frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,209 Commits 14 Branches 0 Tags
Commit Graph

2209 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pieter Wuille
a8abae7e5f
Merge #310: Add exhaustive test for group functions on a low-order subgroup 
b4ceedf Add exhaustive test for verification (Andrew Poelstra)
83836a9 Add exhaustive tests for group arithmetic, signing, and ecmult on a small group (Andrew Poelstra)
20b8877 Add exhaustive test for group functions on a low-order subgroup (Andrew Poelstra)
 2016-11-25 16:48:57 -08:00
Andrew Poelstra
b4ceedf14f Add exhaustive test for verification 2016-11-26 00:35:02 +00:00
Andrew Poelstra
83836a9547 Add exhaustive tests for group arithmetic, signing, and ecmult on a small group 
If you compile without ./configure --enable-exhaustive-tests=no,
this will create a binary ./exhaustive_tests which will execute
every function possible on a group of small order obtained by
moving to a twist of our curve and locating a generator of small
order.

Currently defaults to order 13, though by changing some #ifdefs
you can get a couple other ones. (Currently 199, which will take
forever to run, and 14, which won't work because it's composite.)

TODO exhaustive tests for the various modules
 2016-11-26 00:35:00 +00:00
Andrew Poelstra
20b8877be1 Add exhaustive test for group functions on a low-order subgroup 
We observe that when changing the b-value in the elliptic curve formula
`y^2 = x^3 + ax + b`, the group law is unchanged. Therefore our functions
for secp256k1 will be correct if and only if they are correct when applied
to the curve defined by `y^2 = x^3 + 4` defined over the same field. This
curve has a point P of order 199.

This commit adds a test which computes the subgroup generated by P and
exhaustively checks that addition of every pair of points gives the correct
result.

Unfortunately we cannot test const-time scalar multiplication by the same
mechanism. The reason is that these ecmult functions both compute a wNAF
representation of the scalar, and this representation is tied to the order
of the group.

Testing with the incomplete version of gej_add_ge (found in 5de4c5dff^)
shows that this detects the incompleteness when adding P - 106P, which
is exactly what we expected since 106 is a cube root of 1 mod 199.
 2016-11-25 20:45:29 +00:00
Pieter Wuille
80773a6b74
Merge #425: Remove Schnorr experiment 
e06e878 Remove Schnorr experiment (Pieter Wuille)
 2016-11-25 11:30:28 -08:00
Pieter Wuille
e06e878fd7 Remove Schnorr experiment 2016-11-17 18:55:06 -08:00
Pieter Wuille
04c8ef36ad
Merge #407: Modify parameter order of internal functions to match API parameter order 
353c1bf Fix secp256k1_ge_set_table_gej_var parameter order (llamasoft)
541b783 Fix secp256k1_ge_set_all_gej_var parameter order (llamasoft)
7d893f4 Fix secp256k1_fe_inv_all_var parameter order (llamasoft)
 2016-10-26 15:05:26 -07:00
Pieter Wuille
6e066962b7
Merge #411: Remove guarantees about memcmp-ability 
91219a1 Remove guarantees about memcmp-ability (Andrew Poelstra)
 2016-10-26 14:54:45 -07:00
Pieter Wuille
40c8d7e8bf
Merge #421: Update scalar_4x64_impl.h 
9d67afa Update scalar_4x64_impl.h (Alex-GR)
 2016-10-26 14:26:23 -07:00
Pieter Wuille
a922365f20
Merge #422: Restructure nonce clearing 
3769783 Restructure nonce clearing (bgorlick)
0f9e69d Restructure nonce clearing (bgorlick)
 2016-10-26 14:15:14 -07:00
bgorlick
37697832d6 Restructure nonce clearing 
Make sure we clear the nonce data even if the nonce function fails (it may have written partial data), and call memset only once in the case we iterate to produce a valid signature.
 2016-10-21 04:59:32 -07:00
bgorlick
0f9e69db55 Restructure nonce clearing 
Make sure we clear the nonce data even if the nonce function fails (it may have written partial data), and call memset only once in the case we iterate to produce a valid signature.
 2016-10-21 03:50:10 -07:00
Alex-GR
9d67afad96 Update scalar_4x64_impl.h 
XOR reg,reg instead of MOV 0 to reg. It should be at least equal in all architectures and faster in some else.
 2016-10-09 00:16:50 +03:00
Pieter Wuille
7d15cd7859
Merge #413: fix auto-enabled static precompuatation 
00c5d2e fix auto-enabled static precompuatation (Cory Fields)
 2016-09-12 18:06:05 +02:00
Cory Fields
00c5d2e142 fix auto-enabled static precompuatation 
This was broken in aa0b1fd14979145d54ef85485cb497a9cdbc22c7
 2016-09-07 12:16:15 -04:00
Andrew Poelstra
91219a1cc0 Remove guarantees about memcmp-ability 2016-08-26 18:03:48 +00:00
Pieter Wuille
7a49cacd39
Merge #410: Add string.h include to ecmult_impl 
0bbd5d4 Add string.h include to ecmult_impl (Wladimir J. van der Laan)
 2016-08-04 20:40:19 +02:00
Wladimir J. van der Laan
0bbd5d4025 Add string.h include to ecmult_impl 
`memcpy` and `memset` are used, so include the appropriate header
for the declaration.
 2016-08-04 12:58:29 +02:00
llamasoft
353c1bf0d7 Fix secp256k1_ge_set_table_gej_var parameter order 
Rearranged secp256k1_ge_set_table_gej_var parameters so length comes last (it modifies both *a and *zr).
 2016-07-26 14:24:45 -05:00
llamasoft
541b783920 Fix secp256k1_ge_set_all_gej_var parameter order 
Rearranged secp256k1_ge_set_all_gej_var parameters so length comes after *a.
 2016-07-26 14:24:42 -05:00
llamasoft
7d893f4980 Fix secp256k1_fe_inv_all_var parameter order 
Rearranged secp256k1_fe_inv_all_var parameters so length is after array.
Text editor removed some trailing whitespaces.
 2016-07-26 12:15:19 -05:00
Pieter Wuille
c5b32e16c4
Merge #405: Make secp256k1_fe_sqrt constant time 
926836a Make secp256k1_fe_sqrt constant time (Pieter Wuille)
 2016-07-09 19:39:56 +02:00
Pieter Wuille
926836ad36 Make secp256k1_fe_sqrt constant time 2016-07-09 14:23:44 +02:00
Pieter Wuille
e2a8e92125
Merge #404: Replace 3M + 4S doubling formula with 2M + 5S one 
8ec49d8 Add note about 2M + 5S doubling formula (Andrew Poelstra)
 2016-07-07 17:06:49 +02:00
Andrew Poelstra
8ec49d8a5a Add note about 2M + 5S doubling formula 2016-07-07 15:04:36 +00:00
Pieter Wuille
5a91bd768f
Merge #400: A couple minor cleanups 
ac01378 build: add -DSECP256K1_BUILD to benchmark_internal build flags (Andrew Poelstra)
a6c6f99 Remove a bunch of unused stdlib #includes (Andrew Poelstra)
 2016-07-06 14:13:13 +02:00
Andrew Poelstra
ac01378c87 build: add -DSECP256K1_BUILD to benchmark_internal build flags 
gcc 6 will warn about our non-null checks when SECP256K1_BUILD
our NONNULL marker is nontrivial. This occurs unless SECP256K1_BUILD
is set, which we had forgotten to do for the internal benchmarks,
which compile directly against the library instead of linking.
 2016-07-06 11:55:14 +00:00
Andrew Poelstra
a6c6f994b5 Remove a bunch of unused stdlib #includes 2016-07-06 11:40:37 +00:00
Pieter Wuille
65285a63ee
Merge #403: configure: add flag to disable OpenSSL tests 
a9b2a5d configure: add flag to disable OpenSSL tests (Andrew Poelstra)
 2016-07-06 12:08:16 +02:00
Andrew Poelstra
a9b2a5d850 configure: add flag to disable OpenSSL tests 
OpenSSL messes up valgrind.
 2016-07-06 08:25:33 +00:00
Pieter Wuille
b3401237be
Merge #402: Add support for testing quadratic residues 
e6e9805 Add function for testing quadratic residue field/group elements. (Pieter Wuille)
efd953a Add Jacobi symbol test via GMP (Peter Dettman)
 2016-07-04 14:00:16 +02:00
Pieter Wuille
e6e9805fc4 Add function for testing quadratic residue field/group elements. 2016-07-04 13:55:04 +02:00
Peter Dettman
efd953a7a7 Add Jacobi symbol test via GMP 
Also add native Jacobi symbol test (Andrew)

Rebased-by: Andrew Poelstra
Rebased-by: Pieter Wuille
 2016-07-04 13:16:35 +02:00
Pieter Wuille
fa36a0ddb8
Merge #401: ecmult_const: unify endomorphism and non-endomorphism skew cases 
c6191fd ecmult_const: unify endomorphism and non-endomorphism skew cases (Andrew Poelstra)
 2016-06-30 15:52:21 +02:00
Andrew Poelstra
c6191fded8 ecmult_const: unify endomorphism and non-endomorphism skew cases 
We now do a skew correction even without the endomorphism optimization,
which costs one additional group addition but unifies a lot of code.
 2016-06-30 13:28:47 +00:00
Pieter Wuille
0b3e618a1c
Merge #378: .gitignore build-aux cleanup 
70141a8 Update .gitignore (upgradeadvice)
 2016-06-29 11:20:18 +02:00
Pieter Wuille
6042217d5d
Merge #384: JNI: align shared files copyright/comments to bitcoinj's 
6ceea2c align shared files copyright/comments to bitcoinj's (GreenAddress)
 2016-06-29 11:18:12 +02:00
Pieter Wuille
24ad20f75b
Merge #399: build: verify that the native compiler works for static precomp 
aa0b1fd build: verify that the native compiler works for static precomp (Cory Fields)
 2016-06-29 11:11:46 +02:00
Pieter Wuille
b3be8521e6
Merge #398: Test whether ECDH and Schnorr are enabled for JNI 
eee808d Test whether ECDH and Schnorr are enabled for JNI (Pieter Wuille)
 2016-05-30 19:58:25 +02:00
Cory Fields
aa0b1fd149 build: verify that the native compiler works for static precomp 2016-05-27 15:45:14 -04:00
Pieter Wuille
eee808d809 Test whether ECDH and Schnorr are enabled for JNI 2016-05-25 19:15:42 +02:00
Pieter Wuille
7b0fb18b75
Merge #366: ARM assembly implementation of field_10x26 inner (rebase of #173) 
001f176 ARM assembly implementation of field_10x26 inner (Wladimir J. van der Laan)
 2016-05-25 19:02:12 +02:00
Wladimir J. van der Laan
001f1763c7 ARM assembly implementation of field_10x26 inner 
Rebased-by: Pieter Wuille <pieter.wuille@gmail.com>
 2016-05-25 18:27:47 +02:00
Pieter Wuille
0172be92e5
Merge #397: Small fixes for sha256 
3f8b78e Fix undefs in hash_impl.h (Kirill Fomichev)
2ab4695 Fix state size in sha256 struct (Kirill Fomichev)
 2016-05-25 18:23:57 +02:00
Kirill Fomichev
3f8b78e5e9 Fix undefs in hash_impl.h 2016-05-21 10:18:57 +03:00
Kirill Fomichev
2ab46954cb Fix state size in sha256 struct 2016-05-21 10:17:06 +03:00
Pieter Wuille
6875b013e6
Merge #386: Add some missing VERIFY_CHECK(ctx != NULL) 
bcc4881 Add some missing `VERIFY_CHECK(ctx != NULL)` for functions that use `ARG_CHECK` (Andrew Poelstra)
 2016-05-08 20:02:45 +02:00
Pieter Wuille
2c52b5d244
Merge #389: Cast pointers through uintptr_t under JNI 
47b9e78 Cast pointers through uintptr_t under JNI (Jon Griffiths)
 2016-05-08 19:58:26 +02:00
Pieter Wuille
43097a44ef
Merge #390: Update bitcoin-core GitHub links 
faa2a11 Update bitcoin-core GitHub links (MarcoFalke)
 2016-05-08 19:56:34 +02:00
Pieter Wuille
31c9c12130
Merge #391: JNI: Only call ecdsa_verify if its inputs parsed correctly 
a40c701 JNI: Only call ecdsa_verify if its inputs parsed correctly (Jon Griffiths)
 2016-05-08 19:55:41 +02:00