• Top
  • Documentation
  • Books
  • Boolean-reasoning
  • Projects
    • Apt
    • Zfc
    • Acre
    • Milawa
    • Smtlink
    • Abnf
    • Vwsim
    • Isar
    • Wp-gen
    • Dimacs-reader
    • Pfcs
    • Legacy-defrstobj
    • Proof-checker-array
    • Soft
    • C
    • Farray
    • Rp-rewriter
    • Instant-runoff-voting
    • Imp-language
    • Sidekick
    • Leftist-trees
    • Java
    • Taspi
    • Bitcoin
    • Riscv
    • Des
    • Ethereum
    • X86isa
    • Sha-2
    • Yul
    • Zcash
    • Proof-checker-itp13
    • Regex
    • ACL2-programming-language
    • Json
    • Jfkr
    • Equational
    • Cryptography
      • R1cs
      • Interfaces
        • Definterface-hmac
        • Definterface-encrypt-block
        • Definterface-hash
        • Definterface-encrypt-init
        • Definterface-pbkdf2
        • Aes-256-cbc-pkcs7-interface
        • Aes-192-cbc-pkcs7-interface
        • Aes-128-cbc-pkcs7-interface
        • Aes-256-interface
        • Aes-192-interface
        • Aes-128-interface
        • Pbkdf2-hmac-sha-512-interface
        • Keccak-256-interface
        • Sha-256-interface
        • Keccak-512-interface
        • Ripemd-160-interface
        • Sha-512-interface
        • Pbkdf2-hmac-sha-256-interface
        • Hmac-sha-512-interface
        • Hmac-sha-256-interface
        • Secp256k1-interface
          • Secp256k1-mul
          • Secp256k1-add
          • Secp256k1-priv-to-pub
        • Secp256k1-ecdsa-interface
      • Sha-2
      • Keccak
      • Kdf
      • Mimc
      • Padding
      • Hmac
      • Elliptic-curves
      • Attachments
      • Elliptic-curve-digital-signature-algorithm
    • Poseidon
    • Where-do-i-place-my-book
    • Axe
    • Bigmems
    • Builtins
    • Execloader
    • Aleo
    • Solidity
    • Paco
    • Concurrent-programs
    • Bls12-377-curves
  • Debugging
  • Std
  • Proof-automation
  • Macro-libraries
  • ACL2
  • Interfacing-tools
  • Hardware-verification
  • Software-verification
  • Math
  • Testing-utilities

• Secp256k1-interface

Secp256k1-mul

Multiplication of a point on the secp256k1 curve by a number.

For now we do not require the point to be on the curve, but just to have coordinates in the field, as formalized by the guard.

The number is a natural number, as formalized by the guard.

We constrain this function to return a point unconditionally.

We also constrain this function to fix its arguments to a natural number and to a point.

Furthermore, we constrain this function to return a public key (i.e. not the point at infinity) when the number is a private key and the point is the generator. This is because, since n is the order of the group and G is not the point at infinity, kG cannot be the point at infinity when 0 < k < n.

Definitions and Theorems

Theorem: secp256k1-pointp-of-secp256k1-mul

(defthm secp256k1-pointp-of-secp256k1-mul
  (secp256k1-pointp (secp256k1-mul nat point)))

Theorem: secp256k1-fixes-input-nat

(defthm secp256k1-fixes-input-nat
  (equal (secp256k1-mul (nfix nat) point)
         (secp256k1-mul nat point)))

Theorem: secp256k1-fixes-input-point

(defthm secp256k1-fixes-input-point
  (equal (secp256k1-mul nat (secp256k1-point-fix point))
         (secp256k1-mul nat point)))

Theorem: secp256k1-pub-key-p-of-mul-when-priv-key-p

(defthm secp256k1-pub-key-p-of-mul-when-priv-key-p
  (implies (and (secp256k1-priv-key-p k)
                (equal point (secp256k1-point-generator)))
           (secp256k1-pub-key-p (secp256k1-mul k point))))

Theorem: nat-equiv-implies-equal-secp256k1-mul-1

(defthm nat-equiv-implies-equal-secp256k1-mul-1
  (implies (nat-equiv nat nat-equiv)
           (equal (secp256k1-mul nat point)
                  (secp256k1-mul nat-equiv point)))
  :rule-classes (:congruence))

Theorem: secp256k1-point-equiv-implies-equal-secp256k1-mul-2

(defthm secp256k1-point-equiv-implies-equal-secp256k1-mul-2
  (implies (secp256k1-point-equiv point point-equiv)
           (equal (secp256k1-mul nat point)
                  (secp256k1-mul nat point-equiv)))
  :rule-classes (:congruence))