frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
435 Commits 14 Branches 0 Tags
Commit Graph

38 Commits

Author SHA1 Message Date
Gregory Maxwell
3627437d80 C89 nits and dead code removal. 2015-01-23 04:17:12 +00:00
Pieter Wuille
4732d26069 Convert the field/group/ecdsa constant initialization to static consts 2015-01-22 22:44:52 -05:00
Peter Dettman
49ee0dbe16 Add _normalizes_to_zero_var variant 2014-12-20 14:38:29 +01:00
Peter Dettman
eed599dd72 Add _fe_normalizes_to_zero method 2014-12-20 14:38:24 +01:00
Pieter Wuille
d7174edf5f Weak normalization for secp256k1_fe_equal 2014-12-20 14:38:20 +01:00
Pieter Wuille
0295f0a33d weak normalization 2014-12-20 14:38:07 +01:00
Pieter Wuille
ce7eb6fb3d Optimize verification: avoid field inverse 
Suggested by Greg Maxwell.
 2014-12-16 22:38:17 +01:00
Pieter Wuille
6a9901e15b
Merge pull request #137 
39bd94d Variable time normalize (Pieter Wuille)
 2014-12-07 14:35:23 +01:00
Pieter Wuille
17288069fb
Merge pull request #138 
a5759c5 Check return value of malloc (Pieter Wuille)
2b9388b Remove unused secp256k1_fe_inv_all (Pieter Wuille)
f461b76 Allocate precomputation arrays on the heap (Pieter Wuille)
 2014-12-07 13:19:21 +01:00
Pieter Wuille
a5759c572e Check return value of malloc 2014-12-07 02:58:24 +01:00
Pieter Wuille
39bd94d86d Variable time normalize 2014-12-06 18:18:28 +01:00
Pieter Wuille
54b768c6da Another redundant secp256k1_fe_normalize 2014-12-06 17:30:08 +01:00
Gregory Maxwell
1c29f2eb49 Remove redundant secp256k1_fe_normalize from secp256k1_gej_add_ge_var. 
This was a missed optimization in the extraction of gej+ge from gej+gej.
 2014-12-06 05:09:57 -08:00
Pieter Wuille
f461b76925 Allocate precomputation arrays on the heap 2014-12-05 18:13:28 +01:00
Pieter Wuille
efb7d4b299 Use constant-time conditional moves instead of byte slicing 2014-12-03 02:41:55 +01:00
Pieter Wuille
bd313f7d6e
Merge pull request #119 
597128d Make num optional (Pieter Wuille)
659b554 Make constant initializers independent from num (Pieter Wuille)
 2014-12-02 16:42:50 +01:00
Pieter Wuille
be82e92fc4 Require that r and b are different for field multiplication. 
Suggested by Peter Dettman, this prepares for slightly faster muitiplication
which writes results immediately to r before finishing reading b.
 2014-12-01 13:40:34 +01:00
Pieter Wuille
659b554d7b Make constant initializers independent from num 2014-12-01 12:38:38 +01:00
Pieter Wuille
0af5b47133
Merge pull request #120 
e3d692f Explain why no y=0 check is necessary for doubling (Pieter Wuille)
f7dc1c6 Optimize doubling: secp256k1 has no y=0 point (Pieter Wuille)
 2014-12-01 12:38:13 +01:00
Pieter Wuille
4285a98722 Move lambda-splitting code to scalar. 
It's not really an operation on group elements.
 2014-11-30 23:38:01 +01:00
Pieter Wuille
e3d692ff75 Explain why no y=0 check is necessary for doubling 
Explanation suggested by Greg Maxwell.
 2014-11-28 22:18:50 +01:00
Pieter Wuille
f7dc1c6513 Optimize doubling: secp256k1 has no y=0 point 2014-11-28 22:18:30 +01:00
Pieter Wuille
2a54f9bcee Correct typo in comment 2014-11-28 16:39:36 +01:00
Pieter Wuille
d907ebc0e3 Add bounds checking to field element setters 2014-11-26 15:21:31 +01:00
Gregory Maxwell
71712b27e5 Switch to C89 comments in prep for making the whole codebase C89 compatible. 
This should be whitespace/comment only changes and should produce the same
object code.
 2014-11-15 07:33:07 -08:00
Gregory Maxwell
65a14abb48 Fix varrious signed/unsigned comparisons. 2014-11-12 15:47:12 -08:00
Gregory Maxwell
a4a43d7543 Reorder static to comply with C99 and switch to the inline macro. 2014-11-12 13:07:55 -08:00
Peter Dettman
fb1bb0b445 Rearrange _gej_add_ge to save an _fe_negate 2014-11-12 02:16:36 -08:00
Pieter Wuille
9338dbf791 Branch-free point addition 2014-11-11 14:28:22 -08:00
Pieter Wuille
da55986fdf Label variable-time functions correctly and don't use those in sign 2014-11-04 02:50:06 -08:00
Pieter Wuille
501d58f098 Get rid of {num,scalar,ecdsa_sig}_{init,free} 2014-11-03 01:31:04 -08:00
Pieter Wuille
03bfc07b9e
Avoid uninitialized access in secp256k1_gej_double 2014-10-26 06:51:38 -07:00
Pieter Wuille
1136bedbc2 Make secp256k1_ge_set_gej work with the point at infinity 2014-09-13 00:46:32 +02:00
Gregory Maxwell
2f6c801911
Try to not leave secret data on the stack or heap. 
This makes a basic effort and has not been audited.
Doesn't appear to have a measurable performance impact on bench.

It also adds a secp256k1_num_free to secp256k1_ecdsa_pubkey_create.
 2014-08-14 07:06:36 -07:00
Peter Dettman
f16be77ffc Use batch inversion in G precomputation 2014-07-17 15:33:00 +07:00
Pieter Wuille
4d79bebdff Do not free endomorphism constants when disabled 2014-06-15 23:31:17 +02:00
Peter Dettman
09ca4f32e2 secp256k1_fe_sqrt checks for success 
- secp256k1_fe_sqrt now checks that the value it calculated is actually a square root.
- Add return values to secp256k1_fe_sqrt and secp256k1_ge_set_xo.
- Callers of secp256k1_ge_set_xo can use return value instead of explicit validity checks
- Add random value tests for secp256k1_fe_sqrt
 2014-05-21 10:22:14 +07:00
Pieter Wuille
11ab562203 Move implementations from impl/*.h to *_impl.h 2014-03-12 18:40:02 +01:00