status-im
/
secp256k1
mirror of https://github.com/status-im/secp256k1.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,490 Commits 1 Branch 0 Tags 12 MiB
Commit Graph

1490 Commits

Author SHA1 Message Date
Pieter Wuille 9048def7c7 Avoid undefined shift behaviour 2014-12-03 18:10:52 +01:00
Pieter Wuille efb7d4b299 Use constant-time conditional moves instead of byte slicing 2014-12-03 02:41:55 +01:00
Pieter Wuille d220062ac2
Merge pull request #131 
82f9254 Fix typo (Pieter Wuille)
 2014-12-02 18:36:55 +01:00
Pieter Wuille 82f9254cc0 Fix typo 2014-12-02 18:35:33 +01:00
Pieter Wuille 601ca04f9a
Merge pull request #129 
35399e0 Bugfix: b is restricted, not r (Pieter Wuille)
 2014-12-02 17:52:43 +01:00
Pieter Wuille 35399e08c4 Bugfix: b is restricted, not r 2014-12-02 17:43:42 +01:00
Pieter Wuille c35ff1ea44 Convert lambda splitter to pure scalar code. 
This enables the use of the endomorphism optimization without bignum.
 2014-12-02 16:50:00 +01:00
Peter Dettman cc604e9842 Avoid division when decomposing scalars 
- In secp256k1_gej_split_exp, there are two divisions used. Since the denominator is a constant known at compile-time, each can be replaced by a multiplication followed by a right-shift (and rounding).
- Add the constants g1, g2 for this purpose and rewrite secp256k1_scalar_split_lambda_var accordingly.
- Remove secp256k1_num_div since no longer used

Rebased-by: Pieter Wuille
 2014-12-02 16:50:00 +01:00
Pieter Wuille ff8746d457 Add secp256k1_scalar_mul_shift_var 2014-12-02 16:50:00 +01:00
Pieter Wuille bd313f7d6e
Merge pull request #119 
597128d Make num optional (Pieter Wuille)
659b554 Make constant initializers independent from num (Pieter Wuille)
 2014-12-02 16:42:50 +01:00
Pieter Wuille 276f987d70
Merge pull request #124 
4d4eeea Make secp256k1_fe_mul_inner use the r != property (Pieter Wuille)
be82e92 Require that r and b are different for field multiplication. (Pieter Wuille)
 2014-12-02 16:39:20 +01:00
Pieter Wuille 25d125ec26
Merge pull request #126 
24b3c65 Add a test case for ECDSA recomputing infinity (Pieter Wuille)
32600e5 Add a test for r >= order signature handling (Pieter Wuille)
 2014-12-01 22:41:54 +01:00
Pieter Wuille 24b3c65e0d Add a test case for ECDSA recomputing infinity 2014-12-01 14:45:05 +01:00
Pieter Wuille 32600e5086 Add a test for r >= order signature handling 
Suggested by Greg Maxwell.
 2014-12-01 14:23:09 +01:00
Pieter Wuille 4d4eeea4ac Make secp256k1_fe_mul_inner use the r != property 
Suggested by Peter Dettman.
 2014-12-01 13:40:36 +01:00
Pieter Wuille be82e92fc4 Require that r and b are different for field multiplication. 
Suggested by Peter Dettman, this prepares for slightly faster muitiplication
which writes results immediately to r before finishing reading b.
 2014-12-01 13:40:34 +01:00
Pieter Wuille 597128d389 Make num optional 2014-12-01 12:38:38 +01:00
Pieter Wuille 659b554d7b Make constant initializers independent from num 2014-12-01 12:38:38 +01:00
Pieter Wuille 0af5b47133
Merge pull request #120 
e3d692f Explain why no y=0 check is necessary for doubling (Pieter Wuille)
f7dc1c6 Optimize doubling: secp256k1 has no y=0 point (Pieter Wuille)
 2014-12-01 12:38:13 +01:00
Pieter Wuille e2e8a362ad
Merge pull request #117 
c76be9e Remove unused num functions (Pieter Wuille)
4285a98 Move lambda-splitting code to scalar. (Pieter Wuille)
f24041d Switch all EC/ECDSA logic from num to scalar (Pieter Wuille)
6794be6 Add scalar splitting functions (Pieter Wuille)
d1502eb Add secp256k1_scalar_inverse_var which delegates to GMP (Pieter Wuille)
b5c9ee7 Make test_point_times_order test meaningful again (Pieter Wuille)
0b73059 Switch wnaf splitting from num-based to scalar-based (Pieter Wuille)
1e6c77c Generalize secp256k1_scalar_get_bits (Pieter Wuille)
5213207 Add secp256k1_scalar_add_bit (Pieter Wuille)
 2014-12-01 12:32:19 +01:00
Pieter Wuille c76be9efa0 Remove unused num functions 2014-11-30 23:38:01 +01:00
Pieter Wuille 4285a98722 Move lambda-splitting code to scalar. 
It's not really an operation on group elements.
 2014-11-30 23:38:01 +01:00
Pieter Wuille f24041d6aa Switch all EC/ECDSA logic from num to scalar 2014-11-30 23:38:01 +01:00
Pieter Wuille 6794be6080 Add scalar splitting functions 
Which currently delegate to the lambda-splitter in group.
 2014-11-30 23:38:01 +01:00
Pieter Wuille d1502eb459 Add secp256k1_scalar_inverse_var which delegates to GMP 2014-11-30 23:38:01 +01:00
Pieter Wuille b5c9ee756f Make test_point_times_order test meaningful again 
As wnaf splitting is scalar based, multiplying with the order directly
would be reduced to multiplication with zero before even converting to
wnaf.
 2014-11-30 23:38:01 +01:00
Pieter Wuille 0b73059709 Switch wnaf splitting from num-based to scalar-based 2014-11-30 23:38:01 +01:00
Pieter Wuille 1e6c77c321 Generalize secp256k1_scalar_get_bits 2014-11-30 23:38:01 +01:00
Pieter Wuille 5213207856 Add secp256k1_scalar_add_bit 2014-11-30 23:37:58 +01:00
Pieter Wuille 3c0ae43d66
Merge pull request #122 
6e05287 Do signature recovery/verification with 4 possible recid case (Pieter Wuille)
 2014-11-30 19:51:44 +01:00
Pieter Wuille 6e0528785d Do signature recovery/verification with 4 possible recid case 2014-11-29 10:57:50 +01:00
Pieter Wuille e3d692ff75 Explain why no y=0 check is necessary for doubling 
Explanation suggested by Greg Maxwell.
 2014-11-28 22:18:50 +01:00
Pieter Wuille f7dc1c6513 Optimize doubling: secp256k1 has no y=0 point 2014-11-28 22:18:30 +01:00
Pieter Wuille 666d3b5132
Merge pull request #121 
2a54f9b Correct typo in comment (Pieter Wuille)
 2014-11-28 21:23:07 +01:00
Pieter Wuille 2a54f9bcee Correct typo in comment 2014-11-28 16:39:36 +01:00
Pieter Wuille 3ce74b1266 Tweak precomputed table size for G 2014-11-26 23:45:49 +01:00
Pieter Wuille 9d64145781
Merge pull request #114 
99f0728 Fix secp256k1_num_set_bin handling of 0 (Pieter Wuille)
d907ebc Add bounds checking to field element setters (Pieter Wuille)
 2014-11-26 15:24:18 +01:00
Pieter Wuille 99f0728f23 Fix secp256k1_num_set_bin handling of 0 2014-11-26 15:21:31 +01:00
Pieter Wuille d907ebc0e3 Add bounds checking to field element setters 2014-11-26 15:21:31 +01:00
Pieter Wuille bb2cd94e09
Merge pull request #116 
665775b Don't split the g factor when not using endomorphism (Pieter Wuille)
 2014-11-26 15:19:59 +01:00
Pieter Wuille 665775b2b9 Don't split the g factor when not using endomorphism 2014-11-25 14:29:02 +01:00
Pieter Wuille 9431d6b112
Merge pull request #115 
e2274c5 build: osx: attempt to work with homebrew keg-only packages (Cory Fields)
 2014-11-25 13:51:52 +01:00
Cory Fields e2274c58e6 build: osx: attempt to work with homebrew keg-only packages 2014-11-24 11:49:22 -05:00
Pieter Wuille ad2028f989
Merge pull request #110 
3bf029d Add test that recovering infinity fails (Pieter Wuille)
4861f83 Test whether recovered public keys are not infinity (Pieter Wuille)
bbe67d8 Make secp256k1_eckey_pubkey_serialize fail for infinity (Pieter Wuille)
 2014-11-18 18:01:55 +01:00
Pieter Wuille 3bf029d676 Add test that recovering infinity fails 2014-11-18 13:13:17 +01:00
Pieter Wuille 4861f83686 Test whether recovered public keys are not infinity 
Fixes a bug discovered by Sergio Demian Lerner.
 2014-11-18 12:37:39 +01:00
Pieter Wuille bbe67d8b29 Make secp256k1_eckey_pubkey_serialize fail for infinity 2014-11-18 12:37:38 +01:00
Pieter Wuille 11a78460f4
Merge pull request #107 
f49b2ef Add DETERMINISTIC to avoid line number/source dependent binaries (Pieter Wuille)
 2014-11-18 11:42:05 +01:00
Pieter Wuille f49b2ef840 Add DETERMINISTIC to avoid line number/source dependent binaries 
This will make it easier to detect changes without semantic impact.
 2014-11-18 11:08:44 +01:00
Pieter Wuille a5f7483d3e
Merge pull request #108 
6c7f0c6 Update README.md (Pieter Wuille)
 2014-11-18 09:56:25 +01:00