Brandon Black

I pushed a commit with the script I've been mucking about with for verifying the function. Uses the base point, as well as random points, and checks that the result...

The paper authors do comment that values for the scalar of 0,1, P, and P-1 do not work with this algorithm, so that explains at least some of the failures....

Tests pass with this small modification to make 1/-1 behave as expected. Edit to add: Even without redefining `invert`, so I think that was a red herring that was eliminated...

As somewhat discussed in my PR against noble-secp256k1, these algorithms are constant time on the number of bits in the scalar. It's above my pay grade to know what modifications...

With the goal of eventually converging to a single implementation, I have updated the BitGo version of Taproot support to work with v6 here: https://github.com/BitGo/bitcoinjs-lib/tree/6_sync . Not sure if anything...

A note on performance: `tiny-secp256k1` builds a full point to check the curve equation, which requires performing a modular square root. This check avoids performing the square root by using...

Also of note: I confirmed the accuracy of this function by comparing it to `tiny-secp256k1.isXOnlyPoint` over > 1 million random 32-byte arrays.

1. Agreed, figured opening a proper top-level PR was the place for that consideration, once I found I was able to bring the performance in line with what is proposed...

Would you like them in a new file, in types, or another file? On Wed, Mar 23, 2022, 21:36 Jonathan Underwood ***@***.***> wrote: > Also, this exposes the methods from...

> this change will make bitcoinjs-lib unusable as-is in some environments (I'm thinking of React Native on mobile) ~~Interesting, what version of which JS engine is that?~~ IIUC React Native...