Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update btcec to the latest version #1329

Merged
merged 10 commits into from
Nov 23, 2023

Conversation

ajnavarro
Copy link
Contributor

@ajnavarro ajnavarro commented Nov 2, 2023

Apart from taking care of security issues, it is slightly faster.

Some context:
After doing some profiling to be sure that the actual storage implementation was a bottleneck when executing Gno code, I found that signature verification is taking ~70% of the execution time. Updating the dependency makes it 68% faster and reduces by 3 the amount of bytes used per operation.

Benchmarks before and after:

Running tool: /usr/local/go/bin/go test -benchmem -run=^$ -bench ^BenchmarkVerify$ github.com/gnolang/gno/tm2/pkg/crypto/secp256k1 -v -count=1

goos: linux
goarch: amd64
pkg: github.com/gnolang/gno/tm2/pkg/crypto/secp256k1
cpu: 11th Gen Intel(R) Core(TM) i7-1195G7 @ 2.90GHz
BenchmarkVerify
BenchmarkVerify-8   	    5726	    206442 ns/op	    4177 B/op	      88 allocs/op
PASS
ok  	github.com/gnolang/gno/tm2/pkg/crypto/secp256k1	1.218s

///////////////////////////////////////////////////////////////////////////

goos: linux
goarch: amd64
pkg: github.com/gnolang/gno/tm2/pkg/crypto/secp256k1
cpu: 11th Gen Intel(R) Core(TM) i7-1195G7 @ 2.90GHz
BenchmarkVerify
BenchmarkVerify-8   	    8354	    141906 ns/op	    1585 B/op	      30 allocs/op
PASS
ok  	github.com/gnolang/gno/tm2/pkg/crypto/secp256k1	1.212s
  • Added new tests, or not needed, or not feasible
  • Provided an example (e.g. screenshot) to aid review or the PR is self-explanatory
  • Updated the official documentation or not needed
  • No breaking changes were made, or a BREAKING CHANGE: xxx message was included in the description
  • Added references to related issues and PRs
  • Provided any useful hints for running manual tests
  • Added new benchmarks to generated graphs, if any. More info here.

@ajnavarro ajnavarro requested review from jaekwon, moul and a team as code owners November 2, 2023 14:29
@github-actions github-actions bot added the 📦 🌐 tendermint v2 Issues or PRs tm2 related label Nov 2, 2023
Copy link

codecov bot commented Nov 2, 2023

Codecov Report

Attention: 13 lines in your changes are missing coverage. Please review.

Comparison is base (5aa8676) 55.59% compared to head (12492f2) 55.95%.

Files Patch % Lines
tm2/pkg/crypto/secp256k1/secp256k1_nocgo.go 55.00% 5 Missing and 4 partials ⚠️
tm2/pkg/crypto/ledger/ledger_secp256k1.go 0.00% 4 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##           master    #1329      +/-   ##
==========================================
+ Coverage   55.59%   55.95%   +0.36%     
==========================================
  Files         420      420              
  Lines       65470    65481      +11     
==========================================
+ Hits        36395    36642     +247     
+ Misses      26222    25975     -247     
- Partials     2853     2864      +11     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link
Member

@gfanton gfanton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

(just a small question)

go.mod Outdated Show resolved Hide resolved
@ajnavarro ajnavarro force-pushed the chore/update-btcd-latest-version branch from c834f11 to 8ad1b8d Compare November 7, 2023 14:07
Copy link
Member

@zivkovicmilos zivkovicmilos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for adding this fix 🙏

Time to make this rocket fly 🚀

go.mod Outdated Show resolved Hide resolved
go.mod Outdated Show resolved Hide resolved
@ajnavarro ajnavarro force-pushed the chore/update-btcd-latest-version branch 2 times, most recently from 5695493 to d3e6922 Compare November 10, 2023 09:39
Copy link

netlify bot commented Nov 10, 2023

Deploy Preview for gno-docs2 canceled.

Name Link
🔨 Latest commit d3e6922
🔍 Latest deploy log https://app.netlify.com/sites/gno-docs2/deploys/654dfa6e9ca73900089c2d2c

Copy link
Member

@thehowl thehowl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

This is crypto code so I'd like @moul to merge this.

@thehowl thehowl changed the title chore: Update btcec to the latest version. chore(deps): update btcec to the latest version Nov 13, 2023
@D4ryl00
Copy link
Contributor

D4ryl00 commented Nov 16, 2023

I tested this PR against the issue #1063 and I have no compilation error 👍

Copy link
Member

@thehowl thehowl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocked pending addition of golden tests to verify new library doesn't change anything in signature verification, etc.

Apart from taking care of security issues, it is slightly faster.

Signed-off-by: Antonio Navarro <[email protected]>
Signed-off-by: Antonio Navarro <[email protected]>
Signed-off-by: Antonio Navarro <[email protected]>
Signed-off-by: Antonio Navarro <[email protected]>
Signed-off-by: Antonio Navarro <[email protected]>
Signed-off-by: Antonio Navarro <[email protected]>
Checked with previous version, it is working fine.

Signed-off-by: Antonio Navarro Perez <[email protected]>
@ajnavarro ajnavarro force-pushed the chore/update-btcd-latest-version branch from d3e6922 to 1ae6215 Compare November 20, 2023 13:53
@ajnavarro
Copy link
Contributor Author

@thehowl added golden tests. Tested also with the previous btcec version

Signed-off-by: Antonio Navarro Perez <[email protected]>
Signed-off-by: Antonio Navarro Perez <[email protected]>
Copy link
Member

@thehowl thehowl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I would say we can merge after @moul's eventual approval

@gfanton gfanton merged commit 6d05a37 into gnolang:master Nov 23, 2023
194 checks passed
@ajnavarro ajnavarro deleted the chore/update-btcd-latest-version branch November 24, 2023 09:25
return &secp256k1.Signature{
R: new(big.Int).SetBytes(sigStr[:32]),
S: new(big.Int).SetBytes(sigStr[32:64]),
func signatureFromBytes(sigStr []byte) (*ecdsa.Signature, bool) {
Copy link
Contributor

@piux2 piux2 Nov 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this safe to make the changes here?

@piux2
Copy link
Contributor

piux2 commented Nov 28, 2023

@jaekwon can you also review this PR?

In this PR, We directly call crypto APIs from Bitcoin, Decred's library, and Ethereum's signing mechanism. Typically, mixing crypto APIs requires thorough scrutiny for the underline implication.

github.com/btcsuite/btcd v0.22.0-beta.0.20220111032746-97732e52810c/go.mod h1:tjmYdS6MLJ5/s0Fj4DbLgSbDHbEqLJrtnHecBFkdz5M=
github.com/btcsuite/btcd/btcutil v1.0.0 h1:dB36qRTOucIh6NUe40UCieOS+axPhP6VNyRtYkTUKKk=
github.com/btcsuite/btcd v0.23.0/go.mod h1:0QJIIN1wwIXF/3G/m87gIwGniDMDQqjVn4SZgnFpsYY=
github.com/btcsuite/btcd/btcec/v2 v2.1.0/go.mod h1:2VzYrv4Gm4apmbVVsSq5bqf1Ec8v56E48Vt0Y/umPgA=
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can these be compressed into the latest one?

sigBER := btcec.Signature{R: sigDER.R, S: sigDER.S}
return sigBER.Serialize(), nil

return sigDER.Serialize(), nil
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but there's no BER conversion?
What does that even mean?

gfanton pushed a commit to moul/gno that referenced this pull request Jan 18, 2024
@kristovatlas kristovatlas requested a review from a team April 11, 2024 03:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
📦 🌐 tendermint v2 Issues or PRs tm2 related
Projects
Status: Done
Archived in project
Development

Successfully merging this pull request may close these issues.

8 participants