secp256k1ScalarSplitLambda static method

Implementation

static void secp256k1ScalarSplitLambda(
    Secp256k1Scalar r1, Secp256k1Scalar r2, Secp256k1Scalar k) {
  Secp256k1Scalar c1 = Secp256k1Scalar(), c2 = Secp256k1Scalar();

  secp256k1ScalarVerify(k);
  _cond(!identical(r1, k), "secp256k1ScalarSplitLambda");
  _cond(!identical(r2, k), "secp256k1ScalarSplitLambda");
  _cond(!identical(r1, r2), "secp256k1ScalarSplitLambda");

  /// these _var calls are constant time since the shift amount is constant
  secp256k1ScalarMulShiftVar(c1, k, Secp256k1Const.g1, 384);
  secp256k1ScalarMulShiftVar(c2, k, Secp256k1Const.g2, 384);
  secp256k1ScalarMul(c1, c1, Secp256k1Const.minusB1);
  secp256k1ScalarMul(c2, c2, Secp256k1Const.minusB2);
  secp256k1ScalarAdd(r2, c1, c2);
  secp256k1ScalarMul(r1, r2, Secp256k1Const.secp256k1ConstLambda);
  secp256k1ScalarNegate(r1, r1);
  secp256k1ScalarAdd(r1, r1, k);

  secp256k1ScalarVerify(r1);
  secp256k1ScalarVerify(r2);
}