Update secp256k1 subtree (including BIP340 support) #19944

pull sipa wants to merge 2 commits into bitcoin:master from sipa:202009_secp256k1_schnorr changing 42 files +2928 −284
  1. sipa commented at 7:48 pm on September 11, 2020: member

    This updates our src/secp256k1 subtree to the latest libsecp256k1 upstream version.

    As it adds BIP340 support (see https://github.com/bitcoin-core/secp256k1/pull/558), this is a prerequisite for #17977. In particular, it contains:

    • A few generic library improvements
    • Support for x-only public keys as used by BIP340.
    • Support for “key pair” objects, making signing more efficient by using a precomputed public key.
    • Signing support for BIP340 Schnorr (single-party) signatures.
    • Verification support for BIP340 Schnorr signatures.
    • Support for verifying tweaked x-only keys, as used by BIP341’s Taproot construction.

    Things that are not included:

    • MuSig, nor any kind of multisignatures, threshold signatures, … on top.
    • Batch verification.
    • Support for variable-length messages in BIP340 (which are still being discussed, but won’t affect BIP341, or Bitcoin Core).
    • A few more generic improvements that are still in the pipeline, including faster modular inversions.
  2. Squashed 'src/secp256k1/' changes from 2ed54da18a..8ab24e8dad
    8ab24e8dad Merge #558: Add schnorrsig module which implements BIP-340 compliant signatures
    f3733c5433 Merge #797: Fix Jacobi benchmarks and other benchmark improvements
    cb5524adc5 Add benchmark for secp256k1_ge_set_gej_var
    5c6af60ec5 Make jacobi benchmarks vary inputs
    d0fdd5f009 Randomize the Z coordinates in bench_internal
    c7a3424c5f Rename bench_internal variables
    875d68b95f Merge #699: Initialize field elements when resulting in infinity
    54caf2e74f Merge #799: Add fallback LE/BE for architectures with known endianness + SHA256 selftest
    f431b3f28a valgrind_ctime_test: Add schnorrsig_sign
    16ffa9d97c schnorrsig: Add taproot test case
    8dfd53ee3f schnorrsig: Add benchmark for sign and verify
    4e43520026 schnorrsig: Add BIP-340 compatible signing and verification
    7332d2db6b schnorrsig: Add BIP-340 nonce function
    7a703fd97d schnorrsig: Init empty experimental module
    eabd9bc46a Allow initializing tagged sha256
    6fcb5b845d extrakeys: Add keypair_xonly_tweak_add
    58254463f9 extrakeys: Add keypair struct with create, pub and pub_xonly
    f0010349b8 Separate helper functions for pubkey_create and seckey_tweak_add
    910d9c284c extrakeys: Add xonly_pubkey_tweak_add & xonly_pubkey_tweak_add_test
    176bfb1110 Separate helper function for ec_pubkey_tweak_add
    4cd2ee474d extrakeys: Add xonly_pubkey with serialize, parse and from_pubkey
    f49c9896b0 Merge #806: Trivial: Add test logs to gitignore
    aabf00c155 Merge #648: Prevent ints from wrapping around in scratch space functions
    f5adab16a9 Merge #805: Remove the extremely outdated TODO file.
    bceefd6547 Add test logs to gitignore
    1c325199d5 Remove the extremely outdated TODO file.
    47e6618e11 extrakeys: Init empty experimental module
    3e08b02e2a Make the secp256k1_declassify argument constant
    8bc6aeffa9 Add SHA256 selftest
    670cdd3f8b Merge #798: Check assumptions on integer implementation at compile time
    5e5fb28b4a Use additional system macros to figure out endianness
    7c068998ba Compile-time check assumptions on integer types
    02b6c87b52 Add support for (signed) __int128
    979961c506 Merge #787: Use preprocessor macros instead of autoconf to detect endianness
    887bd1f8b6 Merge #793: Make scalar/field choice depend on C-detected __int128 availability
    0dccf98a21 Use preprocessor macros instead of autoconf to detect endianness
    b2c8c42cf1 Merge #795: Avoid linking libcrypto in the valgrind ct test.
    57d3a3c64c Avoid linking libcrypto in the valgrind ct test.
    79f1f7a4f1 Autodetect __int128 availability on the C side
    0d7727f95e Add SECP256K1_FE_STORAGE_CONST_GET to 5x52 field
    805082de11 Merge #696: Run a Travis test on s390x (big endian)
    39295362cf Test travis s390x (big endian)
    6034a04fb1 Merge #778: secp256k1_gej_double_nonzero supports infinity
    f60915906d Merge #779: travis: Fix argument quoting for ./configure
    9e49a9b255 travis: Fix argument quoting for ./configure
    18d36327fd secp256k1_gej_double_nonzero supports infinity
    214cb3c321 Merge #772: Improve constant-timeness on PowerPC
    40412b1930 Merge #774: tests: Abort if malloc() fails during context cloning tests
    2e1b9e0458 tests: Abort if malloc() fails during context cloning tests
    67a429f31f Suppress a harmless variable-time optimization by clang in _int_cmov
    5b196338f0 Remove redundant "? 1 : 0" after comparisons in scalar code
    3e5cfc5c73 Merge #741: Remove unnecessary sign variable from wnaf_const
    66bb9320c0 Merge #773: Fix some compile problems on weird/old compilers.
    1309c03c45 Fix some compile problems on weird/old compilers.
    2309c7dd4a Merge #769: Undef HAVE___INT128 in basic-config.h to fix gen_context compilation
    22e578bb11 Undef HAVE___INT128 in basic-config.h to fix gen_context compilation
    3f4a5a10e4 Merge #765: remove dead store in ecdsa_signature_parse_der_lax
    f00d6575ca remove dead store in ecdsa_signature_parse_der_lax
    dbd41db16a Merge #759: Fix uninitialized variables in ecmult_multi test
    2e7fc5b537 Fix uninitialized variables in ecmult_multi test
    37dba329c6 Remove unnecessary sign variable from wnaf_const
    6bb0b77e15 Fix test_constant_wnaf for -1 and add a test for it.
    47a7b8382f Clear field elements when writing infinity
    61d1ecb028 Added test with additions resulting in infinity
    60f7f2de5d Don't assume that ALIGNMENT > 1 in tests
    ada6361dec Use ROUND_TO_ALIGN in scratch_create
    8ecc6ce50e Add check preventing rounding to alignment from wrapping around in scratch_alloc
    4edaf06fb0 Add check preventing integer multiplication wrapping around in scratch_max_allocation
    
    git-subtree-dir: src/secp256k1
    git-subtree-split: 8ab24e8dad9d43fc6661842149899e3cc9213b24
    b9c1a76481
  3. Update src/secp256k1 subtree to upstream libsecp256k1 894fb33f4c
  4. real-or-random commented at 7:51 pm on September 11, 2020: member
    We still have #19263 open but this should not stop us from updating here.
  5. DrahtBot added the label Build system on Sep 11, 2020
  6. instagibbs commented at 8:10 pm on September 11, 2020: member

    Ran the subtree linter locally, manually checking hashes:

    0src/secp256k1 in HEAD currently refers to tree 1b2db0573d7c4f2f90589da7886816d0db73b8c7
    1src/secp256k1 in HEAD was last updated in commit b9c1a7648131c5deec9704ee9acd00ec1820b9ce (tree 1b2db0573d7c4f2f90589da7886816d0db73b8c7)
    2src/secp256k1 in HEAD was last updated to upstream commit 8ab24e8dad9d43fc6661842149899e3cc9213b24 (tree 1b2db0573d7c4f2f90589da7886816d0db73b8c7)
    3GOOD
    

    Also as an exercise, ran the same update exercise, code matches:

    0git subtree pull --prefix src/secp256k1 https://github.com/bitcoin-core/secp256k1.git 8ab24e8dad9d43fc6661842149899e3cc9213b24 --squash
    

    ACK 894fb33f4c1b24667891f7d2aff9f486177b1173

  7. benthecarman approved
  8. benthecarman commented at 8:44 pm on September 11, 2020: contributor
    0$ ./test/lint/git-subtree-check.sh src/secp256k1
    1src/secp256k1 in HEAD currently refers to tree 1b2db0573d7c4f2f90589da7886816d0db73b8c7
    2src/secp256k1 in HEAD was last updated in commit b9c1a7648131c5deec9704ee9acd00ec1820b9ce (tree 1b2db0573d7c4f2f90589da7886816d0db73b8c7)
    3src/secp256k1 in HEAD was last updated to upstream commit 8ab24e8dad9d43fc6661842149899e3cc9213b24 (tree 1b2db0573d7c4f2f90589da7886816d0db73b8c7)
    4GOOD
    

    ACK 894fb33

  9. luke-jr commented at 7:55 pm on September 12, 2020: member
    Looks like this bump unconditionally forces Valgrind calls on systems with Valgrind headers. Opened https://github.com/bitcoin-core/secp256k1/pull/813 to address.
  10. gmaxwell commented at 2:07 am on September 14, 2020: contributor

    @luke-jr Nothing about this PR changes behaviour with respect to valgrind (see my comments on the linked issue).

    [The line change at https://github.com/bitcoin/bitcoin/pull/19944/files#diff-54d0bb117d455c49976ee2aa20b140eaL102 is just changing it so that the standalone constant time test binary doesn’t link openssl if openssl is being used by the test for comparison testing.]

  11. fanquake commented at 3:50 am on September 14, 2020: member

    ACK 894fb33f4c1b24667891f7d2aff9f486177b1173. Any Valgrind concerns will be addressed upstream, see discussion in https://github.com/bitcoin-core/secp256k1/pull/813, and if necessary, can be pulled into our tree prior to the 0.21.0 branch off. They are not a blocker for merging this PR in it’s current state.

     0➜  bitcoin-merge-tree git:(pull/19944/local-merge) git fetch https://github.com/bitcoin-core/secp256k1
     1remote: Enumerating objects: 6, done.
     2remote: Counting objects: 100% (6/6), done.
     3remote: Compressing objects: 100% (5/5), done.
     4remote: Total 5566 (delta 1), reused 2 (delta 1), pack-reused 5560
     5Receiving objects: 100% (5566/5566), 2.39 MiB | 1023.00 KiB/s, done.
     6Resolving deltas: 100% (3887/3887), done.
     7From https://github.com/bitcoin-core/secp256k1
     8 * branch                HEAD       -> FETCH_HEAD
     9➜  bitcoin-merge-tree git:(pull/19944/local-merge) ./test/lint/git-subtree-check.sh src/secp256k1
    10src/secp256k1 in HEAD currently refers to tree 1b2db0573d7c4f2f90589da7886816d0db73b8c7
    11src/secp256k1 in HEAD was last updated in commit b9c1a7648131c5deec9704ee9acd00ec1820b9ce (tree 1b2db0573d7c4f2f90589da7886816d0db73b8c7)
    12src/secp256k1 in HEAD was last updated to upstream commit 8ab24e8dad9d43fc6661842149899e3cc9213b24 (tree 1b2db0573d7c4f2f90589da7886816d0db73b8c7)
    13GOOD
    
  12. fanquake merged this on Sep 14, 2020
  13. fanquake closed this on Sep 14, 2020

  14. sidhujag referenced this in commit 711b81967a on Sep 15, 2020
  15. str4d referenced this in commit 53ba8172c8 on Oct 1, 2020
  16. zkbot referenced this in commit af274b66b3 on Oct 1, 2020
  17. zkbot referenced this in commit f709b1a6c6 on Oct 21, 2020
  18. zkbot referenced this in commit cafc622a22 on Oct 21, 2020
  19. UdjinM6 referenced this in commit c2ab8285d8 on Aug 10, 2021
  20. 5tefan referenced this in commit abf9ac837f on Aug 12, 2021
  21. DrahtBot locked this on Feb 15, 2022

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-22 06:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me