Update libsecp256k1 subtree to current master #30120

fanquake commented at 3:10 AM on May 16, 2024: member

This includes changes from the 0.5.0 release: https://github.com/bitcoin-core/secp256k1/releases/tag/v0.5.0

New function secp256k1_ec_pubkey_sort that sorts public keys using lexicographic (of compressed serialization) order.

The implementation of the point multiplication algorithm used for signing and public key generation was changed, resulting in improved performance for those operations. The related configure option --ecmult-gen-precision was replaced with --ecmult-gen-kb (ECMULT_GEN_KB for CMake). This changes the supported precomputed table sizes for these operations. The new supported sizes are 2 KiB, 22 KiB, or 86 KiB (while the old supported sizes were 32 KiB, 64 KiB, or 512 KiB).

Squashed 'src/secp256k1/' changes from d8311688bd..06bff6dec8

06bff6dec8 Merge bitcoin-core/secp256k1#1528: tests: call `secp256k1_ecmult_multi_var` with a non-`NULL` error callback
4155e62fcc Merge bitcoin-core/secp256k1#1526: cmake: Fix `check_arm32_assembly` when using as subproject
9554362b15 tests: call secp256k1_ecmult_multi_var with a non-NULL error callback
9f4c8cd730 cmake: Fix `check_arm32_assembly` when using as subproject
7712a53061 Merge bitcoin-core/secp256k1#1524: check-abi: explicitly provide public headers
7d0bc0870f Merge bitcoin-core/secp256k1#1525: changelog: Correct 0.5.0 release date
d45d9b74bb changelog: Correct 0.5.0 release date
d7f6613dbb Merge bitcoin-core/secp256k1#1523: release cleanup: bump version after 0.5.0
2f05e2da4b release cleanup: bump version after 0.5.0
e3a885d42a Merge bitcoin-core/secp256k1#1522: release: prepare for 0.5.0
dd695563e6 check-abi: explicitly provide public headers
c0e4ec3fee release: prepare for 0.5.0
bb528cfb08 Merge bitcoin-core/secp256k1#1518: Add secp256k1_pubkey_sort
7d2591ce12 Add secp256k1_pubkey_sort
da515074e3 Merge bitcoin-core/secp256k1#1058: Signed-digit multi-comb ecmult_gen algorithm
4c341f89ab Add changelog entry for SDMC
a043940253 Permit COMB_BITS < 256 for exhaustive tests
39b2f2a321 Add test case for ecmult_gen recoded = {-1,0,1}
644e86de9a Reintroduce projective blinding
07810d9abb Reduce side channels from single-bit reads
a0d32b597d Optimization: use Nx32 representation for recoded bits
e03dcc44b5 Make secp256k1_scalar_get_bits support 32-bit reads
5005abee60 Rename scalar_get_bits -> scalar_get_bits_limb32; return uint32_t
6247f485b6 Optimization: avoid unnecessary doublings in precomputation
15d0cca2a6 Optimization: first table lookup needs no point addition
7a33db35cd Optimization: move (2^COMB_BITS-1)/2 term into ctx->scalar_offset
ed2a056f3d Provide 3 configurations accessible through ./configure
5f7be9f6a5 Always generate tables for current (blocks,teeth) config
fde1dfcd8d Signed-digit multi-comb ecmult_gen algorithm
486518b350 Make exhaustive tests's scalar_inverse(&x,&x) work
ab45c3e089 Initial gej blinding -> final ge blinding
aa00a6b892 Introduce CEIL_DIV macro and use it

git-subtree-dir: src/secp256k1
git-subtree-split: 06bff6dec8d038f7b4112664a9b882293ebc5178

ca3d945dc6

Update libsecp256k1 subtree to latest master f82a940bbf

DrahtBot commented at 3:11 AM on May 16, 2024: contributor

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage

For detailed information about the code coverage, see the test coverage report.

Reviews

See the guideline for information on the review process.

Type	Reviewers
ACK	hebasto, jonasnick
Concept ACK	real-or-random

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

fanquake added the label DrahtBot Guix build requested on May 16, 2024

fanquake commented at 3:11 AM on May 16, 2024: member

cc @real-or-random @jonasnick

real-or-random commented at 7:12 AM on May 16, 2024: contributor

Concept ACK @hebasto Or would you prefer waiting for https://github.com/bitcoin-core/secp256k1/pull/1529?

hebasto commented at 7:23 PM on May 16, 2024: member

Or would you prefer waiting for bitcoin-core/secp256k1#1529?

Not at all. bitcoin-core/secp256k1#1529 is not critical because the Bitcoin Core's CMake staging branch does not use the PROJECT_IS_TOP_LEVEL variable.

hebasto commented at 7:30 PM on May 16, 2024: member

@real-or-random @jonasnick

Can you confirm that the default value of the new --with-ecmult-gen-kb option is optimal for Bitcoin Core?

sipa commented at 8:41 PM on May 16, 2024: member

I think the 86 kB option is a bit faster, and the change in binary size/memory is immaterial for Bitcoin Core, so from that perspective maybe we want to use that. On the other hand, signing speed is not super important for us, but still, seems like 86 is the no-downside option.

build: pass --with-ecmult-gen-kb=86 to secp256k1 a057869aa3

hebasto approved

hebasto commented at 8:36 AM on May 20, 2024: member

ACK a057869aa3c42457570765966cb66accb2375b13, I've got a zero diff with my local branch, which reproduces the subtree update, and ecmult gen table size = 86 KiB in the configure summary.

DrahtBot requested review from real-or-random on May 20, 2024

jonasnick approved

jonasnick commented at 9:32 AM on May 20, 2024: contributor

utACK a057869aa3c42457570765966cb66accb2375b13

fanquake commented at 10:26 AM on May 20, 2024: member

Guix build (aarch64):

e7f19ceb7286ff81d1464575418d494dc2143d43cdc8b0e9a1bff7e47cffc773  guix-build-a057869aa3c4/output/aarch64-linux-gnu/SHA256SUMS.part
f7e9fa7ada1cc470342e7851862b25a026add7dbd2a441f22327f516268eabb3  guix-build-a057869aa3c4/output/aarch64-linux-gnu/bitcoin-a057869aa3c4-aarch64-linux-gnu-debug.tar.gz
30e3001bf9e9ea03defd21f094887e7c9a5f5b4c95162fbf5ea7d9cbe7458458  guix-build-a057869aa3c4/output/aarch64-linux-gnu/bitcoin-a057869aa3c4-aarch64-linux-gnu.tar.gz
3c520e52f0d0882b2e14d591a8d17cae25501a038bb5a8140654ba406178c72f  guix-build-a057869aa3c4/output/arm-linux-gnueabihf/SHA256SUMS.part
92319dc4f32bc295ae366847f9e74e14605d1ec37179e3771b1e9ec4ef6c220e  guix-build-a057869aa3c4/output/arm-linux-gnueabihf/bitcoin-a057869aa3c4-arm-linux-gnueabihf-debug.tar.gz
f4ebdef64df27da5bfcf63e03e899701ce2b2164a891b5063775fbee2e7a8def  guix-build-a057869aa3c4/output/arm-linux-gnueabihf/bitcoin-a057869aa3c4-arm-linux-gnueabihf.tar.gz
644b160459f38549d50447366cdfa20a5ad5fb5a810a513fa0742b8e080f7be2  guix-build-a057869aa3c4/output/arm64-apple-darwin/SHA256SUMS.part
e92a26a0cb219d77ba6acecff9df907af9aeb3717833c14632948da1cefbf295  guix-build-a057869aa3c4/output/arm64-apple-darwin/bitcoin-a057869aa3c4-arm64-apple-darwin-unsigned.tar.gz
75ea0be162a822d7ec7fbee6c547107f690d919fbc82679179eb25cd2a8eebc3  guix-build-a057869aa3c4/output/arm64-apple-darwin/bitcoin-a057869aa3c4-arm64-apple-darwin-unsigned.zip
0656688b18b2e167f96699ccf2ad09468c68f34c376ed1dc02dac80420c2f30c  guix-build-a057869aa3c4/output/arm64-apple-darwin/bitcoin-a057869aa3c4-arm64-apple-darwin.tar.gz
24a3a1c5a80bd821df79f5958e34d4a8a177b335c98c63b63e73a2ace8e04211  guix-build-a057869aa3c4/output/dist-archive/bitcoin-a057869aa3c4.tar.gz
55abf3736504ac8d273a85fcac304916e0a39bf24c4d9f6af028cf5216e6dfc1  guix-build-a057869aa3c4/output/powerpc64-linux-gnu/SHA256SUMS.part
cd9b9a74162b9ac9899b0b0b59cb6cd4482ae9dde1e6d375dea347e1dbbddfdb  guix-build-a057869aa3c4/output/powerpc64-linux-gnu/bitcoin-a057869aa3c4-powerpc64-linux-gnu-debug.tar.gz
6a8c59084824f7e58c94682b673e9d8cf2acc1486bcaa95dbb5d93d4c2686256  guix-build-a057869aa3c4/output/powerpc64-linux-gnu/bitcoin-a057869aa3c4-powerpc64-linux-gnu.tar.gz
9612c284eb42670134b19c2bd916acfa7de595225b938bb0c7389c72845240f7  guix-build-a057869aa3c4/output/riscv64-linux-gnu/SHA256SUMS.part
bff5c34f69b28d8210a9317ef04d20072a37f63c71936d8b192a5f3a8cdb7e51  guix-build-a057869aa3c4/output/riscv64-linux-gnu/bitcoin-a057869aa3c4-riscv64-linux-gnu-debug.tar.gz
5a0769eeb557b9f55d7fc0d4617b94a8f960b373359450978d96cdb6842f3cae  guix-build-a057869aa3c4/output/riscv64-linux-gnu/bitcoin-a057869aa3c4-riscv64-linux-gnu.tar.gz
e479e9a59ba872a930706c7dceb1760030ac426076a0f1b6cdf8dd71e3f7db3f  guix-build-a057869aa3c4/output/x86_64-apple-darwin/SHA256SUMS.part
79eeabc68b67c9297917faa327fee224ba3e47ffe9d88a95f488bcf317142e61  guix-build-a057869aa3c4/output/x86_64-apple-darwin/bitcoin-a057869aa3c4-x86_64-apple-darwin-unsigned.tar.gz
4b5fa4492b1f9cfa33bec5dda7f6db625e15fc54e0cfb7040bff60ef49b9cc4d  guix-build-a057869aa3c4/output/x86_64-apple-darwin/bitcoin-a057869aa3c4-x86_64-apple-darwin-unsigned.zip
236efa5401e4c7d22d24362fad1a54bae77b23eb2c66c2392b082ab0c93a6eab  guix-build-a057869aa3c4/output/x86_64-apple-darwin/bitcoin-a057869aa3c4-x86_64-apple-darwin.tar.gz
38805e9576f55aaf2084ca6893f6e0827a22385017433409bc293edf72a8103b  guix-build-a057869aa3c4/output/x86_64-linux-gnu/SHA256SUMS.part
95e6244b99737861d86acb7c73e475d3f4ea7249e63fca1fc2e6f64b5ae5575d  guix-build-a057869aa3c4/output/x86_64-linux-gnu/bitcoin-a057869aa3c4-x86_64-linux-gnu-debug.tar.gz
f7a7baaebb23ee79d3fce16add1085583f7341863402943b4fd4fa2d49e341a0  guix-build-a057869aa3c4/output/x86_64-linux-gnu/bitcoin-a057869aa3c4-x86_64-linux-gnu.tar.gz
2ea1d7e047c3656c1c2018087de694f6c92343296d4489b1c2118048108b17cf  guix-build-a057869aa3c4/output/x86_64-w64-mingw32/SHA256SUMS.part
e5e694259146e79384a78d648295d1bc4b98538813d0c63711d9f22a7d7eae1b  guix-build-a057869aa3c4/output/x86_64-w64-mingw32/bitcoin-a057869aa3c4-win64-debug.zip
85594dbb2bd9e9cf95ff5fb17e0c729c66b03d3c785d556ced10fdfb4e933d1b  guix-build-a057869aa3c4/output/x86_64-w64-mingw32/bitcoin-a057869aa3c4-win64-setup-unsigned.exe
c6d1519cab9e7ed4377bb7c89381e5811566eb7c3a31ce42ec956ec64ef2ceed  guix-build-a057869aa3c4/output/x86_64-w64-mingw32/bitcoin-a057869aa3c4-win64-unsigned.tar.gz
210f594370f3872bee4034765938935ea0f462f3620a6e06f5d521ffc9464eb4  guix-build-a057869aa3c4/output/x86_64-w64-mingw32/bitcoin-a057869aa3c4-win64.zip

DrahtBot commented at 1:12 AM on May 22, 2024: contributor

Guix builds (on x86_64) [untrusted test-only build, possibly unsafe, not for production use]

File	commit a786fd2041913d82ca90b561de309421bd24e41b<br>(master)	commit 72fbec29a4d9fb9c649d0398316b1577aeec95fb<br>(master and this pull)
SHA256SUMS.part	`14f282b5bf7ebcd4...`	`e505783f3a763bd2...`
*-aarch64-linux-gnu-debug.tar.gz	`b2364625629230d1...`	`3765081fdb0a521f...`
*-aarch64-linux-gnu.tar.gz	`b05fc0561baa0966...`	`3eb022605ee02761...`
*-arm-linux-gnueabihf-debug.tar.gz	`4545637daf89882c...`	`f92ced5e90e3be5e...`
*-arm-linux-gnueabihf.tar.gz	`27115f4c7e251175...`	`1809ff6c92db0107...`
*-arm64-apple-darwin-unsigned.tar.gz	`cf3950f9d05fb1c0...`	`27a44e124e43eda8...`
*-arm64-apple-darwin-unsigned.zip	`b1c32e004722a3b4...`	`3a1d2b79f97f94c1...`
*-arm64-apple-darwin.tar.gz	`f09a38acef4b141b...`	`2d49f412a991337c...`
*-powerpc64-linux-gnu-debug.tar.gz	`75cfe8d73120b00d...`	`79c7cdec2b02f268...`
*-powerpc64-linux-gnu.tar.gz	`d4f8c1296886fac4...`	`7efd1d4fae745ccf...`
*-riscv64-linux-gnu-debug.tar.gz	`a8f56aee14e85f29...`	`48aab64e1fb89d1e...`
*-riscv64-linux-gnu.tar.gz	`d8a4ae4295e6aa9f...`	`913a7bde0d236d34...`
*-x86_64-apple-darwin-unsigned.tar.gz	`ff9ae232120c85f9...`	`7013fe210cc349ef...`
*-x86_64-apple-darwin-unsigned.zip	`9917159a6fd59954...`	`506458e2900a7112...`
*-x86_64-apple-darwin.tar.gz	`61112274cace86c4...`	`66d3025232f9297e...`
*-x86_64-linux-gnu-debug.tar.gz	`557d05bc585a2910...`	`4ee2fb17a1998528...`
*-x86_64-linux-gnu.tar.gz	`4928355769a494d7...`	`57f52308bdccacb9...`
*.tar.gz	`49c2acd89613cf65...`	`dd7221c664e40c52...`
guix_build.log	`88d5371b29f8bb75...`	`299854d67c1f8561...`
guix_build.log.diff		`660ef91691f88e71...`

DrahtBot removed the label DrahtBot Guix build requested on May 22, 2024

hebasto added the label Needs CMake port on May 22, 2024

fanquake merged this on May 22, 2024

fanquake closed this on May 22, 2024

fanquake deleted the branch on May 22, 2024

hebasto commented at 11:07 AM on June 5, 2024: member

Ported to the CMake-based build system in https://github.com/hebasto/bitcoin/pull/220.

hebasto removed the label Needs CMake port on Jun 5, 2024

bitcoin locked this on Jun 5, 2025