-
Notifications
You must be signed in to change notification settings - Fork 36.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BIP324: Handshake prerequisites #23561
Conversation
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
Concept ACK. |
src/util/bip324.h
Outdated
|
||
// Takes ownership of the ECDH secret and wipes the ephemeral secret once | ||
// the derivation is complete. | ||
explicit BIP324Keys(ECDHSecret&& ecdh_secret, const Span<uint8_t>& initiator_hdata, const Span<uint8_t>& responder_hdata); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: pass Spans by value.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
8109854
to
00142e1
Compare
Addressed review comments from @sipa. Ready for further review. |
This makes it harder for others to tamper with our adjusted time.
00142e1
to
e3143a9
Compare
Addressed comments; Rebased with master to incorporate #23413. I am still investigating CI failures which seem like a timeout on Cirrus CI but re-running hasn't helped (other recent open PRs seem to be seeing this error as well). Meanwhile, ready for further review. |
e3143a9
to
773cbc9
Compare
Rebased against master. Ready for further review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
concept ACK / light utACK. I did a high level review, and everything makes sense to me.
I do have 1 tiny nit
Rebased. Ready for further review. |
9bcb8d4
to
151fb5e
Compare
Rebased. Brought in changes from bitcoin-core/secp256k1#1129. |
8034c67a48 Add doc/ellswift.md with ElligatorSwift explanation e90aa4e62e Add ellswift testing to CI 131faedd8a Add ElligatorSwift ctime tests 198a04c058 Add tests for ElligatorSwift 9984bfe476 Add ElligatorSwift benchmarks f053da3ab7 Add ellswift module implementing ElligatorSwift 76c64be237 Add functions to test if X coordinate is valid aff948fca2 Add benchmark for key generation 5ed9314d6d Add exhaustive tests for ecmult_const_xonly b69fe88d5e Add x-only ecmult_const version for x=n/d 427bc3c Merge bitcoin-core/secp256k1#1236: Update comment for secp256k1_modinv32_inv256 647f0a5 Update comment for secp256k1_modinv32_inv256 5658209 Merge bitcoin-core/secp256k1#1228: release cleanup: bump version after 0.3.0 28e63f7 release cleanup: bump version after 0.3.0 git-subtree-dir: src/secp256k1 git-subtree-split: 8034c67a48dc1334bc74ee4ba239111a23d9789e
Rebased. |
🐙 This pull request conflicts with the target branch and needs rebase. |
Closing this for now, as it's partly included in #27479. |
3168b08 Bench test for EllSwift ECDH (Pieter Wuille) 42d759f Bench tests for CKey->EllSwift (dhruv) 2e5a8a4 Fuzz test for Ellswift ECDH (dhruv) c3ac9f5 Fuzz test for CKey->EllSwift->CPubKey creation/decoding (dhruv) aae432a Unit test for ellswift creation/decoding roundtrip (dhruv) eff72a0 Add ElligatorSwift key creation and ECDH logic (Pieter Wuille) 42239f8 Enable ellswift module in libsecp256k1 (dhruv) 901336e Squashed 'src/secp256k1/' changes from 4258c54..705ce7e (Pieter Wuille) Pull request description: This replaces #23432 and part of #23561. This PR introduces all of the ElligatorSwift-related changes (libsecp256k1 updates, generation, decoding, ECDH, tests, fuzzing, benchmarks) needed for BIP324. ElligatorSwift is a special 64-byte encoding format for public keys introduced in libsecp256k1 in bitcoin-core/secp256k1#1129. It has the property that *every* 64-byte array is a valid encoding for some public key, and every key has approximately $2^{256}$ encodings. Furthermore, it is possible to efficiently generate a uniformly random encoding for a given public key or private key. This is used for the key exchange phase in BIP324, to achieve a byte stream that is entirely pseudorandom, even before the shared encryption key is established. ACKs for top commit: instagibbs: reACK 3168b08 achow101: ACK 3168b08 theStack: re-ACK 3168b08 Tree-SHA512: 308ac3d33e9a2deecb65826cbf0390480a38de201918429c35c796f3421cdf94c5501d027a043ae8f012cfaa0584656da1de6393bfba3532ab4c20f9533f06a6
Depends on #25361 for some constants, and on bitcoin-core/secp256k1#1129 for ellswift integrated XDH but can be reviewed independently. Only the last 5 commits belong to this PR.
This PR adds xonly ECDH and HKDF key derivation code for BIP324. Unit, bench and fuzz tests are included.
The dependency tree for BIP324 PRs is here.