secp256k1 icon indicating copy to clipboard operation
secp256k1 copied to clipboard

Published 20 hours ago verified publisher icon bitcoin-core

Abstract out and merge all the magnitude/normalized logic

Open sipa opened this issue 2 years ago • 4 comments

Right now, all the logic for propagating/computing the magnitude/normalized fields in secp256k1_fe (when VERIFY is defined) and the code for checking it, is duplicated across the two field implementations. I believe that is undesirable, as these properties should purely be a function of the performed fe_ functions, and not of the choice of field implementation. This becomes even uglier with #967, which would copy all that, and even needs an additional dimension that would then need to be added to the two other fields. It's also related to #1001, which I think will become easier if it doesn't need to be done/reasoned about separately for every field.

This PR moves all logic around these fields (collectively called field verification) to implementations in field_impl.h, which dispatch to renamed functions in field_*_impl.h for the actual implementation.

Fixes #1060.

sipa avatar Jan 29 '22 00:01 sipa

Made some significant changes here, and addressed some of the comments.

sipa avatar Jan 31 '22 23:01 sipa

Concept ACK

But is there you reason why you prefer to do this before #1001? (@peterdettman and I argued to in #1060 that it may make sense to solve #1001.)

I haven't looked at the details here but I think this will non-trivially conflict with https://github.com/bitcoin-core/secp256k1/pull/1062. @sipa can you have a look and suggest how we should move forward?

real-or-random avatar Feb 01 '22 12:02 real-or-random

@real-or-random

But is there you reason why you prefer to do this before #1001? (@peterdettman and I argued to in #1060 that it may make sense to solve #1001.)

The impetus for this is really that I want to bring #967 up-to-date and more production-ready, and doing it properly I think would be very unclear without a change like this (having details from the "old" fields leak into the verify checks of the new one etc).

I'll comment in #1060, but I think this PR makes it at least obvious in what places norm/mag are not compile-time constants.

I haven't looked at the details here but I think this will non-trivially conflict with #1062. @sipa can you have a look and suggest how we should move forward?

It will. That's one of the reasons why I kept the changes for each function in separate commits. So I'm happy to rebase this after #1062, or otherwise incorporate the commits here.

sipa avatar Feb 01 '22 17:02 sipa

Rebased.

sipa avatar Jun 08 '22 19:06 sipa

Rebased, adding an abstraction for secp256k1_fe_half.

sipa avatar Nov 17 '22 16:11 sipa