e51ad3b737 ci: Retry `brew update` a few times to avoid random failures (Tim Ruffing)
b1cb969e8a ci: Revert "Attempt to make macOS builds more reliable" (Tim Ruffing)
Pull request description:
ACKs for top commit:
jonasnick:
ACK e51ad3b737
Tree-SHA512: cb0b81ac8d81fe8ea58afa7382d3f922bd4eb713645c5d0b99f9de963c9906273f5d573a9272e8f6cdb16ffcca5e162c088cc2b0772278f68930f8cb726824be
d9396a56da ci: Attempt to make macOS builds more reliable (Tim Ruffing)
Pull request description:
ACKs for top commit:
jonasnick:
ACK d9396a56da
Tree-SHA512: 68df44107d74671de148e9c3e6dbc6b16bec937137d7d9771efce10f5d66459559b372346d05ecc23237b2e3af9479156f733219717cb93f5204f9ea5b2636a9
ebb1beea78 sage: Ensure that constraints are always fastfracs (Tim Ruffing)
d8d54859ed ci: Run sage prover on CI (Tim Ruffing)
77cfa98dbc sage: Normalize sign of polynomial factors in prover (Tim Ruffing)
eae75869cf sage: Exit with non-zero status in case of failures (Tim Ruffing)
b54d843eac sage: Fix printing of errors (Tim Ruffing)
e108d0039c sage: Fix incompatibility with sage 9.4 (Tim Ruffing)
Pull request description:
ACKs for top commit:
sipa:
ACK ebb1beea78
jonasnick:
ACK ebb1beea78
Tree-SHA512: 7a4732fd31d925d3dff471911183acc465ddcadbb5c88c46995502df61a913433c7639cb52fad3db72373b7cc47b9b0f063f7f5d5f8189c9ef998955e409479f
The prover, when run on recent sage versions, failed to prove some of its
goals due to a change in sage. This commit adapts our code accordingly.
The prover passes again after this commit.
The macOS CI tasks often error fail when doing `brew update` with
git fetch errors:
```
remote: fatal: packfile /data/repositories/b/nw/b6/07/5c/123272362/network.git/objects/pack/pack-2139bd07361b62a358e380a0e7d58ec35593d191.pack cannot be accessed
fatal: protocol error: bad pack header
Error: Fetching /usr/local/Homebrew/Library/Taps/homebrew/homebrew-core failed!
```
Superficially this seems to be a problem on the GitHub server because
the message shows a "remote" error. But it seems we're the only one in
the world running into this specific issue when doing `brew update`, so
it's more likely that the something else is the culprit, and this error
message is just a symptom.
This commit replaces `brew update` with a complete reinstallation of
brew. This is essentially a shot in the dark but it's worth a try, and
I doubt it's significantly more expensive. If that won't work, we may
consider simply retrying `brew update` a few times.
According to [autoconf 2.70](https://www.gnu.org/software/autoconf/manual/autoconf-2.70/html_node/Obsolete-Macros.html)
documentation, the `AC_PROG_CC_C89' is replaced by `AC_PROG_CC`, which
defines the same variable `ac_cv_prog_cc_c89`.
Avoids the following message:
```
configure.ac:23: warning: The macro `AC_PROG_CC_C89' is obsolete.
```
Also, remove deprecated `AM_PROG_CC_C_O`.
b797a500ec Create a SECP256K1_ECMULT_TABLE_VERIFY macro. (Russell O'Connor)
a731200cc3 Replace ECMULT_TABLE_GET_GE_STORAGE macro with a function. (Russell O'Connor)
fe34d9f341 Eliminate input_pos state field from ecmult_strauss_wnaf. (Russell O'Connor)
0397d00ba0 Eliminate na_1 and na_lam state fields from ecmult_strauss_wnaf. (Russell O'Connor)
7ba3ffcca0 Remove the unused pre_a_lam allocations. (Russell O'Connor)
b3b57ad6ee Eliminate the pre_a_lam array from ecmult_strauss_wnaf. (Russell O'Connor)
ae7ba0f922 Remove the unused prej allocations. (Russell O'Connor)
e5c18892db Eliminate the prej array from ecmult_strauss_wnaf. (Russell O'Connor)
c9da1baad1 Move secp256k1_fe_one to field.h (Russell O'Connor)
Pull request description:
ACKs for top commit:
sipa:
ACK b797a500ec
jonasnick:
ACK b797a500ec
Tree-SHA512: 6742469979c306104a0861be76c2be86bf8ab14116b00afbd24f91b9e3ea843bf9b9a74552b367bd06ee617090019ad4df6be037d58937c8c869f8b37ddaa6cc
69b392f3cb musig: move explanation for aggnonce=inf to spec (Jonas Nick)
4824220bb7 musig-spec: describe NonceGen, NonceAgg, Sign,PartialSig{Verify,Agg} (Jonas Nick)
3c122d0780 musig-spec: improve definition of lift_x (Jonas Nick)
e0bb2d7009 musig-spec: improve KeyAgg description (Jonas Nick)
b8f4e75d89 musig-spec: move to doc directory (Jonas Nick)
Pull request description:
Will wait before adding tweaking until #151 is merged.
ACKs for top commit:
robot-dreams:
ACK 69b392f3cb based on:
real-or-random:
ACK 69b392f3cb I haven't looked at every detail but it's certainly ready to be merged as draft spec
Tree-SHA512: e3aa0265a9d7a7648e03ca42575397100edd5af43f0224937af51aa5c77efc451d7938149bdc711f69e24fb9291438453b8cd762affaa1a2e7bcc89f121485df
8088eddc53 musig: add test vector for ordinary (non xonly) tweaking (Elliott Jin)
57a17929fc musig: add ordinary and xonly tweaking to the example (Jonas Nick)
37107361a0 musig: allow ordinary, non-xonly tweaking (Jonas Nick)
c519b46879 musig: add pubkey_get to obtain a full pubkey from a keyagg_cache (Jonas Nick)
Pull request description:
In short, `musig_pubkey_tweak_add` now allows for xonly _and_ "ordinary" tweaking. Also, in order to allow using `ec_pubkey_tweak_add` on the non-xonly aggregate public key, there's a new function `musig_pubkey_get` that allows obtaining it from the `keyagg_cache`.
One alternative would be that instead of adding `musig_pubkey_get`, we could change `pubkey_agg` to output an ordinary (non-xonly) pubkey. Then users of the API who do not need ordinary (BIP32) tweaking would be forced to call `xonly_pubkey_from_pubkey`. And we'd probably want to change the spec. And it would be a bit weird to output a pubkey that can't be directly schnorrsig_verify'd.
Based on #131
ACKs for top commit:
robot-dreams:
ACK 8088eddc53 based on https://github.com/ElementsProject/secp256k1-zkp/pull/151#issuecomment-1005198409 and the following `range-diff`:
Tree-SHA512: a4a0100f0470c870f88a8da27dbcc4684fcc2caabb368d4340e962e08d5ee04634e6289bafa3448dbfd0b5793a3e70de5bd6ddca7a619cc3220ff762d518a8fe
070e772211 Faster fixed-input ecmult tests (Pieter Wuille)
Pull request description:
Given how much #920 slowed down the tests with low iteration count, replace it with 3 different similar test:
* count >= 1: a test with 1024 multiplies that tests any pattern of 6 bits in windows not more than 20 bits wide
* count >= 3: a test with 2048 multiplies that tests any pattern of 8 consecutive bits
* count >= 35: the old test (which effectively tests all 2-bit patterns)
ACKs for top commit:
robot-dreams:
ACK 070e772211, the addition of the `CONDITIONAL_TEST` macro is nice.
real-or-random:
ACK 070e772211
Tree-SHA512: b4ccca42c71fcd1baa7143f73d1c3ac9d012c296485164a03341dbeee02e4ba9f7c7ad6b441923a5fe0286c97eff60815033adb4e1d30b3ef08bcb79590327ff
45f37b6506 Modulo-reduce msg32 inside RFC6979 nonce fn to match spec. Fixes#1063. (Paul Miller)
Pull request description:
ACKs for top commit:
siv2r:
ACK 45f37b6. The diff looks good. It reduces `msg32` to modulo curve order for rfc6979 nonce generation. All tests passed on my machine with `make check`.
sipa:
utACK 45f37b6506
real-or-random:
ACK 45f37b6506
Tree-SHA512: 4c36784b2d6f2983bc0c3f380ff59cd9f2bd1822b98116d70964cd15183742fcc1f2ccde225a76dd30d946b3678b2cf29caff018efc07f40a200ee85843b39dd
