secp256k1ECmultGenBlind static method

Implementation

static void secp256k1ECmultGenBlind(
    Secp256k1ECmultGenContext ctx, List<int>? seed32) {
  Secp256k1Scalar b = Secp256k1Scalar();
  Secp256k1Scalar diff = Secp256k1Scalar();
  Secp256k1Gej gb = Secp256k1Gej();
  Secp256k1Fe f = Secp256k1Fe();
  List<int> nonce32 = List<int>.filled(32, 0);
  List<int> keydata = List<int>.filled(64, 0);

  /// Compute the (2^combBits - 1)/2 term once.
  Secp256k1.secp256k1ECmultGenScalarDiff(diff);

  if (seed32 == null) {
    /// When seed is NULL, reset the final point and blinding value.
    Secp256k1.secp256k1GeNeg(ctx.geOffset, Secp256k1Const.G);
    Secp256k1.secp256k1ScalarAdd(
        ctx.scalarOffset, Secp256k1Const.secp256k1ScalarOne, diff);
    ctx.projBlind = Secp256k1Const.secp256k1FeOne.clone();
    return;
  }

  /// The prior blinding value (if not reset) is chained forward by including it in the hash.
  Secp256k1.secp256k1ScalarGetB32(keydata, ctx.scalarOffset);
  keydata.setAll(32, seed32.take(32));
  nonce32 = RFC6979.generateSecp256k1KBytes(
      secexp: keydata.sublist(0, 32),
      hashFunc: () => SHA256(),
      data: keydata.sublist(32));

  /// Compute projective blinding factor (cannot be 0).
  Secp256k1.secp256k1FeSetB32Mod(f, nonce32);
  Secp256k1.secp256k1FeCmov(f, Secp256k1Const.secp256k1FeOne,
      Secp256k1.secp256k1FeNormalizesToZero(f));
  ctx.projBlind = f;
  nonce32 = RFC6979.generateSecp256k1KBytes(
      secexp: keydata.sublist(0, 32),
      hashFunc: () => SHA256(),
      data: keydata.sublist(32),
      retryGn: 1);
  Secp256k1.secp256k1ScalarSetB32(b, nonce32);
  Secp256k1.secp256k1ScalarCmov(b, Secp256k1Const.secp256k1ScalarOne,
      Secp256k1.secp256k1ScalarIsZero(b));
  Secp256k1.secp256k1ECmultGen(ctx, gb, b);
  Secp256k1.secp256k1ScalarNegate(b, b);
  Secp256k1.secp256k1ScalarAdd(ctx.scalarOffset, b, diff);
  Secp256k1.secp256k1GeSetGej(ctx.geOffset, gb);
}