frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
886 Commits 14 Branches 0 Tags
Commit Graph

517 Commits

Author SHA1 Message Date
Gregory Maxwell
d26e26f2f4 Avoid constructing an invalid signature with probability 1:2^256. 2014-12-28 19:40:40 -08:00
Pieter Wuille
b450c34843
Merge pull request #163 
bbd5ba7 Use rfc6979 as default nonce generation function (Pieter Wuille)
b37fbc2 Implement SHA256 / HMAC-SHA256 / RFC6979. (Pieter Wuille)
c6e7f4e [API BREAK] Use a nonce-generation function instead of a nonce (Pieter Wuille)
 2014-12-23 14:40:47 +01:00
Peter Dettman
49ee0dbe16 Add _normalizes_to_zero_var variant 2014-12-20 14:38:29 +01:00
Peter Dettman
eed599dd72 Add _fe_normalizes_to_zero method 2014-12-20 14:38:24 +01:00
Pieter Wuille
d7174edf5f Weak normalization for secp256k1_fe_equal 2014-12-20 14:38:20 +01:00
Pieter Wuille
0295f0a33d weak normalization 2014-12-20 14:38:07 +01:00
Pieter Wuille
bbd5ba7cfa Use rfc6979 as default nonce generation function 2014-12-20 14:36:13 +01:00
Pieter Wuille
b37fbc280e Implement SHA256 / HMAC-SHA256 / RFC6979. 2014-12-20 14:36:13 +01:00
Pieter Wuille
c6e7f4e8d8 [API BREAK] Use a nonce-generation function instead of a nonce 2014-12-20 14:36:11 +01:00
Pieter Wuille
603c33bc80 Make signing fail if a too small buffer is passed. 
Bug discovered by Sergio Demian Lerner.
 2014-12-18 01:28:06 +01:00
Pieter Wuille
7277fd76e2 Remove GMP field implementation 2014-12-17 12:41:31 +01:00
Pieter Wuille
13278f642c Add explanation about how inversion can be avoided 2014-12-16 22:52:07 +01:00
Pieter Wuille
ce7eb6fb3d Optimize verification: avoid field inverse 
Suggested by Greg Maxwell.
 2014-12-16 22:38:17 +01:00
Pieter Wuille
1ba4a60a51 Configure options reorganization 2014-12-13 15:04:28 +01:00
Pieter Wuille
bccaf86caa
Merge pull request #150 
cf7b2b4 Fix ECDSA message hashes to 32 bytes (Pieter Wuille)
 2014-12-11 01:39:34 +01:00
Luke Dashjr
f22d73e757 Explicitly access %0..%2 as 64-bit so we use the right registers for x32 ABI 2014-12-09 18:57:33 +01:00
Pieter Wuille
e66d4d6d39 Avoid the stack in assembly and use explicit registers 2014-12-09 18:56:23 +01:00
Pieter Wuille
cf7b2b4647 Fix ECDSA message hashes to 32 bytes 2014-12-09 12:50:47 +01:00
Pieter Wuille
aaba2e0f4b
Merge pull request #136 
6558a26 Make the benchmarks print out stats (Pieter Wuille)
000bdf6 Rename bench_verify to bench_recovery (Pieter Wuille)
 2014-12-09 02:40:36 +01:00
Pieter Wuille
ee1eaa792d
Merge pull request #141 
7c6fed2 Add a few more additional tests. (Gregory Maxwell)
8d11164 Add some additional tests. (Gregory Maxwell)
 2014-12-09 01:38:01 +01:00
Pieter Wuille
6558a26770 Make the benchmarks print out stats 2014-12-09 01:27:39 +01:00
Pieter Wuille
000bdf6dc3 Rename bench_verify to bench_recovery 2014-12-09 00:12:02 +01:00
Gregory Maxwell
7c6fed2857 Add a few more additional tests. 2014-12-08 14:15:09 -08:00
Pavel Janík
e06a9244bf Include time.h header for time(). 2014-12-08 20:48:58 +01:00
Gregory Maxwell
8d11164bc0 Add some additional tests. 2014-12-08 09:13:35 -08:00
Pieter Wuille
3545627acb
Merge pull request #118 
3ce74b1 Tweak precomputed table size for G (Pieter Wuille)
 2014-12-07 14:37:12 +01:00
Pieter Wuille
6a9901e15b
Merge pull request #137 
39bd94d Variable time normalize (Pieter Wuille)
 2014-12-07 14:35:23 +01:00
Pieter Wuille
376b28b096
Merge pull request #128 
b2c9681 Make {mul,sqr}_inner use the same argument order as {mul,sqr} (Pieter Wuille)
6793505 Convert YASM code into inline assembly (Pieter Wuille)
f048615 Rewrite field assembly to match the C version (Pieter Wuille)
 2014-12-07 14:34:20 +01:00
Pieter Wuille
17288069fb
Merge pull request #138 
a5759c5 Check return value of malloc (Pieter Wuille)
2b9388b Remove unused secp256k1_fe_inv_all (Pieter Wuille)
f461b76 Allocate precomputation arrays on the heap (Pieter Wuille)
 2014-12-07 13:19:21 +01:00
Pieter Wuille
a5759c572e Check return value of malloc 2014-12-07 02:58:24 +01:00
Pieter Wuille
39bd94d86d Variable time normalize 2014-12-06 18:18:28 +01:00
Pieter Wuille
54b768c6da Another redundant secp256k1_fe_normalize 2014-12-06 17:30:08 +01:00
Gregory Maxwell
1c29f2eb49 Remove redundant secp256k1_fe_normalize from secp256k1_gej_add_ge_var. 
This was a missed optimization in the extraction of gej+ge from gej+gej.
 2014-12-06 05:09:57 -08:00
Pieter Wuille
2b9388b647 Remove unused secp256k1_fe_inv_all 2014-12-05 18:13:51 +01:00
Pieter Wuille
f461b76925 Allocate precomputation arrays on the heap 2014-12-05 18:13:28 +01:00
Pieter Wuille
b0210a95da
Merge pull request #135 
ee3eb4b Fix a memory leak and add a number of small tests. (Gregory Maxwell)
 2014-12-04 19:16:09 +01:00
Gregory Maxwell
ee3eb4be9e Fix a memory leak and add a number of small tests. 
This fixes a simple copy and paste induced memory leak for the ecdsa init.

The tests are mostly just improving coverage and aren't interesting.
 2014-12-04 07:17:08 -08:00
Pieter Wuille
b2c9681c6f Make {mul,sqr}_inner use the same argument order as {mul,sqr} 2014-12-04 13:54:36 +01:00
Pieter Wuille
67935050e1 Convert YASM code into inline assembly 2014-12-04 13:54:01 +01:00
Pieter Wuille
f048615970 Rewrite field assembly to match the C version 2014-12-04 13:46:09 +01:00
Pieter Wuille
4d879a3a66
Merge pull request #134 
29ae131 Make scalar_add_bit test's overflow detection exact (Pieter Wuille)
 2014-12-04 12:21:06 +01:00
Pieter Wuille
d5e8362ae5
Merge pull request #127 
c35ff1e Convert lambda splitter to pure scalar code. (Pieter Wuille)
cc604e9 Avoid division when decomposing scalars (Peter Dettman)
ff8746d Add secp256k1_scalar_mul_shift_var (Pieter Wuille)
 2014-12-03 21:22:57 +01:00
Pieter Wuille
7b92cf66c7
Merge pull request #132 
efb7d4b Use constant-time conditional moves instead of byte slicing (Pieter Wuille)
 2014-12-03 21:21:42 +01:00
Pieter Wuille
29ae1310ce Make scalar_add_bit test's overflow detection exact 2014-12-03 18:54:01 +01:00
Pieter Wuille
9048def7c7 Avoid undefined shift behaviour 2014-12-03 18:10:52 +01:00
Pieter Wuille
efb7d4b299 Use constant-time conditional moves instead of byte slicing 2014-12-03 02:41:55 +01:00
Pieter Wuille
82f9254cc0 Fix typo 2014-12-02 18:35:33 +01:00
Pieter Wuille
35399e08c4 Bugfix: b is restricted, not r 2014-12-02 17:43:42 +01:00
Pieter Wuille
c35ff1ea44 Convert lambda splitter to pure scalar code. 
This enables the use of the endomorphism optimization without bignum.
 2014-12-02 16:50:00 +01:00
Peter Dettman
cc604e9842 Avoid division when decomposing scalars 
- In secp256k1_gej_split_exp, there are two divisions used. Since the denominator is a constant known at compile-time, each can be replaced by a multiplication followed by a right-shift (and rounding).
- Add the constants g1, g2 for this purpose and rewrite secp256k1_scalar_split_lambda_var accordingly.
- Remove secp256k1_num_div since no longer used

Rebased-by: Pieter Wuille
 2014-12-02 16:50:00 +01:00