Schnorr (Incremental) Half Aggregation #261
Conversation
There was a problem hiding this comment.
Cool, thanks @b-wagn.
Can you remove the added vscode stuff from the commits? This would allow to getting rid of the two "remove vscode settings" commits.
In order to verify that this matches the spec, it would help to add the preliminary test vectors (they don't seem to cover incremental aggregation yet).
|
Thanks for your feedback. |
b-wagn
force-pushed
the
schnorr-half-agg
branch
3 times, most recently
from
6045c3d
to
e49b9e3
Compare
There was a problem hiding this comment.
This is very clean already, I honestly appreciate the quality of the code.
A somewhat annoying point is that this should probably moved to a separate module. If you want, you can give it a try, but this will involve modifying the build system, too. (Just the autotools build system with configure.ac and Makefile.am. You can ignore the CMake, we don't support it currently in this repo, it's just there because it's in upstream secp256k1 and we would like to keep the diff small.) Happy to help if you want to give it a try; otherwise Jonas or I could just take of it.
src/modules/schnorrsig/main_impl.h
Outdated
| ARG_CHECK(new_sigs64 != NULL); | ||
|
|
||
| /* Check that aggsig_size is large enough, i.e. aggsig_size >= 32*(n+1) */ | ||
| n = n_before + n_new; |
There was a problem hiding this comment.
I think this should return 0 also when the addition here overflows. (I mean, you could say then anyway, something is wrong somewhere else, because the user would think they pass an array of size larger than size_t...) I just think it's more obviously correct (and thus easier to review with the overflow check.)
On a second thought, I wonder whether this should be an ARG_CHECK instead of return 0. Not sure, we'll need to think about it.
|
We've just merged #270 which means that this PR can be rebased to fix CI. |
b-wagn
force-pushed
the
schnorr-half-agg
branch
from
6c03afa
to
b989f93
Compare
configure.ac
Outdated
| if test x"$enable_module_schnorrsig_halfagg" = x"yes"; then | ||
| SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_SCHNORRSIG_HALFAGG=1" | ||
| enable_module_schnorrsig=yes | ||
| fi |
There was a problem hiding this comment.
You must do this before testing for schnorrsig because the setting enable_module_schnorrsig=yes happens after checking for enable_module_schnorrsig=yes. There's a comment above mentioning this (sorry, hard to find):
# Besides testing whether modules are enabled, the following code also enables
# module dependencies. The order of the tests matters: the dependency must be
# tested first.
There was a problem hiding this comment.
@b-wagn I think the main thing to do here from your side is to organize this PR in proper commits. Normally, we would probably prefer small atomic commits (one logical change at a time) but, as this adds an entirely new module instead of changing existing code, all the changes could just be squashed into a single commit. Or you could have one commit for the code, one commit for the tests, and one commit for the build system + CI or something like this. Please don't hesitate to force-push to your branch.
I think then we can do a final review, and I don't except further significant changes then. If you ask me), it's ready for merge then as an experimental module.
We should perhaps add a version number (or some revision identifier) to the BIP draft, as long as the BIP is unstable. We could then say here which version the current code implements. Since it's an experimental module, we don't guarantee API stability, so it's not a big deal if we change the BIP in an incompatible way and need to update the code accordingly.
| @@ -0,0 +1,3 @@ | |||
| include_HEADERS += include/secp256k1_schnorrsig_halfagg.h | |||
| noinst_HEADERS += src/modules/schnorrsig_halfagg/main_impl.h | |||
| noinst_HEADERS += src/modules/schnorrsig_halfagg/tests_impl.h | |||
There was a problem hiding this comment.
nit: file should end with a line break
Okay, while breaking changes are possible, two things we should think about are the top two items in BlockstreamResearch/cross-input-aggregation#11... Ideally, we would reach a decision on these before we merge this PR, but on the other hand, I don't think these considerations should really hold off this PR. It's already large enough, and changes can also be done in further PRs. |
b-wagn
force-pushed
the
schnorr-half-agg
branch
2 times, most recently
from
ee54b1f
to
959b070
Compare
Either option is fine. I would probably prefer first merging this and then opening a new PR with the z0 = 1 option and properly adjusted tests and so on. |
|
Thank you for your comments @real-or-random. |
|
When reviewing the tests, I had a few comments in mind, and then I just started addressing them on my own because I thought that's more efficient in the end. But then this ended up in a larger rewrite. :D (Also one reason why the diff seems so large is that I made the comments a bit more consistent...) I pushed my suggestions to https://github.com/real-or-random/secp256k1-zkp/tree/schnorr-half-agg. Please don't hesitate to cherry-pick the commit, but please also double-check that I didn't screw up anything... |
|
Thank you @real-or-random. I went through your changes and they make sense to me, so I included them. |
|
Changes look good! This needs rebase again due to changes in configure.ac (hopefully the last time!), but I just noticed that we'd like to do another change to configure.ac, so let us do this first to avoid that you'll need to rebase here twice... |
#290 has been merged, so this is ready for rebase. (#290 adds a comment that explains in which order modules should appear in |
b-wagn
force-pushed
the
schnorr-half-agg
branch
from
96a6e9d
to
efd98c1
Compare
|
Thanks, the NULL changes look good ACK This is read to merge from my side, mod the following two nits! I think it will be consistent to do the same then in
Have you seen these comments? They're here: https://github.com/BlockstreamResearch/secp256k1-zkp/blob/master/configure.ac#L612-L640 This would mean that the |
There was a problem hiding this comment.
ACK e1d15fd
Can you squash this into a single commit? Then we can merge it.
b-wagn
force-pushed
the
schnorr-half-agg
branch
from
e1d15fd
to
3a9b1d4
Compare
There was a problem hiding this comment.
Concept ACK
I did a few sanity checks and read the include file again. Looks all good. I have a few nits that can be cleaned up in a separate PR. Your detailed and helpful comments in the main code and tests is very much appreciated.
Nits:
- we may want to add a header to the include file that links to the BIP
- there's still a mention of aggsig_size
- we may want to move
aggregatebeforeinc_aggregate - we should mention expected size of input aggsig array in
_aggregate - "Should be aggsig_len = 32*(n+1)" -> "Must be"
EDIT: to be clear, I think with @real-or-random's ACK this is ready for merge.
Revisited PR #130 by @jonasnick.
I am happy to hear your thoughts.
Summary of changes compared to #130: