Add pubkey prefix constants to include/secp256k1.h #459

pull apoelstra wants to merge 1 commits into bitcoin-core:master from apoelstra:prefix-const changing 2 files +13 −5
  1. apoelstra commented at 1:23 am on June 8, 2017: contributor

    In future multisig implementations we will need to pass nonces around, which are algebraically pubkeys but should not be decodable as pubkeys. The way to do this is to change the prefix byte from the ordinary 0x02/0x03 to something else. However, some forks (notably secp256k1-zkp) have started using some bytes for their own encodings, and if we continue to use hardcoded constants the risk of conflict is increased.

    This commit puts the prefixes used by the main library into the include/secp256k1.h so that the constants we’re using will at least be in a standard easy-to-reference place.

  2. in include/secp256k1.h:166 in 25a08f056d outdated
    158@@ -159,6 +159,13 @@ typedef int (*secp256k1_nonce_function)(
    159 #define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION)
    160 #define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION)
    161 
    162+/** Prefix byte used to tag various encoded curvepoints for specific purposes */
    163+#define SECP256K1_TAG_PUBKEY_EVEN	0x02
    164+#define SECP256K1_TAG_PUBKEY_ODD	0x03
    165+#define SECP256K1_TAG_PUBKEY_UNCOMPRESSED	0x04
    166+#define SECP256K1_TAG_PUBKEY_UNCOMPRESSED_EVEN	0x06
    


    sipa commented at 1:24 am on June 8, 2017:
    This should probably be called SECP256K1_TAG_HYBRID_EVEN.
  3. apoelstra force-pushed on Jun 8, 2017
  4. apoelstra force-pushed on Jun 8, 2017
  5. gmaxwell commented at 0:19 am on June 9, 2017: contributor
    Somewhere I figured out what standard defined terrible things like the hybrid values. Anyone remember? This should get a comment.
  6. sipa commented at 0:51 am on June 9, 2017: contributor
    ANSI X9.62-1998 Sections 4.3.6 and 4.3.7.
  7. peterdettman commented at 3:21 am on June 9, 2017: contributor

    Actually, I would argue that the relevant standard is “Standards for Efficient Cryptography”. The domain parameters for secp256k1 are given in “SEC 2: Recommended Elliptic Curve Domain Parameters”, and the octet string conversions are in “SEC 1: Elliptic Curve Cryptography” (2.3).

    Of course it is basically the same overall scheme as ANSI X9.62, but notably there is no mention of hybrid encodings; only 00, 02, 03, 04 may appear as the first octet. The conversion routines explicitly require an output of “invalid” for anything else.

  8. apoelstra commented at 1:23 pm on June 19, 2017: contributor
    Bitcoin supports the hybrid encodings, so I guess we have to support them too.
  9. in include/secp256k1.h:163 in 1858c9726c outdated
    158@@ -159,6 +159,13 @@ typedef int (*secp256k1_nonce_function)(
    159 #define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION)
    160 #define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION)
    161 
    162+/** Prefix byte used to tag various encoded curvepoints for specific purposes */
    163+#define SECP256K1_TAG_PUBKEY_EVEN	0x02
    


    sipa commented at 5:30 am on June 27, 2017:
    Weird spacing…

    apoelstra commented at 2:04 pm on June 27, 2017:

    They’re just tabs.

    I guess the other #defines use single spaces, I’ll change this.

  10. add pubkey prefix constants to include/secp256k1.h bc61b91aca
  11. apoelstra force-pushed on Jun 27, 2017
  12. apoelstra cross-referenced this on Jul 19, 2017 from issue [WIP] Aggregate signature module implementation by apoelstra
  13. sipa commented at 7:40 am on July 31, 2017: contributor
    utACK bc61b91aca21a103514c5d47a20f9c7b84d5feb5
  14. sipa merged this on Aug 10, 2017
  15. sipa closed this on Aug 10, 2017

  16. sipa referenced this in commit f532bdc9f7 on Aug 10, 2017

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-22 08:15 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me