Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Embed stripped down copy of micro-ecc for comparison tests? #716

Closed
gmaxwell opened this issue Feb 12, 2020 · 1 comment
Closed

Embed stripped down copy of micro-ecc for comparison tests? #716

gmaxwell opened this issue Feb 12, 2020 · 1 comment

Comments

@gmaxwell
Copy link
Contributor

I think tests that compare multiple implementations using a mixture of constructed static vectors and random test cases are obviously a best practice everyone should engage with, even if the other implementation isn't something that you'd expect anyone to use in production.

Currently the the tests have comparison tests w/ openssl. It used to be particularly important to test against openssl because it was important to Bitcoin consensus. An analogous test today would be embedding an old version of libsecp256k1 (yo dawg) but I don't think the library has changed enough to justify that today. If ever someone writes whole new field or scalar implementations that might be a good idea, however.

OpenSSL has been at least a minor burden: Its API changes from time to time which breaks the builds, and users can't be counted on to have the development headers (and making them install them for a comparison test seems silly)-- so these important tests have to be optional.

Instead, the library source could include a stripped down copy of micro-ecc ( https://github.com/kmackay/micro-ecc ), which is a small, essentially single file library that supports several curves, ecdh and ecdsa. It is at least as portable as libsecp256k1 itself, and under a compatible license. I don't have a particularly high opinion of micro-ecc (on review I found some serious constant-timness bugs and didn't find any evidence of particularly good testing practices, though it does have some testing, which --sadly-- is much better than most crypto code found on the net, including stuff widely promoted as high quality)... but its implementation is pretty distinct from libsecp256k1 so there is a chance that many flaws would be uncorrelated.

It would also be fairly easy to add BIP340 schnorr support to micro-ecc and doing so would likely be of value to the public because while I wouldn't recommend micro-ecc to people generally, it does support 8-bit microcontrollers which this library has no intention of supporting. For similar reasons the additional testing of micro-ecc as a side-effect of being harnessed to libsecp would likely be a public good. Ideally if someone did write schnorr support for it it should be someone who didn't work on this library or bip-340 to reduce correlation.
@real-or-random
Copy link
Contributor

This is a nice proposal. I'm closing this because it's very similar to #691 but we should discuss there further.

@real-or-random real-or-random mentioned this issue Feb 14, 2020
Open
This was referenced Apr 9, 2020
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gmaxwell @real-or-random