frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,679 Commits 14 Branches 0 Tags
Commit Graph

957 Commits

Author SHA1 Message Date
Pieter Wuille
c76be9efa0 Remove unused num functions 2014-11-30 23:38:01 +01:00
Pieter Wuille
4285a98722 Move lambda-splitting code to scalar. 
It's not really an operation on group elements.
 2014-11-30 23:38:01 +01:00
Pieter Wuille
f24041d6aa Switch all EC/ECDSA logic from num to scalar 2014-11-30 23:38:01 +01:00
Pieter Wuille
6794be6080 Add scalar splitting functions 
Which currently delegate to the lambda-splitter in group.
 2014-11-30 23:38:01 +01:00
Pieter Wuille
d1502eb459 Add secp256k1_scalar_inverse_var which delegates to GMP 2014-11-30 23:38:01 +01:00
Pieter Wuille
b5c9ee756f Make test_point_times_order test meaningful again 
As wnaf splitting is scalar based, multiplying with the order directly
would be reduced to multiplication with zero before even converting to
wnaf.
 2014-11-30 23:38:01 +01:00
Pieter Wuille
0b73059709 Switch wnaf splitting from num-based to scalar-based 2014-11-30 23:38:01 +01:00
Pieter Wuille
1e6c77c321 Generalize secp256k1_scalar_get_bits 2014-11-30 23:38:01 +01:00
Pieter Wuille
5213207856 Add secp256k1_scalar_add_bit 2014-11-30 23:37:58 +01:00
Pieter Wuille
6e0528785d Do signature recovery/verification with 4 possible recid case 2014-11-29 10:57:50 +01:00
Pieter Wuille
e3d692ff75 Explain why no y=0 check is necessary for doubling 
Explanation suggested by Greg Maxwell.
 2014-11-28 22:18:50 +01:00
Pieter Wuille
f7dc1c6513 Optimize doubling: secp256k1 has no y=0 point 2014-11-28 22:18:30 +01:00
Pieter Wuille
2a54f9bcee Correct typo in comment 2014-11-28 16:39:36 +01:00
Pieter Wuille
3ce74b1266 Tweak precomputed table size for G 2014-11-26 23:45:49 +01:00
Pieter Wuille
99f0728f23 Fix secp256k1_num_set_bin handling of 0 2014-11-26 15:21:31 +01:00
Pieter Wuille
d907ebc0e3 Add bounds checking to field element setters 2014-11-26 15:21:31 +01:00
Pieter Wuille
665775b2b9 Don't split the g factor when not using endomorphism 2014-11-25 14:29:02 +01:00
Pieter Wuille
3bf029d676 Add test that recovering infinity fails 2014-11-18 13:13:17 +01:00
Pieter Wuille
4861f83686 Test whether recovered public keys are not infinity 
Fixes a bug discovered by Sergio Demian Lerner.
 2014-11-18 12:37:39 +01:00
Pieter Wuille
bbe67d8b29 Make secp256k1_eckey_pubkey_serialize fail for infinity 2014-11-18 12:37:38 +01:00
Pieter Wuille
f49b2ef840 Add DETERMINISTIC to avoid line number/source dependent binaries 
This will make it easier to detect changes without semantic impact.
 2014-11-18 11:08:44 +01:00
Gregory Maxwell
71712b27e5 Switch to C89 comments in prep for making the whole codebase C89 compatible. 
This should be whitespace/comment only changes and should produce the same
object code.
 2014-11-15 07:33:07 -08:00
Pieter Wuille
f8cce95650 Add overflow analysis to field_10x26_impl.h 2014-11-14 17:52:39 +01:00
Pieter Wuille
a51859871a Add overflow analysis to field_5x52_int128_impl.h 2014-11-13 07:47:40 -08:00
Pieter Wuille
fa0d620668 Add equalities relating input and output variables 2014-11-13 07:00:44 -08:00
Peter Dettman
5dd421bab5 Rewrite mul/sqr for 32bit/64bit 
- interleave calculation of the lower and upper partial product ranges, and reduction
- less registers needed, more opportunities for parallel ops
 2014-11-13 04:46:17 -08:00
Gregory Maxwell
861f9a59cc field_gmp's negate doesn't need to use the magnitude argument. 2014-11-13 01:45:56 -08:00
Gregory Maxwell
f0709ac57e Avoid forward static decl of undefined functions, also fix a paren warning in the tests. 2014-11-13 01:45:49 -08:00
Gregory Maxwell
3276e7d4e2 Signed/unsigned comparisons in tests. 2014-11-12 15:47:12 -08:00
Gregory Maxwell
850562e3f1 Avoid unsigned comparison in scalar arith. 2014-11-12 15:47:12 -08:00
Gregory Maxwell
65a14abb48 Fix varrious signed/unsigned comparisons. 2014-11-12 15:47:12 -08:00
Gregory Maxwell
e9e0e21a6f Avoid a shadowed variable. 2014-11-12 15:47:12 -08:00
Gregory Maxwell
e28a8b86c7 Remove a VERIFY_CHECK for >=0ness on an unsigned type. 2014-11-12 15:47:12 -08:00
Gregory Maxwell
2cad067a36 Correct function prototypes and avoid unused parameter warnings. 2014-11-12 15:47:06 -08:00
Gregory Maxwell
a4a43d7543 Reorder static to comply with C99 and switch to the inline macro. 2014-11-12 13:07:55 -08:00
Gregory Maxwell
8563713a4f Add non-null and unused-result warnings for the external API. 
GCC (and clang) supports extensions to annotate functions so that their
 results must be used and so that their arguments can't be statically
 provable to be null. If a caller violates these requirements they
 get a warning, so this helps them write correct code.

I deployed this in libopus a couple years ago with good success, and
 the implementation here is basically copied straight from that.

One consideration is that the non-null annotation teaches the optimizer
 and will actually compile out runtime non-nullness checks as dead-code.
 Since this is usually not whats wanted, the non-null annotations are
 disabled when compiling the library itself.

The commit also removes some dead inclusions of assert.h and introduces
 compatibility macros for restrict and inline in preparation for some
 portability improvements.
 2014-11-12 12:23:09 -08:00
Peter Dettman
fb1bb0b445 Rearrange _gej_add_ge to save an _fe_negate 2014-11-12 02:16:36 -08:00
Pieter Wuille
9338dbf791 Branch-free point addition 2014-11-11 14:28:22 -08:00
Pieter Wuille
ef6f677679
Merge pull request #95 
79ad6d4 Remove some dead variables in the tests. (Gregory Maxwell)
9974d86 Misc. Warning and cosmetic error cleanups. (Gregory Maxwell)
 2014-11-04 23:29:08 -08:00
Gregory Maxwell
79ad6d44ea Remove some dead variables in the tests. 2014-11-04 13:47:23 -08:00
Gregory Maxwell
9974d8693e Misc. Warning and cosmetic error cleanups. 
This fixes a cosmetic precedence bug in the tests along with some
 type warnings.

It also adds a dummy cast to the CHECK macro to avoid hundreds
 of statement with no effect warnings on compilers that warn about
 such things.
 2014-11-04 13:17:45 -08:00
Pieter Wuille
1d52a8b155 Implementations for scalar without data-dependent branches. 2014-11-04 03:01:55 -08:00
Pieter Wuille
da55986fdf Label variable-time functions correctly and don't use those in sign 2014-11-04 02:50:06 -08:00
Pieter Wuille
784e62f3b2
Fix typo 2014-11-04 02:28:34 -08:00
Peter Dettman
137e77afb4 Address 'constant-time' TODOs in field impls 2014-11-04 14:57:04 +07:00
Pieter Wuille
cc20075ef7
Merge pull request #85 
7a8e385 Fix interaction between magnitudes and negation (Pieter Wuille)
 2014-11-03 01:44:27 -08:00
Pieter Wuille
501d58f098 Get rid of {num,scalar,ecdsa_sig}_{init,free} 2014-11-03 01:31:04 -08:00
Pieter Wuille
7a8e385d74 Fix interaction between magnitudes and negation 
Magnitude m means values are allowed to be up to 2 * 0xFFF...FFF * m,
while the argument passed to secp256k1_fe_negate didn't take the 2 into
account. Fix this.
 2014-11-02 01:25:07 -08:00
Pieter Wuille
b0295868f4
Merge pull request #82 
8f9a307 Better .gitignore for bench binaries (Pieter Wuille)
fa5c13f Add bench_sign tool (Pieter Wuille)
 2014-11-02 01:16:58 -07:00
Peter Dettman
7d681ac636 Add verification to 32bit field 
- implement _fe_verify for 10x26
- fe is normalized after _fe_clear
- a few corresponding changes in 64bit field
 2014-11-01 16:58:42 +07:00