secp256k1ECmultGenBlind static method

Implementation

static void secp256k1ECmultGenBlind(
  Secp256k1ECmultGenContext ctx,
  List<int>? seed32,
) {
  Secp256k1Scalar b = Secp256k1Scalar();
  Secp256k1Scalar diff = Secp256k1Scalar();
  Secp256k1Gej gb = Secp256k1Gej();
  Secp256k1Fe f = Secp256k1Fe();
  List<int> nonce32 = List<int>.filled(32, 0);
  List<int> keydata = List<int>.filled(64, 0);

  /// Compute the (2^combBits - 1)/2 term once.
  Secp256k1.secp256k1ECmultGenScalarDiff(diff);

  if (seed32 == null) {
    /// When seed is NULL, reset the final point and blinding value.
    Secp256k1.secp256k1GeNeg(ctx.geOffset, Secp256k1Const.G);
    Secp256k1.secp256k1ScalarAdd(
      ctx.scalarOffset,
      Secp256k1Const.secp256k1ScalarOne,
      diff,
    );
    ctx.projBlind = Secp256k1Const.secp256k1FeOne.clone();
    return;
  }

  /// The prior blinding value (if not reset) is chained forward by including it in the hash.
  Secp256k1.secp256k1ScalarGetB32(keydata, ctx.scalarOffset);
  keydata.setAll(32, seed32.take(32));
  nonce32 = RFC6979.generateSecp256k1KBytes(
    secexp: keydata.sublist(0, 32),
    hashFunc: () => SHA256(),
    data: keydata.sublist(32),
  );

  /// Compute projective blinding factor (cannot be 0).
  Secp256k1.secp256k1FeSetB32Mod(f, nonce32);
  Secp256k1.secp256k1FeCmov(
    f,
    Secp256k1Const.secp256k1FeOne,
    Secp256k1.secp256k1FeNormalizesToZero(f),
  );
  ctx.projBlind = f;
  nonce32 = RFC6979.generateSecp256k1KBytes(
    secexp: keydata.sublist(0, 32),
    hashFunc: () => SHA256(),
    data: keydata.sublist(32),
    retryGn: 1,
  );
  Secp256k1.secp256k1ScalarSetB32(b, nonce32);
  Secp256k1.secp256k1ScalarCmov(
    b,
    Secp256k1Const.secp256k1ScalarOne,
    Secp256k1.secp256k1ScalarIsZero(b),
  );
  Secp256k1.secp256k1ECmultGen(ctx, gb, b);
  Secp256k1.secp256k1ScalarNegate(b, b);
  Secp256k1.secp256k1ScalarAdd(ctx.scalarOffset, b, diff);
  Secp256k1.secp256k1GeSetGej(ctx.geOffset, gb);
}