flag) noexcept

std::uint64_t	field_is_zero (const FieldElement &a) noexcept

std::uint64_t	field_eq (const FieldElement &a, const FieldElement &b) noexcept

void	field_cneg (FieldElement *r, const FieldElement &a, bool flag) noexcept

void	field_cadd (FieldElement *r, const FieldElement &a, const FieldElement &b, bool flag) noexcept

void	field_csub (FieldElement *r, const FieldElement &a, const FieldElement &b, bool flag) noexcept

void	fe_h_based_inversion (FieldElement *h_values, const FieldElement &z0_value, std::size_t count)

void	fe_h_based_inversion_batched (FieldElement h_values, const FieldElement z0_values, std::size_t n_threads, std::size_t batch_size)

OptimalFieldElement	to_optimal (const FieldElement &fe) noexcept

FieldElement	from_optimal (const OptimalFieldElement &ofe) noexcept

GLVDecomposition	glv_decompose (const Scalar &k)

Point	apply_endomorphism (const Point &P)

bool	verify_endomorphism (const Point &P)

bool	Selftest (bool verbose)

bool	ensure_library_integrity (bool verbose=false)

void	compute_wnaf_into (const Scalar &scalar, unsigned window_bits, int32_t *out, std::size_t max, std::size_t &out_len)

void	configure_fixed_base (const FixedBaseConfig &config)

void	ensure_fixed_base_ready ()

bool	fixed_base_ready ()

bool	load_fixed_base_config_file (const std::string &path, FixedBaseConfig &out)

bool	configure_fixed_base_from_file (const std::string &path)

bool	configure_fixed_base_from_env ()

bool	write_default_fixed_base_config (const std::string &path)

bool	ensure_fixed_base_config_file (const std::string &path)

bool	configure_fixed_base_auto ()

bool	auto_tune_fixed_base (FixedBaseConfig &best_out, std::string *report_out=nullptr, unsigned iterations=5000, unsigned min_w=2, unsigned max_w=30)

bool	write_fixed_base_config (const std::string &path, const FixedBaseConfig &cfg)

bool	auto_tune_and_write_config (const std::string &path, unsigned iterations=5000, unsigned min_w=2, unsigned max_w=30)

Point	scalar_mul_generator (const Scalar &scalar)

ScalarDecomposition	split_scalar_glv (const Scalar &scalar)

Point	scalar_mul_generator_glv_predecomposed (const Scalar &k1, const Scalar &k2, bool neg1, bool neg2)

std::vector< int32_t >	compute_wnaf (const Scalar &scalar, unsigned window_bits)

Point	scalar_mul_arbitrary (const Point &base, const Scalar &scalar, unsigned window_bits=5)

Point	multi_scalar_mul (const Scalar &k1, const Point &P, const Scalar &k2, const Point &Q, unsigned window_bits=4)

PrecomputedScalar	precompute_scalar_for_arbitrary (const Scalar &K, unsigned window_bits=4)

PrecomputedScalarOptimized	precompute_scalar_optimized (const Scalar &K, unsigned window_bits=4)

Point	scalar_mul_arbitrary_precomputed (const Point &Q, const PrecomputedScalar &precomp)

Point	scalar_mul_arbitrary_precomputed_optimized (const Point &Q, const PrecomputedScalarOptimized &precomp)

Point	scalar_mul_arbitrary_precomputed_notable (const Point &Q, const PrecomputedScalarOptimized &precomp)

bool	save_precompute_cache (const std::string &path)

bool	load_precompute_cache (const std::string &path, unsigned max_windows=0)

bool	Selftest (bool verbose, SelftestMode mode, uint64_t seed=0)

SelftestReport	selftest_report (SelftestMode mode=SelftestMode::smoke, uint64_t seed=0)

Variables
constexpr FieldTier	kOptimalTier = FieldTier::FE64

constexpr const char *	kOptimalTierName = "4x64 (baseline)"

constexpr uint8_t	kDefaultGlvWindow = 4

constexpr std::size_t	kWnafBufLen = 260

Typedef Documentation

◆ OptimalFieldElement

using secp256k1::fast::OptimalFieldElement = typedef FieldElement

Definition at line 117 of file field_optimal.hpp.

◆ ProgressCallback

using secp256k1::fast::ProgressCallback = typedef void(*)(size_t, size_t, unsigned, unsigned)

Definition at line 25 of file precompute.hpp.

Enumeration Type Documentation

◆ FieldTier

enum class secp256k1::fast::FieldTier : std::uint8_t

strong

Enumerator
FE64
FE52
FE26

Definition at line 121 of file field_optimal.hpp.

◆ SelftestMode

enum class secp256k1::fast::SelftestMode : uint8_t

strong

Enumerator
smoke
ci
stress

Definition at line 15 of file selftest.hpp.

Function Documentation

◆ apply_endomorphism()

Point secp256k1::fast::apply_endomorphism ( const Point & P )

◆ auto_tune_and_write_config()

bool secp256k1::fast::auto_tune_and_write_config	(	const std::string &	path,
		unsigned	iterations = `5000`,
		unsigned	min_w = `2`,
		unsigned	max_w = `30`
	)

◆ auto_tune_fixed_base()

bool secp256k1::fast::auto_tune_fixed_base	(	FixedBaseConfig &	best_out,
		std::string *	report_out = `nullptr`,
		unsigned	iterations = `5000`,
		unsigned	min_w = `2`,
		unsigned	max_w = `30`
	)

◆ batch_add_affine_x() [1/2]

void secp256k1::fast::batch_add_affine_x	(	const FieldElement &	base_x,
		const FieldElement &	base_y,
		const AffinePointCompact *	offsets,
		FieldElement *	out_x,
		std::size_t	count
	)

Convenience: wraps batch_add_affine_x with internal scratch buffer. Slightly slower due to potential reallocation; prefer the scratch version for hot loops.

◆ batch_add_affine_x() [2/2]

void secp256k1::fast::batch_add_affine_x	(	const FieldElement &	base_x,
		const FieldElement &	base_y,
		const AffinePointCompact *	offsets,
		FieldElement *	out_x,
		std::size_t	count,
		std::vector< FieldElement > &	scratch
	)

Compute P + T[i] for all i in [0, count), returning affine X-coordinates.

Parameters

base_x	Base point X coordinate (affine)
base_y	Base point Y coordinate (affine)
offsets	Array of precomputed affine offset points T[0..count-1]
out_x	Output: X-coordinates of P + T[i] (caller-allocated, size >= count)
count	Number of offset points
scratch	Reusable scratch buffer (avoids allocation; resized internally if needed)

Note: Edge cases (P == T[i] or P == -T[i]) are handled via branchless sentinel: output X is set to FieldElement::zero() which is never a valid curve X. Caller should skip zero results if exactness matters (astronomically rare in search).

Hot-path contract: No heap allocation when scratch is pre-sized >= count.

◆ batch_add_affine_x_bidirectional()

void secp256k1::fast::batch_add_affine_x_bidirectional	(	const FieldElement &	base_x,
		const FieldElement &	base_y,
		const AffinePointCompact *	offsets_fwd,
		const AffinePointCompact *	offsets_bwd,
		FieldElement *	out_x_fwd,
		FieldElement *	out_x_bwd,
		std::size_t	count,
		std::vector< FieldElement > &	scratch
	)

Bidirectional affine batch add: compute both forward and backward offsets. Forward: result_fwd[i] = P + T[i] (i = 0..count-1) Backward: result_bwd[i] = P - T[i] (using negated Y)

Parameters

neg_offsets Precomputed T[i] with negated Y (T_neg[i].y = -T[i].y)

This doubles throughput by checking 2*count keys per batch with minimal extra cost (the negated table is precomputed once at startup).

◆ batch_add_affine_x_with_parity()

void secp256k1::fast::batch_add_affine_x_with_parity	(	const FieldElement &	base_x,
		const FieldElement &	base_y,
		const AffinePointCompact *	offsets,
		FieldElement *	out_x,
		uint8_t *	out_parity,
		std::size_t	count,
		std::vector< FieldElement > &	scratch
	)

Extract Y-parity bit for each result point. parity[i] = lowest bit of Y-coordinate (0x02 or 0x03 prefix). Use when you need compressed pubkey prefix without computing full Y.

Parameters

out_parity Output: 0 for even Y, 1 for odd Y (caller-allocated, size >= count)

◆ batch_add_affine_xy()

void secp256k1::fast::batch_add_affine_xy	(	const FieldElement &	base_x,
		const FieldElement &	base_y,
		const AffinePointCompact *	offsets,
		FieldElement *	out_x,
		FieldElement *	out_y,
		std::size_t	count,
		std::vector< FieldElement > &	scratch
	)

Same as above but also outputs Y-coordinates.

Parameters

out_y Output: Y-coordinates of P + T[i] (caller-allocated, size >= count)

◆ comb_gen_mul()

Point secp256k1::fast::comb_gen_mul ( const Scalar & k )

◆ comb_gen_mul_ct()

Point secp256k1::fast::comb_gen_mul_ct ( const Scalar & k )

◆ comb_gen_ready()

bool secp256k1::fast::comb_gen_ready ( )

◆ compute_wnaf()

std::vector< int32_t > secp256k1::fast::compute_wnaf	(	const Scalar &	scalar,
		unsigned	window_bits
	)

◆ compute_wnaf_into()

void secp256k1::fast::compute_wnaf_into	(	const Scalar &	scalar,
		unsigned	window_bits,
		int32_t *	out,
		std::size_t	max,
		std::size_t &	out_len
	)

◆ configure_fixed_base()

void secp256k1::fast::configure_fixed_base ( const FixedBaseConfig & config )

◆ configure_fixed_base_auto()

bool secp256k1::fast::configure_fixed_base_auto ( )

◆ configure_fixed_base_from_env()

bool secp256k1::fast::configure_fixed_base_from_env ( )

◆ configure_fixed_base_from_file()

bool secp256k1::fast::configure_fixed_base_from_file ( const std::string & path )

◆ ensure_fixed_base_config_file()

bool secp256k1::fast::ensure_fixed_base_config_file ( const std::string & path )

◆ ensure_fixed_base_ready()

void secp256k1::fast::ensure_fixed_base_ready ( )

◆ ensure_library_integrity()

bool secp256k1::fast::ensure_library_integrity ( bool verbose = false )

inline

Definition at line 14 of file init.hpp.

References Selftest().

Referenced by ufsecp_ctx_create().

◆ fe26_mul_inner()

void secp256k1::fast::fe26_mul_inner	(	std::uint32_t *	r,
		const std::uint32_t *	a,
		const std::uint32_t *	b
	)

noexcept

◆ fe26_normalize()

void secp256k1::fast::fe26_normalize ( std::uint32_t * r )

noexcept

◆ fe26_normalize_weak()

void secp256k1::fast::fe26_normalize_weak ( std::uint32_t * r )

noexcept

◆ fe26_sqr_inner()

void secp256k1::fast::fe26_sqr_inner	(	std::uint32_t *	r,
		const std::uint32_t *	a
	)

noexcept

◆ fe52_normalize()

void secp256k1::fast::fe52_normalize ( std::uint64_t * r )

noexcept

◆ fe_batch_inverse() [1/2]

void secp256k1::fast::fe_batch_inverse	(	FieldElement *	elements,
		size_t	count
	)

◆ fe_batch_inverse() [2/2]

void secp256k1::fast::fe_batch_inverse	(	FieldElement *	elements,
		size_t	count,
		std::vector< FieldElement > &	scratch
	)

◆ fe_h_based_inversion()

void secp256k1::fast::fe_h_based_inversion	(	FieldElement *	h_values,
		const FieldElement &	z0_value,
		std::size_t	count
	)

inline

H-based serial inversion for batch point conversion (in-place)

Parameters

h_values	[IN/OUT] Input: H values from Jacobian walk Output: Z^{-2} values for affine conversion
z0_value	[IN] Initial Z coordinate (Z_0) before walk starts
count	Number of H values in sequence

Note: Modifies h_values in-place! Original H values are lost.; This function is optimized for fixed-step ECC walks where we have a deterministic sequence of Z coordinates.

Example usage:

std::vector<FieldElement> h_values = compute_jacobian_walk_h_values(Q, 256);
FieldElement z0 = Q.z;
 
// Convert H values -> Z^{-2} values (in-place)
fe_h_based_inversion(h_values.data(), z0, h_values.size());
 
// Now h_values contains Z^{-2} for each point
for (size_t i = 0; i < h_values.size(); i++) {
    FieldElement x_affine = jacobian_x[i] * h_values[i];  // X / Z^2
}

Definition at line 95 of file field_h_based.hpp.

References secp256k1::fast::FieldElement::inverse(), and secp256k1::fast::FieldElement::square().

◆ fe_h_based_inversion_batched()

void secp256k1::fast::fe_h_based_inversion_batched	(	FieldElement *	h_values,
		const FieldElement *	z0_values,
		std::size_t	n_threads,
		std::size_t	batch_size
	)

inline

H-based serial inversion with explicit Z_0 per point

Parameters

h_values	[IN/OUT] H values per batch (size: batch_size * n_threads)
z0_values	[IN] Initial Z coordinate per thread (size: n_threads)
n_threads	Number of parallel threads/sequences
batch_size	Number of points per thread

Memory layout: h_values[thread + slot * n_threads] = H value for thread at slot z0_values[thread] = Initial Z for thread

Example (GPU-style batching):

const int N_THREADS = 131072;
const int BATCH_SIZE = 224;
std::vector<FieldElement> h_values(BATCH_SIZE * N_THREADS);
std::vector<FieldElement> z0_values(N_THREADS);
 
// ... compute h_values and z0_values ...
 
fe_h_based_inversion_batched(h_values.data(), z0_values.data(), 
                              N_THREADS, BATCH_SIZE);

Definition at line 143 of file field_h_based.hpp.

References secp256k1::fast::FieldElement::inverse(), and secp256k1::fast::FieldElement::square().

◆ fe_inverse_addchain()

FieldElement secp256k1::fast::fe_inverse_addchain ( const FieldElement & value )

◆ fe_inverse_addchain_unrolled()

FieldElement secp256k1::fast::fe_inverse_addchain_unrolled ( const FieldElement & value )

◆ fe_inverse_binary()

FieldElement secp256k1::fast::fe_inverse_binary ( const FieldElement & value )

◆ fe_inverse_binary_euclidean()

FieldElement secp256k1::fast::fe_inverse_binary_euclidean ( const FieldElement & value )

◆ fe_inverse_binary_opt()

FieldElement secp256k1::fast::fe_inverse_binary_opt ( const FieldElement & value )

◆ fe_inverse_booth()

FieldElement secp256k1::fast::fe_inverse_booth ( const FieldElement & value )

◆ fe_inverse_bos_coster()

FieldElement secp256k1::fast::fe_inverse_bos_coster ( const FieldElement & value )

◆ fe_inverse_branchless()

FieldElement secp256k1::fast::fe_inverse_branchless ( const FieldElement & value )

◆ fe_inverse_compact_table()

FieldElement secp256k1::fast::fe_inverse_compact_table ( const FieldElement & value )

◆ fe_inverse_double_base()

FieldElement secp256k1::fast::fe_inverse_double_base ( const FieldElement & value )

◆ fe_inverse_eea()

FieldElement secp256k1::fast::fe_inverse_eea ( const FieldElement & value )

◆ fe_inverse_fermat_gpu()

FieldElement secp256k1::fast::fe_inverse_fermat_gpu ( const FieldElement & value )

◆ fe_inverse_fixed_window5()

FieldElement secp256k1::fast::fe_inverse_fixed_window5 ( const FieldElement & value )

◆ fe_inverse_hybrid_eea()

FieldElement secp256k1::fast::fe_inverse_hybrid_eea ( const FieldElement & value )

◆ fe_inverse_karatsuba()

FieldElement secp256k1::fast::fe_inverse_karatsuba ( const FieldElement & value )

◆ fe_inverse_kary16()

FieldElement secp256k1::fast::fe_inverse_kary16 ( const FieldElement & value )

◆ fe_inverse_lehmer()

FieldElement secp256k1::fast::fe_inverse_lehmer ( const FieldElement & value )

◆ fe_inverse_ltr_precomp()

FieldElement secp256k1::fast::fe_inverse_ltr_precomp ( const FieldElement & value )

◆ fe_inverse_montgomery_redc()

FieldElement secp256k1::fast::fe_inverse_montgomery_redc ( const FieldElement & value )

◆ fe_inverse_parallel_window()

FieldElement secp256k1::fast::fe_inverse_parallel_window ( const FieldElement & value )

◆ fe_inverse_pippenger()

FieldElement secp256k1::fast::fe_inverse_pippenger ( const FieldElement & value )

◆ fe_inverse_rtl_binary()

FieldElement secp256k1::fast::fe_inverse_rtl_binary ( const FieldElement & value )

◆ fe_inverse_safegcd()

FieldElement secp256k1::fast::fe_inverse_safegcd ( const FieldElement & value )

◆ fe_inverse_secp256k1_special()

FieldElement secp256k1::fast::fe_inverse_secp256k1_special ( const FieldElement & value )

◆ fe_inverse_sliding_dynamic()

FieldElement secp256k1::fast::fe_inverse_sliding_dynamic ( const FieldElement & value )

◆ fe_inverse_stein()

FieldElement secp256k1::fast::fe_inverse_stein ( const FieldElement & value )

◆ fe_inverse_strauss()

FieldElement secp256k1::fast::fe_inverse_strauss ( const FieldElement & value )

◆ fe_inverse_warp_optimized()

FieldElement secp256k1::fast::fe_inverse_warp_optimized ( const FieldElement & value )

◆ fe_inverse_window4()

FieldElement secp256k1::fast::fe_inverse_window4 ( const FieldElement & value )

◆ fe_inverse_window_naf_v2()

FieldElement secp256k1::fast::fe_inverse_window_naf_v2 ( const FieldElement & value )

◆ fe_inverse_yao()

FieldElement secp256k1::fast::fe_inverse_yao ( const FieldElement & value )

◆ field_add_bmi2()

FieldElement secp256k1::fast::field_add_bmi2	(	const FieldElement &	a,
		const FieldElement &	b
	)

◆ field_cadd()

void secp256k1::fast::field_cadd	(	FieldElement *	r,
		const FieldElement &	a,
		const FieldElement &	b,
		bool	flag
	)

inlinenoexcept

Definition at line 115 of file field_branchless.hpp.

References field_cmov().

◆ field_cmov()

void secp256k1::fast::field_cmov	(	FieldElement *	r,
		const FieldElement *	a,
		const FieldElement *	b,
		bool	flag
	)

inlinenoexcept

Definition at line 30 of file field_branchless.hpp.

Referenced by field_cadd(), field_cneg(), and field_csub().

◆ field_cmovznz()

void secp256k1::fast::field_cmovznz	(	FieldElement *	r,
		const FieldElement *	a,
		const FieldElement *	b,
		std::uint64_t	flag
	)

inlinenoexcept

Definition at line 48 of file field_branchless.hpp.

◆ field_cneg()

void secp256k1::fast::field_cneg	(	FieldElement *	r,
		const FieldElement &	a,
		bool	flag
	)

inlinenoexcept

Definition at line 108 of file field_branchless.hpp.

References field_cmov(), and secp256k1::fast::FieldElement::zero().

◆ field_csub()

void secp256k1::fast::field_csub	(	FieldElement *	r,
		const FieldElement &	a,
		const FieldElement &	b,
		bool	flag
	)

inlinenoexcept

Definition at line 122 of file field_branchless.hpp.

References field_cmov().

◆ field_eq()

std::uint64_t secp256k1::fast::field_eq	(	const FieldElement &	a,
		const FieldElement &	b
	)

inlinenoexcept

Definition at line 93 of file field_branchless.hpp.

◆ field_is_zero()

std::uint64_t secp256k1::fast::field_is_zero ( const FieldElement & a )

inlinenoexcept

Definition at line 84 of file field_branchless.hpp.

References secp256k1::fast::FieldElement::limbs().

◆ field_mul_bmi2()

FieldElement secp256k1::fast::field_mul_bmi2	(	const FieldElement &	a,
		const FieldElement &	b
	)

◆ field_negate_bmi2()

FieldElement secp256k1::fast::field_negate_bmi2 ( const FieldElement & a )

◆ field_select()

FieldElement secp256k1::fast::field_select	(	const FieldElement &	a,
		const FieldElement &	b,
		bool	flag
	)

inlinenoexcept

Definition at line 67 of file field_branchless.hpp.

References secp256k1::fast::FieldElement::from_limbs(), and secp256k1::fast::FieldElement::limbs().

◆ field_square_bmi2()

FieldElement secp256k1::fast::field_square_bmi2 ( const FieldElement & a )

◆ field_square_karatsuba()

FieldElement secp256k1::fast::field_square_karatsuba ( const FieldElement & a )

◆ fixed_base_ready()

bool secp256k1::fast::fixed_base_ready ( )

◆ from_optimal()

FieldElement secp256k1::fast::from_optimal ( const OptimalFieldElement & ofe )

inlinenoexcept

Definition at line 158 of file field_optimal.hpp.

◆ glv_decompose()

GLVDecomposition secp256k1::fast::glv_decompose ( const Scalar & k )

◆ has_adx_support()

bool secp256k1::fast::has_adx_support ( )

◆ has_bmi2_support()

bool secp256k1::fast::has_bmi2_support ( )

◆ init_comb_gen()

void secp256k1::fast::init_comb_gen ( unsigned teeth = 15 )

◆ load_fixed_base_config_file()

bool secp256k1::fast::load_fixed_base_config_file	(	const std::string &	path,
		FixedBaseConfig &	out
	)

◆ load_precompute_cache()

bool secp256k1::fast::load_precompute_cache	(	const std::string &	path,
		unsigned	max_windows = `0`
	)

◆ multi_scalar_mul()

Point secp256k1::fast::multi_scalar_mul	(	const Scalar &	k1,
		const Point &	P,
		const Scalar &	k2,
		const Point &	Q,
		unsigned	window_bits = `4`
	)

◆ negate_affine_table()

std::vector< AffinePointCompact > secp256k1::fast::negate_affine_table	(	const AffinePointCompact *	table,
		std::size_t	count
	)

Build negated table: T_neg[i] = (T[i].x, -T[i].y) One-time cost, returns new vector.

◆ pow_p_minus_2_addchain()

FieldElement secp256k1::fast::pow_p_minus_2_addchain ( FieldElement base )

◆ pow_p_minus_2_addchain_unrolled()

FieldElement secp256k1::fast::pow_p_minus_2_addchain_unrolled ( FieldElement base )

◆ pow_p_minus_2_binary()

FieldElement secp256k1::fast::pow_p_minus_2_binary ( FieldElement base )

◆ pow_p_minus_2_binary_euclidean()

FieldElement secp256k1::fast::pow_p_minus_2_binary_euclidean ( FieldElement base )

◆ pow_p_minus_2_binary_opt()

FieldElement secp256k1::fast::pow_p_minus_2_binary_opt ( FieldElement base )

◆ pow_p_minus_2_booth()

FieldElement secp256k1::fast::pow_p_minus_2_booth ( FieldElement base )

◆ pow_p_minus_2_bos_coster()

FieldElement secp256k1::fast::pow_p_minus_2_bos_coster ( FieldElement base )

◆ pow_p_minus_2_branchless()

FieldElement secp256k1::fast::pow_p_minus_2_branchless ( FieldElement base )

◆ pow_p_minus_2_compact_table()

FieldElement secp256k1::fast::pow_p_minus_2_compact_table ( FieldElement base )

◆ pow_p_minus_2_double_base()

FieldElement secp256k1::fast::pow_p_minus_2_double_base ( const FieldElement & base )

◆ pow_p_minus_2_eea()

FieldElement secp256k1::fast::pow_p_minus_2_eea ( FieldElement base )

◆ pow_p_minus_2_fermat_gpu()

FieldElement secp256k1::fast::pow_p_minus_2_fermat_gpu ( FieldElement base )

◆ pow_p_minus_2_fixed_window5()

FieldElement secp256k1::fast::pow_p_minus_2_fixed_window5 ( FieldElement base )

◆ pow_p_minus_2_hybrid_eea()

FieldElement secp256k1::fast::pow_p_minus_2_hybrid_eea ( FieldElement base )

◆ pow_p_minus_2_karatsuba()

FieldElement secp256k1::fast::pow_p_minus_2_karatsuba ( FieldElement base )

◆ pow_p_minus_2_kary16()

FieldElement secp256k1::fast::pow_p_minus_2_kary16 ( FieldElement base )

◆ pow_p_minus_2_lehmer()

FieldElement secp256k1::fast::pow_p_minus_2_lehmer ( FieldElement base )

◆ pow_p_minus_2_ltr_precomp()

FieldElement secp256k1::fast::pow_p_minus_2_ltr_precomp ( FieldElement base )

◆ pow_p_minus_2_montgomery_redc()

FieldElement secp256k1::fast::pow_p_minus_2_montgomery_redc ( FieldElement base )

◆ pow_p_minus_2_parallel_window()

FieldElement secp256k1::fast::pow_p_minus_2_parallel_window ( FieldElement base )

◆ pow_p_minus_2_pippenger()

FieldElement secp256k1::fast::pow_p_minus_2_pippenger ( FieldElement base )

◆ pow_p_minus_2_rtl_binary()

FieldElement secp256k1::fast::pow_p_minus_2_rtl_binary ( FieldElement base )

◆ pow_p_minus_2_secp256k1_special()

FieldElement secp256k1::fast::pow_p_minus_2_secp256k1_special ( FieldElement base )

◆ pow_p_minus_2_sliding_dynamic()

FieldElement secp256k1::fast::pow_p_minus_2_sliding_dynamic ( FieldElement base )

◆ pow_p_minus_2_stein()

FieldElement secp256k1::fast::pow_p_minus_2_stein ( FieldElement base )

◆ pow_p_minus_2_strauss()

FieldElement secp256k1::fast::pow_p_minus_2_strauss ( FieldElement base )

◆ pow_p_minus_2_warp_optimized()

FieldElement secp256k1::fast::pow_p_minus_2_warp_optimized ( FieldElement base )

◆ pow_p_minus_2_window4()

FieldElement secp256k1::fast::pow_p_minus_2_window4 ( FieldElement base )

◆ pow_p_minus_2_window_naf_v2()

FieldElement secp256k1::fast::pow_p_minus_2_window_naf_v2 ( FieldElement base )

◆ pow_p_minus_2_yao()

FieldElement secp256k1::fast::pow_p_minus_2_yao ( FieldElement base )

◆ precompute_g_multiples()

std::vector< AffinePointCompact > secp256k1::fast::precompute_g_multiples ( std::size_t count )

Build a table of G-multiples: T[i] = (i+1)*G in affine coordinates. T[0] = 1*G, T[1] = 2*G, ..., T[count-1] = count*G

Parameters

count Number of multiples to precompute (= batch size B)

Returns: Vector of affine G-multiples

Note: This is a one-time cost at startup. For batch_size=1024: ~370 us (1024 point additions + 1 batch inverse). Table size: 1024 * 64 = 64 KB (fits in L1 cache!).

◆ precompute_point_multiples()

std::vector< AffinePointCompact > secp256k1::fast::precompute_point_multiples	(	const FieldElement &	qx,
		const FieldElement &	qy,
		std::size_t	count
	)

Build a table of multiples of an arbitrary affine point Q: T[i] = (i+1)*Q in affine. Useful for non-generator walks.

◆ precompute_scalar_for_arbitrary()

PrecomputedScalar secp256k1::fast::precompute_scalar_for_arbitrary	(	const Scalar &	K,
		unsigned	window_bits = `4`
	)

◆ precompute_scalar_optimized()

PrecomputedScalarOptimized secp256k1::fast::precompute_scalar_optimized	(	const Scalar &	K,
		unsigned	window_bits = `4`
	)

◆ save_precompute_cache()

bool secp256k1::fast::save_precompute_cache ( const std::string & path )

◆ scalar_mul_arbitrary()

Point secp256k1::fast::scalar_mul_arbitrary	(	const Point &	base,
		const Scalar &	scalar,
		unsigned	window_bits = `5`
	)

◆ scalar_mul_arbitrary_precomputed()

Point secp256k1::fast::scalar_mul_arbitrary_precomputed	(	const Point &	Q,
		const PrecomputedScalar &	precomp
	)

◆ scalar_mul_arbitrary_precomputed_notable()

Point secp256k1::fast::scalar_mul_arbitrary_precomputed_notable	(	const Point &	Q,
		const PrecomputedScalarOptimized &	precomp
	)

◆ scalar_mul_arbitrary_precomputed_optimized()

Point secp256k1::fast::scalar_mul_arbitrary_precomputed_optimized	(	const Point &	Q,
		const PrecomputedScalarOptimized &	precomp
	)

◆ scalar_mul_generator()

Point secp256k1::fast::scalar_mul_generator ( const Scalar & scalar )

◆ scalar_mul_generator_glv_predecomposed()

Point secp256k1::fast::scalar_mul_generator_glv_predecomposed	(	const Scalar &	k1,
		const Scalar &	k2,
		bool	neg1,
		bool	neg2
	)

◆ Selftest() [1/2]

bool secp256k1::fast::Selftest ( bool verbose )

extern

Referenced by ensure_library_integrity().

◆ Selftest() [2/2]

bool secp256k1::fast::Selftest	(	bool	verbose,
		SelftestMode	mode,
		uint64_t	seed = `0`
	)

◆ selftest_report()

SelftestReport secp256k1::fast::selftest_report	(	SelftestMode	mode = `SelftestMode::smoke`,
		uint64_t	seed = `0`
	)

◆ split_scalar_glv()

ScalarDecomposition secp256k1::fast::split_scalar_glv ( const Scalar & scalar )

◆ to_optimal()

OptimalFieldElement secp256k1::fast::to_optimal ( const FieldElement & fe )

inlinenoexcept

Definition at line 148 of file field_optimal.hpp.

References secp256k1::fast::FieldElement26::from_fe(), and secp256k1::fast::FieldElement52::from_fe().

◆ toMid()

MidFieldElement secp256k1::fast::toMid ( const FieldElement & fe )

inlinenoexcept

Definition at line 118 of file field.hpp.

◆ verify_endomorphism()

bool secp256k1::fast::verify_endomorphism ( const Point & P )

◆ write_default_fixed_base_config()

bool secp256k1::fast::write_default_fixed_base_config ( const std::string & path )

◆ write_fixed_base_config()

bool secp256k1::fast::write_fixed_base_config	(	const std::string &	path,
		const FixedBaseConfig &	cfg
	)

Variable Documentation

◆ kDefaultGlvWindow

constexpr uint8_t secp256k1::fast::kDefaultGlvWindow = 4

inlineconstexpr

Definition at line 57 of file point.hpp.

◆ kOptimalTier

constexpr FieldTier secp256k1::fast::kOptimalTier = FieldTier::FE64

inlineconstexpr

Definition at line 134 of file field_optimal.hpp.

◆ kOptimalTierName

constexpr const char* secp256k1::fast::kOptimalTierName = "4x64 (baseline)"

inlineconstexpr

Definition at line 140 of file field_optimal.hpp.

◆ kWnafBufLen

constexpr std::size_t secp256k1::fast::kWnafBufLen = 260

constexpr

Definition at line 64 of file point.hpp.

Namespaces

Classes

Typedefs

Enumerations

Functions

Variables

Typedef Documentation

◆ OptimalFieldElement

◆ ProgressCallback

Enumeration Type Documentation

◆ FieldTier

◆ SelftestMode

Function Documentation

◆ apply_endomorphism()

◆ auto_tune_and_write_config()

◆ auto_tune_fixed_base()

◆ batch_add_affine_x() [1/2]

◆ batch_add_affine_x() [2/2]

◆ batch_add_affine_x_bidirectional()

◆ batch_add_affine_x_with_parity()

◆ batch_add_affine_xy()

◆ comb_gen_mul()

◆ comb_gen_mul_ct()

◆ comb_gen_ready()

◆ compute_wnaf()

◆ compute_wnaf_into()

◆ configure_fixed_base()

◆ configure_fixed_base_auto()

◆ configure_fixed_base_from_env()

◆ configure_fixed_base_from_file()

◆ ensure_fixed_base_config_file()

◆ ensure_fixed_base_ready()

◆ ensure_library_integrity()

◆ fe26_mul_inner()

◆ fe26_normalize()

◆ fe26_normalize_weak()

◆ fe26_sqr_inner()

◆ fe52_normalize()

◆ fe_batch_inverse() [1/2]

◆ fe_batch_inverse() [2/2]

◆ fe_h_based_inversion()

◆ fe_h_based_inversion_batched()

◆ fe_inverse_addchain()

◆ fe_inverse_addchain_unrolled()

◆ fe_inverse_binary()

◆ fe_inverse_binary_euclidean()

◆ fe_inverse_binary_opt()

◆ fe_inverse_booth()

◆ fe_inverse_bos_coster()

◆ fe_inverse_branchless()

◆ fe_inverse_compact_table()

◆ fe_inverse_double_base()

◆ fe_inverse_eea()

◆ fe_inverse_fermat_gpu()

◆ fe_inverse_fixed_window5()

◆ fe_inverse_hybrid_eea()

◆ fe_inverse_karatsuba()

◆ fe_inverse_kary16()

◆ fe_inverse_lehmer()

◆ fe_inverse_ltr_precomp()

◆ fe_inverse_montgomery_redc()

◆ fe_inverse_parallel_window()

◆ fe_inverse_pippenger()

◆ fe_inverse_rtl_binary()

◆ fe_inverse_safegcd()

◆ fe_inverse_secp256k1_special()

◆ fe_inverse_sliding_dynamic()

◆ fe_inverse_stein()

◆ fe_inverse_strauss()

◆ fe_inverse_warp_optimized()

◆ fe_inverse_window4()

◆ fe_inverse_window_naf_v2()

◆ fe_inverse_yao()

◆ field_add_bmi2()

◆ field_cadd()

◆ field_cmov()

◆ field_cmovznz()

◆ field_cneg()

◆ field_csub()

◆ field_eq()