Gregory Maxwell [Thu, 21 Feb 2019 04:17:54 +0000 (04:17 +0000)]
Merge #539: Assorted minor corrections
52ab96f clean dependendies in field_*_impl.h (Russell O'Connor) deff5ed Correct math typos in field_*.h (Russell O'Connor) 4efb3f8 Add check that restrict pointers don't alias with all parameters. (Russell O'Connor)
Pull request description:
* add more checks for restrict pointers.
* correct math typos.
* refine dependencies on "num.h"
9bd89c8 Optimize secp256k1_fe_normalize_weak calls. Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead. (Russell O'Connor)
Pull request description:
Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead.
Pieter Wuille [Mon, 26 Nov 2018 17:12:55 +0000 (09:12 -0800)]
Merge #557: Eliminate scratch memory used when generating contexts
b3bf5f9 ecmult_impl: expand comment to explain how effective affine interacts with everything (Andrew Poelstra) efa783f Store z-ratios in the 'x' coord they'll recover (Peter Dettman) ffd3b34 add `secp256k1_ge_set_all_gej_var` test which deals with many infinite points (Andrew Poelstra) 84740ac ecmult_impl: save one fe_inv_var (Andrew Poelstra) 4704527 ecmult_impl: eliminate scratch memory used when generating context (Andrew Poelstra) 7f7a2ed ecmult_gen_impl: eliminate scratch memory used when generating context (Andrew Poelstra)
Pieter Wuille [Tue, 6 Nov 2018 02:23:52 +0000 (18:23 -0800)]
Merge #553: add static context object which has no capabilities
40fde61 prevent attempts to modify `secp256k1_context_no_precomp` (Andrew Poelstra) ed7c084 add static context object which has no capabilities (Andrew Poelstra)
Pieter Wuille [Wed, 17 Oct 2018 19:12:31 +0000 (12:12 -0700)]
Merge #354: [ECDH API change] Support custom hash function
c8fbc3c [ECDH API change] Allow pass arbitrary data to hash function (Kirill Fomichev) b00be65 [ECDH API change] Support custom hash function (Kirill Fomichev)
Russell O'Connor [Mon, 13 Aug 2018 03:47:38 +0000 (23:47 -0400)]
Optimize secp256k1_fe_normalize_weak calls.
Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead.
6fe5043 scratch: add stack frame support (Andrew Poelstra)
Pull request description:
Replaces the single-blob stack space ith one that internally manages multiple blobs, which are exposed to the user as "frames". Users allocate new blobs with `secp256k1_scratch_allocate_frame` and deallocate them with `secp256k1_scratch_deallocate_frame`. Then any calls to `secp256k1_scratch_alloc` use the frame at the top of the stack. This is guaranteed to succeed, assuming that the frame allocation succeeded and that the user is not requesting more memory than the frame was allocated with.
Merge #513: Increase sparsity of pippenger fixed window naf representation
ec0a7b3 Don't touch leading zeros in wnaf_fixed. (Jonas Nick) 9e36d1b Fix bug in wnaf_fixed where the wnaf array is not completely zeroed when given a 0 scalar. (Jonas Nick) 96f68a0 Don't invert scalar in wnaf_fixed when it is even because a caller might intentionally give a scalar with many leading zeros. (Jonas Nick) 6dbb007 Increase sparsity of pippenger fixed window naf representation (Jonas Nick)
e7daa9b [build] Tweak JNI macro to warn instead of error for JNI not found. (Karl-Johan Alm) 5b22977 [build] Update ax_jni_include_dir.m4 macro to deal with recent versions of macOS (Karl-Johan Alm)
Pull request description:
Prior to this patch, this macro fails to find a working directory for the JNI headers, and results in compile failure when doing
```
./configure --enable-experimental --enable-module-ecdh --enable-jni
```
on more recent macOS versions. The relevant commit upstream is [here](http://git.savannah.gnu.org/gitweb/?p=autoconf-archive.git;a=commit;h=ab23d25b1f1ae544fffdaa0a94a794798695c672) from the [GNU.org page for the macro](https://www.gnu.org/software/autoconf-archive/ax_jni_include_dir.html). The original (identical to the version in this commit) is [here](http://git.savannah.gnu.org/gitweb/?p=autoconf-archive.git;a=blob_plain;f=m4/ax_jni_include_dir.m4).
The compile failure:
```Bash
$ make
gcc -I. -g -O2 -Wall -Wextra -Wno-unused-function -c src/gen_context.c -o gen_context.o
gcc gen_context.o -o gen_context
./gen_context
CC src/libsecp256k1_la-secp256k1.lo
CC src/java/libsecp256k1_jni_la-org_bitcoin_NativeSecp256k1.lo
In file included from src/java/org_bitcoin_NativeSecp256k1.c:4:
In file included from src/java/org_bitcoin_NativeSecp256k1.h:2:
/Library/Java/JavaVirtualMachines/jdk1.7.0_71.jdk/Contents/Headers/jni.h:45:10: fatal error:
'jni_md.h' file not found
#include "jni_md.h"
^
1 error generated.
make: *** [src/java/libsecp256k1_jni_la-org_bitcoin_NativeSecp256k1.lo] Error 1
```
Gregory Maxwell [Tue, 6 Feb 2018 22:43:19 +0000 (22:43 +0000)]
Merge #494: Support OpenSSL versions >= 1.1 for ENABLE_OPENSSL_TESTS
31abd3a Support OpenSSL versions >= 1.1 for ENABLE_OPENSSL_TESTS (Alexander Block)
Pull request description:
The only reason OpenSSL 1.1 was not supported was the removal of direct
access to r and s in ECDSA_SIG. This commit adds a simplified version of
ECDSA_SIG_get0 for < 1.1 that can be used like ECDSA_SIG_get0 in >= 1.1
Alexander Block [Thu, 28 Dec 2017 10:36:24 +0000 (11:36 +0100)]
Support OpenSSL versions >= 1.1 for ENABLE_OPENSSL_TESTS
The only reason OpenSSL 1.1 was not supported was the removal of direct
access to r and s in ECDSA_SIG. This commit adds a simplified version of
ECDSA_SIG_get0 for < 1.1 that can be used like ECDSA_SIG_get0 in >= 1.1
Pieter Wuille [Thu, 21 Dec 2017 22:07:15 +0000 (14:07 -0800)]
Merge #463: Reduce usage of hardcoded size constants
c7680e5 Reduce usage of hardcoded size constants (Thomas Snider)
Pull request description:
In particular the usage of keylen in nonce_function_rfc6979 seemed precarious - in one conditional it was unconditionally set, then in the next it was added to. While it was clearly correct as written, I think this change makes it easier to reason about for new eyes and more resistant to breakage if there is any future change to what gets fed into the PRNG.
Pieter Wuille [Mon, 18 Dec 2017 22:38:35 +0000 (14:38 -0800)]
Merge #480: Enable benchmark building by default
7a78f60 Print whether we're building benchmarks (Pieter Wuille) 4afec9f Build benchmarks by default (Pieter Wuille)
Pull request description:
Building benchmarks is fast, and I have on more than one occasion forgotten to pass `--enable-benchmark`, resulting in accidentally benchmarking a former build.
Pieter Wuille [Fri, 8 Dec 2017 00:46:30 +0000 (16:46 -0800)]
Merge #486: Add pippenger_wnaf for multi-multiplication
d2f9c6b Use more precise pippenger bucket windows (Jonas Nick) 4c950bb Save some additions per window in _pippenger_wnaf (Peter Dettman) a58f543 Add flags for choosing algorithm in ecmult_multi benchmark (Jonas Nick) 36b22c9 Use scratch space dependent batching in ecmult_multi (Jonas Nick) 355a38f Add pippenger_wnaf ecmult_multi (Jonas Nick) bc65aa7 Add bench_ecmult (Pieter Wuille) dba5471 Add ecmult_multi tests (Andrew Poelstra) 8c1c831 Generalize Strauss to support multiple points (Pieter Wuille) 548de42 add resizeable scratch space API (Andrew Poelstra)
Pull request description:
This PR is based on #473 and adds a variant of "Pippengers algorithm" (see [Bernstein et al., Faster batch forgery identification](https://eprint.iacr.org/2012/549.pdf), page 15 and https://github.com/scipr-lab/libff/pull/10) for point multi-multiplication that performs better with a large number of points than Strauss' algorithm.
Thanks to @sipa for providing `wnaf_fixed`, benchmarking, and the crucial suggestion to use affine addition.
The PR also makes `ecmult_multi` decide which algorithm to use, based on the number of points and the available scratch space.
For restricted scratch spaces this can be further optimized in the future (f.e. a 35kB scratch space allows batches of 11 points with strauss or 95 points with pippenger; choosing pippenger would be 5% faster).
As soon as this PR has received some feedback I'll repeat the benchmarks to determine the optimal `pippenger_bucket_window` with the new benchmarking code in #473.
Pieter Wuille [Thu, 10 Aug 2017 23:41:39 +0000 (16:41 -0700)]
Merge #459: Add pubkey prefix constants to include/secp256k1.h
bc61b91 add pubkey prefix constants to include/secp256k1.h (Andrew Poelstra)
Pull request description:
In future multisig implementations we will need to pass nonces around, which are algebraically pubkeys but should not be decodable as pubkeys. The way to do this is to change the prefix byte from the ordinary 0x02/0x03 to something else. However, some forks (notably `secp256k1-zkp`) have started using some bytes for their own encodings, and if we continue to use hardcoded constants the risk of conflict is increased.
This commit puts the prefixes used by the main library into the `include/secp256k1.h` so that the constants we're using will at least be in a standard easy-to-reference place.
Merge #452: Minor optimizations to _scalar_inverse to save 4M
465159c Further shorten the addition chain for scalar inversion. (Brian Smith) cf12fa1 Minor optimizations to _scalar_inverse to save 4M (Peter Dettman)
CryptoGuru [Mon, 9 Jan 2017 23:18:57 +0000 (23:18 +0000)]
Unroll secp256k1_fe_(get|set)_b32 for 5x52.
field_get_b32: min 0.647us / avg 0.666us / max 0.751us
field_set_b32: min 0.551us / avg 0.571us / max 0.624us
becomes
field_get_b32: min 0us / avg 0.0000000477us / max 0.000000238us
field_set_b32: min 0us / avg 0.0000000238us / max 0.000000238us
(Patch from https://bitcointalk.org/index.php?topic=1740973.0
_get was reversed from the patch because this order appeared
somewhat faster in testing.)
projects / secp256k1.git / log