From 58da5bd589f61b0e0e9b58388ee3e0da8a2c3c3a Mon Sep 17 00:00:00 2001 From: Elliott Jin Date: Fri, 3 Dec 2021 08:36:49 -0800 Subject: [PATCH 1/2] doc: Fix upper bounds + cleanup in field_5x52_impl.h comment --- src/field_5x52_impl.h | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h index b56bdd13534c4..dcc1c4c2724a7 100644 --- a/src/field_5x52_impl.h +++ b/src/field_5x52_impl.h @@ -22,11 +22,18 @@ #endif /** Implements arithmetic modulo FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F, - * represented as 5 uint64_t's in base 2^52. The values are allowed to contain >52 each. In particular, - * each FieldElem has a 'magnitude' associated with it. Internally, a magnitude M means each element - * is at most M*(2^53-1), except the most significant one, which is limited to M*(2^49-1). All operations - * accept any input with magnitude at most M, and have different rules for propagating magnitude to their - * output. + * represented as 5 uint64_t's in base 2^52, least significant first. Note that the limbs are allowed to + * contain >52 bits each. + * + * Each field element has a 'magnitude' associated with it. Internally, a magnitude M means: + * - 2*M*(2^48-1) is the max (inclusive) of the most significant limb + * - 2*M*(2^52-1) is the max (inclusive) of the remaining limbs + * + * Operations have different rules for propagating magnitude to their outputs. If an operation takes a + * magnitude M as a parameter, that means the magnitude of input field elements can be at most M (inclusive). + * + * Each field element also has a 'normalized' flag. A field element is normalized if its magnitude is either + * 0 or 1, and its value is already reduced modulo the order of the field. */ #ifdef VERIFY From 1287786c7a97eff520ffbd6b0d8b2f99dbfc6371 Mon Sep 17 00:00:00 2001 From: Elliott Jin Date: Mon, 6 Dec 2021 08:54:32 -0800 Subject: [PATCH 2/2] doc: Add comment to top of field_10x26_impl.h --- src/field_10x26_impl.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/field_10x26_impl.h b/src/field_10x26_impl.h index 4363e727e76e8..4a9b234d56d0e 100644 --- a/src/field_10x26_impl.h +++ b/src/field_10x26_impl.h @@ -11,6 +11,15 @@ #include "field.h" #include "modinv32_impl.h" +/** See the comment at the top of field_5x52_impl.h for more details. + * + * Here, we represent field elements as 10 uint32_t's in base 2^26, least significant first, + * where limbs can contain >26 bits. + * A magnitude M means: + * - 2*M*(2^22-1) is the max (inclusive) of the most significant limb + * - 2*M*(2^26-1) is the max (inclusive) of the remaining limbs + */ + #ifdef VERIFY static void secp256k1_fe_verify(const secp256k1_fe *a) { const uint32_t *d = a->n;