-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
added usage of node-secp256k1 bindings module as optional module #350
Conversation
hmm, I asumed that |
Is there a benchmark we can look at? There's also "This library is experimental, so use at your own risk." on their readme. We should at least make sure wherever we use it, we run it against our existing test cases and they all pass. Technically it's doable if we push the For browserify support we will also need to add something like |
This seems like a bad idea as Bitcore originally started down this path of having native bindings in Node.js and different code in the browser; AFAIK there were subtle bugs. Long-term (short-term?), the elliptic crypto code should drop |
I think we should move to |
@jprichardson @dcousens I hear both of you saying we should move to elliptic. What are the motivations behind that? If it's performance, do we have benchmarks?
How does moving to elliptic block us from considering node-secp256k1? |
@weilu its not hard to run the benchmarks yourself: https://github.com/indutny/elliptic/blob/master/benchmarks/index.js It is a lot faster, and given that this PR is about moving to native bindings because performance is better, it would seem that we should first see if switching to elliptic doesn't resolve the issue adequately enough first. |
@dcousens thanks for the link. Here's my benchmark result off elliptic master (https://github.com/indutny/elliptic/releases/tag/v2.0.2)
|
Put things into perspective for the two functions we care about: Switching from ecdsa to elliptic is expected to give us 10x and 6x performance improvement. For 36x and 57x speed gain (secp256k1 over elliptic), I don't think we should dismiss secp256k1 so quickly. And I don't see why switching to elliptic should stand in the way of considering secp256k1. |
I don't disagree, I'm just saying the improvement of elliptic over the
|
Do we want |
@jprichardson agreed. I'd much rather stay stable for now, move to |
secp526k1 is what bitcoin core uses, we can't be more stable than that really ... or at least if we have the same bugs are bitcoin core then we're following consensus xD by relying on the javascript code you're preferring to potentially have differences from bitcoin core just because you want those differences to be consistent between browser and nodejs. but I get that! I was expecting you to make this argument, and I'd make the same call if I were you, I made the PR just to get a discussion going ;-) and switching to however, maybe there could be an easy way of making it configurable? |
Thanks for evaluating this PR and opening the discussion. I'm also in favour to having an option to use the sep256k1 implementation: real field usage has shown that developers are manually patching the library due to the huge performance improvements, even if this means less tested code. So, an option to have it cleany available would be certainly be an improvement. |
Again, my stand on this isn't that we should absolutely move to support secp526k1 right now. If you read my comment above, I'm suggesting that 1) we need to make sure the performance gain is significant enough to justify this. AND 2) we should at least make sure whatever we decide to switch over, we should run it against our existing test cases and make sure they all pass. I think the benchmark gives us a green light on 1). Point 2) deserves a bit more discussion here. To @jprichardson's point:
That's exactly why I proposed that we make sure we have Travis constantly running the same set of test cases against both code paths. That will provide us the level of confidence as low (or as high) as our test cases could cover. We will notice (and fix) any divergence when either code path changes. Until we have such a CI setup, I wouldn't be comfortable supporting two code paths either, regardless of the explicit option to switch sep256k1 implementation as proposed by @rubensayshi. |
I'm still not convinced that moving to elliptic stops us from considering node-secp256k1. No one will complain that code runs too fast. |
On bitcore: We had some C++ code for "key", which had a completely different interface from the pure javascript code in the browser. We ended up implementing many things twice, even pure javascript things that merely depended on the elliptic curve stuff. It was such a pain to deal with this that it was better to remove the C++ code than try to make the interface the same as the pure javascript code. We also updated the pure javascript crypto from cryptojs to elliptic for significant speed gains of around 5x. IMO, the right long-term approach is to use the new bitcoin core consensus library that is being developed in node, which obviously includes (or will include) libsecp256k1. Try to wrap that code in an interface that is exactly the same as the interface exposed in the browser so that you don't have to implement a bunch of things twice. Also, elliptic has not been thoroughly audited. One of the BitPay developers found a money-losing bug in elliptic merely by running a bunch of random tests. There are probably more errors. IMO the right way to deal with this is to rewrite the secp256k1 part of elliptic, determine all edge cases, write tests for those, confirm the same tests pass elliptic, have many people review this code, confirm the performance is better or at least the same, then use that code instead of elliptic. We don't need all the other curves supported by elliptic. We need a bitcoin-only pure javascript implementation of secp256k1. A pure javascript version of libsecp256k1. |
in #361 it's suggested to use emscriptem for the browser version which is already faster than the baseline bitcoinjs-lib and then we'd have consistency between nodejs and browser! |
95bcf4b
to
bf540d4
Compare
bf540d4
to
1036dee
Compare
I don't think we should use both modules simultaneously, it should be a full switch-over if |
@fanatid, you might be able to rebase this work with the |
Related to #623 |
Closing (for now) in favour of #737, as it depends on how we answer that question |
https://github.com/wanderer/secp256k1-node provides nodejs bindings for https://github.com/bitcoin/secp256k1
it's a pretty decent performance gain using this module instead of the current js implementation.
in this PR it will switch to using it if it's installed, because I couldn't really think of a nice way to 'configure' bitcoinjs-lib to enable / disable it...
just putting this 'out there' to see what you think of it