Pieter Wuille

@paulmillr They are remapped as follows: * If t=0, set t=1 instead * If u=0, set u=1 instead * If u^2+t^3+B=0, set t=2*t instead * Run the normal algorithm (for...

Added test vectors.

Ping @theuni: any ideas about libtool?

Could it be enabled by default just on platforms where we expect it to work?

> Of course there's no way to verify that the encrypted privkey is correct without decrypting it. What if the ckey record included a signature of the encrypted data with...

Things that come to mind not currently listed in the README: * Exhaustive group tests (@apoelstra) * Pippenger's multiplication in addition to Strauss (@jonasnick) * Effective-affine trick in EC multiplication...

@robot-dreams Thanks for your comments! The failure with asm=arm is expected, as Apple M1 is 64-bit ARM, while the assembly code used here is 32-bit.

Made another change: in VERIFY mode, the upper bound on the number of posdivsteps iterations is reduced to ~750 (which is close to the median of how many iterations are...

> One potential concern is that with this change, there are now 4 slightly different implementations of a similar algorithm (32/64-bit, inv/jacobi). Do you think there's a nice way to...

Included @robot-dreams's update to the writeup.