Jonas Nick

Hi @rickmark, I like that this way `seckey_verify` is called always instead of leaving that up to the user. Not sure if that's worth the indirection. Also, there's some existing...

> So far we've seen this only in secp256k1_ge_neg in this line: With default configuration flags, ARMv8 and GCC 10.2.0, I get the `Source and destination overlap in memcpy` valgrind...

Fwiw, if we do this hack we should also test in CI that we actually use these methods (preferably by running the tests in valgrind on the affected architectures).

I made a couple of changes and in order to avoid adding code that is deleted in later commits I force pushed, sorry. Summary of the changes: * added function...

Rebased and polished quite a bit. Also added fix for bug in master that we noticed before iirc. So to make sure it gets in I opened #1004. Still, I...

I rebased this to see how master affects this PR. Will still need to address review comments and add better explanations to the commits.

> I don't want to discourage people from adding entropy while leaving the choice of the function to the library. I'd be surprised if people don't make use of this...

The BIP340 nonce function as implemented in #558 is not a `secp256k1_nonce_function` because it takes the `xonly_pubkey` as an additional argument so we'd need some kind of wrapper. But would...

> I suggest we > - rename _no_precomp to _builtin (or similar) > - keep a deprecated alias _no_precomp > - expose the self-tests in the public API Concept ACK...

This is a start. Ideally, the batch object does not hold signatures, messages and the likes. Instead, only scalars and points are stored on the batch object's scratch space. In...