scalar: Verify invariants on every entry #1360

issue real-or-random openend this issue on June 27, 2023
  1. real-or-random commented at 7:51 am on June 27, 2023: contributor

    We have secp256k1_ge_verify, secp256k1_gej_verify, and secp256k1_fe_verify functions to the invariants of the respective type. We call them on every entry/exit of a function that operates on a respective element.

    We should add a similar function for scalars. I think the only invariant is that scalars a are reduced mod the group order, i.e., secp256k1_scalar_check_overflow(a) == 0.

    (see #1184 (review)) @stratospher Are you interested in working on this?

  2. real-or-random added the label assurance on Jun 27, 2023
  3. stratospher commented at 8:17 pm on June 27, 2023: contributor
    yes! i’d be interested in trying this.
  4. stratospher cross-referenced this on Jul 6, 2023 from issue Add invariant checking for scalars by stratospher
  5. stratospher commented at 8:54 am on July 6, 2023: contributor
    done in #1373!
  6. real-or-random referenced this in commit 0ba2b94551 on Aug 18, 2023
  7. real-or-random closed this on Aug 18, 2023


real-or-random stratospher

Labels
assurance

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-11-07 20:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me