Update libsecp256k1 (endomorphism, test improvements) #20147
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
c6b6b8f Merge bitcoin#830: Rip out non-endomorphism code + dependencies c582aba Consistency improvements to the comments 63c6b71 Reorder comments/function around scalar_split_lambda 2edc514 WNAF of lambda_split output has max size 129 4232e5b Rip out non-endomorphism code ebad841 Check correctness of lambda split without -DVERIFY fe7fc1f Make lambda constant accessible 9d2f2b4 Add tests to exercise lambda split near bounds 9aca2f7 Add secp256k1_split_lambda_verify acab934 Detailed comments for secp256k1_scalar_split_lambda 76ed922 Increase precision of g1 and g2 6173839 Switch to our own memcmp function 63150ab Merge bitcoin#827: Rename testrand functions to have test in name c5257ae Merge bitcoin#821: travis: Explicitly set --with-valgrind bb1f542 Merge bitcoin#818: Add static assertion that uint32_t is unsigned int or wider a45c1fa Rename testrand functions to have test in name 5006895 Merge bitcoin#808: Exhaustive test improvements + exhaustive schnorrsig tests 4eecb4d travis: VALGRIND->RUN_VALGRIND to avoid confusion with WITH_VALGRIND 66a765c travis: Explicitly set --with-valgrind d7838ba Merge bitcoin#813: Enable configuring Valgrind support 7ceb0b7 Merge bitcoin#819: Enable -Wundef warning 8b7dcdd Add exhaustive test for extrakeys and schnorrsig 08d7d89 Make pubkey parsing test whether points are in the correct subgroup 87af00b Abstract out challenge computation in schnorrsig 63e1b2a Disable output buffering in tests_exhaustive.c 39f67dd Support splitting exhaustive tests across cores e99b26f Give exhaustive_tests count and seed cmdline inputs 49e6630 refactor: move RNG seeding to testrand b110c10 Change exhaustive test groups so they have a point with X=1 cec7b18 Select exhaustive lambda in function of order 78f6cdf Make the curve B constant a secp256k1_fe d7f39ae Delete gej_is_valid_var: unused outside tests 8bcd78c Make secp256k1_scalar_b32 detect overflow in scalar_low c498366 Move exhaustive tests for recovery to module be31791 Make group order purely compile-time in exhaustive tests e73ff30 Enable -Wundef warning c0041b5 Add static assertion that uint32_t is unsigned int or wider 4ad408f Merge bitcoin#782: Check if variable=yes instead of if var is set in travis.sh 412bf87 configure: Allow specifying --with[out]-valgrind explicitly 34debf7 Modify .travis.yml to explictly pass no in env vars instead of setting to nothing a0e99fc Merge bitcoin#814: tests: Initialize random group elements fully 5738e86 tests: Initialize random group elements fully c9939ba Merge bitcoin#812: travis: run bench_schnorrsig a51f2af travis: run bench_schnorrsig ef37761 Change travis.sh to check if variables are equal to yes instead of not-empty. Before this, setting `VALGRIND=wat` was considered as true, and to make it evaluate as false you had to unset the variable `VALGRIND=` but not it checks if `VALGRIND=yes` and if it's not `yes` then it's evaluated to false git-subtree-dir: src/secp256k1 git-subtree-split: c6b6b8f
|
Concept ACK. |
|
ACK 9e5626d |
fanquake
approved these changes
Oct 15, 2020
There was a problem hiding this comment.
ACK 9e5626d - performed a squash and checked that the changes were the same. The non-endomorphism code has now been ripped out.
how-to-verify-subtree notes here: https://github.com/fanquake/core-review/blob/master/subtree-merge.md
|
@jamesob this would be a good PR for you to throw into bitcoinperf. |
|
Ran a local IBD comparison on this for 8000 blocks (height 500_000 - 508_000) and to my surprise didn't see any performance difference. Compared the HEAD of this PR to the commit in master preceding it (c2c4dba). Could be that this platform is bottlenecked by IO and not CPU?
commands index
#20147 vs. c2c4dba (absolute)
#20147 vs. c2c4dba (relative)
|
|
@jamesob That's certainly possible. With such a low dbcache, it's also possible it's just spending a lot of time in in preparing leveldb updates to flush. |
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Oct 16, 2020
…ents) 52380bf Squashed 'src/secp256k1/' changes from 8ab24e8..c6b6b8f (Pieter Wuille) Pull request description: This updates the libsecp256k1 subtree to the latest master, which includes: * Enabling the GLV endomorphism optimization by default (and removing support for the non-GLV EC multiplication) * Added a proof for the correctness of the lambda split algorithm by roconnor-blockstream (other code was relying on the fact that it always outputs 128 bit results, which isn't at all obvious). * Improved exhaustive tests, in particular for the Schnorr signature module * Various other testing and CI improvements ACKs for top commit: fanquake: ACK 9e5626d - performed a squash and checked that the changes were the same. The non-endomorphism code has now been ripped out. benthecarman: ACK 9e5626d Tree-SHA512: 50fda5f3f934ee525f01cfc15e4f5efbc5261a97f2b77fe1b3453ee0edcf1281ad74ab4532a2fe1fe907652dd47023beff8cf3d73bf34f65ac914a694b9e7110
|
Your |
|
Great call @Sjors, that should've occurred to me (d'oh). In any case, here are some much less surprising results showing improvement after disabled assumevalid.
commands index
#20147 vs. c2c4dba (absolute)
#20147 vs. c2c4dba (relative)
For kicks, here's the utxo cache flush history (I need to normalize the times in this graph...).
|
|
Thanks @jamesob 👍 |
zkbot
added a commit
to zcash/zcash
that referenced
this pull request
Oct 25, 2020
Update secp256k1 again This migrates us to the same dependency version that upstream Bitcoin Core migrated to in bitcoin/bitcoin#20147.
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Aug 10, 2021
…ents) 52380bf Squashed 'src/secp256k1/' changes from 8ab24e8..c6b6b8f (Pieter Wuille) Pull request description: This updates the libsecp256k1 subtree to the latest master, which includes: * Enabling the GLV endomorphism optimization by default (and removing support for the non-GLV EC multiplication) * Added a proof for the correctness of the lambda split algorithm by roconnor-blockstream (other code was relying on the fact that it always outputs 128 bit results, which isn't at all obvious). * Improved exhaustive tests, in particular for the Schnorr signature module * Various other testing and CI improvements ACKs for top commit: fanquake: ACK 9e5626d - performed a squash and checked that the changes were the same. The non-endomorphism code has now been ripped out. benthecarman: ACK 9e5626d Tree-SHA512: 50fda5f3f934ee525f01cfc15e4f5efbc5261a97f2b77fe1b3453ee0edcf1281ad74ab4532a2fe1fe907652dd47023beff8cf3d73bf34f65ac914a694b9e7110
5tefan
pushed a commit
to 5tefan/dash
that referenced
this pull request
Aug 12, 2021
…ents) 52380bf Squashed 'src/secp256k1/' changes from 8ab24e8..c6b6b8f (Pieter Wuille) Pull request description: This updates the libsecp256k1 subtree to the latest master, which includes: * Enabling the GLV endomorphism optimization by default (and removing support for the non-GLV EC multiplication) * Added a proof for the correctness of the lambda split algorithm by roconnor-blockstream (other code was relying on the fact that it always outputs 128 bit results, which isn't at all obvious). * Improved exhaustive tests, in particular for the Schnorr signature module * Various other testing and CI improvements ACKs for top commit: fanquake: ACK 9e5626d - performed a squash and checked that the changes were the same. The non-endomorphism code has now been ripped out. benthecarman: ACK 9e5626d Tree-SHA512: 50fda5f3f934ee525f01cfc15e4f5efbc5261a97f2b77fe1b3453ee0edcf1281ad74ab4532a2fe1fe907652dd47023beff8cf3d73bf34f65ac914a694b9e7110
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This updates the libsecp256k1 subtree to the latest master, which includes: