• Top
  • Documentation
  • Books
  • Boolean-reasoning
  • Projects
  • Debugging
  • Std
  • Community
  • Proof-automation
  • ACL2
  • Macro-libraries
  • Interfacing-tools
  • Hardware-verification
  • Software-verification
    • Kestrel-books
      • Crypto-hdwallet
      • Apt
      • Error-checking
      • Fty-extensions
      • Isar
      • Kestrel-utilities
      • Set
      • Soft
      • C
      • Bv
      • Imp-language
      • Event-macros
      • Java
      • Bitcoin
      • Ethereum
      • Yul
      • Zcash
      • ACL2-programming-language
      • Prime-fields
      • Json
      • Syntheto
      • File-io-light
      • Cryptography
        • R1cs
        • Interfaces
        • Sha-2
        • Keccak
        • Kdf
        • Mimc
        • Padding
        • Hmac
        • Elliptic-curves
          • Secp256k1-attachment
          • Twisted-edwards
          • Montgomery
          • Short-weierstrass-curves
            • Short-weierstrass
              • Short-weierstrass-fix
              • Short-weierstrass-equiv
              • Make-short-weierstrass
              • Curve-scalar-*
              • Short-weierstrass->p
              • Short-weierstrass->b
              • Short-weierstrass->a
              • Curve-group-+
              • Change-short-weierstrass
              • Short-weierstrass-p
              • Point-on-weierstrass-elliptic-curve-p
              • Curve-negate
              • Weierstrass-elliptic-curve-p
            • Short-weierstrass-primep
          • Birational-montgomery-twisted-edwards
          • Has-square-root?-satisfies-pfield-squarep
          • Secp256k1
          • Secp256k1-domain-parameters
          • Secp256k1-types
          • Pfield-squarep
          • Secp256k1-interface
          • Prime-field-extra-rules
          • Points
        • Attachments
        • Elliptic-curve-digital-signature-algorithm
      • Number-theory
      • Lists-light
      • Axe
      • Builtins
      • Solidity
      • Helpers
      • Htclient
      • Typed-lists-light
      • Arithmetic-light
    • X86isa
    • Axe
    • Execloader
  • Math
  • Testing-utilities

• Short-weierstrass

Curve-scalar-*

Multiply an elliptic curve point by a scalar.

(curve-scalar-* s point p a b) applies the elliptic group operation to s copies of point.

Since we use + to describe the group operation, this operation can be thought of as multiplying point by the scalar s.

(Alternatively, for those who think of the group operation as multiplication, this operation can be thought of as exponentiation.)

point must be on the Short Weierstrass elliptic curve defined by p, a, and b. If it is not, a guard violation occurs.

The result is a point on the elliptic curve.

Definitions and Theorems

Function: curve-scalar-*

(defun curve-scalar-* (s point p a b)
 (declare
  (xargs :guard
         (and (natp s)
              (dm::primep p)
              (< 3 p)
              (fep a p)
              (fep b p)
              (pointp point)
              (point-in-pxp-p point p)
              (point-on-weierstrass-elliptic-curve-p point p a b))))
 (if (zp s)
     :infinity
  (if (= s 1)
      point
    (if
     (evenp s)
     (let
        ((half-curve-scalar-* (curve-scalar-* (/ s 2) point p a b)))
       (curve-group-+ half-curve-scalar-*
                      half-curve-scalar-* p a b))
     (curve-group-+ point
                    (curve-scalar-* (- s 1) point p a b)
                    p a b)))))