2

I am trying to implement a PoC of some variant of monero. Currently for start, I want to generate the expression G*a*i^2 given all the scalars (a,i,2).

I've lost my way while looking at Monero libraries since the structs and the names of the functions and their inputs/outputs are not clear and well documented.

user36303
  • 34,858
  • 2
  • 57
  • 123
Shak
  • 219
  • 1
  • 4

1 Answers1

3

Assuming G is the base point and i is a scalar (the convention is to write points in capital letters and scalars in lowercase letters):

rct::key tmp; sc_mul(i.bytes, i.bytes, i.bytes); // i = i^2 sc_mul(tmp.bytes, a.bytes, i.bytes); // tmp = a * i^2 rct::scalarmultBase(tmp, tmp); // tmp = a * i^2 * G

The rct API is easier to use than the fe/ge API, but it has a single type for points and scalars, which make it more error prone. sc_mul (scalar multiplication) is the fe API, and scalarmultBase is the rct API.

user36303
  • 34,858
  • 2
  • 57
  • 123
  • Btw fe (field elements) and scalars are slightly different things. Field elements are in the range of the size of the prime finite field which is of size q (2^255-19), and scalars are in the range of the prime group size of the base point G (2^252+....). – knaccc Aug 06 '18 at 14:24
  • Ok, got it. One more related question, lets say I want an exponent bigger than 2 (for i), say i^30 ; is there an efficient way to do it? (the naive way of doing it in an iterative manner seems really inefficient). – Shak Aug 07 '18 at 06:46
  • 1
    https://en.wikipedia.org/wiki/Exponentiation#Efficient_computation_with_integer_exponents – user36303 Aug 07 '18 at 13:30
  • I assume that i is of type key, while also temp. Though, temp is a point on the curve and i is a scalar. How is it possible? – Shak Aug 07 '18 at 13:35
  • Yes. As I said in the anwer, "a single type for points and scalars". You don't have to use it for the fe/ge API though, there are other types such as ge_p3 for points. – user36303 Aug 07 '18 at 19:37