Small subgroup alternative curve verification of group law #308

issue gmaxwell opened this issue on September 17, 2015
  1. gmaxwell commented at 9:01 PM on September 17, 2015: contributor

    04:22 < gmaxwell> Which I think also suggests another test we can add. Our group law should also hold for all B even when B results in a curve that has low order points. 04:23 < gmaxwell> We can exhaustively test low order subgroups. 04:23 < gmaxwell> e.g. this is something tests.c could do. 04:28 < gmaxwell> this has the benefit of allowing an 'exhaustive' test of the group law without changing the field.

    E.g. on y^2 = x^3 + 4 there is a subgroup with a generator of order 199, and we can 'exhaustively' verify the group law on this subgroup by generating all the points and trying all pairs of adds and multiplies. (Though this doesn't cover all possible projective points).

  2. gmaxwell added this to the milestone initial release on Sep 17, 2015
  3. apoelstra cross-referenced this on Sep 18, 2015 from issue Add exhaustive test for group functions on a low-order subgroup by apoelstra
  4. sipa commented at 5:17 AM on November 28, 2016: contributor

    Fixed by #310.

  5. sipa closed this on Nov 28, 2016
Contributors
gmaxwellsipa

Milestone
stable release (1.0.0-rc.1)

Linked (view graph)
#310 Add exhaustive test for group functions on a low-order subgroup
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-14 11:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me