Update secp256k1 subtree (including BIP340 support) #19944
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
8ab24e8 Merge bitcoin#558: Add schnorrsig module which implements BIP-340 compliant signatures f3733c5 Merge bitcoin#797: Fix Jacobi benchmarks and other benchmark improvements cb5524a Add benchmark for secp256k1_ge_set_gej_var 5c6af60 Make jacobi benchmarks vary inputs d0fdd5f Randomize the Z coordinates in bench_internal c7a3424 Rename bench_internal variables 875d68b Merge bitcoin#699: Initialize field elements when resulting in infinity 54caf2e Merge bitcoin#799: Add fallback LE/BE for architectures with known endianness + SHA256 selftest f431b3f valgrind_ctime_test: Add schnorrsig_sign 16ffa9d schnorrsig: Add taproot test case 8dfd53e schnorrsig: Add benchmark for sign and verify 4e43520 schnorrsig: Add BIP-340 compatible signing and verification 7332d2d schnorrsig: Add BIP-340 nonce function 7a703fd schnorrsig: Init empty experimental module eabd9bc Allow initializing tagged sha256 6fcb5b8 extrakeys: Add keypair_xonly_tweak_add 5825446 extrakeys: Add keypair struct with create, pub and pub_xonly f001034 Separate helper functions for pubkey_create and seckey_tweak_add 910d9c2 extrakeys: Add xonly_pubkey_tweak_add & xonly_pubkey_tweak_add_test 176bfb1 Separate helper function for ec_pubkey_tweak_add 4cd2ee4 extrakeys: Add xonly_pubkey with serialize, parse and from_pubkey f49c989 Merge bitcoin#806: Trivial: Add test logs to gitignore aabf00c Merge bitcoin#648: Prevent ints from wrapping around in scratch space functions f5adab1 Merge bitcoin#805: Remove the extremely outdated TODO file. bceefd6 Add test logs to gitignore 1c32519 Remove the extremely outdated TODO file. 47e6618 extrakeys: Init empty experimental module 3e08b02 Make the secp256k1_declassify argument constant 8bc6aef Add SHA256 selftest 670cdd3 Merge bitcoin#798: Check assumptions on integer implementation at compile time 5e5fb28 Use additional system macros to figure out endianness 7c06899 Compile-time check assumptions on integer types 02b6c87 Add support for (signed) __int128 979961c Merge bitcoin#787: Use preprocessor macros instead of autoconf to detect endianness 887bd1f Merge bitcoin#793: Make scalar/field choice depend on C-detected __int128 availability 0dccf98 Use preprocessor macros instead of autoconf to detect endianness b2c8c42 Merge bitcoin#795: Avoid linking libcrypto in the valgrind ct test. 57d3a3c Avoid linking libcrypto in the valgrind ct test. 79f1f7a Autodetect __int128 availability on the C side 0d7727f Add SECP256K1_FE_STORAGE_CONST_GET to 5x52 field 805082d Merge bitcoin#696: Run a Travis test on s390x (big endian) 3929536 Test travis s390x (big endian) 6034a04 Merge bitcoin#778: secp256k1_gej_double_nonzero supports infinity f609159 Merge bitcoin#779: travis: Fix argument quoting for ./configure 9e49a9b travis: Fix argument quoting for ./configure 18d3632 secp256k1_gej_double_nonzero supports infinity 214cb3c Merge bitcoin#772: Improve constant-timeness on PowerPC 40412b1 Merge bitcoin#774: tests: Abort if malloc() fails during context cloning tests 2e1b9e0 tests: Abort if malloc() fails during context cloning tests 67a429f Suppress a harmless variable-time optimization by clang in _int_cmov 5b19633 Remove redundant "? 1 : 0" after comparisons in scalar code 3e5cfc5 Merge bitcoin#741: Remove unnecessary sign variable from wnaf_const 66bb932 Merge bitcoin#773: Fix some compile problems on weird/old compilers. 1309c03 Fix some compile problems on weird/old compilers. 2309c7d Merge bitcoin#769: Undef HAVE___INT128 in basic-config.h to fix gen_context compilation 22e578b Undef HAVE___INT128 in basic-config.h to fix gen_context compilation 3f4a5a1 Merge bitcoin#765: remove dead store in ecdsa_signature_parse_der_lax f00d657 remove dead store in ecdsa_signature_parse_der_lax dbd41db Merge bitcoin#759: Fix uninitialized variables in ecmult_multi test 2e7fc5b Fix uninitialized variables in ecmult_multi test 37dba32 Remove unnecessary sign variable from wnaf_const 6bb0b77 Fix test_constant_wnaf for -1 and add a test for it. 47a7b83 Clear field elements when writing infinity 61d1ecb Added test with additions resulting in infinity 60f7f2d Don't assume that ALIGNMENT > 1 in tests ada6361 Use ROUND_TO_ALIGN in scratch_create 8ecc6ce Add check preventing rounding to alignment from wrapping around in scratch_alloc 4edaf06 Add check preventing integer multiplication wrapping around in scratch_max_allocation git-subtree-dir: src/secp256k1 git-subtree-split: 8ab24e8
|
We still have #19263 open but this should not stop us from updating here. |
|
Ran the subtree linter locally, manually checking hashes: Also as an exercise, ran the same update exercise, code matches: ACK 894fb33 |
benthecarman
approved these changes
Sep 11, 2020
There was a problem hiding this comment.
$ ./test/lint/git-subtree-check.sh src/secp256k1
src/secp256k1 in HEAD currently refers to tree 1b2db0573d7c4f2f90589da7886816d0db73b8c7
src/secp256k1 in HEAD was last updated in commit b9c1a7648131c5deec9704ee9acd00ec1820b9ce (tree 1b2db0573d7c4f2f90589da7886816d0db73b8c7)
src/secp256k1 in HEAD was last updated to upstream commit 8ab24e8dad9d43fc6661842149899e3cc9213b24 (tree 1b2db0573d7c4f2f90589da7886816d0db73b8c7)
GOOD
ACK 894fb33
4 tasks
|
Looks like this bump unconditionally forces Valgrind calls on systems with Valgrind headers. Opened bitcoin-core/secp256k1#813 to address. |
|
@luke-jr Nothing about this PR changes behaviour with respect to valgrind (see my comments on the linked issue). [The line change at https://github.com//pull/19944/files#diff-54d0bb117d455c49976ee2aa20b140eaL102 is just changing it so that the standalone constant time test binary doesn't link openssl if openssl is being used by the test for comparison testing.] |
|
ACK 894fb33. Any Valgrind concerns will be addressed upstream, see discussion in bitcoin-core/secp256k1#813, and if necessary, can be pulled into our tree prior to the 0.21.0 branch off. They are not a blocker for merging this PR in it's current state. ➜ bitcoin-merge-tree git:(pull/19944/local-merge) git fetch https://github.com/bitcoin-core/secp256k1
remote: Enumerating objects: 6, done.
remote: Counting objects: 100% (6/6), done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 5566 (delta 1), reused 2 (delta 1), pack-reused 5560
Receiving objects: 100% (5566/5566), 2.39 MiB | 1023.00 KiB/s, done.
Resolving deltas: 100% (3887/3887), done.
From https://github.com/bitcoin-core/secp256k1
* branch HEAD -> FETCH_HEAD
➜ bitcoin-merge-tree git:(pull/19944/local-merge) ./test/lint/git-subtree-check.sh src/secp256k1
src/secp256k1 in HEAD currently refers to tree 1b2db0573d7c4f2f90589da7886816d0db73b8c7
src/secp256k1 in HEAD was last updated in commit b9c1a7648131c5deec9704ee9acd00ec1820b9ce (tree 1b2db0573d7c4f2f90589da7886816d0db73b8c7)
src/secp256k1 in HEAD was last updated to upstream commit 8ab24e8dad9d43fc6661842149899e3cc9213b24 (tree 1b2db0573d7c4f2f90589da7886816d0db73b8c7)
GOOD |
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Sep 15, 2020
b9c1a76 Squashed 'src/secp256k1/' changes from 2ed54da..8ab24e8 (Pieter Wuille) Pull request description: This updates our src/secp256k1 subtree to the latest libsecp256k1 upstream version. As it adds BIP340 support (see bitcoin-core/secp256k1#558), this is a prerequisite for bitcoin#17977. In particular, it contains: * A few generic library improvements * Support for x-only public keys as used by BIP340. * Support for "key pair" objects, making signing more efficient by using a precomputed public key. * Signing support for BIP340 Schnorr (single-party) signatures. * Verification support for BIP340 Schnorr signatures. * Support for verifying tweaked x-only keys, as used by BIP341's Taproot construction. Things that are not included: * MuSig, nor any kind of multisignatures, threshold signatures, ... on top. * Batch verification. * Support for variable-length messages in BIP340 (which are still being discussed, but won't affect BIP341, or Bitcoin Core). * A few more generic improvements that are still in the pipeline, including faster modular inversions. ACKs for top commit: instagibbs: ACK 894fb33 fanquake: ACK 894fb33. Any Valgrind concerns will be addressed upstream, see discussion in bitcoin-core/secp256k1#813, and if necessary, can be pulled into our tree prior to the 0.21.0 branch off. They are not a blocker for merging this PR in it's current state. benthecarman: ACK `894fb33` Tree-SHA512: 6dc992f4477069b7fbd223316f1be955750923be1479c38adad2312649fdca1f316edb375c42ef9d97cea2407caaef49fb8c93abd6c037fe1a522910cbbc2479
str4d
added a commit
to str4d/zcash
that referenced
this pull request
Oct 1, 2020
This migrates us to the same dependency version that upstream Bitcoin Core migrated to in bitcoin/bitcoin#19944.
zkbot
added a commit
to zcash/zcash
that referenced
this pull request
Oct 21, 2020
Update secp256k1 This migrates us to the same dependency version that upstream Bitcoin Core migrated to in bitcoin/bitcoin#19944. Also enables the endomorphism optimization now that the patents have expired.
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Aug 10, 2021
b9c1a76 Squashed 'src/secp256k1/' changes from 2ed54da..8ab24e8 (Pieter Wuille) Pull request description: This updates our src/secp256k1 subtree to the latest libsecp256k1 upstream version. As it adds BIP340 support (see bitcoin-core/secp256k1#558), this is a prerequisite for bitcoin#17977. In particular, it contains: * A few generic library improvements * Support for x-only public keys as used by BIP340. * Support for "key pair" objects, making signing more efficient by using a precomputed public key. * Signing support for BIP340 Schnorr (single-party) signatures. * Verification support for BIP340 Schnorr signatures. * Support for verifying tweaked x-only keys, as used by BIP341's Taproot construction. Things that are not included: * MuSig, nor any kind of multisignatures, threshold signatures, ... on top. * Batch verification. * Support for variable-length messages in BIP340 (which are still being discussed, but won't affect BIP341, or Bitcoin Core). * A few more generic improvements that are still in the pipeline, including faster modular inversions. ACKs for top commit: instagibbs: ACK 894fb33 fanquake: ACK 894fb33. Any Valgrind concerns will be addressed upstream, see discussion in bitcoin-core/secp256k1#813, and if necessary, can be pulled into our tree prior to the 0.21.0 branch off. They are not a blocker for merging this PR in it's current state. benthecarman: ACK `894fb33` Tree-SHA512: 6dc992f4477069b7fbd223316f1be955750923be1479c38adad2312649fdca1f316edb375c42ef9d97cea2407caaef49fb8c93abd6c037fe1a522910cbbc2479
5tefan
pushed a commit
to 5tefan/dash
that referenced
this pull request
Aug 12, 2021
b9c1a76 Squashed 'src/secp256k1/' changes from 2ed54da..8ab24e8 (Pieter Wuille) Pull request description: This updates our src/secp256k1 subtree to the latest libsecp256k1 upstream version. As it adds BIP340 support (see bitcoin-core/secp256k1#558), this is a prerequisite for bitcoin#17977. In particular, it contains: * A few generic library improvements * Support for x-only public keys as used by BIP340. * Support for "key pair" objects, making signing more efficient by using a precomputed public key. * Signing support for BIP340 Schnorr (single-party) signatures. * Verification support for BIP340 Schnorr signatures. * Support for verifying tweaked x-only keys, as used by BIP341's Taproot construction. Things that are not included: * MuSig, nor any kind of multisignatures, threshold signatures, ... on top. * Batch verification. * Support for variable-length messages in BIP340 (which are still being discussed, but won't affect BIP341, or Bitcoin Core). * A few more generic improvements that are still in the pipeline, including faster modular inversions. ACKs for top commit: instagibbs: ACK 894fb33 fanquake: ACK 894fb33. Any Valgrind concerns will be addressed upstream, see discussion in bitcoin-core/secp256k1#813, and if necessary, can be pulled into our tree prior to the 0.21.0 branch off. They are not a blocker for merging this PR in it's current state. benthecarman: ACK `894fb33` Tree-SHA512: 6dc992f4477069b7fbd223316f1be955750923be1479c38adad2312649fdca1f316edb375c42ef9d97cea2407caaef49fb8c93abd6c037fe1a522910cbbc2479
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This updates our src/secp256k1 subtree to the latest libsecp256k1 upstream version.
As it adds BIP340 support (see bitcoin-core/secp256k1#558), this is a prerequisite for #17977. In particular, it contains:
Things that are not included: