Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BIP324: ElligatorSwift integrations #27479

Merged
merged 9 commits into from
Jun 26, 2023
Merged

BIP324: ElligatorSwift integrations #27479

merged 9 commits into from
Jun 26, 2023

Conversation

sipa
Copy link
Member

@sipa sipa commented Apr 17, 2023
edited
Loading

This replaces #23432 and part of #23561.

This PR introduces all of the ElligatorSwift-related changes (libsecp256k1 updates, generation, decoding, ECDH, tests, fuzzing, benchmarks) needed for BIP324.

ElligatorSwift is a special 64-byte encoding format for public keys introduced in libsecp256k1 in bitcoin-core/secp256k1#1129. It has the property that every 64-byte array is a valid encoding for some public key, and every key has approximately $2^{256}$ encodings. Furthermore, it is possible to efficiently generate a uniformly random encoding for a given public key or private key. This is used for the key exchange phase in BIP324, to achieve a byte stream that is entirely pseudorandom, even before the shared encryption key is established.

@DrahtBot
Copy link
Contributor

DrahtBot commented Apr 17, 2023
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Reviews

See the guideline for information on the review process.

Type Reviewers
ACK instagibbs, theStack, achow101

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #27973 (util: Safer MakeByteSpan with ByteSpanCast by MarcoFalke)
  • #27927 (util: Allow std::byte and char Span serialization by MarcoFalke)
  • #27827 ([Silent Payments]: Base functionality by josibake)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

@sipa sipa force-pushed the 202304_bip324_ellswift branch from 97c7a13 to e5a44ba Compare April 17, 2023 22:32
@sipa
Copy link
Member Author

sipa commented Apr 17, 2023
edited
Loading

I'm in the process of taking over the BIP324 PRs from @dhruv.

Note for reviewers:

  • Previously, the EllSwift encoding/decoding/creation was in BIP324: CKey encode/decode to elligator-swift #23432, while the ECDH logic was in BIP324: Handshake prerequisites #23561. I've opted here to merge all EllSwift-related functionality into 1 PR, as the integration is now tighter at the libsecp256k1 too compared to when the PRs were first opened (libsecp256k1 has functions for directly performing ECDH on the EllSwift-encoded keys).
  • EllSwiftPubKey is now a proper class that exposes a few utility functions, and only read-only access to the encoding.
  • Introduction of FastRandomContext::fillrand to fill Span<std::byte> with randomness.
  • Extended UCharCast to support std::byte* -> unsigned char* conversion, which removes the need for lots of reinterpret_casts.

This was referenced Apr 18, 2023
Closed
Closed
@sipa sipa force-pushed the 202304_bip324_ellswift branch 2 times, most recently from 723011d to d859de6 Compare April 18, 2023 16:17
This was referenced Apr 18, 2023
Closed
Closed
@fanquake fanquake mentioned this pull request Apr 19, 2023
Closed
instagibbs
instagibbs reviewed Apr 19, 2023
View reviewed changes
src/pubkey.h Outdated Show resolved Hide resolved
src/key.h Outdated Show resolved Hide resolved
src/key.cpp Outdated Show resolved Hide resolved
src/key.cpp Outdated Show resolved Hide resolved
@sipa sipa force-pushed the 202304_bip324_ellswift branch from d859de6 to 37d31e3 Compare April 19, 2023 18:54
theStack
theStack reviewed Apr 20, 2023
View reviewed changes
src/pubkey.h Outdated Show resolved Hide resolved
src/bench/ellswift.cpp Show resolved Hide resolved
@sipa sipa force-pushed the 202304_bip324_ellswift branch from 37d31e3 to 818acac Compare April 20, 2023 15:09
theStack
theStack reviewed Apr 22, 2023
View reviewed changes
Copy link
Contributor

@theStack theStack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code-review ACK 818acac (starting from commit fd04a2b; didn't review any of the secp256k1 changes introduced in bitcoin-core/secp256k1#1129)

instagibbs
instagibbs reviewed May 4, 2023
View reviewed changes
Copy link
Member

@instagibbs instagibbs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good, have not reviewed the secp PRs yet

src/test/fuzz/key.cpp Show resolved Hide resolved
src/pubkey.h Outdated Show resolved Hide resolved
@DrahtBot DrahtBot mentioned this pull request May 5, 2023
Merged
@fanquake fanquake mentioned this pull request May 6, 2023
Closed
@sipa sipa force-pushed the 202304_bip324_ellswift branch from 818acac to c5c91e4 Compare May 12, 2023 06:02
@sipa sipa mentioned this pull request May 12, 2023
Closed
43 tasks
@fanquake fanquake mentioned this pull request May 12, 2023
Merged
@fanquake
Copy link
Member

cc @stratospher

@DrahtBot DrahtBot mentioned this pull request Jun 5, 2023
Closed
3 tasks
sipa added 2 commits June 21, 2023 11:04
@sipa
Squashed 'src/secp256k1/' changes from 4258c54..705ce7e
901336e 
705ce7e Merge bitcoin-core/secp256k1#1129: ElligatorSwift + integrated x-only DH
0702ecb Merge bitcoin-core/secp256k1#1338: Drop no longer needed `#include "../include/secp256k1.h"`
90e360a Add doc/ellswift.md with ElligatorSwift explanation
4f09184 Add ellswift testing to CI
1bcea8c Add benchmarks for ellswift module
2d1d41a Add ctime tests for ellswift module
df633cd Add _prefix and _bip324 ellswift_xdh hash functions
9695deb Add tests for ellswift module
c47917b Add ellswift module implementing ElligatorSwift
79e5b2a Add functions to test if X coordinate is valid
a597a5a Add benchmark for key generation
30574f2 Merge bitcoin-core/secp256k1#1349: Normalize ge produced from secp256k1_pubkey_load
45c5ca7 Merge bitcoin-core/secp256k1#1350: scalar: introduce and use `secp256k1_{read,write}_be64` helpers
f165252 Normalize ge produced from secp256k1_pubkey_load
7067ee5 tests: add tests for `secp256k1_{read,write}_be64`
740528c scalar: use newly introduced `secp256k1_{read,write}_be64` helpers (4x64 impl.)
67214f5 Merge bitcoin-core/secp256k1#1339: scalar: refactor: use `secp256k1_{read,write}_be32` helpers
cb1a592 Merge bitcoin-core/secp256k1#1341: docs: correct `pubkey` param descriptions for `secp256k1_keypair_{xonly_,}pub`
f364428 docs: correct `pubkey` param descriptions for `secp256k1_keypair_{xonly_,}pub`
887183e scalar: use `secp256k1_{read,write}_be32` helpers (4x64 impl.)
52b8423 scalar: use `secp256k1_{read,write}_be32` helpers (8x32 impl.)
e449af6 Drop no longer needed `#include "../include/secp256k1.h"`
60556c9 Merge bitcoin-core/secp256k1#1337: ci: Fix error D8037 in `cl.exe` (attempt 2)
db29bf2 ci: Remove quirk that runs dummy command after wineserver
c7db494 ci: Fix error D8037 in `cl.exe`
7dae115 Revert "ci: Move wine prefix to /tmp to avoid error D8037 in cl.exe"
bf29f8d Merge bitcoin-core/secp256k1#1334: fix input range comment for `secp256k1_fe_add_int`
605e07e fix input range comment for `secp256k1_fe_add_int`
debf3e5 Merge bitcoin-core/secp256k1#1330: refactor: take use of `secp256k1_scalar_{zero,one}` constants
d75dc59 Merge bitcoin-core/secp256k1#1333: test: Warn if both `VERIFY` and `COVERAGE` are defined
ade5b36 tests: add checks for scalar constants `secp256k1_scalar_{zero,one}`
e83801f test: Warn if both `VERIFY` and `COVERAGE` are defined
654246c refactor: take use of `secp256k1_scalar_{zero,one}` constants
908e02d Merge bitcoin-core/secp256k1#1328: build: Bump MSVC warning level up to W3
1549db0 build: Level up MSVC warnings
20a5da5 Merge bitcoin-core/secp256k1#1310: Refine release process
ad84603 release process: clarify change log updates
6348bc7 release process: fix process for maintenance release
79fa50b release process: mention targeted release schedule
1652067 release process: add sanity checks
09df0bf Merge bitcoin-core/secp256k1#1327: ci: Move wine prefix to /tmp to avoid error D8037 in cl.exe
27504d5 ci: Move wine prefix to /tmp to avoid error D8037 in cl.exe
d373a72 Merge bitcoin-core/secp256k1#1316: Do not invoke fe_is_zero on failed set_b32_limit
6433175 Do not invoke fe_is_zero on failed set_b32_limit
5f7903c Merge bitcoin-core/secp256k1#1318: build: Enable -DVERIFY for precomputation binaries
e9e4526 Merge bitcoin-core/secp256k1#1317: Make fe_cmov take max of magnitudes
5768b50 build: Enable -DVERIFY for precomputation binaries
31b4bbe Make fe_cmov take max of magnitudes
83186db Merge bitcoin-core/secp256k1#1314: release cleanup: bump version after 0.3.2
95448ef release cleanup: bump version after 0.3.2
acf5c55 Merge bitcoin-core/secp256k1#1312: release: Prepare for 0.3.2
d490ca2 release: Prepare for 0.3.2
3e3d125 Merge bitcoin-core/secp256k1#1309: changelog: Catch up
e8295d0 Merge bitcoin-core/secp256k1#1311: Revert "Remove unused scratch space from API"
697e1cc changelog: Catch up
3ad1027 Revert "Remove unused scratch space from API"
76b43f3 changelog: Add entry for bitcoin#1303
7d4f86d Merge bitcoin-core/secp256k1#1307: Mark more assembly outputs as early clobber
b54a067 Merge bitcoin-core/secp256k1#1304: build: Rename arm to arm32 and check if it's really supported
c6bb29b build: Rename `64bit` to `x86_64`
8c9ae37 Add release note
0324645 autotools: Add `SECP_ARM32_ASM_CHECK` macro
ed4ba23 cmake: Add `check_arm32_assembly` function
350b4bd Mark stack variables as early clobber for technical correctness
0c729ba Bugfix: mark outputs as early clobber in scalar x86_64 asm
3353d3c Merge bitcoin-core/secp256k1#1207: Split fe_set_b32 into reducing and normalizing variants
5b32602 Split fe_set_b32 into reducing and normalizing variants
006ddc1 Merge bitcoin-core/secp256k1#1306: build: Make tests work with external default callbacks
1907f0f build: Make tests work with external default callbacks
fb3a806 Merge bitcoin-core/secp256k1#1133: schnorrsig: Add test vectors for variable-length messages
cd54ac7 schnorrsig: Improve docs of schnorrsig_sign_custom
28687b0 schnorrsig: Add BIP340 varlen test vectors
97a98be schnorrsig: Refactor test vector code to allow varlen messages
ab5a917 Merge bitcoin-core/secp256k1#1303: ct: Use more volatile
9eb6934 Merge bitcoin-core/secp256k1#1305: Remove unused scratch space from API
073d98a Merge bitcoin-core/secp256k1#1292: refactor: Make 64-bit shift explicit
17fa217 ct: Be cautious and use volatile trick in more "conditional" paths
5fb336f ct: Use volatile trick in scalar_cond_negate
712e7f8 Remove unused scratch space from API
54d34b6 Merge bitcoin-core/secp256k1#1300: Avoid normalize conditional on VERIFY
c63ec88 Merge bitcoin-core/secp256k1#1066: Abstract out and merge all the magnitude/normalized logic
7fc642f Simplify secp256k1_fe_{impl_,}verify
4e176ad Abstract out verify logic for fe_is_square_var
4371f98 Abstract out verify logic for fe_add_int
89e324c Abstract out verify logic for fe_half
283cd80 Abstract out verify logic for fe_get_bounds
d5aa2f0 Abstract out verify logic for fe_inv{,_var}
3167646 Abstract out verify logic for fe_from_storage
76d31e5 Abstract out verify logic for fe_to_storage
1e6894b Abstract out verify logic for fe_cmov
be82bd8 Improve comments/checks for fe_sqrt
6ab3508 Abstract out verify logic for fe_sqr
4c25f6e Abstract out verify logic for fe_mul
e179e65 Abstract out verify logic for fe_add
7e7ad7f Abstract out verify logic for fe_mul_int
65d82a3 Abstract out verify logic for fe_negate
1446708 Abstract out verify logic for fe_get_b32
f7a7666 Abstract out verify logic for fe_set_b32
ce4d209 Abstract out verify logic for fe_cmp_var
7d7d43c Improve comments/check for fe_equal{,_var}
c5e788d Abstract out verify logic for fe_is_odd
d3f3fe8 Abstract out verify logic for fe_is_zero
c701d9a Abstract out verify logic for fe_clear
19a2bfe Abstract out verify logic for fe_set_int
864f9db Abstract out verify logic for fe_normalizes_to_zero{,_var}
6c31371 Abstract out verify logic for fe_normalize_var
e28b51f Abstract out verify logic for fe_normalize_weak
b6b6f9c Abstract out verify logic for fe_normalize
7fa5195 Bugfix: correct SECP256K1_FE_CONST mag/norm fields
e5cf4bf build: Rename `arm` to `arm32`
b29566c Merge magnitude/normalized fields, move/improve comments
97c63b9 Avoid normalize conditional on VERIFY
341cc19 Merge bitcoin-core/secp256k1#1299: Infinity handling: ecmult_const(infinity) works, and group verification
bbc8344 Avoid secp256k1_ge_set_gej_zinv with uninitialized z
0a2e0b2 Make secp256k1_{fe,ge,gej}_verify work as no-op if non-VERIFY
f202667 Add invariant checking to group elements
a18821d Always initialize output coordinates in secp256k1_ge_set_gej
3086cb9 Expose secp256k1_fe_verify to other modules
a0e696f Make secp256k1_ecmult_const handle infinity
24c768a Merge bitcoin-core/secp256k1#1301: Avoid using bench_verify_data as bench_sign_data; merge them
2e65f1f Avoid using bench_verify_data as bench_sign_data; merge them
1cf15eb Merge bitcoin-core/secp256k1#1296: docs: complete interface description for `secp256k1_schnorrsig_sign_custom`
149c41c docs: complete interface description for `secp256k1_schnorrsig_sign_custom`
f30c748 Merge bitcoin-core/secp256k1#1270: cmake: Fix library ABI versioning
d1e48e5 refactor: Make 64-bit shift explicit
b2e29e4 ci: Treat all compiler warnings as errors in "Windows (VS 2022)" task
3c81838 Merge bitcoin-core/secp256k1#1289: cmake: Use full signature of `add_test()` command
755629b cmake: Use full signature of `add_test()` command
bef448f cmake: Fix library ABI versioning
4b0f711 Merge bitcoin-core/secp256k1#1277: autotools: Clean up after adding Wycheproof
222ecaf Merge bitcoin-core/secp256k1#1284: cmake: Some improvements using `PROJECT_IS_TOP_LEVEL` variable
71f746c cmake: Include `include` directory for subtree builds
024a409 Merge bitcoin-core/secp256k1#1240: cmake: Improve and document compiler flag checks
a8d059f cmake, doc: Document compiler flags
6ece150 cmake, refactor: Rename `try_add_compile_option` to `try_append_cflags`
19516ed cmake: Use `add_compile_options()` in `try_add_compile_option()`
4b84f4b Merge bitcoin-core/secp256k1#1239: cmake: Bugfix and other improvements after bumping CMake up to 3.13
596b336 Merge bitcoin-core/secp256k1#1234: cmake: Add dev-mode
6b7e5b7 Merge bitcoin-core/secp256k1#1275: build: Fix C4005 "macro redefinition" MSVC warnings in examples
1c89536 Merge bitcoin-core/secp256k1#1286: tests: remove extra semicolon in macro
c4062d6 debug: move helper for printing buffers into util.h
7e977b3 autotools: Take VPATH builds into account when generating testvectors
2418d32 autotools: Create src/wycheproof dir before creating file in it
8764034 autotools: Make all "pregenerated" targets .PHONY
e1b9ce8 autotools: Use same conventions for all pregenerated files
3858bad tests: remove extra semicolon in macro
1f33bb2 Merge bitcoin-core/secp256k1#1205: field: Improve docs +tests of secp256k1_fe_set_b32
162da73 tests: Add debug helper for printing buffers
e9fd3df field: Improve docs and tests of secp256k1_fe_set_b32
f6bef03 Merge bitcoin-core/secp256k1#1283: Get rid of secp256k1_fe_const_b
5431b9d cmake: Make `SECP256K1_INSTALL` default depend on `PROJECT_IS_TOP_LEVEL`
5ec1333 Merge bitcoin-core/secp256k1#1285: bench: Make sys/time.h a system include
68b16a1 bench: Make sys/time.h a system include
162608c cmake: Emulate `PROJECT_IS_TOP_LEVEL` for CMake<3.21
69e1ec0 Get rid of secp256k1_fe_const_b
ce5ba9e gitignore: Add CMakeUserPresets.json
0a446a3 cmake: Add dev-mode CMake preset
a6f4bcf Merge bitcoin-core/secp256k1#1231: Move `SECP256K1_INLINE` macro definition out from `include/secp256k1.h`
a273d74 cmake: Improve version comparison
6a58b48 cmake: Use `if(... IN_LIST ...)` command
2445808 cmake: Use dedicated `GENERATOR_IS_MULTI_CONFIG` property
9f8703e cmake: Use dedicated `CMAKE_HOST_APPLE` variable
8c20170 cmake: Use recommended `add_compile_definitions` command
04d4cc0 cmake: Add `DESCRIPTION` and `HOMEPAGE_URL` options to `project` command
8a8b653 cmake: Use `SameMinorVersion` compatibility mode
5b0444a Merge bitcoin-core/secp256k1#1263: cmake: Make installation optional
47ac3d6 cmake: Make installation optional
2e035af Merge bitcoin-core/secp256k1#1273: build: Make `SECP_VALGRIND_CHECK` preserve `CPPFLAGS`
5be353d Merge bitcoin-core/secp256k1#1279: tests: lint wycheproof's python script
08f4b16 autotools: Move code around to tidy Makefile
04bf3f6 Merge bitcoin-core/secp256k1#1230: Build: allow static or shared but not both
9ce9984 Merge bitcoin-core/secp256k1#1265: Remove bits argument from secp256k1_wnaf_const{_xonly}
566faa1 Merge bitcoin-core/secp256k1#1267: doc: clarify process for patch releases
ef49a11 build: allow static or shared but not both
35ada3b tests: lint wycheproof's python script
529b54d autotools: Move Wycheproof header from EXTRA_DIST to noinst_HEADERS
dc0657c build: Fix C4005 "macro redefinition" MSVC warnings in examples
1ecb94e build: Make `SECP_VALGRIND_CHECK` preserve `CPPFLAGS`
1b6fb55 doc: clarify process for patch releases
a575339 Remove bits argument from secp256k1_wnaf_const (always 256)
36b0adf build: remove warning until it's reproducible
8e142ca Move `SECP256K1_INLINE` macro definition out from `include/secp256k1.h`
7744589 Remove `SECP256K1_INLINE` usage from examples
ca92a35 field: Simplify code in secp256k1_fe_set_b32
d93f62e field: Verify field element even after secp256k1_fe_set_b32 fails

git-subtree-dir: src/secp256k1
git-subtree-split: 705ce7e
@sipa
Update src/secp256k1 subtree to version with ElligatorSwift support
a143a12
@sipa sipa force-pushed the 202304_bip324_ellswift branch from c5c91e4 to ff58a4a Compare June 21, 2023 15:44
@DrahtBot DrahtBot requested a review from theStack June 23, 2023 19:04
theStack
theStack approved these changes Jun 23, 2023
View reviewed changes
Copy link
Contributor

@theStack theStack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

re-ACK 3168b08

@theStack theStack mentioned this pull request Jun 26, 2023
Merged
maflcko
maflcko reviewed Jun 26, 2023
View reviewed changes
Copy link
Member

@maflcko maflcko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

left some style nits, feel free to ignore, unless you retouch for other reasons.

src/span.h
@@ -274,6 +274,7 @@ Span<std::byte> MakeWritableByteSpan(V&& v) noexcept
// Helper functions to safely cast to unsigned char pointers.
inline unsigned char* UCharCast(char* c) { return (unsigned char*)c; }
inline unsigned char* UCharCast(unsigned char* c) { return c; }
inline unsigned char* UCharCast(std::byte* c) { return (unsigned char*)c; }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style-nit: Obviously doesn't matter here, but could use reinterpret_cast to guard against accidentally removing constness. (And for symmetry with UCharCast(const std::byte*))

Suggested change
inline unsigned char* UCharCast(std::byte* c) { return (unsigned char*)c; }
inline unsigned char* UCharCast(std::byte* c) { return reinterpret_cast<unsigned char*>(c); }

src/bench/ellswift.cpp
uint256 entropy = GetRandHash();

bench.batch(1).unit("pubkey").run([&] {
auto ret = key.EllSwiftCreate(AsBytes(Span{entropy}));
Copy link
Member

@maflcko maflcko Jun 22, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
auto ret = key.EllSwiftCreate(AsBytes(Span{entropy}));
auto ret = key.EllSwiftCreate(MakeByteSpan(entropy));

style nit: Can use the alias which does the same.

src/test/key_tests.cpp
BOOST_CHECK(key.IsValid());

uint256 ent32 = InsecureRand256();
auto ellswift = key.EllSwiftCreate(AsBytes(Span{ent32}));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
auto ellswift = key.EllSwiftCreate(AsBytes(Span{ent32}));
auto ellswift = key.EllSwiftCreate(MakeByteSpan(ent32));

@DrahtBot DrahtBot mentioned this pull request Jun 26, 2023
Closed
@achow101
Copy link
Member

ACK 3168b08

@DrahtBot DrahtBot removed the request for review from achow101 June 26, 2023 20:48
@achow101 achow101 merged commit 679f825 into bitcoin:master Jun 26, 2023
sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Jun 27, 2023
@achow101
Merge bitcoin#27479: BIP324: ElligatorSwift integrations
86a3a6b
@ryanofsky ryanofsky mentioned this pull request Jun 27, 2023
Merged
@dergoegge dergoegge mentioned this pull request Jun 28, 2023
Closed
achow101 added a commit that referenced this pull request Jun 28, 2023
@achow101
Merge #26222: Introduce secp256k1 module with field and group classes…
626d346 
… to test framework

d4fb58a test: EC: optimize scalar multiplication of G by using lookup table (Sebastian Falbesoner)
1830dd8 test: add secp256k1 module with FE (field element) and GE (group element) classes (Pieter Wuille)

Pull request description:

  This PR rewrites a portion of `test_framework/key.py`, in a compatible way, by introducing classes that encapsulate field element and group element logic, in an attempt to be more readable and reusable.

  To maximize readability, the group element logic does not use Jacobian coordinates. Instead, group elements just store (affine) X and Y coordinates directly. To compensate for the performance loss this causes, field elements are represented as fractions. This undoes most, but not all, of the performance loss, and there is a few % slowdown (as measured in `feature_taproot.py`, which heavily uses this).

  The upside is that the implementation for group laws (point doubling, addition, subtraction, ...) is very close to the mathematical description of elliptic curves, and this extends to potential future extensions (e.g. ElligatorSwift as needed by #27479).

ACKs for top commit:
  achow101:
    ACK d4fb58a
  theStack:
    re-ACK d4fb58a
  stratospher:
    tested ACK d4fb58a. really liked how this PR makes the secp256k1 code in the tests more intuitive and easier to follow!

Tree-SHA512: 9e0d65d7de0d4fb35ad19a1c19da7f41e5e1db33631df898c6d18ea227258a8ba80c893dab862b0fa9b0fb2efd0406ad4a72229ee26d7d8d733dee1d56947f18
sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Jun 30, 2023
@achow101
Merge bitcoin#26222: Introduce secp256k1 module with field and group …
b54fe90 
…classes to test framework

d4fb58a test: EC: optimize scalar multiplication of G by using lookup table (Sebastian Falbesoner)
1830dd8 test: add secp256k1 module with FE (field element) and GE (group element) classes (Pieter Wuille)

Pull request description:

  This PR rewrites a portion of `test_framework/key.py`, in a compatible way, by introducing classes that encapsulate field element and group element logic, in an attempt to be more readable and reusable.

  To maximize readability, the group element logic does not use Jacobian coordinates. Instead, group elements just store (affine) X and Y coordinates directly. To compensate for the performance loss this causes, field elements are represented as fractions. This undoes most, but not all, of the performance loss, and there is a few % slowdown (as measured in `feature_taproot.py`, which heavily uses this).

  The upside is that the implementation for group laws (point doubling, addition, subtraction, ...) is very close to the mathematical description of elliptic curves, and this extends to potential future extensions (e.g. ElligatorSwift as needed by bitcoin#27479).

ACKs for top commit:
  achow101:
    ACK d4fb58a
  theStack:
    re-ACK d4fb58a
  stratospher:
    tested ACK d4fb58a. really liked how this PR makes the secp256k1 code in the tests more intuitive and easier to follow!

Tree-SHA512: 9e0d65d7de0d4fb35ad19a1c19da7f41e5e1db33631df898c6d18ea227258a8ba80c893dab862b0fa9b0fb2efd0406ad4a72229ee26d7d8d733dee1d56947f18
@sipa sipa mentioned this pull request Sep 4, 2023
Merged
fanquake added a commit that referenced this pull request Sep 5, 2023
@fanquake
Merge #28404: Update libsecp256k1 subtree to release 0.4.0
8c7e735 
c0da4f6 Squashed 'src/secp256k1/' changes from c545fdc..199d27c (Pieter Wuille)

Pull request description:

  We had previously pulled in a non-released commit along with #27479. The necessary changes have now been released in version 0.4.0, so update to that.

ACKs for top commit:
  hebasto:
    ACK 0e0fc18, having a zero diff with my local branch that updates the `secp256k1` subtree up to v0.4.0.
  fanquake:
    ACK 0e0fc18

Tree-SHA512: 8b771e7da89b9cdb7a680b9dd4eb99a6f737b32914b0b62c485b3c484e5438f9f60942030d3072243aaa196da22d2b1fdb3b6a668d75a46e6ac78c9d86b4bd8b
Frank-GER pushed a commit to syscoin/syscoin that referenced this pull request Sep 8, 2023
@fanquake
Merge bitcoin#28404: Update libsecp256k1 subtree to release 0.4.0
66f3ee3 
c0da4f6 Squashed 'src/secp256k1/' changes from c545fdc..199d27c (Pieter Wuille)

Pull request description:

  We had previously pulled in a non-released commit along with bitcoin#27479. The necessary changes have now been released in version 0.4.0, so update to that.

ACKs for top commit:
  hebasto:
    ACK 0e0fc18, having a zero diff with my local branch that updates the `secp256k1` subtree up to v0.4.0.
  fanquake:
    ACK 0e0fc18

Tree-SHA512: 8b771e7da89b9cdb7a680b9dd4eb99a6f737b32914b0b62c485b3c484e5438f9f60942030d3072243aaa196da22d2b1fdb3b6a668d75a46e6ac78c9d86b4bd8b
kwvg added a commit to kwvg/dash that referenced this pull request Sep 9, 2023
@kwvg
merge bitcoin#27479: BIP324: ElligatorSwift integrations
c77cab2
kwvg added a commit to kwvg/dash that referenced this pull request Sep 9, 2023
@kwvg
merge bitcoin#27479: BIP324: ElligatorSwift integrations
6effc62
This was referenced Sep 9, 2023
Merged
Merged
kwvg added a commit to kwvg/dash that referenced this pull request Sep 24, 2023
@kwvg
merge bitcoin#27479: BIP324: ElligatorSwift integrations
e9bbd48
kwvg added a commit to kwvg/dash that referenced this pull request Sep 28, 2023
@kwvg
merge bitcoin#27479: BIP324: ElligatorSwift integrations
5a608b0
kwvg added a commit to kwvg/dash that referenced this pull request Sep 28, 2023
@kwvg
merge bitcoin#27479: BIP324: ElligatorSwift integrations
3cab540
ogabrielides pushed a commit to ogabrielides/dash that referenced this pull request Nov 15, 2023
@kwvg @ogabrielides
merge bitcoin#27479: BIP324: ElligatorSwift integrations
d40ab43
UdjinM6 pushed a commit to kwvg/dash that referenced this pull request Nov 15, 2023
@kwvg @UdjinM6
merge bitcoin#27479: BIP324: ElligatorSwift integrations
a295388
UdjinM6 pushed a commit to kwvg/dash that referenced this pull request Nov 16, 2023
@kwvg @UdjinM6
merge bitcoin#27479: BIP324: ElligatorSwift integrations
1a122a0
UdjinM6 pushed a commit to kwvg/dash that referenced this pull request Nov 20, 2023
@kwvg @UdjinM6
merge bitcoin#27479: BIP324: ElligatorSwift integrations
2fbbe12
PastaPastaPasta pushed a commit to kwvg/dash that referenced this pull request Nov 21, 2023
@kwvg @PastaPastaPasta
merge bitcoin#27479: BIP324: ElligatorSwift integrations
78a9f1e
PastaPastaPasta added a commit to dashpay/dash that referenced this pull request Nov 21, 2023
@PastaPastaPasta
Merge pull request #5575 from kwvg/secp256k1
39ce20c 
backport: merge bitcoin#27479, bitcoin#27230, bitcoin#25251, partial bitcoin#22934, bitcoin#23383, bitcoin#24792, bitcoin#26691, bitcoin#27445 (secp256k1 update)
@bitcoin bitcoin locked and limited conversation to collaborators Jun 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@achow101 achow101 achow101 left review comments

@maflcko maflcko maflcko left review comments

@theStack theStack theStack approved these changes

@instagibbs instagibbs instagibbs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@sipa @DrahtBot @fanquake @achow101 @instagibbs @theStack @maflcko @dhruv