frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,904 Commits 14 Branches 0 Tags
Commit Graph

1099 Commits

Author SHA1 Message Date
Tim Ruffing
5b196338f0 Remove redundant "? 1 : 0" after comparisons in scalar code 
This prevents GCC from generating branches on PowerPC in certain
cases.

Fixes #771.
 2020-07-26 14:59:56 +02:00
Tim Ruffing
3e5cfc5c73
Merge #741: Remove unnecessary sign variable from wnaf_const 
37dba329c6cb0f7a4228a11dc26aa3a342a3a5d0 Remove unnecessary sign variable from wnaf_const (Jonas Nick)
6bb0b77e158fc2f9e56e4b65b08bcb660d4c588b Fix test_constant_wnaf for -1 and add a test for it. (Jonas Nick)

Pull request description:

  There currently is a single branch in the `ecmul_const` function that is not being exercised by the tests. This branch is unreachable and therefore I'm suggesting to remove it.

  For your convenience the paper the wnaf algorithm can be found [here (The Width-w NAF Method Provides Small Memory and Fast Elliptic Scalar Multiplications Secure against Side Channel Attacks)](http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.563.1267&rep=rep1&type=pdf). Similarly, unless I'm missing something important, I don't see how their algorithm needs to consider `sign(u[i-1])` unless `d` can be negative - which doesn't make much sense to me either.

ACKs for top commit:
  real-or-random:
    ACK 37dba329c6cb0f7a4228a11dc26aa3a342a3a5d0 I verified the correctness of the change and claimed invariant by manual inspection. I tested the code, both with 32bit and 64bit scalars.

Tree-SHA512: 9db45f76bd881d00a81923b6d2ae1c3e0f49a82a5d55347f01e1ce4e924d9a3bf55483a0697f25039c327e33edca6796ba3205c068d9f2f99aa5d655e46b15be
 2020-07-26 12:21:14 +02:00
Gregory Maxwell
1309c03c45 Fix some compile problems on weird/old compilers. 
The visibility attribute is a GCC 4+ feature.
GCC 2.95 also warns about the unsigned/signed comparision.
 2020-07-26 05:26:56 +00:00
Jason Davies
fabc8f74e7 Fix typo in MuSig documentation. 2020-07-24 14:59:36 +02:00
Jonas Nick
96201b4f6e Require message in musig protocol in an earlier state. In particular, 
remove the set_msg function and require the message in get_public_nonce
at the latest.
 2020-07-24 14:59:36 +02:00
Jonas Nick
4fd0d56e37 Fix my_index in musig state machine tests 2020-07-24 14:59:36 +02:00
Jonas Nick
b74f2dc478 Remove mentions of DER in H derivation. 2020-07-24 14:59:36 +02:00
Jonas Nick
9957307c3f Fix explanation of H derivation. It doesn't use DER encoding. 2020-07-24 14:59:36 +02:00
Jonas Nick
d924027765 Add tweak32 parameter to musig_partial_sig_combine which allows to sign for p2c/taproot commitments 2020-07-24 14:59:36 +02:00
Tim Ruffing
d6738e890e surjection proof: Reject proofs with too many used inputs in reduced mode 2020-07-24 14:59:36 +02:00
Roman Zeyde
bd70820123 allow reducing surjection proof size (to lower generation stack usage) 2020-07-24 14:59:36 +02:00
Andrew Poelstra
56f69d979f surjectionproof: introduce SECP256K1_SURJECTIONPROOF_MAX_USED_INPUTS constant and set it to 16 2020-07-24 14:59:36 +02:00
Andrew Poelstra
b8a3ff5f3b surjectionproof: reduce stack usage 2020-07-24 14:59:36 +02:00
Andrew Poelstra
68d937fe11 surjectionproof: fix malleability in surjection proof parsing 2020-07-24 14:59:36 +02:00
Andrew Poelstra
41bc9ce129 surjectionproof: add test vectors for "set padding bits" 2020-07-24 14:59:36 +02:00
Andrew Poelstra
b0644d4ab3 surjectionproof: add fixed test vectors 2020-07-24 14:59:36 +02:00
Tim Ruffing
c0415eb0cb Fix read of wrong buffer (and OOB) in surjectionproof tests 2020-07-24 14:59:36 +02:00
Dmitry Petukhov
00fffeb172 Improve comments for surctionproof init+alloc/destroy funcs 
The comments with 'XXX' was intended to indicate that the listed
concerns was subject to review and change, but the code with these
comments was merged straight away. This commit replaces comments
with more complete text describing the issues.

This also signifies that the commit that this code was introduced in is
not anymore 'work in progress'.
 2020-07-24 14:59:36 +02:00
Dmitry Petukhov
2dc868f35b work in progress: add _allocate_initialized/destroy funcs 2020-07-24 14:59:36 +02:00
Jonas Nick
0d4ee3c62d Improve explanation of key cancellation attack in whitelist.md 2020-07-24 14:59:36 +02:00
Jonas Nick
2a1750dedd Clarify how to derive alternative generator H 2020-07-24 14:59:36 +02:00
Andrew Poelstra
068f03c35b generator: remove CHECK abort calls exposed by public API 2020-07-24 14:59:36 +02:00
Andrew Poelstra
3424cb1fa3 musig: add user documentation 2020-07-24 14:59:36 +02:00
Jonas Nick
13ef445721 Add 3-of-3 MuSig example 2020-07-24 14:59:36 +02:00
Jonas Nick
b86c210747 Add MuSig module which allows creating n-of-n multisignatures and adaptor signatures. 2020-07-24 14:59:36 +02:00
Andrew Poelstra
c59c602dd6 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification. 
[0] https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki
 2020-07-24 14:59:36 +02:00
Andrew Poelstra
a1f16a0a53 add chacha20 function 2020-07-24 14:50:49 +02:00
Gregory Sanders
3cdc02ef8a use proper types for rangeproof min/max 2020-07-24 14:50:49 +02:00
Andrew Poelstra
cf21c9d715 rangeproof: reduce iteration count in unit tests 2020-07-24 14:50:49 +02:00
Jonas Nick
4c231568fb Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting 2020-07-24 14:50:49 +02:00
Andrew Poelstra
936d62f248 add unit test for generator and pedersen commitment roundtripping 2020-07-24 14:50:48 +02:00
Andrew Poelstra
e06540de8c rangeproof: fix serialization of pedersen commintments 2020-07-24 14:50:48 +02:00
Andrew Poelstra
edb879f578 rangeproof: verify correctness of pedersen commitments when parsing 2020-07-24 14:50:48 +02:00
Andrew Poelstra
fca4c3b62f generator: verify correctness of point when parsing 2020-07-24 14:50:48 +02:00
Andrew Poelstra
c50b218698 rangeproof: check that points deserialize correctly when verifying rangeproof 2020-07-24 14:50:48 +02:00
Andrew Poelstra
c33e597245 rangeproof: add fixed vector test case 2020-07-24 14:50:48 +02:00
Tim Ruffing
47be098bac Test for rejection of trailing bytes in range proofs 2020-07-24 14:50:48 +02:00
Tim Ruffing
16aaa4a02c Test for rejection of trailing bytes in surjection proofs 2020-07-24 14:50:48 +02:00
Tim Ruffing
949e994cb3 Reject surjection proofs with trailing garbage 2020-07-24 14:50:48 +02:00
datavetaren
c87618157e Minor bugfix. Wrong length due to NUL character. 2020-07-24 14:50:48 +02:00
Jonas Nick
fc3dc94049 Add whitelisting benchmark 2020-07-24 14:50:48 +02:00
Gregory Sanders
edc7cb6cdd add whitelist_impl.h to include for dist 2020-07-24 14:49:33 +02:00
Andrew Poelstra
4320490e88 generator: add API tests 2020-07-24 14:49:33 +02:00
Andrew Poelstra
126493ef01 generator: remove unnecessary ARG_CHECK from generate() 2020-07-24 14:49:33 +02:00
Gregory Sanders
253f131310 Fix generator makefile 
Include test_impl.h
 2020-07-24 14:49:33 +02:00
Jonas Nick
04f4c09111 Add n_keys argument to whitelist_verify 2020-07-24 14:49:33 +02:00
Jonas Nick
dbf3d752a8 Fix checks of whitelist serialize/parse arguments 2020-07-24 14:49:33 +02:00
Andrew Poelstra
29d0d562dc whitelist: fix serialize/parse API to take serialized length 2020-07-24 14:49:33 +02:00
Andrew Poelstra
e13bdf2f23 rangeproof: add API tests 2020-07-24 14:49:33 +02:00
Andrew Poelstra
18c5c62b45 surjectionproof: rename unit test functions to be more consistent with other modules 2020-07-24 14:49:33 +02:00