Change RFC6979 implementation to be a generic PRNG #269

pull sipa wants to merge 1 commits into bitcoin-core:master from sipa:realcsprng changing 7 files +30 −25
  1. sipa commented at 10:14 pm on July 8, 2015: contributor

    Instead of making it take key, message, and extra data separate, just pass in a byte array of seed data, turning it into just a non-EC specific PRNG.

    The usage inside the blinding code and the tests is also adapted to make use of this in a more natural way.

  2. sipa cross-referenced this on Jul 10, 2015 from issue Implement Schnorr signatures by sipa
  3. sipa commented at 11:19 pm on July 16, 2015: contributor
    @gmaxwell Want to review?
  4. dcousens commented at 0:59 am on July 17, 2015: contributor

    @sipa maybe its taken care by secp256k1_rfc6979_hmac_sha256_initialize, but RFC6979 specifies:

    If that value of k is within the [1,q-1] range, and is suitable for DSA or ECDSA (i.e., it results in an r value that is not 0; see Section 3.4), then the generation of k is finished. The obtained value of k is used in DSA or ECDSA.

    Is this handled externally [to that function] as part of the libraries signing process? In which case, I assume you feed T back in somehow? If you don’t feed it back, and just restart, then technically this isn’t RFC6979 compliant.

  5. sipa commented at 9:18 pm on July 18, 2015: contributor
    @dcousens Right, secp256k1_rfc6979_hmac_sha256 only implements the PRNG side of the construction. The specific use as defined by RFC6979 is done inside the signing code.
  6. apoelstra commented at 4:21 pm on July 23, 2015: contributor

    With benchmarks on

    0src/bench_internal.c: In function bench_rfc6979_hmac_sha256:
1src/bench_internal.c:268:9: error: too many arguments to function secp256k1_rfc6979_hmac_sha256_initialize
2         secp256k1_rfc6979_hmac_sha256_initialize(&rng, data->data, 32, data->data, 32, NULL, 0);
3         ^
4In file included from src/bench_internal.c:11:0:
5src/hash_impl.h:205:13: note: declared here
6 static void secp256k1_rfc6979_hmac_sha256_initialize(secp256k1_rfc6979_hmac_sha256_t *rng, const unsigned char *key, size_t keylen) {
7             ^
8make: *** [src/bench_internal-bench_internal.o] Error 1
  7. sipa force-pushed on Jul 24, 2015
  8. sipa commented at 1:50 pm on July 24, 2015: contributor
    Rebased and fixed bug found by @apoelstra.
  9. gmaxwell commented at 5:16 pm on July 24, 2015: contributor
    ACK. (but see nit)
  10. apoelstra commented at 6:44 pm on July 24, 2015: contributor
    tested ACK
  11. Change rfc6979 implementation to be a generic PRNG 3e6f1e20dc
  12. sipa force-pushed on Jul 24, 2015
  13. sipa commented at 8:13 pm on July 24, 2015: contributor
    Addressed nit.
  14. sipa merged this on Jul 24, 2015
  15. sipa closed this on Jul 24, 2015
  16. sipa referenced this in commit 4c63780710 on Jul 24, 2015


sipa dcousens apoelstra gmaxwell

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-22 15:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me