Pieter Wuille
a55166950f
Merge pull request #295
...
c996d53
2015-09-19 21:24:31 +02:00
Pieter Wuille
dc0ce9fc41
[API BREAK] Change argument order to out/outin/in
2015-09-04 17:45:57 +02:00
Pieter Wuille
c822693eff
Merge pull request #301
...
b183b41
2015-09-04 16:17:20 +02:00
Pieter Wuille
6d043505b0
Merge pull request #303
...
263dcbc
2015-09-04 16:15:14 +02:00
Gregory Maxwell
5fb32296af
Fixes a bug where bench_sign would fail due to passing in too small a buffer.
...
This was introduced by the recent API change when the signature types were split.
2015-09-03 18:47:30 +00:00
Cory Fields
263dcbca4a
remove unused assignment
2015-09-02 23:52:09 -04:00
Cory Fields
b183b41122
bugfix: "ARG_CHECK(ctx != NULL)" makes no sense
...
Move all context checks to VERIFY_CHECK and be sure they come before all
ARG_CHECKs.
2015-09-02 23:42:51 -04:00
Pieter Wuille
c996d53ab1
Print success
2015-08-28 02:29:08 +02:00
Pieter Wuille
9f443be086
Move pubkey recovery code to separate module
2015-08-28 01:51:52 +02:00
Pieter Wuille
d49abbd5a0
Separate ECDSA recovery tests
2015-08-27 22:47:24 +02:00
Pieter Wuille
439d34adc6
Separate recoverable and normal signatures
2015-08-27 22:47:24 +02:00
Pieter Wuille
2f77487012
Add context building benchmarks
2015-08-27 01:14:28 +02:00
Veres Lajos
de7e398dfa
small typo fix
2015-08-10 22:05:52 +01:00
Pieter Wuille
a5a66c70b6
Add support for custom EC-Schnorr-SHA256 signatures
2015-08-03 20:08:51 +02:00
Peter Dettman
72ae443afb
Improve perf. of cmov-based table lookup
2015-08-01 10:57:36 -05:00
Andrew Poelstra
92e53fc4c8
Implement endomorphism optimization for secp256k1_ecmult_const
2015-08-01 10:57:36 -05:00
Andrew Poelstra
ed35d43a0c
Make secp256k1_scalar_add_bit conditional; make secp256k1_scalar_split_lambda_var constant time
...
This has the effect of making `secp256k1_scalar_mul_shift_var` constant
time in both input scalars. Keep the _var name because it is NOT constant
time in the shift amount.
As used in `secp256k1_scalar_split_lambda_var`, the shift is always
the constant 272, so this function becomes constant time, and it
loses the `_var` suffix.
2015-08-01 10:57:36 -05:00
Andrew Poelstra
91c0ce95ca
Add benchmarks for ECDH and const-time multiplication
2015-08-01 10:57:36 -05:00
Andrew Poelstra
0739bbb6f0
Add ECDH module which works by hashing the output of ecmult_const
2015-08-01 10:57:33 -05:00
Andrew Poelstra
4401500060
Add constant-time multiply secp256k1_ecmult_const for ECDH
...
Designed with clear separation of the wNAF conversion, precomputation
and exponentiation (since the precomp at least we will probably want
to separate in the API for users who reuse points a lot.
Future work:
- actually separate precomp in the API
- do multiexp rather than single exponentiation
2015-07-31 12:39:09 -05:00
Andrew Poelstra
baa75da59d
tests: add a couple tests
...
- Add zero/one sanity check tests for ecmult
- Add unit test for secp256k1_scalar_split_lambda_var
- Typo fix in `ge_equals_ge`; was comparing b->y to itself, should
have been comparing a->y to b->y
- Normalize y-coordinate in `random_group_element_test`; this is
needed to pass random group elements as the first argument to
`ge_equals_ge`, which I will do in a future commit.
2015-07-29 13:26:12 -05:00
Pieter Wuille
995c548771
Introduce callback functions for dealing with errors.
2015-07-26 18:08:38 +02:00
Pieter Wuille
18c329c506
Remove the internal secp256k1_ecdsa_sig_t type
2015-07-26 16:52:17 +02:00
Pieter Wuille
74a2acdb8a
Add a secp256k1_ecdsa_signature_t type
2015-07-26 16:02:20 +02:00
Pieter Wuille
23cfa914d2
Introduce secp256k1_pubkey_t type
2015-07-26 15:59:07 +02:00
Pieter Wuille
3e6f1e20dc
Change rfc6979 implementation to be a generic PRNG
2015-07-24 22:07:14 +02:00
Pieter Wuille
5133f78651
Merge pull request #254
...
733c1e6fbecc38
2015-07-14 11:28:55 -04:00
Pieter Wuille
b0a60e6d33
Merge pull request #258
...
e2a07c7
2015-07-13 21:03:47 -04:00
Thomas Daede
fbecc38a89
Add ability to use a statically generated ecmult context.
...
This vastly shrinks the size of the context required for signing on devices with
memory-mapped Flash.
Tables are generated by the new gen_context tool into a header.
2015-07-13 18:00:03 -07:00
Pieter Wuille
4fb174df08
Merge pull request #263
...
99fd963
2015-07-13 20:55:34 -04:00
Pieter Wuille
4ab8990c52
Merge pull request #270
...
36b305a
2015-07-13 20:27:29 -04:00
Pieter Wuille
bdf0e0c268
Merge pull request #271
...
55399c2 Further performance improvements to _ecmult_wnaf (Peter Dettman)
145cc6e
2015-07-13 20:25:18 -04:00
Pieter Wuille
31d0c1fd12
Merge pull request #273
...
eb2c8ff
2015-07-13 19:21:12 -04:00
Andrew Poelstra
eb2c8ffedf
Add missing casts to SECP256K1_FE_CONST_INNER
2015-07-13 08:19:35 -05:00
Peter Dettman
55399c23f7
Further performance improvements to _ecmult_wnaf
...
- Initialize 'wnaf' to zeroes using memset
- Add new 'len' arg to speed up smaller scalars (mostly for endo=yes)
2015-07-13 22:46:42 +10:00
Thomas Kerin
99fd963bd5
Add secp256k1_ec_pubkey_compress(), with test similar to the related decompress() function.
2015-07-13 13:09:00 +01:00
Peter Dettman
145cc6ea8f
Improve performance of _ecmult_wnaf
...
- Track carry explicitly instead of adding to scalar
- Branch-free code for carry calculations
2015-07-11 13:49:04 +10:00
Pieter Wuille
36b305a82b
Verify the result of GMP modular inverse using non-GMP code
2015-07-09 11:21:37 -04:00
Pieter Wuille
0cbc8600f3
Merge pull request #266
...
3f3964ea0601cd
2015-07-08 17:04:38 -04:00
Peter Dettman
5a43124c69
Save 1 _fe_negate since s1 == -s2
2015-07-07 22:30:00 +10:00
Peter Dettman
a5d796e0b1
Update code comments
2015-07-07 09:16:15 +09:30
Peter Dettman
3f3964e49c
Add specific VERIFY tests for _fe_cmov
2015-07-06 12:41:30 +09:30
Peter Dettman
7d054cd030
Refactor to save a _fe_negate
2015-07-04 16:38:46 +09:30
Peter Dettman
b28d02a5d5
Refactor to remove a local var
2015-07-04 16:30:56 +09:30
Peter Dettman
55e7fc32cb
Perf. improvement in _gej_add_ge
...
- Avoid one weak normalization
- Change one full normalization to weak
- Avoid unnecessary fe assignment
- Update magnitude annotations
2015-07-04 16:21:35 +09:30
Peter Dettman
a0601cd79c
Fix VERIFY calculations in _fe_cmov methods
2015-07-04 13:50:15 +09:30
Pieter Wuille
765742021a
Add tests for adding P+Q with P.x!=Q.x and P.y=-Q.y
2015-06-29 08:22:06 -07:00
Andrew Poelstra
8c5d5f7b5b
tests: Add failing unit test for #257 (bad addition formula)
2015-06-29 08:22:06 -07:00
Andrew Poelstra
5de4c5dffd
gej_add_ge: fix degenerate case when computing P + (-lambda)P
...
If two points (x1, y1) and (x2, y2) are given to gej_add_ge with
x1 != x2 but y1 = -y2, the function gives a wrong answer since
this causes it to compute "lambda = 0/0" during an intermediate
step. (Here lambda refers to an auxiallary variable in the point
addition formula, not the cube-root of 1 used by the endomorphism
optimization.)
This commit catches the 0/0 and replaces it with an alternate
expression for lambda, cmov'ing it in place if necessary.
2015-06-29 08:21:58 -07:00
Andrew Poelstra
bcf2fcfd3a
gej_add_ge: rearrange algebra
...
There is zero functionality or opcount changes here; I need to do
this to make sure both R and M are computed before they are used,
since a future patch will replace either none or both of them.
Also compute r->y directly in terms of r->x, which again will be
used in a future patch.
2015-06-23 12:44:15 -07:00
