--- Day changed Wed Jun 28 2017
11:07 -!- roconnor_ [~roconnor@host-192.252-160-224.dyn.295.ca] has joined #secp256k1     
12:20 -!- roconnor_ [~roconnor@host-192.252-160-224.dyn.295.ca] has quit [Quit: Konversation terminated!]     
12:22 -!- roconnor_ [~roconnor@host-192.252-160-224.dyn.295.ca] has joined #secp256k1     
12:51 -!- andytosh1 is now known as andytoshi     
12:51 -!- andytoshi [~apoelstra@wpsoftware.net] has quit [Changing host]     
12:51 -!- andytoshi [~apoelstra@unaffiliated/andytoshi] has joined #secp256k1     
13:09 < andytoshi> sipa: do you know what a good RNG to implement for batch validation is?
13:10 < sipa> andytoshi: i would suggest ChaCha20
13:10 < andytoshi> ok, sounds good
13:10 < sipa> https://github.com/bitcoin/bitcoin/blob/master/src/crypto/chacha20.cpp
13:10 < sipa> you can make it a bunch factor by hardcoding the sizes etc
13:10 < sipa> *faster
13:12 < andytoshi> thanks
13:20 -!- roconnor_ [~roconnor@host-192.252-160-224.dyn.295.ca] has quit [Quit: Konversation terminated!]     
14:21 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has quit [Ping timeout: 276 seconds]     
15:46 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has joined #secp256k1     
17:32 < gmaxwell> andytoshi: a724d7296dbf9fefe48e463d406658460499dd52 was naughty, it's overriding cflags to add an O3 even if they're set. should only be setting cflags if none are specifically set.
17:52 < gmaxwell> andytoshi: your tests are not written respecting the input trashing properties of secp256k1_ecmult_multi
17:56 < andytoshi> gmaxwell: oops, the -O3 thing would've been an oversight, i don't know why i would've put that into a commit at all
17:57 < andytoshi> and i'll take a look at the tests, i did take measures to respect the inputs (the tests did not even pass initially because i was sendin corrupted input into calls)
17:58 < gmaxwell> andytoshi: you're doing stuff like creating random inputs then using ecmult_multi twice, the places you do it now you get away with it because of magic.
17:58 < gmaxwell> though I went to add more tests and they failed and I was confused, because I didn't realize that it trashed its inputs, because the other tests weren't using it as if it did. :)
17:58 < andytoshi> ok, maybe i was depending on magic..
17:58 < gmaxwell> e.g. look at your 1 and 2 point test.
17:59 < gmaxwell> Check 1- and 2-point multiplies against ecmult.
17:59 < gmaxwell> 2 works because 1 happens to leave the input alone.
17:59 < andytoshi> ohh right
18:02 < gmaxwell> That might actually be the only one that depends on it strongly. Didn't help me that it was first. :P
18:02 < andytoshi> yeah, it was on oversight, it used to not trash the inputs, then i did a pattern-matching fix for all the calls that were after loops
18:03 < andytoshi> and i guess i missed the initial ones cuz they're weirdly shaped
18:07 < gmaxwell> andytoshi: do you want me to give patches or just tell you improvements to make in the tests?
18:12 < gmaxwell> So elsewhere in the tests I use valgrind instrumentation to taint values (when we're compiled with -DVALGRIND)  adding a if VERIFY  that does that inside ecmult to its inputs might be prudent, though I don't know if we want test instrumentation like that leaking into the main codebase.
20:27 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has quit [Ping timeout: 260 seconds]     
20:32 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has joined #secp256k1     
20:40 < gmaxwell> (or I suppose 13^4 isn't so big, so the exhaustive test could do aB+cD  for all a,B,c,D.