--- Log opened Tue Aug 04 00:00:40 2020
01:39 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has quit [Ping timeout: 260 seconds]
03:17 -!- jonatack [~jon@37.165.201.85] has joined #secp256k1
04:13 -!- jonatack [~jon@37.165.201.85] has quit [Ping timeout: 246 seconds]
04:15 -!- jonatack [~jon@37.165.201.85] has joined #secp256k1
04:29 -!- dongcarl [~dongcarl@unaffiliated/dongcarl] has quit [Read error: Connection reset by peer]
04:29 -!- dongcarl [~dongcarl@unaffiliated/dongcarl] has joined #secp256k1
04:31 -!- jonatack [~jon@37.165.201.85] has quit [Remote host closed the connection]
04:31 -!- jonatack [~jon@37.165.201.85] has joined #secp256k1
04:59 -!- jonatack [~jon@37.165.201.85] has quit [Read error: Connection reset by peer]
07:08 -!- jonatack [~jon@static-176-139-55-163.ftth.abo.bbox.fr] has joined #secp256k1
07:21 -!- jonatack [~jon@static-176-139-55-163.ftth.abo.bbox.fr] has quit [Ping timeout: 246 seconds]
07:23 -!- jonatack [~jon@37.171.160.77] has joined #secp256k1
08:01 -!- jonatack [~jon@37.171.160.77] has quit [Read error: Connection reset by peer]
08:02 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Quit: ZNC - http://znc.sourceforge.net]
08:02 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #secp256k1
08:29 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has joined #secp256k1
10:30 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Quit: ZNC - http://znc.sourceforge.net]
10:30 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #secp256k1
13:35 < roconnor> Should secp256k1_schnorrsig_sign be calling secp256k1_schnorrsig_verify at the end?
13:36 < sipa> roconnor: the .h file documentation says that to be BIP340-compliant you do need to call verify yourself
13:36 < sipa> (not sure if you were aware and are suggesting it should be done automatically, or just unaware)
13:38 < roconnor> that's fine.  I missed that.
13:41 < roconnor> whats the reason for operating in dummy values if the keypair extraction fails?
13:41 < sipa> constant timeness, i expect
13:42 < sipa> probably in a way that doesn't matter, as it's usually fine that such knowably-invalid inputs result in non-constant-timeness
13:42 < sipa> but it also doesn't hurt much, and makes automated ctime testing using valgrind easier
13:43 < roconnor> I mean you have random calls to scalar_negate, so things aren't quite constant time.
13:44 < roconnor> ah but branches on public data is okay I guess?
13:44 < sipa> right
13:44 < sipa> the ctime test explicitly declassifies public data, so branching on that is fine
13:45 < roconnor> ok
13:47 < roconnor> Bip340 uses H_BIP340/aux instead of hash_BIP340/aux.  Typo?
13:47 < sipa> was *just* fixed: https://github.com/bitcoin/bitcoin/issues/19650#issuecomment-668349669
13:47 < sipa> eh
13:47 < sipa> https://github.com/sipa/bips/pull/209
13:48 < sipa> (it's not the bitcoin/bips repo yet, we have a few other fixups left)
14:27 < roconnor> I don't get why secp256k1_nonce_function_hardened has an algo16 argument.
14:29 < sipa> the history there is that in the much earlier iteration of the schnorr signature support in libsecp256k1, the nonce function interface was the same as for ECDSA
14:29 < sipa> and we needed a way to make sure that you wouldn't sign the same message with the same private key in both schnorr and ecdsa... that'd leak the private key just as much as re-signing with the same nonce within ecdsa or within schnorr
14:30 < sipa> that's why the ecdsa nonce function API also takes an algo16 argument
14:30 < roconnor> hmm
14:30 < sipa> and i think it's generally a good idea, as a way to make these things extensible for potential future (variants of) signature schemes that may be added, but don't need a new nonce function api
14:31 < sipa> it's sort of implied for now, because ECDSA and BIP340 signing use different interfaces, so you can't accidentally use one for the other
14:32 < roconnor> ok
15:05 -!- cfields [~cfields@unaffiliated/cfields] has quit [Ping timeout: 246 seconds]
15:06 -!- cfields [~cfields@unaffiliated/cfields] has joined #secp256k1
15:55 -!- Netsplit *.net <-> *.split quits: luke-jr, Cory
15:55 -!- Netsplit *.net <-> *.split quits: kanzure, ensign
15:57 -!- Netsplit over, joins: luke-jr, kanzure, Cory, ensign
15:57 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Max SendQ exceeded]
16:00 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #secp256k1
16:16 < roconnor> Is secp256k1_keypair_seckey_load expected to return 1 instead of ret?
16:16 < roconnor> I suppose with the ARG_CHECK it is kinda sort of the same...
17:57 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Quit: ZNC - http://znc.sourceforge.net]
17:59 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #secp256k1
19:05 -!- ensign [~ensign@integer.musalbas.com] has quit [Quit: ZNC - http://znc.in]
19:05 -!- ensign [~ensign@integer.musalbas.com] has joined #secp256k1
19:21 -!- roconnor [~roconnor@host-184-164-27-203.dyn.295.ca] has quit [Ping timeout: 240 seconds]
19:28 -!- roconnor [~roconnor@host-184-164-27-203.dyn.295.ca] has joined #secp256k1
23:48 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has quit [Ping timeout: 240 seconds]
23:49 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has joined #secp256k1
--- Log closed Wed Aug 05 00:00:40 2020