Add secp256k1

2022-01-13 15:38:49 +01:00 · 2022-01-13 15:38:49 +01:00 · c739230911
commit c739230911
parent 864c42ed8c
4 changed files with 212 additions and 1 deletions
--- a/src/ec_utils.app.src
+++ b/src/ec_utils.app.src
@ -4,7 +4,7 @@
  {registered, []},
  {applications, [kernel, stdlib]},
  {env,[]},
-  {modules, []},
+  {modules, [ecu_secp256k1, ecu_misc]},
  {licenses, ["MIT"]},
  {links, []}
 ]}.
--- a/src/ecu_misc.erl
+++ b/src/ecu_misc.erl
@ -0,0 +1,21 @@
 %%% File        : ecu_misc.erl
 %%% Author      : Hans Svensson
 %%% Description : Misc. functionality
 %%% Created     : 13 Jan 2022 by Hans Svensson
 -module(ecu_misc).
 -export([eea/2]).
 %% Extended Euclidean Algorithm
 eea(A, B) when ((A < 1) or (B < 1)) ->
    undefined;
 eea(A, B) ->
    eea(A, 1, 0, B, 0, 1).
 eea(G, S, T, 0, _, _) ->
    {G, S, T};
 eea(G0, S0, T0, G1, S1, T1) ->
    Q = G0 div G1,
    eea(G1, S1, T1, G0 - (Q * G1), S0 - (Q * S1), T0 - (Q * T1)).
--- a/src/ecu_secp256k1.erl
+++ b/src/ecu_secp256k1.erl
@ -0,0 +1,117 @@
 %%% File        : ecu_secp256k1.erl
 %%% Author      : Hans Svensson
 %%% Description : Trying to whip together a pure Erlang secp256k1
 %%%               Just for usage when speed isn't crucial...
 %%% Created     : 22 Dec 2021 by Hans Svensson
 -module(ecu_secp256k1).
 -define(P, 16#FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F).
 -define(A, 16#00).
 -define(B, 16#07).
 -define(X, 16#79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798).
 -define(Y, 16#483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8).
 -define(N, 16#FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141).
 -define(E, 16#7AE96A2B657C07106E64479EAC3434E99CF0497512F58995C1396C28719501EE).
 -define(ADD(A, B), ((A + B) rem ?P)).
 -define(MUL(A, B), ((A * B) rem ?P)).
 -define(SUB(A, B), ((A - B + ?P) rem ?P)).
 -define(DIV(A, B), f_div(A, B)).
 -export([on_curve/1, p/0, n/0,
         scalar_mul/2, scalar_mul_base/1, p_add/2, p_neg/1,
         compress/1, decompress/1,
         f_add/2, f_mul/2, f_sub/2, f_div/2, f_inv/1,
         s_add/2, s_mul/2, s_sub/2, s_div/2, s_inv/1]).
 -ifdef(TEST).
 -compile([export_all, nowarn_export_all]).
 -endif.
 on_curve({X, Y}) ->
  %% y^2 = x^3 + 7
  X3 = ?MUL(?MUL(X, X), X),
  Y2 = ?MUL(Y, Y),
  Y2 == ?ADD(X3, ?B).
 p() -> ?P.
 n() -> ?N.
 scalar_mul_base(K) ->
  scalar_mul(K, {?X, ?Y}).
 scalar_mul(0, _P) ->
  {0, 0};
 scalar_mul(1, P) ->
  P;
 scalar_mul(K, P) ->
  case K rem 2 == 0 of
    true  -> scalar_mul(K div 2, p_add(P, P));
    false -> p_add(P, scalar_mul(K - 1, P))
  end.
 compress({X, Y}) when Y rem 2 == 0 -> <<2:8, X:256>>;
 compress({X, _})                   -> <<3:8, X:256>>;
 compress(<<4:8, X:256, Y:256>>)    -> compress({X, Y}).
 decompress(<<N:8, X:256>>) ->
  Y0 = ?B + ?MUL(X, ?MUL(X, X)),
  Y1 = pow(Y0, (?P + 1) div 4),
  case Y1 rem 2 == N rem 2 of
    true  -> {X, Y1};
    false -> {X, ?P - Y1}
  end.
 p_neg({X, Y}) -> {X, ?P - Y}.
 p_add(P1, {0, 0}) -> P1;
 p_add({0, 0}, P2) -> P2;
 p_add({X, Y1}, {X, Y2}) when Y1 /= Y2 -> {0, 0};
 p_add(P = {X1, Y1}, P) ->
  M  = ?DIV(?MUL(3, ?MUL(X1, X1)), ?MUL(2, Y1)),
  X3 = ?SUB(?MUL(M, M), ?MUL(2, X1)),
  Y3 = ?SUB(?MUL(M, ?SUB(X1, X3)), Y1),
  {X3, Y3};
 p_add({X1, Y1}, {X2, Y2}) ->
  M  = ?DIV(?SUB(Y2, Y1), ?SUB(X2, X1)),
  X3 = ?SUB(?MUL(M, M), ?ADD(X1, X2)),
  Y3 = ?SUB(?MUL(M, ?SUB(X1, X3)), Y1),
  {X3, Y3}.
 pow(_, 0) -> 1;
 pow(A, 1) -> A;
 pow(A, B) -> pow(A, B, 1).
 pow(_, 0, R)                   -> R;
 pow(A, B, R) when B rem 2 == 0 -> pow(A * A, B bsr 1, R);
 pow(A, B, R)                   -> pow(?MUL(A, A), B bsr 1, ?MUL(R, A)).
 %% Arithmetics in prime field P
 f_add(A, B) -> (A + B) rem ?P.
 f_mul(A, B) -> (A * B) rem ?P.
 f_sub(A, B) -> (A - B + ?P) rem ?P.
 f_div(A, B) -> f_mul(A, f_inv(B)).
 f_inv(A) ->
  {1, S, _T} = ecu_misc:eea(A, ?P),
  (S + ?P) rem ?P.
 %% Arithmetics in curve group order N
 s_add(A, B) -> (A + B) rem ?N.
 s_mul(A, B) -> (A * B) rem ?N.
 s_sub(A, B) -> (A - B + ?N) rem ?N.
 s_div(A, B) -> s_mul(A, s_inv(B)).
 s_inv(A) ->
  {1, S, _T} = ecu_misc:eea(A, ?N),
  (S + ?N) rem ?N.
 %% curve() ->
 %%   #{ p => 16#FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F,
 %%      a => 16#00, b => 16#07,
 %%      x => 16#79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,
 %%      y => 16#483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8,
 %%      n => 16#FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141,
 %%      e => 16#7AE96A2B657C07106E64479EAC3434E99CF0497512F58995C1396C28719501EE
 %%    }.
--- a/test/secp256k1_tests.erl
+++ b/test/secp256k1_tests.erl
@ -0,0 +1,73 @@
 %%% File        : secp256k1_tests.erl
 %%% Author      : Hans Svensson
 %%% Description :
 %%% Created     : 22 Dec 2021 by Hans Svensson
 -module(secp256k1_tests).
 -compile([export_all, nowarn_export_all]).
 -include_lib("eunit/include/eunit.hrl").
 on_curve_test() ->
  %% https://chuckbatson.wordpress.com/2014/11/26/secp256k1-test-vectors/
  KnownPts =
    [{16#79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,
      16#483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8},
     {16#C6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5,
      16#1AE168FEA63DC339A3C58419466CEAEEF7F632653266D0E1236431A950CFE52A},
     {16#F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9,
      16#388F7B0F632DE8140FE337E62A37F3566500A99934C2231B6CB9FD7584B8E672},
     {16#E493DBF1C10D80F3581E4904930B1404CC6C13900EE0758474FA94ABE8C4CD13,
      16#51ED993EA0D455B75642E2098EA51448D967AE33BFBDFE40CFE97BDC47739922},
     {16#2F8BDE4D1A07209355B4A7250A5C5128E88B84BDDC619AB7CBA8D569B240EFE4,
      16#D8AC222636E5E3D6D4DBA9DDA6C9C426F788271BAB0D6840DCA87D3AA6AC62D6}],
  [ ?assert(ecu_secp256k1:on_curve(Pt)) || Pt <- KnownPts ],
  ?assert(not ecu_secp256k1:on_curve({42, 723})).
 scalar_mul_test() ->
  %% https://chuckbatson.wordpress.com/2014/11/26/secp256k1-test-vectors/
  KnownPts =
    [{1,
      16#79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,
      16#483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8},
     {2,
      16#C6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5,
      16#1AE168FEA63DC339A3C58419466CEAEEF7F632653266D0E1236431A950CFE52A},
     {3,
      16#F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9,
      16#388F7B0F632DE8140FE337E62A37F3566500A99934C2231B6CB9FD7584B8E672},
     {4,
      16#E493DBF1C10D80F3581E4904930B1404CC6C13900EE0758474FA94ABE8C4CD13,
      16#51ED993EA0D455B75642E2098EA51448D967AE33BFBDFE40CFE97BDC47739922},
     {5,
      16#2F8BDE4D1A07209355B4A7250A5C5128E88B84BDDC619AB7CBA8D569B240EFE4,
      16#D8AC222636E5E3D6D4DBA9DDA6C9C426F788271BAB0D6840DCA87D3AA6AC62D6},
     {20,
      16#4CE119C96E2FA357200B559B2F7DD5A5F02D5290AFF74B03F3E471B273211C97,
      16#12BA26DCB10EC1625DA61FA10A844C676162948271D96967450288EE9233DC3A},
     {112233445566778899,
      16#A90CC3D3F3E146DAADFC74CA1372207CB4B725AE708CEF713A98EDD73D99EF29,
      16#5A79D6B289610C68BC3B47F3D72F9788A26A06868B4D8E433E1E2AD76FB7DC76},
     {112233445566778899112233445566778899,
      16#E5A2636BCFD412EBF36EC45B19BFB68A1BC5F8632E678132B885F7DF99C5E9B3,
      16#736C1CE161AE27B405CAFD2A7520370153C2C861AC51D6C1D5985D9606B45F39}
    ],
  [ begin
      {X, Y} = ecu_secp256k1:scalar_mul_base(K),
      ?assertEqual({x, K, Ex}, {x, K, X}),
      ?assertEqual({y, K, Ey}, {y, K, Y})
    end || {K, Ex, Ey} <- KnownPts ].
 compression_test() ->
  Test = fun(P) ->
             CP = ecu_secp256k1:compress(P),
             DP = ecu_secp256k1:decompress(CP),
 %%              ?debugFmt("\nP : ~200p\nCP: ~200p\nDP: ~200p", [P, CP, DP]),
             ?assertEqual(P, DP)
         end,
  [ Test(ecu_secp256k1:scalar_mul_base(K)) || K <- lists:seq(10, 100) ].