Pieter Wuille

This means that no `Assume` can be compiled out in production builds anymore, as they all involve a `g_fuzzing` check? See #31178.

@dderjoel Thanks for the updates, I'm very glad to see the progress here. My thinking is that we'll actually want to split this into two separate efforts, which we can...

Separate comment, as it feels unrelated to the rest. In inline asm blocks, all variable templates fall in one of these categories: * Input variables * Early-clobber output variable (`=&`)...

> I wonder what would be necessary for reviewers to be convinced that the code is correct and what exact guarantees the Fiat-Crypto proofs provide. Indeed. I wonder if @roconnor-blockstream...

@dderjoel Another question: what about the 32-bit code? Can fiat-crypto generate C code for that too? If so, does that incorporate #810 now? I don't think we care enough about...

@dderjoel > Would that be in [src/selftest.h:29](https://github.com/bitcoin-core/secp256k1/blob/5f7903c73c18953b2a3a209fceb3fae430cfeb35/src/selftest.h#L29)? > something like > ... I think @real-or-random meant something even simpler (just some asm code that uses adc, which presumbly crashes on...

@dderjoel I think eventually we want runtime check and proper dispatch to the right version, having both compiled in. But at this stage, I think it's more interesting to just...

With a "source generation / auditing" dependency on Python now with the Wycheproof code, I'm in favor of just rewriting the precomputation part in Python too. It should be pretty...

Concept ACK. I agree with @jonasnick's review comments. Do the warning messages add anything, as there are already deprecated markers on the unavailable functions?

ACK 44794188ec9c0f202f8d7263392860b89a24948d