secp256k1_gej_double_nonzero supports infinity #778

pull sipa wants to merge 1 commits into bitcoin-core:master from sipa:202007_gej_double changing 5 files +11 −11
  1. sipa commented at 1:13 AM on July 29, 2020: contributor

    Our existing function secp256k1_gej_double_nonzero actually supports infinity if only it wouldn't check that the input isn't infinity.

    Drop the check, rename it to secp256k1_gej_double, and adapt the tests.

  2. secp256k1_gej_double_nonzero supports infinity 18d36327fd
  3. real-or-random commented at 5:59 AM on July 29, 2020: contributor

    ACK 18d36327fddad18ba81af2cf7fe6c8a16952dc22 I looked at the diff and ran tests locally

    When I was a child, I sometimes wondered what ∞ + ∞ is.

  4. real-or-random approved
  5. gmaxwell commented at 12:52 PM on July 29, 2020: contributor

    ACK 18d36327fddad18ba81af2cf7fe6c8a16952dc22

    it was funny looking at the history of changes how it ended up this way: The original function was variable time, but only for infinity. Some code needed to double in constant time but never needed an infinity, so it just added a wrapper that verified the input wasn't infinity to be sure it wouldn't be variable time. Then at some point there was an audit to make sure that no constant time functions were calling variable time functions (in ways that might risk accidentally introducing variable timeness in the future), and the variable time function was rewritten in terms of the constant time function. Since constant time doubling supporting infinity wasn't needed, I doubt I ever checked if it worked. :)

  6. peterdettman commented at 1:09 PM on July 29, 2020: contributor

    it was funny looking at the history of changes how it ended up this way

    ... and then (I assume) sipa noticed it was a separable patch from the signed-digit multi-comb PR.

  7. real-or-random merged this on Jul 29, 2020
  8. real-or-random closed this on Jul 29, 2020
  9. elichai commented at 3:29 PM on July 29, 2020: contributor

    post-merge ACK 18d36327fddad18ba81af2cf7fe6c8a16952dc22

    lol. so now secp256k1_gej_double_var is just "same as secp256k1_gej_double but early return for infinity"

  10. sipa commented at 3:53 PM on July 29, 2020: contributor

    @elichai Indeed. @peterdettman Yeah, when rebasing the multi-comb stuff on top of the reorganized double_var and double_nonzero, after resolving conflicts, I noticed that I was ending up with two identical functions (double and double_nonzero).

  11. jasonbcox referenced this in commit a6ab73d408 on Sep 27, 2020
  12. deadalnix referenced this in commit 22c32dea95 on Sep 28, 2020
Contributors
sipareal-or-randomgmaxwellpeterdettmanelichai
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-14 11:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me