Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x-only ECDH without sqrt #262

Open
wants to merge 14 commits into
base: master
Choose a base branch
from
Open

x-only ECDH without sqrt #262

wants to merge 14 commits into from

Commits on Jun 29, 2015

  1. tests: add a couple tests 

      - Add zero/one sanity check tests for ecmult

  - Add unit test for secp256k1_scalar_split_lambda_var

  - Typo fix in `ge_equals_ge`; was comparing b->y to itself, should
    have been comparing a->y to b->y

  - Normalize y-coordinate in `random_group_element_test`; this is
    needed to pass random group elements as the first argument to
    `ge_equals_ge`, which I will do in a future commit.
    @apoelstra
    apoelstra committed Jun 29, 2015
    Configuration menu
    Copy the full SHA
    a828df5 View commit details
    Browse the repository at this point in the history

Commits on Jun 30, 2015

  1. Add constant-time secp256k1_point_multiply for ECDH 

    Designed with clear separation of the wNAF conversion, precomputation
and exponentiation (since the precomp at least we will probably want
to separate in the API for users who reuse points a lot.

Future work:
  - actually separate precomp in the API
  - do multiexp rather than single exponentiation
    @apoelstra
    apoelstra committed Jun 30, 2015
    Configuration menu
    Copy the full SHA
    955774c View commit details
    Browse the repository at this point in the history

  2. Expose API for constant time point multiplication

    @apoelstra
    apoelstra committed Jun 30, 2015
    Configuration menu
    Copy the full SHA
    1bcca35 View commit details
    Browse the repository at this point in the history

  3. Add benchmark for ECDH multiplication

    @apoelstra
    apoelstra committed Jun 30, 2015
    Configuration menu
    Copy the full SHA
    6b43041 View commit details
    Browse the repository at this point in the history

  4. Make secp256k1_scalar_add_bit conditional; make `secp256k1_scalar_s… 

    …plit_lambda_var` constant time

This has the effect of making `secp256k1_scalar_mul_shift_var` constant
time in both input scalars. Keep the _var name because it is NOT constant
time in the shift amount.

As used in `secp256k1_scalar_split_lambda_var`, the shift is always
the constant 272, so this function becomes constant time, and it
loses the `_var` suffix.
    @apoelstra
    apoelstra committed Jun 30, 2015
    Configuration menu
    Copy the full SHA
    59c5720 View commit details
    Browse the repository at this point in the history

  5. Implement endomorphism optimization for secp256k1_ecdh_point_multiply

    @apoelstra
    apoelstra committed Jun 30, 2015
    Configuration menu
    Copy the full SHA
    48dc8e3 View commit details
    Browse the repository at this point in the history

Commits on Jul 2, 2015

  1. Expose API for constant time point multiplication

    @apoelstra
    apoelstra committed Jul 2, 2015
    Configuration menu
    Copy the full SHA
    171470e View commit details
    Browse the repository at this point in the history

  2. Add benchmark for ECDH multiplication

    @apoelstra
    apoelstra committed Jul 2, 2015
    Configuration menu
    Copy the full SHA
    c641e06 View commit details
    Browse the repository at this point in the history

  3. Make secp256k1_scalar_add_bit conditional; make `secp256k1_scalar_s… 

    …plit_lambda_var` constant time

This has the effect of making `secp256k1_scalar_mul_shift_var` constant
time in both input scalars. Keep the _var name because it is NOT constant
time in the shift amount.

As used in `secp256k1_scalar_split_lambda_var`, the shift is always
the constant 272, so this function becomes constant time, and it
loses the `_var` suffix.
    @apoelstra
    apoelstra committed Jul 2, 2015
    Configuration menu
    Copy the full SHA
    a35d91b View commit details
    Browse the repository at this point in the history

  4. Implement endomorphism optimization for secp256k1_ecdh_point_multiply

    @apoelstra
    apoelstra committed Jul 2, 2015
    Configuration menu
    Copy the full SHA
    0436dfc View commit details
    Browse the repository at this point in the history

Commits on Jul 3, 2015

  1. Merge branch 'ecdh-mult' of https://github.com/apoelstra/secp256k1 in… 

    …to ecdh-mult
    @peterdettman
    peterdettman committed Jul 3, 2015
    Configuration menu
    Copy the full SHA
    67d307c View commit details
    Browse the repository at this point in the history

  2. Demo code for x-only ECDH

    @peterdettman
    peterdettman committed Jul 3, 2015
    Configuration menu
    Copy the full SHA
    2a5914a View commit details
    Browse the repository at this point in the history

  3. Add Jacobi symbol test via GMP

    @peterdettman
    peterdettman committed Jul 3, 2015
    Configuration menu
    Copy the full SHA
    d23d8c5 View commit details
    Browse the repository at this point in the history

Commits on Jul 4, 2015

  1. Fallback to _set_xo_var when USE_NUM_NONE defined

    @peterdettman
    peterdettman committed Jul 4, 2015
    Configuration menu
    Copy the full SHA
    a5eaa21 View commit details
    Browse the repository at this point in the history