Upgrade to secp256k1 v0.23.0 #1066
Conversation
tcharding
force-pushed
the
06-28-upgrade-secp
branch
from
515c4a2
to
d77fd11
Compare
|
CI is failing because of a bug in secp, fixed in: rust-bitcoin/rust-secp256k1#466 |
0c15c01 Use fuzzing not feature = "fuzzing" (Tobin C. Harding) Pull request description: Currently the following command fails `RUSTFLAGS='--cfg=fuzzing' RUSTDOCFLAGS='--cfg=fuzzing' cargo test --all --all-features` This is because `fuzzing` is not a feature, we should be using `fuzzing` directly not `feature = "fuzzing"`. ~I have no idea how this got past CI~, found while trying to [upgrade secp in bitcoin](rust-bitcoin/rust-bitcoin#1066). This got past CI because of the feature gate combination `#[cfg(all(test, feature = "unstable"))]`, we never run tests on CI with both DO_FEATURE_MATRIX and DO_BENCH. ``` if [ "$DO_FEATURE_MATRIX" = true ]; then ... if [ "$DO_BENCH" = true ]; then # proxy for us having a nightly compiler cargo test --all --all-features RUSTFLAGS='--cfg=fuzzing' RUSTDOCFLAGS='--cfg=fuzzing' cargo test --all --all-features fi fi ``` ACKs for top commit: apoelstra: ACK 0c15c01 Tree-SHA512: 08ada4eb20c3b7b128a225ed66cc621af097367f8ca19128b868d1b5de897f46d19f3a96a06ebd5dfaa288bc4477046f5d1214f0cdc33237b0ace079c539fc9e
Unfortunately, the expect will have to stay. Whenever we hash a point, with a low probability it will fail to be a scalar (1/2^128). The previous code would have panicked at "Tap Tweak failed". |
tcharding
force-pushed
the
06-28-upgrade-secp
branch
from
d77fd11
to
7e02e64
Compare
|
Oh, thanks man, I see it now Why did we elect to keep this as a panic and not return the error? Is it because it is statistically unlikely? |
|
It's more than statistically unlikely. There is literally no aspect of your reality more likely to be real than that this |
|
So definitely not worth adding an error for :) I'll remove the |
tcharding
force-pushed
the
06-28-upgrade-secp
branch
2 times, most recently
from
72e0eea
to
2194f0d
Compare
|
Added this comment I prefer your comment @apoelstra but it didn't read as well once it was in the code :) |
tcharding
force-pushed
the
06-28-upgrade-secp
branch
from
2194f0d
to
171c5d3
Compare
src/util/taproot.rs
Outdated
|
|
||
| /// Converts a `TapTweakHash` into a `Scalar` ready for use with key tweaking API. | ||
| pub fn to_scalar(&self) -> Scalar { | ||
| // This is statistically extremely unlikely to panic (1/2^128). |
There was a problem hiding this comment.
Note that wile you're correct it's unlikely, the probability is not 1/2^128 but 432420386565659656852420866394968145599 / 2^256; still same order of magnitude. :)
There was a problem hiding this comment.
I copied that from @sanket1729 and do not know where either of these numbers come from, can someone please justify their number so I can understand and I'll fix the comment.
There was a problem hiding this comment.
For now I have just removed the probability.
There was a problem hiding this comment.
The number is the difference between our group's size and 2^256, I believe.
There was a problem hiding this comment.
Isn't the group size equal to p?
p = 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1
= 4294968237
There was a problem hiding this comment.
It's equal to n from the same page. Yes, it's confusing but there are actually two groups/fields in secp256k1 - one for coordinates, the other for points/scalars. Unsurprisingly, this is not the first time I've seen people being confused. :)
(Writing my own toy secp256k1 lib was a great learning experience, 100% recommend!)
There was a problem hiding this comment.
one for coordinates, the other for points/scalars
I'm totally lost by this statement, added writing a toy secp lib to my todo list, good idea!
| @@ -90,6 +90,12 @@ impl TapTweakHash { | |||
| } | |||
| TapTweakHash::from_engine(eng) | |||
| } | |||
|
|
|||
| /// Converts a `TapTweakHash` into a `Scalar` ready for use with key tweaking API. | |||
| pub fn to_scalar(&self) -> Scalar { | |||
There was a problem hiding this comment.
Perhaps motivating to add something similar to ThirtyTwoByteHash but for scalar. (trait ToScalar { fn to_scalar(&self) -> Scalar; } impl<T: ThirtyTwoByteHash> ToScalar for T { /* ... */ }) and accept T: ToScalar in tweaking fns. But maybe it's too many generics?
There was a problem hiding this comment.
I'm going to leave this for now, mainly because I have a weeks worth of notifications to work through.
src/util/bip32.rs
Outdated
| let mut sk = secp256k1::SecretKey::from_slice(&hmac_result[..32])?; | ||
| sk.add_assign(&self.private_key[..])?; | ||
| let sk = secp256k1::SecretKey::from_slice(&hmac_result[..32])?; | ||
| let tweaked = sk.add_tweak(&self.private_key.into())?; |
There was a problem hiding this comment.
Since both are cryptographically unlikely maybe panic would be better?
There was a problem hiding this comment.
Agreed, though don't feel very strongly..
It's somewhat "unfortunate" that Rust makes it easier to propagate impossible-to-hit error conditions than it does to assert on them.
There was a problem hiding this comment.
Used expect as suggested.
Generally, forcing newest version if not required is not good. |
Did you mean in general because in this instance it is required since we use new functionality that does not exist in lower versions. Or am I missing something? |
tcharding
force-pushed
the
06-28-upgrade-secp
branch
from
171c5d3
to
4f753b2
Compare
|
Changes in force push:
|
Do we? I didn't notice and I'm really exhausted rn, so I can't re-check myself. |
|
Uses the new functional style methods |
|
That one is available since 0.23.0 |
|
Ok, I seen now you are correct and I was confused, I got mixed up between the three point releases we did and the 23.0 release, my bad. Will fix. |
We recently released a new version of `rust-secp256k1`, upgrade to use it.
tcharding
force-pushed
the
06-28-upgrade-secp
branch
from
4f753b2
to
36f29d4
Compare
|
Changes in force push:
|
36f29d4 Upgrade to secp256k1 v0.23.0 (Tobin C. Harding) Pull request description: We recently released a new version of `rust-secp256k1`, upgrade to use it. ACKs for top commit: apoelstra: ACK 36f29d4 Kixunil: ACK 36f29d4 Tree-SHA512: 46a909dec8bc59daa78acdb76824d93f4f1da0e9736cf6ca443d3bbadfa43867e720293bb7c4919cb0658e75ec59daeffea080611f0e7eed4df439ddac0305de
We recently released a new version of
rust-secp256k1, upgrade to use it.