• Top
  • Documentation
  • Books
  • Boolean-reasoning
  • Projects
  • Debugging
  • Std
  • Proof-automation
  • Macro-libraries
  • ACL2
  • Interfacing-tools
  • Hardware-verification
  • Software-verification
    • Kestrel-books
      • Crypto-hdwallet
      • Apt
      • Error-checking
      • Fty-extensions
      • Isar
      • Kestrel-utilities
      • Soft
      • Bv
      • Imp-language
      • C
      • Event-macros
      • Java
      • Bitcoin
      • Ethereum
      • Yul
      • Zcash
      • ACL2-programming-language
      • Prime-fields
      • Json
      • Syntheto
      • File-io-light
      • Number-theory
      • Cryptography
        • R1cs
        • Interfaces
        • Sha-2
        • Keccak
        • Kdf
        • Mimc
        • Padding
        • Hmac
        • Elliptic-curves
          • Secp256k1-attachment
          • Twisted-edwards
          • Montgomery
          • Edwards-bls12
          • Short-weierstrass-curves
          • Birational-montgomery-twisted-edwards
          • Has-square-root?-satisfies-pfield-squarep
          • Secp256k1
          • Secp256k1-domain-parameters
          • Secp256k1-types
          • Pfield-squarep
          • Secp256k1-interface
            • Secp256k1-mul
            • Secp256k1-add
            • Secp256k1-priv-to-pub
          • Bls12-377-domain-parameters
          • Prime-field-extra-rules
          • Points
        • Attachments
        • Elliptic-curve-digital-signature-algorithm
      • Lists-light
      • Builtins
      • Axe
      • Solidity
      • Helpers
      • Htclient
      • Typed-lists-light
      • Arithmetic-light
    • X86isa
    • Axe
    • Execloader
  • Math
  • Testing-utilities

• Secp256k1-interface

Secp256k1-mul

Multiplication of a point on the secp256k1 curve by a number.

For now we do not require the point to be on the curve, but just to have coordinates in the field, as formalized by the guard.

The number is a natural number, as formalized by the guard.

We constrain this function to return a point unconditionally.

We also constrain this function to fix its arguments to a natural number and to a point.

Furthermore, we constrain this function to return a public key (i.e. not the point at infinity) when the number is a private key and the point is the generator. This is because, since n is the order of the group and G is not the point at infinity, kG cannot be the point at infinity when 0 < k < n.

Definitions and Theorems

Theorem: secp256k1-pointp-of-secp256k1-mul

(defthm secp256k1-pointp-of-secp256k1-mul
  (secp256k1-pointp (secp256k1-mul nat point)))

Theorem: secp256k1-fixes-input-nat

(defthm secp256k1-fixes-input-nat
  (equal (secp256k1-mul (nfix nat) point)
         (secp256k1-mul nat point)))

Theorem: secp256k1-fixes-input-point

(defthm secp256k1-fixes-input-point
  (equal (secp256k1-mul nat (secp256k1-point-fix point))
         (secp256k1-mul nat point)))

Theorem: secp256k1-pub-key-p-of-mul-when-priv-key-p

(defthm secp256k1-pub-key-p-of-mul-when-priv-key-p
  (implies (and (secp256k1-priv-key-p k)
                (equal point (secp256k1-point-generator)))
           (secp256k1-pub-key-p (secp256k1-mul k point))))

Theorem: nat-equiv-implies-equal-secp256k1-mul-1

(defthm nat-equiv-implies-equal-secp256k1-mul-1
  (implies (nat-equiv nat nat-equiv)
           (equal (secp256k1-mul nat point)
                  (secp256k1-mul nat-equiv point)))
  :rule-classes (:congruence))

Theorem: secp256k1-point-equiv-implies-equal-secp256k1-mul-2

(defthm secp256k1-point-equiv-implies-equal-secp256k1-mul-2
  (implies (secp256k1-point-equiv point point-equiv)
           (equal (secp256k1-mul nat point)
                  (secp256k1-mul nat point-equiv)))
  :rule-classes (:congruence))