Document that infinity must not be passed to ecmult_const #789

pull real-or-random wants to merge 1 commits into bitcoin-core:master from real-or-random:202008-ecmult-const-noinf changing 5 files +15 −13
  1. real-or-random commented at 4:10 pm on August 7, 2020: contributor
  2. Document that infinity must not be passed to ecmult_const 2a45b80afe
  3. real-or-random force-pushed on Aug 7, 2020
  4. real-or-random commented at 4:12 pm on August 7, 2020: contributor
    Related to #788.
  5. gmaxwell commented at 9:52 pm on August 7, 2020: contributor
    What happens if you pass in a point at infinity? :)
  6. gmaxwell commented at 10:53 pm on August 7, 2020: contributor
    Ah. Storage type doesn’t currently encode infinities so the to precomputed tables have issues. Other than that it looks like it takes a smaller change to fix infinity support, most of which is obviously more correct than not doing it.
  7. gmaxwell commented at 3:13 am on August 8, 2020: contributor
    Unless I’m mistaken, ecmult isn’t constant time with respect to the point input. If so, it could just return infinity in this case. It would be a smaller diff and less weird-surface to handle for future users of the function.
  8. gmaxwell cross-referenced this on Aug 8, 2020 from issue Cleaner infinity handling in group law and ecmult_const. by gmaxwell
  9. real-or-random commented at 6:18 pm on August 8, 2020: contributor

    Unless I’m mistaken, ecmult isn’t constant time with respect to the point input.

    Oh that’s a good point. I took the easy way with constant-timeness in mind but yes, it’s constant-time in the scalar only.

  10. real-or-random closed this on Aug 8, 2020


github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-25 02:15 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me