Inefficient nonce generation for ECDSA #642

issue elichai opened this issue on June 24, 2019
  1. elichai commented at 11:43 PM on June 24, 2019: contributor

    Hi, If I understand correctly the nonce generation (https://github.com/bitcoin-core/secp256k1/blob/fa3301713549d118e57ebe6551d062903ddd6b63/src/secp256k1.c#L469L481) it seems that it will generate it once(97 bytes hashed) and if higher than the group order(overflows) or zero(non probable) it will redo it again but increase the amount of hashing by another 65 bytes. again and again. I'm not sure what's the probability for this happening again and again (is it (2^256-order)/2^256 ?) but there's no reason why not to continue the hashing from where we stopped instead of redoing it

  2. sipa commented at 12:50 AM on June 25, 2019: contributor

    In anything but test code, that loop will practically always run just once. The group order is so close to 2^256 that it would be an astronomically unlikely event to ever need 2 iterations.

  3. elichai closed this on Jun 25, 2019
Contributors
elichaisipa
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-22 20:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me