Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pcurves fixes and additions #4142

Merged
merged 1 commit into from
Jun 22, 2024
Merged

Pcurves fixes and additions #4142

merged 1 commit into from
Jun 22, 2024

Conversation

randombit
Copy link
Owner

No description provided.

@randombit randombit force-pushed the jack/pcurves-fixes branch from 9fbe30f to c0b7e83 Compare June 22, 2024 11:05
@coveralls
Copy link

Coverage Status

coverage: 91.738% (-0.02%) from 91.758%
when pulling c0b7e83 on jack/pcurves-fixes
into a55851c on master.

@randombit randombit force-pushed the jack/pcurves-fixes branch from c0b7e83 to 13de987 Compare June 22, 2024 12:51
@randombit
Pcurves fixes and additions
13de987 
If multiscalar multiplication produces the point at infinity, return nullopt

Reject a zero scalar

Fix is_even

Expose wide reduction to library users
@coveralls
Copy link

Coverage Status

coverage: 91.737% (-0.02%) from 91.758%
when pulling 13de987 on jack/pcurves-fixes
into a55851c on master.

@randombit randombit merged commit d24c2c3 into master Jun 22, 2024
42 checks passed
@randombit randombit deleted the jack/pcurves-fixes branch June 22, 2024 17:39
reneme
reneme reviewed Jul 2, 2024
View reviewed changes
src/lib/math/pcurves/pcurves_impl.h
@@ -120,7 +120,7 @@ class IntMod final {

constexpr CT::Choice is_even() const {
auto v = Rep::from_rep(m_val);
return CT::Choice::from_int(v[0] & 0x01);
return CT::Choice::from_int(0x01 ^ (v[0] & 0x01));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@randombit Isn't the value barrier coming too late, here? I feel like the compiler might come up with branches while calculating 0x01 ^ (v[0] & 0x01), no?

Sorry for digging up this merged pull request.

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mmm yeah maybe better as ~CT::Choice::from_int(v[0] & 0x01) to remove the temptation.

I'm largely relying on valgrind to warn us if Clang does transformations like that, but of course this only provides assurance for that one particular version of Clang.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reneme reneme reneme left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@randombit @coveralls @reneme