--- Log opened Thu Oct 22 00:00:54 2020
00:05 -!- jonatack [~jon@88.124.242.136] has quit [Ping timeout: 272 seconds]
00:48 -!- midnight [~midnight@unaffiliated/midnightmagic] has quit [Ping timeout: 272 seconds]
00:51 -!- midnight [~midnight@unaffiliated/midnightmagic] has joined #secp256k1
00:58 -!- jonatack [~jon@213.152.161.69] has joined #secp256k1
00:58 -!- jonatack [~jon@213.152.161.69] has quit [Client Quit]
00:58 -!- jonatack [~jon@37.170.172.122] has joined #secp256k1
01:02 -!- jesseposner [~jesse@98.37.146.62] has quit [Ping timeout: 258 seconds]
01:03 -!- jonatack [~jon@37.170.172.122] has quit [Ping timeout: 264 seconds]
01:04 -!- jonatack [~jon@213.152.161.69] has joined #secp256k1
01:31 -!- belcher_ [~belcher@unaffiliated/belcher] has joined #secp256k1
01:32 -!- jesseposner [~jesse@98.37.146.62] has joined #secp256k1
01:35 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 264 seconds]
01:55 -!- jesseposner [~jesse@98.37.146.62] has quit [Ping timeout: 260 seconds]
02:13 -!- belcher_ is now known as belcher
02:56 -!- jonatack [~jon@213.152.161.69] has quit [Ping timeout: 260 seconds]
02:57 -!- jonatack [~jon@37.170.192.187] has joined #secp256k1
03:50 -!- wxss [~user@mail.deeplinkmedia.com] has quit [Quit: leaving]
03:51 -!- wxss [~user@mail.deeplinkmedia.com] has joined #secp256k1
03:52 -!- jesseposner [~jesse@98.37.146.62] has joined #secp256k1
03:57 -!- jesseposner [~jesse@98.37.146.62] has quit [Ping timeout: 260 seconds]
05:20 -!- jonatack [~jon@37.170.192.187] has quit [Read error: Connection reset by peer]
05:24 < elichai2> Minor thing I just found out: `SECP256K1_BENCH_ITERS=0 ./bench_internal` gives `Floating point exception (core dumped)` hehe, but don't think it really needs fixing
05:53 -!- jesseposner [~jesse@98.37.146.62] has joined #secp256k1
05:58 -!- jesseposner [~jesse@98.37.146.62] has quit [Ping timeout: 265 seconds]
06:09 < real_or_random> elichai2: yeah, I was aware of that one :D
06:11 < elichai2> real_or_random: any open PRs that are waiting for more review? (I'm reading the safegcd paper and then I'll review that PR but it will take time and I might even review it post-merge)
06:18 < real_or_random> hm, none that come to my mind immediately
06:31 -!- andytoshi [~apoelstra@unaffiliated/andytoshi] has joined #secp256k1
06:37 -!- wxss [~user@mail.deeplinkmedia.com] has quit [Quit: leaving]
06:47 -!- jonatack [~jon@37.170.192.187] has joined #secp256k1
06:50 -!- wxss [~user@mail.deeplinkmedia.com] has joined #secp256k1
07:54 -!- jesseposner [~jesse@98.37.146.62] has joined #secp256k1
08:04 -!- jesseposner [~jesse@98.37.146.62] has quit [Ping timeout: 265 seconds]
08:36 -!- jesseposner [~jesse@98.37.146.62] has joined #secp256k1
08:42 -!- jesseposner [~jesse@98.37.146.62] has quit [Ping timeout: 246 seconds]
09:27 -!- jonatack [~jon@37.170.192.187] has quit [Read error: Connection reset by peer]
09:27 -!- jonatack [~jon@37.170.192.187] has joined #secp256k1
10:19 -!- jonatack [~jon@37.170.192.187] has quit [Ping timeout: 260 seconds]
10:40 -!- jesseposner [~jesse@98.37.146.62] has joined #secp256k1
11:08 -!- jonatack [~jon@213.152.161.170] has joined #secp256k1
13:03 -!- jesseposner [~jesse@98.37.146.62] has quit [Ping timeout: 258 seconds]
14:07 -!- jesseposner [~jesse@98.37.146.62] has joined #secp256k1
15:10 < sanket1729> How is the point at infinity denoted in 33 byte representation?
15:10 < sipa> it isn't
15:11 < sanket1729> Thanks
15:11 < sipa> the document that specifies the compressed and uncompressed encoding also defined an encoding for the point at infinity: the single byte 0x00
15:11 < sipa> but that's not a valid public key
15:12 < sipa> it defined 0x00 (infinity), 0x02+X (compressed even Y), 0x03+X (compressed odd Y), 0x04+X+Y (uncompressed), 0x06+X+Y (hybrid even Y), 0x07+X+Y (hybrid odd Y)
15:14 < sanket1729> I am trying to define new op-codes for elements, eg: OP_ECADD. So, I was wondering if there is any representation standard for it. I think I can use 0x00 for my usecase.
15:19 < sipa> low-level EC operation with an observable encoding seem like a pretty bad idea, as it precludes the ability to use jacobian coordinates e.g.
15:21 < sanket1729> Isn't CHECKSIG is basically same as ECMUL which uses observable encoding.
15:22 < sanket1729> ECADD could be problem.
15:22 < sanket1729> Relatedly, does libsecp256k1 expose ECADD or ECMUL?
15:23 < sipa> sanket1729: well the idea is that the operations are higher-level things like "signature verification", not individual primitives
15:24 < sipa> sanket1729: kind of, though it's a hack... it's intended to only expose higher level protocols so that the easiest way of using it is safe
15:25 < sipa> P+xG can be accessed through the key tweak functions (which we really shouldn't have)
15:25 < sipa> xP through the multiplicative tweak, or ECDH with custom key hasher
15:25 < sanket1729> Are you suggesting that all usecases which might require ECMULVERIFY can be done with signatures?
15:25 < sipa> no, but i think you should come up with a high-level usecase, and create an opcode for that
15:26 < sanket1729> I see
15:26 < sipa> instead of exposing low-level things which will be inefficient for production cases anyway
15:26 < sipa> for experimentation in elements the situation may be a bit different
15:26 < sanket1729> good point.
15:26 < sanket1729> andytoshi: ^
15:28 < sipa> but even there, maybe you want a multi-multiply opcode instead of individual add/mul opcodes (one that takes a number of scalars/points from the stack, and puts the result back)... which is generic for whatever EC arithmetic you want to do, and the projection to affine/canonical encoding for points is negligible, except for uses with all tiny scalars
15:29 < sanket1729> I like that.
--- Log closed Fri Oct 23 00:00:55 2020