secp256k1-zkp

Author	SHA1	Message	Date
Jonas Nick	712e7f8722	Remove unused scratch space from API	2023-05-11 13:39:56 +00:00
Pieter Wuille	54d34b6c24	Merge bitcoin-core/secp256k1#1300 : Avoid normalize conditional on VERIFY 97c63b90390b0b11a5d3530b03855ec9cc0de343 Avoid normalize conditional on VERIFY (Pieter Wuille) Pull request description: In the old code, `secp256k1_gej_rescale` requires a normalized input in VERIFY mode, but not otherwise. Its requirements shouldn't depend on this mode being enabled or not. ACKs for top commit: real-or-random: utACK 97c63b90390b0b11a5d3530b03855ec9cc0de343 I've also verified that the loop in secp256k1_ecmult_strauss_wnaf holds up the invariant that the magnitude of Z is 1, even with the normalization removed jonasnick: ACK 97c63b90390b0b11a5d3530b03855ec9cc0de343 Tree-SHA512: 9598c133c6f4e488c74512089dabe0508529f20ca782be1c8fbeae9d7f132da9d570a061053acd3d245a9a187abf1f2581207441ce6aac8d0f8972cf357a349f	2023-05-11 08:30:21 -04:00
Pieter Wuille	c63ec88ebf	Merge bitcoin-core/secp256k1#1066 : Abstract out and merge all the magnitude/normalized logic 7fc642fa25ad03ebd95cfe237b625dfb6dfdfa94 Simplify secp256k1_fe_{impl_,}verify (Pieter Wuille) 4e176ad5b94f989d5e2c6cdf9b2761a6f6a971e5 Abstract out verify logic for fe_is_square_var (Pieter Wuille) 4371f98346b0a50c0a77e93948fe5e21d9346d06 Abstract out verify logic for fe_add_int (Pieter Wuille) 89e324c6b9d1c74d3636b4ef5b1e5404e3e2053b Abstract out verify logic for fe_half (Pieter Wuille) 283cd80ab471bccb995925eb55865f04e38566f4 Abstract out verify logic for fe_get_bounds (Pieter Wuille) d5aa2f035802047c45605bfa69fb467000e9288f Abstract out verify logic for fe_inv{,_var} (Pieter Wuille) 316764607257084e714898e07234fdc53150b57a Abstract out verify logic for fe_from_storage (Pieter Wuille) 76d31e5047c1d8dfb83b277421f11460f5126a03 Abstract out verify logic for fe_to_storage (Pieter Wuille) 1e6894bdd74c0b94224f2891c9f5501ac7a3b87a Abstract out verify logic for fe_cmov (Pieter Wuille) be82bd8e0347e090037ff1d30a22a9d614db8c9f Improve comments/checks for fe_sqrt (Pieter Wuille) 6ab35082efe904cbb7ca5225134a1d3647e35388 Abstract out verify logic for fe_sqr (Pieter Wuille) 4c25f6efbd5f8b4738c1c16daf73906d45c5f579 Abstract out verify logic for fe_mul (Pieter Wuille) e179e651cbb20031905e01f37596e20ec2cb788a Abstract out verify logic for fe_add (Pieter Wuille) 7e7ad7ff570645304459242104406d6e1f79857c Abstract out verify logic for fe_mul_int (Pieter Wuille) 65d82a3445265767375383a5b68b5f61aeadefca Abstract out verify logic for fe_negate (Pieter Wuille) 144670893eccd84d638951f6c5bae43fc97e3c7b Abstract out verify logic for fe_get_b32 (Pieter Wuille) f7a7666aeb8db92b9171f4765f7d405b7b73d946 Abstract out verify logic for fe_set_b32 (Pieter Wuille) ce4d2093e86fedca676dbbe59b50bdcf8c599704 Abstract out verify logic for fe_cmp_var (Pieter Wuille) 7d7d43c6dd2741853de4631881d77ae38a14cd23 Improve comments/check for fe_equal{,_var} (Pieter Wuille) c5e788d672d78315e7269fd3743eadae6428468e Abstract out verify logic for fe_is_odd (Pieter Wuille) d3f3fe8616d02bd1c62376c1318be69c64eea982 Abstract out verify logic for fe_is_zero (Pieter Wuille) c701d9a4719adff20fa83511f946e4abbd4d8cda Abstract out verify logic for fe_clear (Pieter Wuille) 19a2bfeeeac4274bbeca7f8757a2ee73bdf03895 Abstract out verify logic for fe_set_int (Pieter Wuille) 864f9db491b4e1204fda5168174b235f9eefb56e Abstract out verify logic for fe_normalizes_to_zero{,_var} (Pieter Wuille) 6c31371120bb85a397bf1caa73fd1c9b8405d35e Abstract out verify logic for fe_normalize_var (Pieter Wuille) e28b51f52254b93805350354567a944ca4d79ae2 Abstract out verify logic for fe_normalize_weak (Pieter Wuille) b6b6f9cb97f6c9313871c278ec73f209ef537a44 Abstract out verify logic for fe_normalize (Pieter Wuille) 7fa51955592ccf4fb424a7a538372ad159e77293 Bugfix: correct SECP256K1_FE_CONST mag/norm fields (Pieter Wuille) b29566c51b2a47139d610bf686e09ae9f9d24001 Merge magnitude/normalized fields, move/improve comments (Pieter Wuille) Pull request description: Right now, all the logic for propagating/computing the magnitude/normalized fields in `secp256k1_fe` (when `VERIFY` is defined) and the code for checking it, is duplicated across the two field implementations. I believe that is undesirable, as these properties should purely be a function of the performed fe_ functions, and not of the choice of field implementation. This becomes even uglier with #967, which would copy all that, and even needs an additional dimension that would then need to be added to the two other fields. It's also related to #1001, which I think will become easier if it doesn't need to be done/reasoned about separately for every field. This PR moves all logic around these fields (collectively called field verification) to implementations in field_impl.h, which dispatch to renamed functions in field_*_impl.h for the actual implementation. Fixes #1060. ACKs for top commit: jonasnick: ACK 7fc642fa25ad03ebd95cfe237b625dfb6dfdfa94 real-or-random: ACK 7fc642fa25ad03ebd95cfe237b625dfb6dfdfa94 Tree-SHA512: 0f94e13fedc47e47859261a182c4077308f8910495691f7e4d7877d9298385172c70e98b4a1e270b6bde4d0062b932607106306bdb35a519cdeab9695a5c71e4	2023-05-11 08:23:48 -04:00
Pieter Wuille	7fc642fa25	Simplify secp256k1_fe_{impl_,}verify	2023-05-11 06:25:59 -04:00
Pieter Wuille	4e176ad5b9	Abstract out verify logic for fe_is_square_var	2023-05-11 06:25:56 -04:00
Pieter Wuille	4371f98346	Abstract out verify logic for fe_add_int	2023-05-11 06:25:19 -04:00
Pieter Wuille	89e324c6b9	Abstract out verify logic for fe_half	2023-05-11 06:25:15 -04:00
Pieter Wuille	283cd80ab4	Abstract out verify logic for fe_get_bounds	2023-05-11 06:24:26 -04:00
Pieter Wuille	d5aa2f0358	Abstract out verify logic for fe_inv{,_var}	2023-05-11 06:24:26 -04:00
Pieter Wuille	3167646072	Abstract out verify logic for fe_from_storage	2023-05-11 06:24:26 -04:00
Pieter Wuille	76d31e5047	Abstract out verify logic for fe_to_storage	2023-05-11 06:24:26 -04:00
Pieter Wuille	1e6894bdd7	Abstract out verify logic for fe_cmov	2023-05-11 06:24:26 -04:00
Pieter Wuille	be82bd8e03	Improve comments/checks for fe_sqrt	2023-05-11 06:24:22 -04:00
Pieter Wuille	6ab35082ef	Abstract out verify logic for fe_sqr	2023-05-11 06:18:40 -04:00
Pieter Wuille	4c25f6efbd	Abstract out verify logic for fe_mul	2023-05-11 06:18:40 -04:00
Pieter Wuille	e179e651cb	Abstract out verify logic for fe_add	2023-05-11 06:18:40 -04:00
Pieter Wuille	7e7ad7ff57	Abstract out verify logic for fe_mul_int	2023-05-11 06:18:40 -04:00
Pieter Wuille	65d82a3445	Abstract out verify logic for fe_negate	2023-05-11 06:18:40 -04:00
Pieter Wuille	144670893e	Abstract out verify logic for fe_get_b32	2023-05-11 06:18:40 -04:00
Pieter Wuille	f7a7666aeb	Abstract out verify logic for fe_set_b32	2023-05-11 06:18:40 -04:00
Pieter Wuille	ce4d2093e8	Abstract out verify logic for fe_cmp_var	2023-05-11 06:18:40 -04:00
Pieter Wuille	7d7d43c6dd	Improve comments/check for fe_equal{,_var}	2023-05-11 06:18:40 -04:00
Pieter Wuille	c5e788d672	Abstract out verify logic for fe_is_odd	2023-05-11 06:18:40 -04:00
Pieter Wuille	d3f3fe8616	Abstract out verify logic for fe_is_zero	2023-05-11 06:18:40 -04:00
Pieter Wuille	c701d9a471	Abstract out verify logic for fe_clear	2023-05-11 06:18:40 -04:00
Pieter Wuille	19a2bfeeea	Abstract out verify logic for fe_set_int	2023-05-11 06:18:40 -04:00
Pieter Wuille	864f9db491	Abstract out verify logic for fe_normalizes_to_zero{,_var}	2023-05-11 06:18:40 -04:00
Pieter Wuille	6c31371120	Abstract out verify logic for fe_normalize_var	2023-05-11 06:18:40 -04:00
Pieter Wuille	e28b51f522	Abstract out verify logic for fe_normalize_weak	2023-05-11 06:18:40 -04:00
Pieter Wuille	b6b6f9cb97	Abstract out verify logic for fe_normalize	2023-05-11 06:18:40 -04:00
Pieter Wuille	7fa5195559	Bugfix: correct SECP256K1_FE_CONST mag/norm fields	2023-05-11 06:18:37 -04:00
Hennadii Stepanov	e5cf4bf3ff	build: Rename `arm` to `arm32`	2023-05-11 10:03:23 +01:00
Pieter Wuille	b29566c51b	Merge magnitude/normalized fields, move/improve comments Also split secp256k1_fe_verify into a generic and an implementation specific part.	2023-05-11 04:25:19 -04:00
Pieter Wuille	97c63b9039	Avoid normalize conditional on VERIFY	2023-05-11 03:41:48 -04:00
Tim Ruffing	341cc19726	Merge bitcoin-core/secp256k1#1299 : Infinity handling: ecmult_const(infinity) works, and group verification bbc834467c5d14e3e53744211e7c4fa9d8fabe41 Avoid secp256k1_ge_set_gej_zinv with uninitialized z (Pieter Wuille) 0a2e0b2ae456c7ae60e92ddc354071f21fb6aa62 Make secp256k1_{fe,ge,gej}_verify work as no-op if non-VERIFY (Pieter Wuille) f20266722ac93ca66d1beb0d2f2d2469b95aafea Add invariant checking to group elements (Pieter Wuille) a18821d5b1d44db0e7c8335f338cc9876bec98cb Always initialize output coordinates in secp256k1_ge_set_gej (Pieter Wuille) 3086cb90acd9d61c5b38e862877fdeacaff74a50 Expose secp256k1_fe_verify to other modules (Pieter Wuille) a0e696fd4da3788758bb3fdae66c7ae262dbf224 Make secp256k1_ecmult_const handle infinity (Gregory Maxwell) Pull request description: Rebase of #791. * Clean up infinity handling, make x/y/z always initialized for infinity. * Make secp256k1_ecmult_const handle infinity. * Infinity isn't currently needed here, but correctly handling it is a little more safe against future changes. * Update docs for it to make it clear that it is not constant time in Q. It never was constant time in Q (and would be a little complicated to make constant time in Q: needs a constant time addition function that tracks RZR). It isn't typical for ECDH to be constant time in terms of the pubkey. If it was later made constant time in Q infinity support would be easy to preserve, e.g. by running it on a dummy value and cmoving infinity into the output. * Add group verification (`secp256k1_ge_verify` and `secp256k1_gej_verify`, mimicking `secp256k1_fe_verify`). * Make the `secp256k1_{fe,ge,gej}_verify` functions also defined (as no-ops) in non-VERIFY mode. ACKs for top commit: jonasnick: ACK bbc834467c5d14e3e53744211e7c4fa9d8fabe41 real-or-random: ACK bbc834467c5d14e3e53744211e7c4fa9d8fabe41 Tree-SHA512: 82cb51faa2c207603aa10359a311ea618fcb5a81ba175bf15515bf84043223db6428434875854cdfce9ae95f9cfd68c74e4e415f26bd574f1791b5dec1615d19	2023-05-10 18:44:18 +02:00
Pieter Wuille	bbc834467c	Avoid secp256k1_ge_set_gej_zinv with uninitialized z	2023-05-10 09:25:09 -04:00
Pieter Wuille	0a2e0b2ae4	Make secp256k1_{fe,ge,gej}_verify work as no-op if non-VERIFY	2023-05-10 09:25:09 -04:00
Pieter Wuille	f20266722a	Add invariant checking to group elements	2023-05-10 09:25:09 -04:00
Pieter Wuille	a18821d5b1	Always initialize output coordinates in secp256k1_ge_set_gej	2023-05-10 09:25:06 -04:00
Pieter Wuille	3086cb90ac	Expose secp256k1_fe_verify to other modules	2023-05-10 09:06:02 -04:00
Gregory Maxwell	a0e696fd4d	Make secp256k1_ecmult_const handle infinity Infinity isn't currently needed here, but correctly handling it is a little more safe against future changes. Update docs for it to make it clear that it is not constant time in A (the input point). It never was constant time in Q (and would be a little complicated to make constant time in A). If it was later made constant time in A, infinity support would be easy to preserve, e.g. by running it on a dummy value and cmoving infinity into the output.	2023-05-10 09:06:02 -04:00
Tim Ruffing	24c768ae09	Merge bitcoin-core/secp256k1#1301 : Avoid using bench_verify_data as bench_sign_data; merge them 2e65f1fdbcc87e2ef8c0baf4abc8ee0f56daf7fe Avoid using bench_verify_data as bench_sign_data; merge them (Pieter Wuille) Pull request description: The existing bench.c code defines `bench_verify_data data` variable, but some of the benchmarks then use it as `bench_sign`. Fix this by merging the two types into one. ACKs for top commit: stratospher: ACK 2e65f1f. real-or-random: utACK `2e65f1fdbc` Tree-SHA512: 676b43e5d30abd13bfd9595378b1a0bd90a2e713be4f8f713260f989ea8c971b229dfb683cd7a1614665b1688a0bdda7a4019f358dd6cd645e1b3d9f8d71e814	2023-05-10 10:03:25 +02:00
Pieter Wuille	2e65f1fdbc	Avoid using bench_verify_data as bench_sign_data; merge them	2023-05-09 14:00:43 -04:00
Jonas Nick	1cf15ebd94	Merge bitcoin-core/secp256k1#1296 : docs: complete interface description for `secp256k1_schnorrsig_sign_custom` 149c41cee1159fae3928e03be2662b58e9a8e716 docs: complete interface description for `secp256k1_schnorrsig_sign_custom` (Sebastian Falbesoner) Pull request description: ACKs for top commit: real-or-random: utACK 149c41cee1159fae3928e03be2662b58e9a8e716 jonasnick: ACK 149c41cee1159fae3928e03be2662b58e9a8e716 Tree-SHA512: ee677ed6b474b547066ce149688edab7ba6d2572acfbc0989256a669341fff4cf2e17b451cd3fc6fff3944a896647f0f5c1411056678505fa85ba71e8cfe6229	2023-05-09 10:44:27 +00:00
Sebastian Falbesoner	149c41cee1	docs: complete interface description for `secp256k1_schnorrsig_sign_custom` For the sake of completeness, add the missing descriptions for the return value and parameters (`ctx`, `sig64`, `keypair`), in the same wording/style as for the function `secp256k1_schnorrsig_sign32`.	2023-05-08 13:09:42 +02:00
Tim Ruffing	f30c74866b	Merge bitcoin-core/secp256k1#1270 : cmake: Fix library ABI versioning bef448f9af248dba016883401de07b431f3e686e cmake: Fix library ABI versioning (Hennadii Stepanov) Pull request description: This change emulates Libtool to make sure Libtool and CMake agree on the ABI version. To test, one needs to simulate a release with backward-compatible API changes, which means the following changes in `configure.ac` and `CMakeLists.txt`: - incrementing of `_LIB_VERSION_CURRENT` - setting `_LIB_VERSION_REVISION` to zero - incrementing of `*_LIB_VERSION_AGE` ACKs for top commit: real-or-random: ACK bef448f9af248dba016883401de07b431f3e686e diff looks good and I tested on Linux Tree-SHA512: f7551fc7377ea50c8bc32d14108a034a1f91ebbb63d5fec562e5cc28416637834b9a4dcba3692df1780adcd1212ad4f238dc0219ab5add68bd88a5a458572ee5	2023-05-03 15:58:55 +02:00
Hennadii Stepanov	d1e48e5474	refactor: Make 64-bit shift explicit This change fixes MSVC level-3 warning C4334. See: https://learn.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-3-c4334 Required to enable level 3 warnings (/W3).	2023-05-02 13:35:15 +01:00
Hennadii Stepanov	b2e29e43d0	ci: Treat all compiler warnings as errors in "Windows (VS 2022)" task	2023-04-30 16:46:03 +01:00
Tim Ruffing	3c81838856	Merge bitcoin-core/secp256k1#1289 : cmake: Use full signature of `add_test()` command 755629bc032af155ff68fa820244d04cb80547c5 cmake: Use full signature of `add_test()` command (Hennadii Stepanov) Pull request description: This PR fixes tests for Windows binaries using Wine: ``` $ cmake -S . -B ../mingw -DCMAKE_TOOLCHAIN_FILE=cmake/x86_64-w64-mingw32.toolchain.cmake $ cmake --build ../mingw $ cmake --build ../mingw -t check Test project /home/hebasto/git/secp256k1/mingw Start 1: noverify_tests Could not find executable noverify_tests ... ``` ACKs for top commit: real-or-random: ACK 755629bc032af155ff68fa820244d04cb80547c5 Tree-SHA512: d1b24a1f1de2e8b70203132f4f6e685b9a120a987302cefe033fa916dfe7a135dbacaf8174d4046e30be170e92a16d070db54292c038cd2acdecc334f7f516dd	2023-04-29 17:17:47 +02:00
Hennadii Stepanov	755629bc03	cmake: Use full signature of `add_test()` command An executable target in the `COMMAND` option will automatically be replaced by the location of the executable created at build time. This change fixes tests for Windows binaries using Wine.	2023-04-29 09:49:25 +01:00

1 2 3 4 5 ...

2025 Commits