roconnor-blockstream

This is pretty significant. Profiling (see #214) shows that upwards of 60% of time is spent on computing various Merkle roots, in this kind of case. The use of Merkle...

In my test example, even using sha_ni intrinsics, program still takes more than 20% longer than our target. It's better than 300% longer, but it still doesn't reach our goals.

Fixed in #241.

Related: https://savannah.gnu.org/bugs/?32171 Also: https://en.wikipedia.org/w/index.php?title=GNU_TeXmacs&oldid=1146582597#Batch_processing

Let's keep this issue open even after #145. When a new version of TeXmacs is released we can replace `xvfb-run` with just a simple `--headless` argument to TeXmacs.

I suppose there is an issue that the current definition of the Bit Machine requires that there is always some active read frame, and starting with TCOon would end in...

Seems okay to me if you folks are okay with the variable time in these (impossible) cases.

I agree with you, except that the code seems to have been clearly and deliberately written to be constant time for some reason.

Since we are already changing cryptographically inaccessable behavior in #286, maybe we ought to switch to `secp256k1_fe_set_b32_mod`. Yes, it is infinitesimally slower to use `_mod`, but it pales in comparison...

Ah this bug was introduced in https://github.com/BlockstreamResearch/secp256k1-zkp/pull/256 when `secp256k1_fe_set_b32` was split into `_mod` and `_limit` variants. The `_limit` version isn't quite a drop in replacement due to the fact the...