frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
593 Commits 14 Branches 0 Tags
Commit Graph

593 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pieter Wuille
7b92cf66c7
Merge pull request #132 
efb7d4b Use constant-time conditional moves instead of byte slicing (Pieter Wuille)
 2014-12-03 21:21:42 +01:00
Pieter Wuille
0bf70a5d6c
Merge pull request #133 
9048def Avoid undefined shift behaviour (Pieter Wuille)
 2014-12-03 21:20:26 +01:00
Pieter Wuille
29ae1310ce Make scalar_add_bit test's overflow detection exact 2014-12-03 18:54:01 +01:00
Pieter Wuille
9048def7c7 Avoid undefined shift behaviour 2014-12-03 18:10:52 +01:00
Pieter Wuille
efb7d4b299 Use constant-time conditional moves instead of byte slicing 2014-12-03 02:41:55 +01:00
Pieter Wuille
d220062ac2
Merge pull request #131 
82f9254 Fix typo (Pieter Wuille)
 2014-12-02 18:36:55 +01:00
Pieter Wuille
82f9254cc0 Fix typo 2014-12-02 18:35:33 +01:00
Pieter Wuille
601ca04f9a
Merge pull request #129 
35399e0 Bugfix: b is restricted, not r (Pieter Wuille)
 2014-12-02 17:52:43 +01:00
Pieter Wuille
35399e08c4 Bugfix: b is restricted, not r 2014-12-02 17:43:42 +01:00
Pieter Wuille
c35ff1ea44 Convert lambda splitter to pure scalar code. 
This enables the use of the endomorphism optimization without bignum.
 2014-12-02 16:50:00 +01:00
Peter Dettman
cc604e9842 Avoid division when decomposing scalars 
- In secp256k1_gej_split_exp, there are two divisions used. Since the denominator is a constant known at compile-time, each can be replaced by a multiplication followed by a right-shift (and rounding).
- Add the constants g1, g2 for this purpose and rewrite secp256k1_scalar_split_lambda_var accordingly.
- Remove secp256k1_num_div since no longer used

Rebased-by: Pieter Wuille
 2014-12-02 16:50:00 +01:00
Pieter Wuille
ff8746d457 Add secp256k1_scalar_mul_shift_var 2014-12-02 16:50:00 +01:00
Pieter Wuille
bd313f7d6e
Merge pull request #119 
597128d Make num optional (Pieter Wuille)
659b554 Make constant initializers independent from num (Pieter Wuille)
 2014-12-02 16:42:50 +01:00
Pieter Wuille
276f987d70
Merge pull request #124 
4d4eeea Make secp256k1_fe_mul_inner use the r != property (Pieter Wuille)
be82e92 Require that r and b are different for field multiplication. (Pieter Wuille)
 2014-12-02 16:39:20 +01:00
Pieter Wuille
25d125ec26
Merge pull request #126 
24b3c65 Add a test case for ECDSA recomputing infinity (Pieter Wuille)
32600e5 Add a test for r >= order signature handling (Pieter Wuille)
 2014-12-01 22:41:54 +01:00
Pieter Wuille
24b3c65e0d Add a test case for ECDSA recomputing infinity 2014-12-01 14:45:05 +01:00
Pieter Wuille
32600e5086 Add a test for r >= order signature handling 
Suggested by Greg Maxwell.
 2014-12-01 14:23:09 +01:00
Pieter Wuille
4d4eeea4ac Make secp256k1_fe_mul_inner use the r != property 
Suggested by Peter Dettman.
 2014-12-01 13:40:36 +01:00
Pieter Wuille
be82e92fc4 Require that r and b are different for field multiplication. 
Suggested by Peter Dettman, this prepares for slightly faster muitiplication
which writes results immediately to r before finishing reading b.
 2014-12-01 13:40:34 +01:00
Pieter Wuille
597128d389 Make num optional 2014-12-01 12:38:38 +01:00
Pieter Wuille
659b554d7b Make constant initializers independent from num 2014-12-01 12:38:38 +01:00
Pieter Wuille
0af5b47133
Merge pull request #120 
e3d692f Explain why no y=0 check is necessary for doubling (Pieter Wuille)
f7dc1c6 Optimize doubling: secp256k1 has no y=0 point (Pieter Wuille)
 2014-12-01 12:38:13 +01:00
Pieter Wuille
e2e8a362ad
Merge pull request #117 
c76be9e Remove unused num functions (Pieter Wuille)
4285a98 Move lambda-splitting code to scalar. (Pieter Wuille)
f24041d Switch all EC/ECDSA logic from num to scalar (Pieter Wuille)
6794be6 Add scalar splitting functions (Pieter Wuille)
d1502eb Add secp256k1_scalar_inverse_var which delegates to GMP (Pieter Wuille)
b5c9ee7 Make test_point_times_order test meaningful again (Pieter Wuille)
0b73059 Switch wnaf splitting from num-based to scalar-based (Pieter Wuille)
1e6c77c Generalize secp256k1_scalar_get_bits (Pieter Wuille)
5213207 Add secp256k1_scalar_add_bit (Pieter Wuille)
 2014-12-01 12:32:19 +01:00
Pieter Wuille
c76be9efa0 Remove unused num functions 2014-11-30 23:38:01 +01:00
Pieter Wuille
4285a98722 Move lambda-splitting code to scalar. 
It's not really an operation on group elements.
 2014-11-30 23:38:01 +01:00
Pieter Wuille
f24041d6aa Switch all EC/ECDSA logic from num to scalar 2014-11-30 23:38:01 +01:00
Pieter Wuille
6794be6080 Add scalar splitting functions 
Which currently delegate to the lambda-splitter in group.
 2014-11-30 23:38:01 +01:00
Pieter Wuille
d1502eb459 Add secp256k1_scalar_inverse_var which delegates to GMP 2014-11-30 23:38:01 +01:00
Pieter Wuille
b5c9ee756f Make test_point_times_order test meaningful again 
As wnaf splitting is scalar based, multiplying with the order directly
would be reduced to multiplication with zero before even converting to
wnaf.
 2014-11-30 23:38:01 +01:00
Pieter Wuille
0b73059709 Switch wnaf splitting from num-based to scalar-based 2014-11-30 23:38:01 +01:00
Pieter Wuille
1e6c77c321 Generalize secp256k1_scalar_get_bits 2014-11-30 23:38:01 +01:00
Pieter Wuille
5213207856 Add secp256k1_scalar_add_bit 2014-11-30 23:37:58 +01:00
Pieter Wuille
3c0ae43d66
Merge pull request #122 
6e05287 Do signature recovery/verification with 4 possible recid case (Pieter Wuille)
 2014-11-30 19:51:44 +01:00
Pieter Wuille
6e0528785d Do signature recovery/verification with 4 possible recid case 2014-11-29 10:57:50 +01:00
Pieter Wuille
e3d692ff75 Explain why no y=0 check is necessary for doubling 
Explanation suggested by Greg Maxwell.
 2014-11-28 22:18:50 +01:00
Pieter Wuille
f7dc1c6513 Optimize doubling: secp256k1 has no y=0 point 2014-11-28 22:18:30 +01:00
Pieter Wuille
666d3b5132
Merge pull request #121 
2a54f9b Correct typo in comment (Pieter Wuille)
 2014-11-28 21:23:07 +01:00
Pieter Wuille
2a54f9bcee Correct typo in comment 2014-11-28 16:39:36 +01:00
Pieter Wuille
3ce74b1266 Tweak precomputed table size for G 2014-11-26 23:45:49 +01:00
Pieter Wuille
9d64145781
Merge pull request #114 
99f0728 Fix secp256k1_num_set_bin handling of 0 (Pieter Wuille)
d907ebc Add bounds checking to field element setters (Pieter Wuille)
 2014-11-26 15:24:18 +01:00
Pieter Wuille
99f0728f23 Fix secp256k1_num_set_bin handling of 0 2014-11-26 15:21:31 +01:00
Pieter Wuille
d907ebc0e3 Add bounds checking to field element setters 2014-11-26 15:21:31 +01:00
Pieter Wuille
bb2cd94e09
Merge pull request #116 
665775b Don't split the g factor when not using endomorphism (Pieter Wuille)
 2014-11-26 15:19:59 +01:00
Pieter Wuille
665775b2b9 Don't split the g factor when not using endomorphism 2014-11-25 14:29:02 +01:00
Pieter Wuille
9431d6b112
Merge pull request #115 
e2274c5 build: osx: attempt to work with homebrew keg-only packages (Cory Fields)
 2014-11-25 13:51:52 +01:00
Cory Fields
e2274c58e6 build: osx: attempt to work with homebrew keg-only packages 2014-11-24 11:49:22 -05:00
Pieter Wuille
ad2028f989
Merge pull request #110 
3bf029d Add test that recovering infinity fails (Pieter Wuille)
4861f83 Test whether recovered public keys are not infinity (Pieter Wuille)
bbe67d8 Make secp256k1_eckey_pubkey_serialize fail for infinity (Pieter Wuille)
 2014-11-18 18:01:55 +01:00
Pieter Wuille
3bf029d676 Add test that recovering infinity fails 2014-11-18 13:13:17 +01:00
Pieter Wuille
4861f83686 Test whether recovered public keys are not infinity 
Fixes a bug discovered by Sergio Demian Lerner.
 2014-11-18 12:37:39 +01:00
Pieter Wuille
bbe67d8b29 Make secp256k1_eckey_pubkey_serialize fail for infinity 2014-11-18 12:37:38 +01:00