Re: [Bitcoin-development] 0.8.5 with libsecp256k1
On Thu, Oct 10, 2013 at 10:29 AM, Mike Hearn wrote: > Thanks! I'd love to see this library become usable behind a command line > flag or config setting. At some point we're going to want to switch to it. > The current idea is to provide a compile-time flag to enable it, which at the same time disables the wallet and mining RPCs. In that state, it should be safe enough to provide test builds. > I believe the main issue at the moment is the malleability issues? If so, it > would seem possible to use OpenSSL to parse the signature into components > and then libsecp256k1 to verify them. I'm pretty sure that libsecp256k1 supports every signature that OpenSSL supports, so that direction is likely covered. The other direction - the fact that libsecp256k1 potentially supports more than OpenSSL - is only a problem if a majority of the hash power would be running on it. However, with canonical encodings enforced by recent relaying nodes, I hope that by then we're able to schedule a softfork and require them inside blocks. Apart from that, there is of course the issue that there may be actual exploitable mistakes in the crypto code. There are unit tests, including ones that create signatures with libsecp256k1 and verify them using OpenSSL and the other way around, but errors are certainly more likely to occur in edge cases that you don't hit with randomized tests. The only way to catch those is review I suppose. I certainly welcome people looking at it - even if just to get comments like "Can you add an explanation for why this works?". -- Pieter -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] 0.8.5 with libsecp256k1
Thanks! I'd love to see this library become usable behind a command line flag or config setting. At some point we're going to want to switch to it. I believe the main issue at the moment is the malleability issues? If so, it would seem possible to use OpenSSL to parse the signature into components and then libsecp256k1 to verify them. On Thu, Oct 10, 2013 at 5:50 AM, Warren Togami Jr. wrote: > https://github.com/sipa/secp256k1 > sipa's secp256k1, optimized ecdsa, significantly faster than openssl > > Today someone in #bitcoin-dev asked for Bitcoin 0.8.5 with sipa's > secp256k1. Litecoin has been shipping test builds with secp256k1 for > several months now so it was a simple matter to throw together a branch of > Bitcoin 0.8.5 with secp256k1. > > https://github.com/wtogami/bitcoin/commits/btc-0.8.5-secp256k1 > This branch should theoretically work for Linux, win32 gitian and mac > builds. These commits are rather ugly because it was thrown together just > to make it build with the old 0.8 makefiles without intent for production > code merge. cfields is working on autotoolizing it as one of the > prerequisites prior to inclusion into bitcoin master where it will be an > option disabled by default. > > http://193.28.235.60/~warren/bitcoin-0.8.5-secp256k1/ > Untested win32 gitian build. Build your own Linux or Mac builds if you > want to test it. Not recommended for production wallet or mining uses. > > Warren > > > -- > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most > from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk > ___ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] 0.8.5 with libsecp256k1
Can this be combined with the ideas on deterministic signing to show matching signatures with OpenSSL's implementation?Not sure if that's worth much, since we would just be testing needles in a very large haystack, but better than nothing?On Wed, 09 Oct 2013 20:50:30 -0700, Warren Togami Jr. wrote:https://github.com/sipa/secp256k1sipa's secp256k1, optimized ecdsa, significantly faster than openssl Today someone in #bitcoin-dev asked for Bitcoin 0.8.5 with sipa's secp256k1. Litecoin has been shipping test builds with secp256k1 for several months now so it was a simple matter to throw together a branch of Bitcoin 0.8.5 with secp256k1. https://github.com/wtogami/bitcoin/commits/btc-0.8.5-secp256k1This branch should theoretically work for Linux, win32 gitian and mac builds. These commits are rather ugly because it was thrown together just to make it build with the old 0.8 makefiles without intent for production code merge. cfields is working on autotoolizing it as one of the prerequisites prior to inclusion into bitcoin master where it will be an option disabled by default. http://193.28.235.60/~warren/bitcoin-0.8.5-secp256k1/Untested win32 gitian build. Build your own Linux or Mac builds if you want to test it. Not recommended for production wallet or mining uses. Warren -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[Bitcoin-development] 0.8.5 with libsecp256k1
https://github.com/sipa/secp256k1 sipa's secp256k1, optimized ecdsa, significantly faster than openssl Today someone in #bitcoin-dev asked for Bitcoin 0.8.5 with sipa's secp256k1. Litecoin has been shipping test builds with secp256k1 for several months now so it was a simple matter to throw together a branch of Bitcoin 0.8.5 with secp256k1. https://github.com/wtogami/bitcoin/commits/btc-0.8.5-secp256k1 This branch should theoretically work for Linux, win32 gitian and mac builds. These commits are rather ugly because it was thrown together just to make it build with the old 0.8 makefiles without intent for production code merge. cfields is working on autotoolizing it as one of the prerequisites prior to inclusion into bitcoin master where it will be an option disabled by default. http://193.28.235.60/~warren/bitcoin-0.8.5-secp256k1/ Untested win32 gitian build. Build your own Linux or Mac builds if you want to test it. Not recommended for production wallet or mining uses. Warren -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development