Possibility of magnitude restrictions on group element field values #159

issue peterdettman openend this issue on December 12, 2014
  1. peterdettman commented at 2:59 am on December 12, 2014: contributor

    The group operations seem to generally assume input x,y,z can be multiplied directly i.e. there is an implicit mag 8 requirement, which could be worth adding verification for. In some group operations (broadly speaking those where special z values are in play, either gej_add_ge or coz) the input field values are normalized, usually to ensure that they are mag 6 or so (I am presupposing zero tests for h/i replacing u?/s? equality checks), but it varies. In practice the group ops don’t produce higher than 6 mag anyway, so there’s some waste here (and some performance-neutral jiggling might lower the output mags).

    So I’m proposing to i) add pre/post verification for the current mag 8 assumptions, then ii) explore whether tightening the requirements can improve performance. At this stage, I’m only envisaging a simple global requirement, not op-specific bounds.

    Thoughts?

  2. peterdettman commented at 3:03 am on December 12, 2014: contributor
    I should add that of course the mag 8 requirement is enforced by the field, but part ii) will be confusing if it is not explicit in the group code.
  3. peterdettman cross-referenced this on Dec 30, 2014 from issue Co-Z + effective affine precomputation + tests by sipa
  4. sipa commented at 2:16 am on December 30, 2014: contributor
    I’m fine with adding a requirement that all field elements inside _ge, _gej or _coz structs have a stronger normalization requirements than strictly necessary for field, if that means we can get rid of some explicit normalization steps.
  5. peterdettman commented at 2:19 am on December 30, 2014: contributor
    Great, I’ll put something together once https://github.com/bitcoin/secp256k1/issues/159 goes through.
  6. peterdettman cross-referenced this on Dec 10, 2021 from issue WIP Group verification by peterdettman

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-22 08:15 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me