secp256k1-zkp

Author	SHA1	Message	Date
Jonas Nick	7d4f86d242	Merge bitcoin-core/secp256k1#1307 : Mark more assembly outputs as early clobber 8c9ae37a5a26cdeb6365624fee43f41b238830e4 Add release note (Pieter Wuille) 350b4bd6e6efd3c62875820fdeb2740738937922 Mark stack variables as early clobber for technical correctness (Pieter Wuille) 0c729ba70d963f2798184b0b8524d7de2f3ced9f Bugfix: mark outputs as early clobber in scalar x86_64 asm (Pieter Wuille) Pull request description: ACKs for top commit: real-or-random: ACK 8c9ae37a5a26cdeb6365624fee43f41b238830e4 jonasnick: ACK 8c9ae37a5a26cdeb6365624fee43f41b238830e4 Tree-SHA512: 874d01f5540d14b5188aec25f6441dbc6631f8d3980416040a3e250f1aef75150068415e7a458a9a3fb0d7cbdeb97f5c7e089b187d6d3dd79aa6e45274c241b6	2023-05-12 13:37:09 +00:00
Tim Ruffing	b54a0672ef	Merge bitcoin-core/secp256k1#1304 : build: Rename arm to arm32 and check if it's really supported c6bb29b3037c6b5264f2d2916c5a2d38de25df19 build: Rename `64bit` to `x86_64` (Hennadii Stepanov) 03246457a8f7091e13af13a50d7ae33cf42e08b5 autotools: Add `SECP_ARM32_ASM_CHECK` macro (Hennadii Stepanov) ed4ba238e2cb2f24301c1add238cf7ff062286c3 cmake: Add `check_arm32_assembly` function (Hennadii Stepanov) e5cf4bf3ff9aac5b5897a8a9852cfbb84da0bfb1 build: Rename `arm` to `arm32` (Hennadii Stepanov) Pull request description: Closes https://github.com/bitcoin-core/secp256k1/issues/1034. Solves one item in https://github.com/bitcoin-core/secp256k1/issues/1235. ACKs for top commit: real-or-random: ACK c6bb29b3037c6b5264f2d2916c5a2d38de25df19 tested on x86_64 but not on ARM Tree-SHA512: c3615a18cfa30bb2cc53be18c09ccab08fc800b84444d8c6b333347b4db039a3981da61e7da5086dd9f4472838d7c031d554be9ddc7c435ba906852bba593982	2023-05-12 14:58:32 +02:00
Pieter Wuille	350b4bd6e6	Mark stack variables as early clobber for technical correctness In the field 5x52 asm for x86_64, stack variables are provided as outputs. The existing inputs are all forcibly allocated to registers, so cannot coincide, but mark them as early clobber anyway to make this clearer.	2023-05-12 05:23:11 -04:00
Pieter Wuille	0c729ba70d	Bugfix: mark outputs as early clobber in scalar x86_64 asm In the existing code, the compiler is allowed to allocate the RSI register for outputs m0, m1, or m2, which are written to before the input in RSI is read from. Fix this by marking them as early clobber. Reported by ehoffman2 in https://github.com/bitcoin-core/secp256k1/issues/766	2023-05-12 05:23:07 -04:00
Pieter Wuille	5b32602295	Split fe_set_b32 into reducing and normalizing variants	2023-05-11 13:49:33 -04:00
Jonas Nick	006ddc1f42	Merge bitcoin-core/secp256k1#1306 : build: Make tests work with external default callbacks 1907f0f1664e3a966daa58be956af18e48834ffd build: Make tests work with external default callbacks (Tim Ruffing) Pull request description: ACKs for top commit: sipa: ACK 1907f0f1664e3a966daa58be956af18e48834ffd jonasnick: ACK 1907f0f1664e3a966daa58be956af18e48834ffd Tree-SHA512: 198598f7bf5292bf5709187f9a40ddf9a0fba93e8b62afb49df2c05b4ef61c394cea43ee07615b51ceea97862228d8ad351fddef13c190cb2e6690943ed63128	2023-05-11 17:31:29 +00:00
Tim Ruffing	1907f0f166	build: Make tests work with external default callbacks	2023-05-11 19:08:35 +02:00
Jonas Nick	fb3a806365	Merge bitcoin-core/secp256k1#1133 : schnorrsig: Add test vectors for variable-length messages cd54ac7c1cca509404b62e626a6291f434af88e8 schnorrsig: Improve docs of schnorrsig_sign_custom (Tim Ruffing) 28687b03128fbdd23a3f901297f523dfae2f82e3 schnorrsig: Add BIP340 varlen test vectors (Tim Ruffing) 97a98bed1ed479b1a23d8ae788020d8a6e081cf0 schnorrsig: Refactor test vector code to allow varlen messages (Tim Ruffing) Pull request description: ACKs for top commit: sipa: ACK cd54ac7c1cca509404b62e626a6291f434af88e8. I didn't verify the included test vectors match the BIP. jonasnick: ACK cd54ac7c1cca509404b62e626a6291f434af88e8 Tree-SHA512: 268140e239b703aaf79825de2263675a8c31bef999f013ea532b0cd7b80f2d600d78f3872209a93774ba4dbc0a046108e87d151fc4604882c5636876026a0816	2023-05-11 16:44:08 +00:00
Tim Ruffing	28687b0312	schnorrsig: Add BIP340 varlen test vectors	2023-05-11 18:36:42 +02:00
Tim Ruffing	97a98bed1e	schnorrsig: Refactor test vector code to allow varlen messages	2023-05-11 18:36:42 +02:00
Jonas Nick	ab5a917128	Merge bitcoin-core/secp256k1#1303 : ct: Use more volatile 17fa21733aae97bf671fede3ce528c7a3b2f5f14 ct: Be cautious and use volatile trick in more "conditional" paths (Tim Ruffing) 5fb336f9ce7d287015ada5d1d6be35d63469c9a4 ct: Use volatile trick in scalar_cond_negate (Tim Ruffing) Pull request description: ACKs for top commit: sipa: ACK 17fa21733aae97bf671fede3ce528c7a3b2f5f14 jonasnick: ACK 17fa21733aae97bf671fede3ce528c7a3b2f5f14 Tree-SHA512: 4a0fbee7b1cce4f4647bff697c0e645d93aa8fb49777feef5eb1e1eadce2116bafdcc6175c066ee4fe4bf1340047311e2d7d2c48bb288867a837ecd6c8687121	2023-05-11 16:14:44 +00:00
Tim Ruffing	9eb6934f69	Merge bitcoin-core/secp256k1#1305 : Remove unused scratch space from API 712e7f8722eba5dec2bc6b37d75aadeb6f6e633b Remove unused scratch space from API (Jonas Nick) Pull request description: Not sure if we want the typedef and `secp256k1_scratch_space_{create,destroy}` but if we don't keep them then this PR will be a rather large diff. ACKs for top commit: sipa: ACK 712e7f8722eba5dec2bc6b37d75aadeb6f6e633b real-or-random: utACK 712e7f8722eba5dec2bc6b37d75aadeb6f6e633b Tree-SHA512: b3a8feb0fe4639d5e48b708ccbf355bca5da658a291f63899086d2bbeb6d0ab33e3dcd55d8984ec7fa803f757b7d02e71bcb7e7eeecaab52ffc70ae85dce8c44	2023-05-11 18:07:53 +02:00
Jonas Nick	073d98a076	Merge bitcoin-core/secp256k1#1292 : refactor: Make 64-bit shift explicit d1e48e5474a2be29e17a477874a4963f8f612a5a refactor: Make 64-bit shift explicit (Hennadii Stepanov) b2e29e43d0e5e65c1e1199f86f59689a1e736109 ci: Treat all compiler warnings as errors in "Windows (VS 2022)" task (Hennadii Stepanov) Pull request description: ACKs for top commit: real-or-random: utACK d1e48e5474a2be29e17a477874a4963f8f612a5a jonasnick: ACK d1e48e5474a2be29e17a477874a4963f8f612a5a Tree-SHA512: fd07c8c136b1c947900d45b5a4ad4963e2c29884aca62a26be07713dfd1b0c5e7655f07a0b99217fc055bf3266e71cb5edabbd4d5c145a172b4be5d10f7ad51c	2023-05-11 15:06:47 +00:00
Tim Ruffing	17fa21733a	ct: Be cautious and use volatile trick in more "conditional" paths - secp256k1_scalar_cadd_bit - secp256k1_modinvXX_normalize_YY - secp256k1_modinvXX_divsteps_ZZ - ECMULT_CONST_TABLE_GET_GE Even though those code loations are not problematic right now (with current compilers).	2023-05-11 16:32:07 +02:00
Tim Ruffing	5fb336f9ce	ct: Use volatile trick in scalar_cond_negate	2023-05-11 16:32:07 +02:00
Jonas Nick	712e7f8722	Remove unused scratch space from API	2023-05-11 13:39:56 +00:00
Pieter Wuille	54d34b6c24	Merge bitcoin-core/secp256k1#1300 : Avoid normalize conditional on VERIFY 97c63b90390b0b11a5d3530b03855ec9cc0de343 Avoid normalize conditional on VERIFY (Pieter Wuille) Pull request description: In the old code, `secp256k1_gej_rescale` requires a normalized input in VERIFY mode, but not otherwise. Its requirements shouldn't depend on this mode being enabled or not. ACKs for top commit: real-or-random: utACK 97c63b90390b0b11a5d3530b03855ec9cc0de343 I've also verified that the loop in secp256k1_ecmult_strauss_wnaf holds up the invariant that the magnitude of Z is 1, even with the normalization removed jonasnick: ACK 97c63b90390b0b11a5d3530b03855ec9cc0de343 Tree-SHA512: 9598c133c6f4e488c74512089dabe0508529f20ca782be1c8fbeae9d7f132da9d570a061053acd3d245a9a187abf1f2581207441ce6aac8d0f8972cf357a349f	2023-05-11 08:30:21 -04:00
Pieter Wuille	7fc642fa25	Simplify secp256k1_fe_{impl_,}verify	2023-05-11 06:25:59 -04:00
Pieter Wuille	4e176ad5b9	Abstract out verify logic for fe_is_square_var	2023-05-11 06:25:56 -04:00
Pieter Wuille	4371f98346	Abstract out verify logic for fe_add_int	2023-05-11 06:25:19 -04:00
Pieter Wuille	89e324c6b9	Abstract out verify logic for fe_half	2023-05-11 06:25:15 -04:00
Pieter Wuille	283cd80ab4	Abstract out verify logic for fe_get_bounds	2023-05-11 06:24:26 -04:00
Pieter Wuille	d5aa2f0358	Abstract out verify logic for fe_inv{,_var}	2023-05-11 06:24:26 -04:00
Pieter Wuille	3167646072	Abstract out verify logic for fe_from_storage	2023-05-11 06:24:26 -04:00
Pieter Wuille	76d31e5047	Abstract out verify logic for fe_to_storage	2023-05-11 06:24:26 -04:00
Pieter Wuille	1e6894bdd7	Abstract out verify logic for fe_cmov	2023-05-11 06:24:26 -04:00
Pieter Wuille	be82bd8e03	Improve comments/checks for fe_sqrt	2023-05-11 06:24:22 -04:00
Pieter Wuille	6ab35082ef	Abstract out verify logic for fe_sqr	2023-05-11 06:18:40 -04:00
Pieter Wuille	4c25f6efbd	Abstract out verify logic for fe_mul	2023-05-11 06:18:40 -04:00
Pieter Wuille	e179e651cb	Abstract out verify logic for fe_add	2023-05-11 06:18:40 -04:00
Pieter Wuille	7e7ad7ff57	Abstract out verify logic for fe_mul_int	2023-05-11 06:18:40 -04:00
Pieter Wuille	65d82a3445	Abstract out verify logic for fe_negate	2023-05-11 06:18:40 -04:00
Pieter Wuille	144670893e	Abstract out verify logic for fe_get_b32	2023-05-11 06:18:40 -04:00
Pieter Wuille	f7a7666aeb	Abstract out verify logic for fe_set_b32	2023-05-11 06:18:40 -04:00
Pieter Wuille	ce4d2093e8	Abstract out verify logic for fe_cmp_var	2023-05-11 06:18:40 -04:00
Pieter Wuille	7d7d43c6dd	Improve comments/check for fe_equal{,_var}	2023-05-11 06:18:40 -04:00
Pieter Wuille	c5e788d672	Abstract out verify logic for fe_is_odd	2023-05-11 06:18:40 -04:00
Pieter Wuille	d3f3fe8616	Abstract out verify logic for fe_is_zero	2023-05-11 06:18:40 -04:00
Pieter Wuille	c701d9a471	Abstract out verify logic for fe_clear	2023-05-11 06:18:40 -04:00
Pieter Wuille	19a2bfeeea	Abstract out verify logic for fe_set_int	2023-05-11 06:18:40 -04:00
Pieter Wuille	864f9db491	Abstract out verify logic for fe_normalizes_to_zero{,_var}	2023-05-11 06:18:40 -04:00
Pieter Wuille	6c31371120	Abstract out verify logic for fe_normalize_var	2023-05-11 06:18:40 -04:00
Pieter Wuille	e28b51f522	Abstract out verify logic for fe_normalize_weak	2023-05-11 06:18:40 -04:00
Pieter Wuille	b6b6f9cb97	Abstract out verify logic for fe_normalize	2023-05-11 06:18:40 -04:00
Pieter Wuille	7fa5195559	Bugfix: correct SECP256K1_FE_CONST mag/norm fields	2023-05-11 06:18:37 -04:00
Hennadii Stepanov	e5cf4bf3ff	build: Rename `arm` to `arm32`	2023-05-11 10:03:23 +01:00
Pieter Wuille	b29566c51b	Merge magnitude/normalized fields, move/improve comments Also split secp256k1_fe_verify into a generic and an implementation specific part.	2023-05-11 04:25:19 -04:00
Pieter Wuille	97c63b9039	Avoid normalize conditional on VERIFY	2023-05-11 03:41:48 -04:00
Pieter Wuille	bbc834467c	Avoid secp256k1_ge_set_gej_zinv with uninitialized z	2023-05-10 09:25:09 -04:00
Pieter Wuille	0a2e0b2ae4	Make secp256k1_{fe,ge,gej}_verify work as no-op if non-VERIFY	2023-05-10 09:25:09 -04:00

1 2 3 4 5 ...

1113 Commits