GE: Fix batch mul and rename from mul to batch_mul

BlockstreamResearch · Mar 12, 2024 · bc16bbe · bc16bbe
1 parent 9a036f7
commit bc16bbe
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 21 deletions.
diff --git a/reference/secp256k1ref/secp256k1.py b/reference/secp256k1ref/secp256k1.py
@@ -260,13 +260,13 @@ def sum(*ps):
         return sum(ps, start=GE())
 
     @staticmethod
-    def mul(*aps):
+    def batch_mul(*aps):
         """Compute a (batch) scalar group element multiplication.
 
-        GE.mul((a1, p1), (a2, p2), (a3, p3)) is identical to a1*p1 + a2*p2 + a3*p3,
+        GE.batch_mul((a1, p1), (a2, p2), (a3, p3)) is identical to a1*p1 + a2*p2 + a3*p3,
         but more efficient."""
         # Reduce all the scalars modulo order first (so we can deal with negatives etc).
-        naps = [(a % GE.ORDER, p) for a, p in aps]
+        naps = [(int(a), p) for a, p in aps]
         # Start with point at infinity.
         r = GE()
         # Iterate over all bit positions, from high to low.
@@ -282,8 +282,8 @@ def mul(*aps):
     def __rmul__(self, a):
         """Multiply an integer with a group element."""
         if self == G:
-            return FAST_G.mul(int(a))
-        return GE.mul((int(a), self))
+            return FAST_G.batch_mul(Scalar(a))
+        return GE.batch_mul((Scalar(a), self))
 
     def __neg__(self):
         """Compute the negation of a group element."""
@@ -427,9 +427,9 @@ def __init__(self, p):
             p = p + p
             self.table.append(p)
 
-    def mul(self, a):
+    def batch_mul(self, a):
         result = GE()
-        a = a % GE.ORDER
+        a = int(a)
         for bit in range(a.bit_length()):
             if a & (1 << bit):
                 result += self.table[bit]

diff --git a/reference/vss.py b/reference/vss.py
@@ -37,10 +37,10 @@ class VSSCommitment(NamedTuple):
     def t(self):
         return len(self.ges)
 
-    def verify(self, signer_idx: int, share: Scalar) -> bool:
+    def verify(self, i: int, share: Scalar) -> bool:
         P = share * G
-        Q = GE.mul(
-            *((pow(signer_idx + 1, j), self.ges[j]) for j in range(0, len(self.ges)))
+        Q = GE.batch_mul(
+            *(((i + 1) ** j, self.ges[j]) for j in range(0, len(self.ges)))
         )
         return P == Q
 
@@ -63,12 +63,9 @@ def group_info(self, n: int) -> GroupInfo:
         """Returns the shared public key and individual public keys of the participants"""
         pk = self.ges[0]
         participant_public_keys = []
-        for signer_idx in range(0, n):
-            pk_i = GE.mul(
-                *(
-                    (pow(signer_idx + 1, j), self.ges[j])
-                    for j in range(0, len(self.ges))
-                )
+        for i in range(0, n):
+            pk_i = GE.batch_mul(
+                *((Scalar((i + 1) ** j), self.ges[j]) for j in range(0, self.t()))
             )
             participant_public_keys += [pk_i]
         return GroupInfo(pk, participant_public_keys)
@@ -100,11 +97,7 @@ def shares(self, n: int) -> List[Scalar]:
         return [self.share_for(i) for i in range(0, n)]
 
     def commit(self) -> VSSCommitment:
-        ges = []
-        for coeff in self.f.coeffs:
-            A_i = coeff * G
-            ges.append(A_i)
-        return VSSCommitment(ges)
+        return VSSCommitment([c * G for c in self.f.coeffs])
 
     def secret(self):
         return self.f.coeffs[0]