55f8bc99dce8846e0da99b92e52353c8cf893287 ecmult_gen: Improve comments about projective blinding (Tim Ruffing)
7a869558004b70803717d8169dd8b090e04df4af ecmult_gen: Simplify code (no observable change) (Tim Ruffing)
4cc0b1b669392d38770f74cb3fb5c801c82f67a0 ecmult_gen: Skip RNG when creating blinding if no seed is available (Tim Ruffing)
Pull request description:
Running the RNG is pointless if no seed is available because the key
will be fixed. The computation just wastes time.
Previously, users could avoid this computation at least by asking for
a context without signing capabilities. But since 3b0c218 we always
build an ecmult_gen context, ignoring the context flags. Moreover,
users could never avoid this pointless computation when asking for
the creation of a signing context.
This fixes one item in #1065.
ACKs for top commit:
sipa:
ACK 55f8bc99dce8846e0da99b92e52353c8cf893287
apoelstra:
ACK 55f8bc99dce8846e0da99b92e52353c8cf893287
Tree-SHA512: 5ccba56041f94fa8f40a8a56ce505369ff2e0ed20cd7f0bfc3fdfffa5fa7bf826a93602b9b2455a352865a9548ab4928e858c19bb5af7ec221594a3bf25c4f3d
Whenever I read this code, I first think that rescaling ctx->initial is
a dead store because we overwrite it later with gb. But that's wrong.
The rescaling blinds the computation of gb and affects its result.
Running the RNG is pointless if no seed is available because the key
will be fixed. The computation just wastes time.
Previously, users could avoid this computation at least by asking for
a context without signing capabilities. But since 3b0c218 we always
build an ecmult_gen context, ignoring the context flags. Moreover,
users could never avoid this pointless computation when asking for
the creation of a signing context.
40a3473a9d44dc409412e94f70ad0f09bd9da3ac build: Fix #include "..." paths to get rid of further -I arguments (Tim Ruffing)
Pull request description:
This simplifies building without a build system.
This is in line with #925; the paths fixed here were either forgotten
there or only introduced later. This commit also makes the Makefile
stricter so that further "wrong" #include paths will lead to build
errors even in autotools builds.
This belongs to #929.
ACKs for top commit:
hebasto:
ACK 40a3473a9d44dc409412e94f70ad0f09bd9da3ac
Tree-SHA512: 6f4d825ea3cf86b13f294e2ec19fafc29660fa99450e6b579157d7a6e9bdb3404d761edf89c1135fa89b984d6431a527beeb97031dc90f2fae9761528f4d06d1
This simplifies building without a build system.
This is in line with #925; the paths fixed here were either forgotten
there or only introduced later. This commit also makes the Makefile
stricter so that further "wrong" #include paths will lead to build
errors even in autotools builds.
This belongs to #929.
Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
49e2acd927ce9eb806cc10f3a1fd89a9ddd081e2 configure: Improve rationale for WERROR_CFLAGS (Tim Ruffing)
8dc4b03341c85a3be91e559d05771c51e60b0eba ci: Add a C++ job that compiles the public headers without -fpermissive (Tim Ruffing)
51f296a46c0b318b8dd572ef9ac3bb3a4140ae63 ci: Run persistent wineserver to speed up wine (Tim Ruffing)
3fb3269c22c25de3b720ad139dcf4e3cff9eda1a ci: Add 32-bit MinGW64 build (Tim Ruffing)
9efc2e5221560d19dd750e0ba32c03d4ee091227 ci: Add MSVC builds (Tim Ruffing)
2be6ba0fedd0d2d62ba6f346d7ced7abde0d66e4 configure: Convince autotools to work with MSVC's archiver lib.exe (Tim Ruffing)
bd81f4140a4228b1df3a9f631e2d207a197ae614 schnorrsig bench: Suppress a stupid warning in MSVC (Tim Ruffing)
09f3d71c51a9621653d766e2fe7e657534e57bd6 configure: Add a few CFLAGS for MSVC (Tim Ruffing)
3b4f3d0d46dd278fbe4ffa68b1b6e14e3ea3b17f build: Reject C++ compilers in the preprocessor (Tim Ruffing)
1cc09414149d0c0c6a4a500d83efc3bd66f3ebcd configure: Don't abort if the compiler does not define __STDC__ (Tim Ruffing)
cca8cbbac84624fd350efc4086af25a06dcf8090 configure: Output message when checking for valgrind (Tim Ruffing)
1a6be5745fcf9f90e4218b73712b71ea06361792 bench: Make benchmarks compile on MSVC (Tim Ruffing)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 49e2acd927ce9eb806cc10f3a1fd89a9ddd081e2
Tree-SHA512: 986c498fb218231fff3519167d34a92e11dea6a4383788a9723be105c20578cd483c6b06ba5686c6669e3a02cfeebc29b8e5f1428552ebf4ec67fa7a86957548
This commit also raises the TEST_ITERS for wine tasks to the default.
The overhead of wine is negligible, so we can certainly afford the same
number of iterations as for native Linux tests.
This adds MSVC builds built on Linux using wine. This requires some
settings of tools and flags because the autotools support for MSVC is
naturally somewhat limited.
The advantage of this approach is that it is compatible with our
existing CI scripts, so there's no need to write a Windows CI script
(in PowerShell or similar). If we want to test building and running on
Windows native (e.g., as supported by Cirrus CI) we could still do this
in the future.
Another advantage of this approach is that contributors can simply use
the docker image if they need a MSVC installation in a non-Windows
environment.
This commit also improves the Dockerfile by grouping RUN commands
according to Docker docs:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
6f6cab9989a4d3f4a28e3cdbfacc4e3e1e55c843 abi: Don't export symbols in static Windows libraries (Cory Fields)
Pull request description:
For context, Bitcoin Core has recently merged [libbitcoin-kernel](https://github.com/bitcoin/bitcoin/pull/24322), a small library that intends to eventually minimally encompass Core's validation engine. This kernel lib includes a static libsecp256k1. Without this change, because libsecp256k1.a ends up with exported symbols, we end up with libsecp256k1 symbols exported by our libbitcoin-kernel library (which causes unrelated problems not worth getting into here).
libtool takes care of building both object versions, and it automatically builds objects for shared libs with -DDLL_EXPORT. We just need to opt-in to its functionality.
I can't imagine this having any negative impact on any current statically-linking applications, if anything they'll just be a tiny bit smaller because they can now strip unused symbols.
ACKs for top commit:
real-or-random:
utACK 6f6cab9989a4d3f4a28e3cdbfacc4e3e1e55c843
theuni:
> Not sure what other changes made compilation on CI fail but Concept ACK [6f6cab9](6f6cab9989). This should be entirely harmless.
sipa:
utACK 6f6cab9989a4d3f4a28e3cdbfacc4e3e1e55c843
laanwj:
utACK 6f6cab9989a4d3f4a28e3cdbfacc4e3e1e55c843
Tree-SHA512: 39f240046639738f7a8c01068e728b2f9ceac2754cc4b0a5fa46c28f6f57a8c4124653b56dfbf5c13106b07c11ac599cc41b508e16862d539ce1af6c3365a205
7efc9835a977c6400f0f024f19fda47710151dc1 Fix the false positive of `SECP_64BIT_ASM_CHECK` (Sprite)
Pull request description:
I'm trying to compile this project for RISC-V architecture, and I encountered errors:
```
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%r15' in 'asm'
28 | __asm__ __volatile__(
| ^
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%r14' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%r13' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%r12' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%r11' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%r10' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%r9' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%r8' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%rdx' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%rcx' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: unknown register name '%rax' in 'asm'
src/field_5x52_asm_impl.h:28:1: error: output number 0 not directly addressable
src/field_5x52_asm_impl.h: In function 'secp256k1_fe_sqr':
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%r15' in 'asm'
298 | __asm__ __volatile__(
| ^
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%r14' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%r13' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%r12' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%r11' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%r10' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%r9' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%r8' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%rdx' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%rcx' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%rbx' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: unknown register name '%rax' in 'asm'
src/field_5x52_asm_impl.h:298:1: error: output number 0 not directly addressable
```
After further investigation I found that for RISC-V, macro `USE_ASM_X86_64` was defined unexpectedly, and `checking for x86_64 assembly availability... yes` appeared in the compilation log file, which means `SECP_64BIT_ASM_CHECK` was not working as expected.
For unknown reasons, `AC_COMPILE_IFELSE` does not check if `__asm__` can be compiled, and an example can verify this point:
```m4
AC_DEFUN([SECP_64BIT_ASM_CHECK],[
AC_MSG_CHECKING(for x86_64 assembly availability)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <stdint.h>]],[[
__asm__ __volatile__("this is obviously wrong");
]])],[has_64bit_asm=yes],[has_64bit_asm=no])
AC_MSG_RESULT([$has_64bit_asm])
])
```
It always gives results: `checking for x86_64 assembly availability... yes`
After testing, replacing `AC_COMPILE_IFELSE` with `AC_LINK_IFELSE` can correctly check if `__asm__` can be compiled and make the project able to compile for RISC-V.
ACKs for top commit:
real-or-random:
ACK 7efc9835a977c6400f0f024f19fda47710151dc1
Tree-SHA512: 7318dd42004b2930cfcd6541c5a9ce0aa186e2179a668b76089a908bea8d9f70fcfdb264512f971e395a3ce9dc7f9ca24c8f3d46175cad2972a2d713f518ed85
2f984ffc45eba89faa9e79da3d5d5bd50a6c1c3d Save negations in var-time group addition (Peter Dettman)
Pull request description:
- Updated _gej_add_var, _gej_add_ge_var, _gej_add_zinv_var
- 2 fewer _fe_negate in each method
- Updated operation counts and standardize layout
- Added internal benchmark for _gej_add_zinv_var
benchmark_internal shows about 2% speedup in each method as a result (64bit).
ACKs for top commit:
real-or-random:
ACK 2f984ffc45eba89faa9e79da3d5d5bd50a6c1c3d
jonasnick:
ACK 2f984ffc45eba89faa9e79da3d5d5bd50a6c1c3d
Tree-SHA512: 01366fa23c83a8dd37c9a0a24e0acc53ce38a201607fe4da6672ea5618d82c62d1299f0e0aa50317883821539af739ea52b6561faff230c148e6fdc5bc5af30b
cc07b8f7a9a7aa3a023f04127cb85c1723dd1bf9 musig-spec: remove it (Jonas Nick)
Pull request description:
Moved to https://github.com/jonasnick/bips/blob/musig2/bip-musig2.mediawiki.
ACKs for top commit:
real-or-random:
ACK cc07b8f7a9a7aa3a023f04127cb85c1723dd1bf9
Tree-SHA512: 67aebe6afbacd83153c465fcea794d36f07d067e21f767d9f82d7429458d91fe1df8a7289c10d9fa5b5458b1b6603b51a3349528dc8af6b0293f34f0b25c311f
67247e53afdf32f414a9fbd0fb008b3935b1e6d9 musig-spec: More minor cleanup (Elliott Jin)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 67247e53afdf32f414a9fbd0fb008b3935b1e6d9
Tree-SHA512: 8ea2880aef0bd69e2faf10a5eb44d5ba3839867565bd735a4582189f04ea54ab73ec23f04d08aed1d10bc5aaa55bab688ff4cb4e733dc73e2a5946f9a187c7ac
376733b58b282a4985dd78d0125749473f0aeff3 musig-spec: clarify hashing in noncegen by converting ints to bytes (Jonas Nick)
Pull request description:
ACKs for top commit:
real-or-random:
ACK 376733b58b282a4985dd78d0125749473f0aeff3
Tree-SHA512: c4708c476094d242fe7312177e345932bd40b52549007b43d2e5e4efc094101624d8583647f305bcbd042692a9d0117eda38f71e22fee0e0f49d677d9f512a8e
b7f8ea2f2a828cb5a6804320a39750a77fffafba musig-spec: address robot-dreams' comments (Jonas Nick)
Pull request description:
- KeyAggCoeff' -> KeyAggCoeffInternal for consistency
- In Sign, add mod n when calculating d
- In Tweak, reorder the parameters to (Q, gacc, tacc, tweak, is_xonly) because
the first three are "state" arguments
- Rename Tweak function to ApplyTweak to avoid confusion with tweak (the
vector). This becomes apparent in the python reference code.
ACKs for top commit:
real-or-random:
ACK b7f8ea2f2a828cb5a6804320a39750a77fffafba
Tree-SHA512: 6f9066af2f67b6d2769f38ebb2537769568e77bab18d487590a0095a695eab5c34a7177e4d299f27e3e30628dd07aff831f3f08db256cf2ae13ea0d92f3e18b8
- KeyAggCoeff' -> KeyAggCoeffInternal for consistency
- In Sign, add mod n when calculating d
- In Tweak, reorder the parameters to (Q, gacc, tacc, tweak, is_xonly) because
the first three are "state" arguments
- Rename Tweak function to ApplyTweak to avoid confusion with tweak (the
vector). This becomes apparent in the python reference code.
fd51a6281ec21c9dcb71c13666a2551370e31fd1 musig-spec: add authors (Jonas Nick)
f56e223a7a79aa52748d4f542ecebc2ce6c537b2 musig-spec: explain NonceGen and tweaking in signing flow context (Jonas Nick)
e463ea42bb1fe48e30e6d289461cff4fa0935f77 musig-spec: mention stateless signing in signing flow (Jonas Nick)
a29b961eb75d4bd4c871ee5cc7de861a2b7011aa musig-spec: add acknowledgements and improve abstract (Jonas Nick)
1a086ba9c9143ef572b6f1fa3d7c6b8ca173414e musig-spec: add optional arguments to strengthen nonce function (Jonas Nick)
8d04ac318f2f6f160480faf6aeb843a1cba28db0 musig-spec: remove unnecessary and inconsistent input paragraph (Jonas Nick)
Pull request description:
Based on #177
It's likely we're missing people in the acknowledgements. Ping me if you think you are.
ACKs for top commit:
real-or-random:
ACK fd51a6281ec21c9dcb71c13666a2551370e31fd1
Tree-SHA512: 5240b783c15f76655b2593422dc7c76de1c5e298bbe2f39858daca4ee1b1877f1ff179b4043e6f1f75f8c804b734f4bb739d38a18a54b094d8640c57fd074ed9
