frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
secp256k1-zkp/src
History
Tim Ruffing 0ba2b94551
Merge bitcoin-core/secp256k1#1373: Add invariant checking for scalars 
d23da6d55714271c720fee58fbff5e5ef2fe193f use secp256k1_scalar_verify checks (stratospher)
c7d0454932b42a9728b55033c94e000b1dbbb6f2 add verification for scalars (stratospher)
ad152151b06a40aaf6cd90561356ff451996455d update max scalar in scalar_cmov_test and fix schnorrsig_verify exhaustive test (stratospher)

Pull request description:

  From #1360. This PR:
  1. adds `secp256k1_scalar_verify` to make sure scalars are reduced mod the group order in VERIFY mode
  2. uses `secp256k1_scalar_verify` in all the scalar functions except `secp256k1_scalar_clear`, `secp256k1_scalar_reduce_512`, `secp256k1_scalar_mul_512` and `secp256k1_scalar_*_var` functions in `scalar_low_impl.h`

ACKs for top commit:
  real-or-random:
    utACK d23da6d55714271c720fee58fbff5e5ef2fe193f
  theStack:
    Code-review ACK d23da6d55714271c720fee58fbff5e5ef2fe193f

Tree-SHA512: a371b319d948198c4038d35c9ea58f4b94de4dc312215e2b78a323c2acd4ae1355d97935c558b388774832d6d0058b97ff8ca50c3aab40b9ede5307760d0a505
2023-08-18 11:44:17 +02:00
..
asm
Set ARM ASM symbol visibility to hidden
2023-03-15 09:08:41 +00:00
modules
Merge bitcoin-core/secp256k1#1373: Add invariant checking for scalars
2023-08-18 11:44:17 +02:00
wycheproof
tests: Add Wycheproof ECDSA vectors
2023-04-09 06:17:16 +02:00
assumptions.h
Simulated int128 type.
2022-11-07 16:37:24 -05:00
bench_ecmult.c
refactor: take use of secp256k1_scalar_{zero,one} constants (part 2)
2023-08-01 02:40:21 +02:00
bench_internal.c
Split fe_set_b32 into reducing and normalizing variants
2023-05-11 13:49:33 -04:00
bench.c
Add benchmarks for ellswift module
2023-06-20 11:31:58 -04:00
bench.h
bench: Make sys/time.h a system include
2023-04-21 11:18:36 +02:00
checkmem.h
test: Silent noisy clang warnings about Valgrind code on macOS x86_64
2023-06-04 18:25:39 +01:00
CMakeLists.txt
build: Introduce SECP256k1_DLL_EXPORT macro
2023-07-03 13:57:17 +01:00
ctime_tests.c
ctimetests: Use new SECP256K1_CHECKMEM macros also for ellswift
2023-08-15 19:13:09 +02:00
ecdsa_impl.h
clean up in-comment Sage code (refer to secp256k1_params.sage, update to Python3)
2023-07-10 02:28:31 +02:00
ecdsa.h
Remove ecmult_context.
2021-08-20 11:11:26 -04:00
eckey_impl.h
refactor: take use of secp256k1_scalar_{zero,one} constants
2023-05-30 12:10:41 +02:00
eckey.h
Remove ecmult_context.
2021-08-20 11:11:26 -04:00
ecmult_compute_table_impl.h
Move ecmult table computation code to separate file
2021-12-18 16:11:56 -05:00
ecmult_compute_table.h
Move ecmult table computation code to separate file
2021-12-18 16:11:56 -05:00
ecmult_const_impl.h
small fixes
2023-07-03 17:05:55 +02:00
ecmult_const.h
Make secp256k1_ecmult_const handle infinity
2023-05-10 09:06:02 -04:00
ecmult_gen_compute_table_impl.h
Help the compiler prove that a loop is entered
2023-06-25 19:07:16 +01:00
ecmult_gen_compute_table.h
Rename function secp256k1_ecmult_gen_{create_prec -> compute}_table
2021-12-18 16:11:52 -05:00
ecmult_gen_impl.h
Do not invoke fe_is_zero on failed set_b32_limit
2023-05-19 08:40:28 -04:00
ecmult_gen.h
config: Introduce DEBUG_CONFIG macro for debug output of config
2022-07-07 20:32:08 +02:00
ecmult_impl.h
Avoid -Wmaybe-uninitialized when compiling with gcc -O1
2023-06-28 07:45:57 +01:00
ecmult.h
small fixes
2023-07-03 17:05:55 +02:00
field_5x52_asm_impl.h
Mark stack variables as early clobber for technical correctness
2023-05-12 05:23:11 -04:00
field_5x52_impl.h
field: Static-assert that int args affecting magnitude are constant
2023-06-13 13:34:49 +02:00
field_5x52_int128_impl.h
Move SECP256K1_INLINE macro definition out from include/secp256k1.h
2023-03-09 15:29:56 +00:00
field_5x52.h
Bugfix: correct SECP256K1_FE_CONST mag/norm fields
2023-05-11 06:18:37 -04:00
field_10x26_impl.h
field: Static-assert that int args affecting magnitude are constant
2023-06-13 13:34:49 +02:00
field_10x26.h
Bugfix: correct SECP256K1_FE_CONST mag/norm fields
2023-05-11 06:18:37 -04:00
field_impl.h
field: remove secp256k1_fe_equal_var
2023-08-16 17:39:25 +05:30
field.h
field: remove secp256k1_fe_equal_var
2023-08-16 17:39:25 +05:30
group_impl.h
field: remove secp256k1_fe_equal_var
2023-08-16 17:39:25 +05:30
group.h
Tighten group magnitude limits
2023-07-28 13:05:04 +02:00
hash_impl.h
refactor: Drop unused cast
2023-07-24 13:14:23 +01:00
hash.h
hash: Make code agnostic of endianness
2022-03-25 11:32:14 +01:00
int128_impl.h
int128: Tidy #includes of int128.h and int128_impl.h
2022-11-07 16:38:30 -05:00
int128_native_impl.h
Move SECP256K1_INLINE macro definition out from include/secp256k1.h
2023-03-09 15:29:56 +00:00
int128_native.h
Simulated int128 type.
2022-11-07 16:37:24 -05:00
int128_struct_impl.h
Use __shiftright128 intrinsic in secp256k1_u128_rshift on MSVC
2023-06-04 18:03:36 +01:00
int128_struct.h
Simulated int128 type.
2022-11-07 16:37:24 -05:00
int128.h
Make secp256k1_i128_check_pow2 support -(2^n)
2023-02-27 15:38:05 -05:00
modinv32_impl.h
ct: Be cautious and use volatile trick in more "conditional" paths
2023-05-11 16:32:07 +02:00
modinv32.h
Native jacobi symbol algorithm
2023-02-28 15:54:00 -05:00
modinv64_impl.h
ct: Be cautious and use volatile trick in more "conditional" paths
2023-05-11 16:32:07 +02:00
modinv64.h
Native jacobi symbol algorithm
2023-02-28 15:54:00 -05:00
precompute_ecmult_gen.c
Drop no longer needed #include "../include/secp256k1.h"
2023-06-06 09:07:36 +01:00
precompute_ecmult.c
Fix a typo in the error message
2023-06-24 20:18:45 +01:00
precomputed_ecmult_gen.c
Drop no longer needed #include "../include/secp256k1.h"
2023-06-06 09:07:36 +01:00
precomputed_ecmult_gen.h
Fix c++ build
2021-12-18 16:12:34 -05:00
precomputed_ecmult.c
Drop no longer needed #include "../include/secp256k1.h"
2023-06-06 09:07:36 +01:00
precomputed_ecmult.h
Drop no longer needed #include "../include/secp256k1.h"
2023-06-06 09:07:36 +01:00
scalar_4x64_impl.h
use secp256k1_scalar_verify checks
2023-07-27 17:35:50 +05:30
scalar_4x64.h
Fix insecure links
2020-12-18 00:24:22 +02:00
scalar_8x32_impl.h
use secp256k1_scalar_verify checks
2023-07-27 17:35:50 +05:30
scalar_8x32.h
Fix insecure links
2020-12-18 00:24:22 +02:00
scalar_impl.h
use secp256k1_scalar_verify checks
2023-07-27 17:35:50 +05:30
scalar_low_impl.h
use secp256k1_scalar_verify checks
2023-07-27 17:35:50 +05:30
scalar_low.h
Fix insecure links
2020-12-18 00:24:22 +02:00
scalar.h
add verification for scalars
2023-07-27 14:03:59 +05:30
scratch_impl.h
scratch_destroy: move VERIFY_CHECK after invalid scrach space check
2022-06-29 20:24:11 +05:30
scratch.h
Revert "Remove unused scratch space from API"
2023-05-12 15:05:57 +00:00
secp256k1.c
Add ellswift module implementing ElligatorSwift
2023-06-20 11:31:58 -04:00
selftest.h
selftest: Rename internal function to make name available for API
2022-12-05 11:26:44 +01:00
testrand_impl.h
Simplify test PRNG implementation
2023-05-10 10:40:08 -04:00
testrand.h
Move SECP256K1_INLINE macro definition out from include/secp256k1.h
2023-03-09 15:29:56 +00:00
tests_exhaustive.c
field: remove secp256k1_fe_equal_var
2023-08-16 17:39:25 +05:30
tests.c
Merge bitcoin-core/secp256k1#1373: Add invariant checking for scalars
2023-08-18 11:44:17 +02:00
util.h
util: remove unused checked_realloc
2023-07-25 20:37:46 +00:00