Remove Schnorr experiment #425
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
ACK. |
1 similar comment
|
ACK. |
sipa
added a commit
that referenced
this pull request
Nov 25, 2016
e06e878 Remove Schnorr experiment (Pieter Wuille)
ofek
referenced
this pull request
in ofek/coincurve
Mar 28, 2017
elichai
added a commit
to kaspanet/secp256k1
that referenced
this pull request
Feb 19, 2020
elichai
added a commit
to kaspanet/secp256k1
that referenced
this pull request
Feb 19, 2020
elichai
added a commit
to kaspanet/go-secp256k1
that referenced
this pull request
Mar 24, 2021
26de4dfe Merge #831: Safegcd inverses, drop Jacobi symbols, remove libgmp
24ad04fc Make scalar_inverse{,_var} benchmark scale with SECP256K1_BENCH_ITERS
ebc1af70 Optimization: track f,g limb count and pass to new variable-time update_fg_var
b306935a Optimization: use formulas instead of lookup tables for cancelling g bits
9164a1b6 Optimization: special-case zero modulus limbs in modinv64
1f233b3f Remove num/gmp support
20448b8d Remove unused Jacobi symbol support
5437e7bd Remove unused scalar_sqr
aa9cc521 Improve field/scalar inverse tests
1e0e885c Make field/scalar code use the new modinv modules for inverses
436281af Move secp256k1_fe_inverse{_var} to per-impl files
aa404d53 Move secp256k1_scalar_{inverse{_var},is_even} to per-impl files
08d54964 Improve bounds checks in modinv modules
151aac00 Add tests for modinv modules
d8a92fcc Add extensive comments on the safegcd algorithm and implementation
8e415acb Add safegcd based modular inverse modules
de0a643c Add secp256k1_ctz{32,64}_var functions
REVERT: 9fd06254 Merge pull request #5 from bitcoin-core/master
REVERT: 143ecc6f Fix multiset benchmarks
REVERT: d66ad94e Merge pull request #3 from kaspanet/new-schnorr
REVERT: 2a29b5c6 Merge remote-tracking branch 'upstream/master' into new-schnorr
REVERT: f09320ed Revert "Add matching Schnorr implementation "
REVERT: ee3ab072 Add matching Schnorr implementation
REVERT: 087f4bba Fix missing MIT license attribute in oldschnorr impl bitcoin-core/secp256k1#425
REVERT: 054ade68 Add multiset and oldschnorr to travis
REVERT: 2b47e2cf Rename schnorr to oldschnorr and add fixes to build system
REVERT: 604052f4 [secp256k1] Implement Schnorr signatures
REVERT: 1f46fcb2 Add Multiset/ECMH implementation
REVERT: 225587b4 Fix UB(violating alignment rules) in multiset tests
REVERT: b0e16b52 Fix docs and small code problems in multiset
REVERT: 582b1256 Add multiset serialize/parse functions
REVERT: d6dd4762 Fix some build configurations for multiset module
REVERT: 41145690 Add ECMH multiset module to libsecp256k1
git-subtree-dir: depend/secp256k1
git-subtree-split: 26de4dfeb1f1436dae1fcf17f57bdaa43540f940
surinder83singh
added a commit
to aspectron/secp256k1-wasm
that referenced
this pull request
Jun 2, 2021
50f33677 Merge #947: ci: Run PRs on merge result even for i686 a35fdd34 ci: Run PRs on merge result even for i686 3dc8c072 Merge #846: ci: Run ASan/LSan and reorganize sanitizer and Valgrind jobs 02dcea1a ci: Make test iterations configurable and tweak for sanitizer builds 489ff5c2 tests: Treat empty SECP2561_TEST_ITERS as if it was unset fcfcb97e ci: Simplify to use generic wrapper for QEMU, Valgrind, etc de4157f1 ci: Run ASan/LSan and reorganize sanitizer and Valgrind jobs 399722a6 Merge #941: Clean up git tree 09b3bb86 Clean up git tree bf0ac460 Merge #930: Add ARM32/ARM64 CI 202a030f Merge #850: add `secp256k1_ec_pubkey_cmp` method 1e78c18d Merge bitcoin-core/secp256k1#940: contrib: Explain explicit header guards 69394879 Merge #926: secp256k1.h: clarify that by default arguments must be != NULL 6eceec6d add `secp256k1_xonly_pubkey_cmp` method 0d9561ae add `secp256k1_ec_pubkey_cmp` method 22a9ea15 contrib: Explain explicit header guards 6c52ae87 Merge #937: Have ge_set_gej_var, gej_double_var and ge_set_all_gej_var initialize all fields of their outputs. 185a6af2 Merge #925: changed include statements without prefix 'include/' 14c9739a tests: Improve secp256k1_ge_set_all_gej_var for some infinity inputs 4a19668c tests: Test secp256k1_ge_set_all_gej_var for all infinity inputs 3c90bdda change local lib headers to be relative for those pointing at "include/" dir 45b6468d Have secp256k1_ge_set_all_gej_var initialize all fields. Previous behaviour would not initialize r->y values in the case where infinity is passed in. Furthermore, the previous behaviour wouldn't initialize anything in the case where all inputs were infinity. 31c0f6de Have secp256k1_gej_double_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. dd6c3de3 Have secp256k1_ge_set_gej_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. d0bd2693 Merge bitcoin-core/secp256k1#936: Fix gen_context/ASM build on ARM 8bbad7a1 Add asm build to ARM32 CI 7d65ed52 Add ARM32/ARM64 CI c8483520 Makefile.am: Don't pass a variable twice 2161f317 Makefile.am: Honor config when building gen_context 99f47c20 gen_context: Don't use external ASM because it complicates the build 98e0358d Merge #933: Avoids a missing brace warning in schnorrsig/tests_impl.h on old compilers 99e2d5be Avoids a missing brace warning in schnorrsig/tests_impl.h on old compilers. 34388af6 Merge #922: Add mingw32-w64/wine CI build 7012a188 Merge #928: Define SECP256K1_BUILD in secp256k1.c directly. ed5a199b tests: fopen /dev/urandom in binary mode ae9e6485 Define SECP256K1_BUILD in secp256k1.c directly. 4dc37bf8 Add mingw32-w64/wine CI build 0881633d secp256k1.h: clarify that by default arguments must be != NULL efad3506 Merge #906: Use modified divsteps with initial delta=1/2 for constant-time cc2c09e3 Merge #918: Clean up configuration in gen_context 07067967 add ECMULT_GEN_PREC_BITS to basic_config.h a3aa2628 gen_context: Don't include basic-config.h be0609fd Add unit tests for edge cases with delta=1/2 variant of divsteps cd393ce2 Optimization: only do 59 hddivsteps per iteration instead of 62 277b224b Use modified divsteps with initial delta=1/2 for constant-time 376ca366 Fix typo in explanation 1e5d50fa Merge #889: fix uninitialized read in tests c083cc6e Merge #903: Make argument of fe_normalizes_to_zero{_var} const 6e898534 Merge #907: changed import to use brackets <> for openssl 45044722 changed import to use brackets <> for openssl as they are not local to the project 26de4dfe Merge #831: Safegcd inverses, drop Jacobi symbols, remove libgmp 23c3fb62 Make argument of fe_normalizes_to_zero{_var} const 24ad04fc Make scalar_inverse{,_var} benchmark scale with SECP256K1_BENCH_ITERS ebc1af70 Optimization: track f,g limb count and pass to new variable-time update_fg_var b306935a Optimization: use formulas instead of lookup tables for cancelling g bits 9164a1b6 Optimization: special-case zero modulus limbs in modinv64 1f233b3f Remove num/gmp support 20448b8d Remove unused Jacobi symbol support 5437e7bd Remove unused scalar_sqr aa9cc521 Improve field/scalar inverse tests 1e0e885c Make field/scalar code use the new modinv modules for inverses 436281af Move secp256k1_fe_inverse{_var} to per-impl files aa404d53 Move secp256k1_scalar_{inverse{_var},is_even} to per-impl files 08d54964 Improve bounds checks in modinv modules 151aac00 Add tests for modinv modules d8a92fcc Add extensive comments on the safegcd algorithm and implementation 8e415acb Add safegcd based modular inverse modules de0a643c Add secp256k1_ctz{32,64}_var functions 99a1cfec print warnings for conditional-uninitialized 3d2cf6c5 initialize variable in tests REVERT: 9fd06254 Merge pull request #5 from bitcoin-core/master REVERT: 143ecc6f Fix multiset benchmarks REVERT: d66ad94e Merge pull request #3 from kaspanet/new-schnorr REVERT: 2a29b5c6 Merge remote-tracking branch 'upstream/master' into new-schnorr REVERT: f09320ed Revert "Add matching Schnorr implementation " REVERT: ee3ab072 Add matching Schnorr implementation REVERT: 087f4bba Fix missing MIT license attribute in oldschnorr impl bitcoin-core/secp256k1#425 REVERT: 054ade68 Add multiset and oldschnorr to travis REVERT: 2b47e2cf Rename schnorr to oldschnorr and add fixes to build system REVERT: 604052f4 [secp256k1] Implement Schnorr signatures REVERT: 1f46fcb2 Add Multiset/ECMH implementation REVERT: 225587b4 Fix UB(violating alignment rules) in multiset tests REVERT: b0e16b52 Fix docs and small code problems in multiset REVERT: 582b1256 Add multiset serialize/parse functions REVERT: d6dd4762 Fix some build configurations for multiset module REVERT: 41145690 Add ECMH multiset module to libsecp256k1 git-subtree-dir: depend/secp256k1 git-subtree-split: 50f33677122fed79dedb05e8046b2fea93496201
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This module implemented a naive custom Schnorr signature scheme, though several flaws have been discovered with its approach since (lack of commitment to public keys, ability for 3rd parties to adapt signatures to related keys, and a multisigning API that is vulnerable to cancellation attacks, restart attacks that leak a private key to cosigners).
I have been working on a better scheme, but I don't believe this should be upstream until it's been vetted in more thorough ways. People assumed that it being included in the repository was a sign that it was final, so I'm removing it to avoid any confusion.