Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tighten group magnitude limits, save normalize_weak calls in group add methods (revival of #1032) #1348

Merged
merged 6 commits into from
Aug 16, 2023
Merged

tighten group magnitude limits, save normalize_weak calls in group add methods (revival of #1032) #1348

merged 6 commits into from
Aug 16, 2023

Commits on Jul 21, 2023

  1. add missing group element invariant checks 

    The group element checks `secp256k1_{ge,gej}_verify` have first been
implemented and added in commit f202667
(PR bitcoin-core#1299). This commit adds additional verification calls in group
functions, to match the ones that were originally proposed in commit
09dbba5 of WIP-PR bitcoin-core#1032 (which is
obviously not rebased on bitcoin-core#1299 yet).

Also, for easier review, all functions handling group elements are
structured in the following wasy for easier review (idea suggested by
Tim Ruffing):

- on entry, verify all input ge, gej (and fe)
- empty line
- actual function body
- empty line
- on exit, verify all output ge, gej

Co-authored-by: Peter Dettman <peter.dettman@gmail.com>
Co-authored-by: Tim Ruffing <crypto@timruffing.de>
    @theStack @peterdettman @real-or-random
    3 people committed Jul 21, 2023
    Configuration menu
    Copy the full SHA
    690b0fc View commit details
    Browse the repository at this point in the history

  2. Add _fe_verify_magnitude (no-op unless VERIFY is enabled) 

    Co-authored-by: Tim Ruffing <crypto@timruffing.de>
    @peterdettman @real-or-random @theStack
    2 people authored and theStack committed Jul 21, 2023
    Configuration menu
    Copy the full SHA
    4e9661f View commit details
    Browse the repository at this point in the history

  3. Take use of _fe_verify_magnitude in field_impl.h

    @theStack
    theStack committed Jul 21, 2023
    Configuration menu
    Copy the full SHA
    49afd2f View commit details
    Browse the repository at this point in the history

  4. Implement current magnitude assumptions 

    Remove also the explicit magnitude restriction `a->x.magnitude <= 31`
in `secp256k1_gej_eq_x_var` (introduced in commit
07c0e8b), as this is implied by the
new limits.

Co-authored-by: Sebastian Falbesoner <sebastian.falbesoner@gmail.com>
    @peterdettman @theStack
    peterdettman and theStack committed Jul 21, 2023
    Configuration menu
    Copy the full SHA
    173e8d0 View commit details
    Browse the repository at this point in the history

Commits on Jul 28, 2023

  1. Tighten group magnitude limits 

    - adjust test methods that randomize magnitudes

Co-authored-by: Sebastian Falbesoner <sebastian.falbesoner@gmail.com>
Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
    @peterdettman @theStack @jonasnick
    3 people committed Jul 28, 2023
    Configuration menu
    Copy the full SHA
    c83afa6 View commit details
    Browse the repository at this point in the history

  2. Save _normalize_weak calls in group add methods 

    Also update the operations count comments in each of the affected
functions accordingly and remove a redundant VERIFY_CHECK in
secp256k1_gej_add_ge (the infinity value range check [0,1] is already
covered by secp256k1_gej_verify above).

Co-authored-by: Sebastian Falbesoner <sebastian.falbesoner@gmail.com>
Co-authored-by: Tim Ruffing <crypto@timruffing.de>
Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
    @peterdettman @theStack
    @real-or-random @jonasnick
    4 people committed Jul 28, 2023
    Configuration menu
    Copy the full SHA
    b7c685e View commit details
    Browse the repository at this point in the history