9f443be Move pubkey recovery code to separate module (Pieter Wuille)
d49abbd Separate ECDSA recovery tests (Pieter Wuille)
439d34a Separate recoverable and normal signatures (Pieter Wuille)
72ae443 Improve perf. of cmov-based table lookup (Peter Dettman)
92e53fc Implement endomorphism optimization for secp256k1_ecmult_const (Andrew Poelstra)
ed35d43 Make `secp256k1_scalar_add_bit` conditional; make `secp256k1_scalar_split_lambda_var` constant time (Andrew Poelstra)
91c0ce9 Add benchmarks for ECDH and const-time multiplication (Andrew Poelstra)
0739bbb Add ECDH module which works by hashing the output of ecmult_const (Andrew Poelstra)
4401500 Add constant-time multiply `secp256k1_ecmult_const` for ECDH (Andrew Poelstra)
baa75da tests: add a couple tests (Andrew Poelstra)
This has the effect of making `secp256k1_scalar_mul_shift_var` constant
time in both input scalars. Keep the _var name because it is NOT constant
time in the shift amount.
As used in `secp256k1_scalar_split_lambda_var`, the shift is always
the constant 272, so this function becomes constant time, and it
loses the `_var` suffix.
Designed with clear separation of the wNAF conversion, precomputation
and exponentiation (since the precomp at least we will probably want
to separate in the API for users who reuse points a lot.
Future work:
- actually separate precomp in the API
- do multiexp rather than single exponentiation
BUILT_SOURCES simply forces the header to be built first.
Use real dependencies instead. This fixes builds with dependency tracking
disabled where a real target is specified.
As a bonus, this also fixes the issue of gen_context and the header not being
rebuilt when gen_context.c is touched.
- Add zero/one sanity check tests for ecmult
- Add unit test for secp256k1_scalar_split_lambda_var
- Typo fix in `ge_equals_ge`; was comparing b->y to itself, should
have been comparing a->y to b->y
- Normalize y-coordinate in `random_group_element_test`; this is
needed to pass random group elements as the first argument to
`ge_equals_ge`, which I will do in a future commit.
18c329c Remove the internal secp256k1_ecdsa_sig_t type (Pieter Wuille)
74a2acd Add a secp256k1_ecdsa_signature_t type (Pieter Wuille)
23cfa91 Introduce secp256k1_pubkey_t type (Pieter Wuille)
