[Question] secp256k1_ecmult_const k times Infinity #788

issue lontivero openend this issue on August 7, 2020
  1. lontivero commented at 2:51 pm on August 7, 2020: none

    Question: if P is the point at infinity and k is a scalar in the range 0 < k < N, is kP also the point at infinity?

    In other words: should this test pass?

     0void ecmult_const_mult_inf_one(void) {
     1    secp256k1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1);
     2    secp256k1_gej res1;
     3    secp256k1_ge res2;
     4    secp256k1_ge point;
     5
     6    secp256k1_ge_set_infinity(&point);
     7    secp256k1_ecmult_const(&res1, &point, &one, 256);
     8    secp256k1_ge_set_gej(&res2, &res1);
     9    CHECK(secp256k1_ge_is_infinity(&res2));
    10}
    
  2. sipa commented at 2:53 pm on August 7, 2020: contributor
    Yes, the point at infinity corresponds to the scalar 0, so multiplying it with anything cannot change it.
  3. real-or-random commented at 3:01 pm on August 7, 2020: contributor

    In particular a multiplication with 1 should never change anything. So much for the math.

    But I’m not sure whether secp256k1_ecmult_const is built to work with point with the point at infinity. (I believe no.) It’s an internal function and it’s currently only used in the ECDH code and there the point can’t be infinity because the point was deserialized and we don’t a serialization for infinity. If secp256k1_ecmult_const is not to be used with infinity, then we should probably document it.

  4. lontivero commented at 3:10 pm on August 7, 2020: none
    Thank you both. I asked this here because I am tracking a problem from NBitcoin.Secp256k1 library (secp256k1 dotnet porting). secp256k1_ecmult_const is internal and should not be used with infinity. It is clear.
  5. lontivero closed this on Aug 7, 2020

  6. lontivero cross-referenced this on Aug 7, 2020 from issue [NBitcoin.Secp256k1] Operations involving Infinity by lontivero
  7. real-or-random cross-referenced this on Aug 7, 2020 from issue Document that infinity must not be passed to ecmult_const by real-or-random

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-10-30 05:15 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me