frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,037 Commits 14 Branches 0 Tags
Commit Graph

98 Commits

Author SHA1 Message Date
Tim Ruffing
be8ff3a02a field: Static-assert that int args affecting magnitude are constant 
See #1001.
 2023-06-13 13:34:49 +02:00
Pieter Wuille
5b32602295 Split fe_set_b32 into reducing and normalizing variants 2023-05-11 13:49:33 -04:00
Pieter Wuille
7fc642fa25 Simplify secp256k1_fe_{impl_,}verify 2023-05-11 06:25:59 -04:00
Pieter Wuille
4e176ad5b9 Abstract out verify logic for fe_is_square_var 2023-05-11 06:25:56 -04:00
Pieter Wuille
4371f98346 Abstract out verify logic for fe_add_int 2023-05-11 06:25:19 -04:00
Pieter Wuille
89e324c6b9 Abstract out verify logic for fe_half 2023-05-11 06:25:15 -04:00
Pieter Wuille
283cd80ab4 Abstract out verify logic for fe_get_bounds 2023-05-11 06:24:26 -04:00
Pieter Wuille
d5aa2f0358 Abstract out verify logic for fe_inv{,_var} 2023-05-11 06:24:26 -04:00
Pieter Wuille
3167646072 Abstract out verify logic for fe_from_storage 2023-05-11 06:24:26 -04:00
Pieter Wuille
76d31e5047 Abstract out verify logic for fe_to_storage 2023-05-11 06:24:26 -04:00
Pieter Wuille
1e6894bdd7 Abstract out verify logic for fe_cmov 2023-05-11 06:24:26 -04:00
Pieter Wuille
6ab35082ef Abstract out verify logic for fe_sqr 2023-05-11 06:18:40 -04:00
Pieter Wuille
4c25f6efbd Abstract out verify logic for fe_mul 2023-05-11 06:18:40 -04:00
Pieter Wuille
e179e651cb Abstract out verify logic for fe_add 2023-05-11 06:18:40 -04:00
Pieter Wuille
7e7ad7ff57 Abstract out verify logic for fe_mul_int 2023-05-11 06:18:40 -04:00
Pieter Wuille
65d82a3445 Abstract out verify logic for fe_negate 2023-05-11 06:18:40 -04:00
Pieter Wuille
144670893e Abstract out verify logic for fe_get_b32 2023-05-11 06:18:40 -04:00
Pieter Wuille
f7a7666aeb Abstract out verify logic for fe_set_b32 2023-05-11 06:18:40 -04:00
Pieter Wuille
ce4d2093e8 Abstract out verify logic for fe_cmp_var 2023-05-11 06:18:40 -04:00
Pieter Wuille
c5e788d672 Abstract out verify logic for fe_is_odd 2023-05-11 06:18:40 -04:00
Pieter Wuille
d3f3fe8616 Abstract out verify logic for fe_is_zero 2023-05-11 06:18:40 -04:00
Pieter Wuille
c701d9a471 Abstract out verify logic for fe_clear 2023-05-11 06:18:40 -04:00
Pieter Wuille
19a2bfeeea Abstract out verify logic for fe_set_int 2023-05-11 06:18:40 -04:00
Pieter Wuille
864f9db491 Abstract out verify logic for fe_normalizes_to_zero{,_var} 2023-05-11 06:18:40 -04:00
Pieter Wuille
6c31371120 Abstract out verify logic for fe_normalize_var 2023-05-11 06:18:40 -04:00
Pieter Wuille
e28b51f522 Abstract out verify logic for fe_normalize_weak 2023-05-11 06:18:40 -04:00
Pieter Wuille
b6b6f9cb97 Abstract out verify logic for fe_normalize 2023-05-11 06:18:40 -04:00
Pieter Wuille
b29566c51b Merge magnitude/normalized fields, move/improve comments 
Also split secp256k1_fe_verify into a generic and an implementation
specific part.
 2023-05-11 04:25:19 -04:00
Pieter Wuille
0a2e0b2ae4 Make secp256k1_{fe,ge,gej}_verify work as no-op if non-VERIFY 2023-05-10 09:25:09 -04:00
Jonas Nick
1f33bb2b1c
Merge bitcoin-core/secp256k1#1205: field: Improve docs +tests of secp256k1_fe_set_b32 
162da73e9a48875aab1ee6ca1c14f86ca4646946 tests: Add debug helper for printing buffers (Tim Ruffing)
e9fd3dff76e30fcd83d060ad9195cadae9cdc9a2 field: Improve docs and tests of secp256k1_fe_set_b32 (Tim Ruffing)
ca92a35d019730aec9d3ec8097dcbb9633a69874 field: Simplify code in secp256k1_fe_set_b32 (Tim Ruffing)
d93f62e3693d6763891edcad11472f9d475177e5 field: Verify field element even after secp256k1_fe_set_b32 fails (Tim Ruffing)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 162da73e9a48875aab1ee6ca1c14f86ca4646946

Tree-SHA512: b3ed8e45c969d0420275ff154462f3820b72b57832ccba1f6f427e0cfd9cff3e27440c20994f69ea33a576b1903eb7f04a989f0dbd574bbd96ee56c6dd4500f7
 2023-04-21 16:23:59 +00:00
Tim Ruffing
4a496a36fb ct: Use volatile "trick" in all fe/scalar cmov implementations 
Apparently clang 15 is able to compile our cmov code into a branch,
at least for fe_cmov and fe_storage_cmov. This commit makes the
condition volatile in all cmov implementations (except ge but that
one only calls into the fe impls).

This is just a quick fix. We should still look into other methods,
e.g., asm and #457. We should also consider not caring about
constant-time in scalar_low_impl.h

We should also consider testing on very new compilers in nightly CI,
see https://github.com/bitcoin-core/secp256k1/pull/864#issuecomment-769211867
 2023-04-01 15:58:24 +09:00
roconnor-blockstream
4ebd82852d
Apply Checks only in VERIFY mode. 2023-03-22 22:06:47 -04:00
Pieter Wuille
b081f7e4cb Add secp256k1_fe_add_int function 2023-03-02 17:09:25 -05:00
Pieter Wuille
6be01036c8 Add secp256k1_fe_is_square_var function 
The implementation calls the secp256k1_modinvNN_jacobi_var code, falling back
to computing a square root in the (extremely rare) case it failed converge.
 2023-02-28 15:57:32 -05:00
Tim Ruffing
ca92a35d01 field: Simplify code in secp256k1_fe_set_b32 2023-02-01 12:29:34 +01:00
Tim Ruffing
d93f62e369 field: Verify field element even after secp256k1_fe_set_b32 fails 2023-02-01 12:29:03 +01:00
Pieter Wuille
0db05a770e Abstract interactions with valgrind behind new checkmem.h 2023-01-11 16:07:35 -05:00
Peter Dettman
d64bb5d4f3 Add fe_half tests for worst-case inputs 
- Add field method _fe_get_bounds
 2022-02-01 17:51:05 +07:00
Peter Dettman
925f78d55e Add _fe_half and use in _gej_add_ge 
- Trades 1 _half for 3 _mul_int and 2 _normalize_weak
- Updated formula and comments in _gej_add_ge
- Added internal benchmark for _fe_half
 2022-01-31 19:41:01 +07:00
Tim Ruffing
0b83b203e1
Merge bitcoin-core/secp256k1#1030: doc: Fix upper bounds + cleanup in field_5x52_impl.h comment 
1287786c7a97eff520ffbd6b0d8b2f99dbfc6371 doc: Add comment to top of field_10x26_impl.h (Elliott Jin)
58da5bd589f61b0e0e9b58388ee3e0da8a2c3c3a doc: Fix upper bounds + cleanup in field_5x52_impl.h comment (Elliott Jin)

Pull request description:

  When reviewing #816 I noticed the upper bounds in the comment at the top of `field_5x52_impl.h` were off by 1 (see `fe_verify`). This PR fixes the upper bounds and also cleans up the comment along the way.

ACKs for top commit:
  real-or-random:
    ACK 1287786c7a97eff520ffbd6b0d8b2f99dbfc6371

Tree-SHA512: 4b7dadc92451ab1ceb5a547a3101ff37f3ffd0645490563f1f3442ea8d6219f100ed914289d22435c4172d190fa1ff52e37e4464132bb3f9bbcc338488227f7b
 2021-12-22 18:53:26 +01:00
Elliott Jin
1287786c7a doc: Add comment to top of field_10x26_impl.h 2021-12-22 07:32:41 -08:00
Peter Dettman
515e7953ca Improve checks at top of _fe_negate methods 2021-12-21 19:54:34 +07:00
Russell O'Connor
2888640132 VERIFY_CHECK precondition for secp256k1_fe_set_int. 2021-10-15 11:27:24 -04:00
Tim Ruffing
d49011f54c Make _set_fe_int( . , 0 ) set magnitude to 0 2021-10-15 11:20:27 -04:00
siv2r
d43993724d tests: remove secp256k1_fe_verify from tests.c and modify secp256k1_fe_from_storage to call secp256k1_fe_verify 
1. secp256k1_fe_verify is removed from tests since, it throws an error if VERIFY is not defined during compilation.
   (Ex: ./configure --enable-coverage)
2. `secp256k1_fe_from_storage` calls `secp256k1_fe_verify` in the VERIFY build to check for invalid field element.
 2021-10-02 15:52:05 +05:30
Jonas Nick
c083cc6e52
Merge #903: Make argument of fe_normalizes_to_zero{_var} const 
23c3fb629b905deebc4bcc9914bcfff7b9aedacd Make argument of fe_normalizes_to_zero{_var} const (Pieter Wuille)

Pull request description:

ACKs for top commit:
  real-or-random:
    ACK 23c3fb629b905deebc4bcc9914bcfff7b9aedacd diff looks good
  jonasnick:
    ACK 23c3fb629b905deebc4bcc9914bcfff7b9aedacd

Tree-SHA512: a51894a9e59851dc4854e92e4200ef6d12a11f6785b903c23585cfff5ef8d369216f4121260fe8789d46d3e215f3c2baa42decae99ab9328e8081f5274e67fab
 2021-03-26 14:57:01 +00:00
Pieter Wuille
23c3fb629b Make argument of fe_normalizes_to_zero{_var} const 2021-03-15 16:01:57 -07:00
Pieter Wuille
1e0e885c8a Make field/scalar code use the new modinv modules for inverses 2021-03-12 10:06:14 -08:00
Pieter Wuille
436281afdc Move secp256k1_fe_inverse{_var} to per-impl files 
This temporarily duplicates the inversion code across the 5x52 and 10x26
implementations. Those implementations will be replaced in a next commit.
 2021-03-11 10:25:26 -08:00
Dimitris Apostolou
07aa4c70ff
Fix insecure links 2020-12-18 00:24:22 +02:00