44db4d8 Merge pull request bitcoin#57 from apoelstra/2019-04-surjectionproof-stack f7e4d08 surjection proof: Reject proofs with too many used inputs in reduced mode 112edb2 allow reducing surjection proof size (to lower generation stack usage) d512d78 surjectionproof: introduce `SECP256K1_SURJECTIONPROOF_MAX_USED_INPUTS` constant and set it to 16 a118acc surjectionproof: reduce stack usage e7f4ff4 Merge pull request bitcoin#70 from apoelstra/2019-06-surjection-count f94d46e Merge pull request bitcoin#71 from real-or-random/fix-trailing-test 49a1e01 surjectionproof: fix malleability in surjection proof parsing 55311b0 Fix read of wrong buffer (and OOB) in surjectionproof tests 290a27b surjectionproof: add test vectors for "set padding bits" 7bc3daa surjectionproof: add fixed test vectors 6f3b0c0 Improve comments for surctionproof init+alloc/destroy funcs 250ebb3 work in progress: add _allocate_initialized/destroy funcs 4a77633 Improve explanation of key cancellation attack in whitelist.md 898c9f0 Clarify how to derive alternative generator H 15d9278 Add bench_generator and bench_rangeproof to .gitignore 86240b2 Clean up ./configure help strings (zkp extensions) 865b761 Fix a small typo in the generator parameter name cd5ba5c generator: remove `CHECK` abort calls exposed by public API ff16651 musig: add user documentation 0ad6b60 Add 3-of-3 MuSig example b61a1a9 Add MuSig module which allows creating n-of-n multisignatures and adaptor signatures. 5d5374f Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification. a8ae6ba add chacha20 function 9a8a71e use proper types for rangeproof min/max 14769b9 rangeproof: reduce iteration count in unit tests 0593861 Enable more builds with rest of experimental flags e9fea74 Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting dec1b9c Add comment to explain effect of max_n_iterations in surjectionproof_init ea62bfe add unit test for generator and pedersen commitment roundtripping e32924f rangeproof: fix serialization of pedersen commintments 972d056 rangeproof: verify correctness of pedersen commitments when parsing 2cc4c6f generator: verify correctness of point when parsing 65ffea4 rangeproof: check that points deserialize correctly when verifying rangeproof cb786d6 rangeproof: add fixed vector test case b387ba0 Expose generator in shared library 8da4328 fix spelling in documentation 6f14fe4 Test for rejection of trailing bytes in range proofs ab4fbc1 Test for rejection of trailing bytes in surjection proofs c908c97 Reject surjection proofs with trailing garbage f723bf5 Minor bugfix. Wrong length due to NUL character. 6872069 Add whitelisting benchmark 6ceccb7 add whitelist_impl.h to include for dist a3ad4a8 generator: add API tests e93e886 generator: remove unnecessary ARG_CHECK from generate() f1d6e4b Fix generator makefile 68be611 Fix pedersen_blind_generator_blind_sum return value documentation 51fc58a Add n_keys argument to whitelist_verify 36b100c Fix checks of whitelist serialize/parse arguments c8f54e1 whitelist: fix serialize/parse API to take serialized length 56fca50 Fix include/secp256k1_rangeproof.h function argument documentation. 4617f04 rangeproof: add API tests cd4e438 surjectionproof: rename unit test functions to be more consistent with other modules 2cc7f1e surjectionproof: add API unit tests c4097f7 surjectionproof: tests_impl.h s/assert/CHECK/g 5ee6bf3 rangeproof: fix memory leak in unit tests 94e81a2 add surjection proof module a66ea35 Implement ring-signature based whitelist delegation scheme 2bb5133 rangeproof: several API changes 9b00b61 Expose generator in pedersen/rangeproof API 54fa263 Constant-time generator module 023aa86 rangeproof: expose sidechannel message field in the signing API 89e7451 [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup f126331 Pedersen commitments, borromean ring signatures, and ZK range proofs. e1fb4af Add 64-bit integer utilities e541a90 Merge bitcoin#629: Avoid calling _is_zero when _set_b32 fails. f34b0c3 Merge bitcoin#630: Note intention of timing sidechannel freeness. 8d1563b Note intention of timing sidechannel freeness. 1669bb2 Merge bitcoin#628: Fix ability to compile tests without -DVERIFY. ecc94ab Merge bitcoin#627: Guard memcmp in tests against mixed size inputs. 544435f Merge bitcoin#578: Avoid implementation-defined and undefined behavior when dealing with sizes 143dc6e Merge bitcoin#595: Allow to use external default callbacks e49f799 Add missing #(un)defines to base-config.h 77defd2 Add secp256k1_ prefix to default callback functions 908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c 5db782e Allow usage of external default callbacks 6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return cd473e0 Avoid calling secp256k1_*_is_zero when secp256k1_*_set_b32 fails. 6c36de7 Merge bitcoin#600: scratch space: use single allocation 98836b1 scratch: replace frames with "checkpoint" system 7623cf2 scratch: save a couple bytes of unnecessarily-allocated memory a7a164f scratch: rename `max_size` to `size`, document that extra will actually be allocated 5a4bc0b scratch: unify allocations c2b028a scratch space: thread `error_callback` into all scratch space functions 0be1a4a scratch: add magic bytes to beginning of structure 92a48a7 scratch space: use single allocation 40839e2 Merge bitcoin#592: Use trivial algorithm in ecmult_multi if scratch space is small dcf3920 Fix ability to compile tests without -DVERIFY. a484e00 Merge bitcoin#566: Enable context creation in preallocated memory 0522caa Explain caller's obligations for preallocated memory 238305f Move _preallocated functions to separate header 695feb6 Export _preallocated functions 814cc78 Add tests for contexts in preallocated memory ba12dd0 Check arguments of _preallocated functions 5feadde Support cloning a context into preallocated memory c4fd5da Switch to a single malloc call ef020de Add size constants for preallocated memory 1bf7c05 Prepare for manual memory management in preallocated memory 248bffb Guard memcmp in tests against mixed size inputs. 36698dc Merge bitcoin#596: Make WINDOW_G configurable a61a93f Clean up ./configure help strings 2842dc5 Make WINDOW_G configurable 1a02d6c Merge bitcoin#626: Revert "Merge bitcoin#620: Install headers automatically" 662918c Revert "Merge bitcoin#620: Install headers automatically" 14c7dbd Simplify control flow in DER parsing ec8f20b Avoid out-of-bound pointers and integer overflows in size comparisons 01ee1b3 Parse DER-enconded length into a size_t instead of an int 912680e Merge bitcoin#561: Respect LDFLAGS and #undef STATIC_PRECOMPUTATION if using basic config 91fae3a Merge bitcoin#620: Install headers automatically 5df77a0 Merge bitcoin#533: Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 975e51e Merge bitcoin#617: Pass scalar by reference in secp256k1_wnaf_const() 735fbde Merge bitcoin#619: Clear a copied secret key after negation 16e8615 Install headers automatically 069870d Clear a copied secret key after negation 8979ec0 Pass scalar by reference in secp256k1_wnaf_const() 84a8085 Merge bitcoin#612: Allow field_10x26_arm.s to compile for ARMv7 architecture d4d270a Allow field_10x26_arm.s to compile for ARMv7 architecture b19c000 Merge bitcoin#607: Use size_t shifts when computing a size_t 4d01bc2 Merge bitcoin#606: travis: Remove unused sudo:false e6d01e9 Use size_t shifts when computing a size_t 7667532 travis: Remove unused sudo:false 248f046 Make sure we're not using an uninitialized variable in secp256k1_wnaf_const(...) 9ab96f7 Use trivial algorithm in ecmult_multi if scratch space is small ee99f12 Merge bitcoin#599: Switch x86_64 asm to use "i" instead of "n" for immediate values. d58bc93 Switch x86_64 asm to use "i" instead of "n" for immediate values. 05362ee Merge bitcoin#597: Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build 8348386 Add $(COMMON_LIB) to exhaustive tests to fix ARM asm build aa15154 Merge bitcoin#568: Fix integer overflow in ecmult_multi_var when n is large 2277af5 Fix integer overflow in ecmult_multi_var when n is large dbed75d Undefine `STATIC_PRECOMPUTATION` if using the basic config 310111e Keep LDFLAGS if `--coverage` 85d0e1b Merge bitcoin#591: Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing. 1419637 Merge bitcoin#580: Add trivial ecmult_multi algorithm which does not require a scratch space a697d82 Add trivial ecmult_multi to the benchmark tool bade617 Add trivial ecmult_multi algorithm. It is selected when no scratch space is given and just multiplies and adds the points. 5545e13 Merge bitcoin#584: configure: Use CFLAGS_FOR_BUILD when checking native compiler 20c5869 Merge bitcoin#516: improvements to random seed in src/tests.c b76e45d Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing. 870a977 Merge bitcoin#562: Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse be40c4d Fixup for C90 mixed declarations. c71dd2c Merge bitcoin#509: Fix algorithm selection in bench_ecmult 6492bf8 Merge bitcoin#518: Summarize build options after running configure 0e9ada1 Merge bitcoin#567: Correct order of libs returned on pkg-config --libs --static libsecp2… e96901a Merge bitcoin#587: Make randomization of a non-signing context a noop 58df8d0 Merge bitcoin#511: Portability fix for the configure scripts generated 2ebdad7 Merge bitcoin#552: Make constants static: 1c131af Merge bitcoin#551: secp256k1_fe_sqrt: Verify that the arguments don't alias. ba698f8 Merge bitcoin#539: Assorted minor corrections 949e85b Merge bitcoin#550: Optimize secp256k1_fe_normalize_weak calls. a34bcaa Actually pass CFLAGS_FOR_BUILD and LDFLAGS_FOR_BUILD to linker 2d5f4ce configure: Use CFLAGS_FOR_BUILD when checking native compiler b408c6a Merge bitcoin#579: Use __GNUC_PREREQ for detecting __builtin_expect 6198375 Make randomization of a non-signing context a noop c663397 Use __GNUC_PREREQ for detecting __builtin_expect 3cb057f Fix possible integer overflow in DER parsing 89a20a8 Correct order of libs returned on pkg-config --libs --static libsecp256k1 call. d3cb1f9 Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse 496c5b4 Make constants static: static const secp256k1_ge secp256k1_ge_const_g; static const int CURVE_B; bf8b86c secp256k1_fe_sqrt: Verify that the arguments don't alias. 9bd89c8 Optimize secp256k1_fe_normalize_weak calls. Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead. 52ab96f clean dependendies in field_*_impl.h deff5ed Correct math typos in field_*.h 4efb3f8 Add check that restrict pointers don't alias with all parameters. 3965027 Summarize build options in configure script 0f05173 Fix algorithm selection in bench_ecmult 8b3841c fix bug in fread() failure check cddef0c tests: add warning message when /dev/urandom fails 270f6c8 Portability fix for the configure scripts generated REVERT: 43dd1f4 Merge pull request bitcoin#40 from instagibbs/size_t REVERT: 6532fa0 Merge pull request bitcoin#39 from instagibbs/more_builds REVERT: 2b2429d rangeproof: reduce iteration count in unit tests REVERT: 12b0e5d Enable more builds with rest of experimental flags REVERT: 8c444ee use proper types for rangeproof min/max REVERT: 53ad841 Add explanation about how BIP32 unhardened derivation can be used to simplify whitelisting REVERT: 71c5fe0 Add comment to explain effect of max_n_iterations in surjectionproof_init REVERT: 85fd42f add unit test for generator and pedersen commitment roundtripping REVERT: 2ccf885 rangeproof: fix serialization of pedersen commintments REVERT: 60c173b rangeproof: verify correctness of pedersen commitments when parsing REVERT: 32d7526 generator: verify correctness of point when parsing REVERT: ae14e8a rangeproof: check that points deserialize correctly when verifying rangeproof REVERT: 44fe43d rangeproof: add fixed vector test case REVERT: e065d7d Expose generator in shared library REVERT: fb1ba32 fix spelling in documentation REVERT: fb75faa Test for rejection of trailing bytes in range proofs REVERT: 9b2cf17 Test for rejection of trailing bytes in surjection proofs REVERT: a3a1800 Reject surjection proofs with trailing garbage REVERT: 0c77ae9 Minor bugfix. Wrong length due to NUL character. REVERT: b1f31bc Add whitelisting benchmark REVERT: 52a9f8f add whitelist_impl.h to include for dist REVERT: a707865 generator: add API tests REVERT: ec1ef04 generator: remove unnecessary ARG_CHECK from generate() REVERT: b0e9aa8 Fix generator makefile REVERT: 526c654 Fix pedersen_blind_generator_blind_sum return value documentation REVERT: b51886e Add n_keys argument to whitelist_verify REVERT: 37c57de Fix checks of whitelist serialize/parse arguments REVERT: 9b8a9d9 whitelist: fix serialize/parse API to take serialized length REVERT: 7f17515 Fix include/secp256k1_rangeproof.h function argument documentation. REVERT: 0d81702 rangeproof: add API tests REVERT: 417bb06 surjectionproof: rename unit test functions to be more consistent with other modules REVERT: 1e2d5c1 surjectionproof: add API unit tests REVERT: 7878a29 surjectionproof: tests_impl.h s/assert/CHECK/g REVERT: e609591 rangeproof: fix memory leak in unit tests REVERT: 0c17f79 add surjection proof module REVERT: c174f0c Implement ring-signature based whitelist delegation scheme REVERT: a2bc660 rangeproof: several API changes REVERT: 21bfb3c Expose generator in pedersen/rangeproof API REVERT: f4620de Constant-time generator module REVERT: d46fc3c rangeproof: expose sidechannel message field in the signing API REVERT: cf40b1b [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup REVERT: 6d28767 Get rid of precomputed H tables (Pieter Wuille) REVERT: ae1e576 Pedersen commitments, borromean ring signatures, and ZK range proofs. REVERT: efc61dc Add 64-bit integer utilities git-subtree-dir: src/secp256k1 git-subtree-split: 44db4d801fff3cd94105136cb443d603683baad2

Help changed, need translations #39

Description

Activity

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions