--- Day changed Tue Aug 30 2016
00:36 -!- GAit1 [~GAit@93.56.75.229] has joined #secp256k1
00:37 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Read error: Connection reset by peer]
00:40 < jl2012> tests in #8533 are updated. If R is out-of-range, the LOW_S check should be bypassed
02:36 < sipa> ok
02:37 < sipa> we could just have a CPubKey::CheckLowS function that returns false in case of overflow
02:39 < sipa> but i feel pretty unconfortable doing that at the last minute
02:40 < jl2012> could we skip LOW_S and just do NULLDUMMY?
02:40 < jl2012> LOW_S is less harmful than NULLDUMMY
03:27 -!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has joined #secp256k1
03:42 -!- maaku [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has quit [Quit: No Ping reply in 180 seconds.]
03:44 -!- maaku [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has joined #secp256k1
05:07 -!- GAit1 [~GAit@93.56.75.229] has quit [Quit: Leaving.]
07:04 -!- GAit [~GAit@212.91.77.39] has joined #secp256k1
08:12 -!- ryan-c [~ryan@znc.rya.nc] has joined #secp256k1
08:12 < andytoshi> ryan-c: so i think secp256k1_pubkey_combine will do what you want more efficiently
08:13 < andytoshi> sipa: is that slated for removal or anything?
08:13 < ryan-c> I was interested in doubling entirely because I was under the impression that it's faster than adding.
08:14 < andytoshi> ah, i wonder if pubkey_combine is efficient about that.. lemme check
08:14 < andytoshi> i'm no, it's constant-time
08:14 < ryan-c> I maintain my own hacked up fork of secp256k1 already and use bits that are definitely not in the public API already anyway, so...
08:15 < andytoshi> but also, it has to do a modular inversion after the double, i suspect that directly doubling on affine coordinates would be faster
08:16 < andytoshi> ryan-c: in that case, if you don't care about constant-timeness then use `secp256k1_gej_double_var` in the internal API
08:16 < ryan-c> I do not care about constant time.
08:16 < andytoshi> and if you're doing something that seems generally useful, it might be worth the effort to put it into the src/modules directory and give it a config flag and a public API
08:16 < ryan-c> (and i am aware of the security impact of not caring)
08:23 < ryan-c> andytoshi: I've got some code that speeds up secp256k1_ecmult_gen by a factor of about 2.5x via a memory tradeoff, but I'd be somewhat surprised if there was desire to integrate that.
08:24 < sipa> how large is the memory tradeoff? :)
08:25 < sipa> andytoshi: i wish we could get rid of secp256k1_pubkey_combine after switching to the new delinearizing schnorr code
08:26 < andytoshi> sipa: we have a use for it doing post-generation sanity checks on BIP32 addresses -- you sign with the tweak and use the difference of the child and parent keys as pubkey, and this gives some assurance that neither bitflipped on you
08:27 < ryan-c> sipa: The 2.5x is with 16GB, but the code allows one to use an arbitrary amount of memory.
08:28 < sipa> ryan-c: ha, 16 GB...
08:30 < ryan-c> I built a 64GB table, but not really worth the diminishing returns at that point.
08:31 < ryan-c> there are good speedups even with smaller table.
08:31 < ryan-c> but i don't really think this is "generally useful"
08:33 < ryan-c> as far as the doubling, I'm fooling around with some vanitygen type stuff
08:34 < ryan-c> i'll see how secp256k1_gej_double_var does
08:36 < ryan-c> is there also a function to double the scalar, or do i just need to do that the slow/obvious way?
08:41 -!- GAit [~GAit@212.91.77.39] has quit [Quit: Leaving.]
08:42 < andytoshi> ryan-c: there is a scalar_mul_int function (or something like that)
08:43 < ryan-c> ah, perfect
08:43 < sipa> scalar_add with itself may be faster
08:43 < andytoshi> oops, sorry, maybe i'm thinking of fe_mul_int
08:43 -!- GAit [~GAit@212.91.77.39] has joined #secp256k1
08:44 < andytoshi> yeah, sorry, scalars have set_int but not mul_int
08:47 -!- GAit [~GAit@212.91.77.39] has quit [Client Quit]
09:14 -!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has joined #secp256k1
09:16 < ryan-c> sipa: noted, but less concerned about scalar stuff since it would only very rarely be called
09:22 -!- Irssi: #secp256k1: Total of 36 nicks [0 ops, 0 halfops, 0 voices, 36 normal]
09:22 < ryan-c> if someone actually wants any of the terrible hacked up shit i've done to libsecp256k1, do let me know.
10:38 -!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has quit [Ping timeout: 258 seconds]
11:15 -!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has quit [Quit: Leaving.]
11:21 -!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has joined #secp256k1
11:45 -!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has joined #secp256k1
11:52 -!- bertani [~bertani@46.101.46.100] has quit [Ping timeout: 264 seconds]
11:53 -!- bertani [~bertani@46.101.46.100] has joined #secp256k1
11:59 -!- amiller [~socrates1@unaffiliated/socrates1024] has quit [Ping timeout: 265 seconds]
12:04 -!- Guest55662 [~socrates1@li175-104.members.linode.com] has joined #secp256k1
14:22 -!- FNinTak [~jonhbit@2601:600:8c01:6ab0:ee1a:59ff:fec0:acd6] has joined #secp256k1
14:31 -!- roconnor [~roconnor@host-45-78-197-62.dyn.295.ca] has joined #secp256k1
14:51 -!- roconnor [~roconnor@host-45-78-197-62.dyn.295.ca] has quit [Quit: Konversation terminated!]
15:04 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #secp256k1
15:19 -!- FNinTak [~jonhbit@2601:600:8c01:6ab0:ee1a:59ff:fec0:acd6] has quit [Quit: Leaving]
15:21 -!- Guest55662 [~socrates1@li175-104.members.linode.com] has quit [Ping timeout: 244 seconds]
15:28 -!- Guest43826 [~socrates1@li175-104.members.linode.com] has joined #secp256k1
16:10 -!- arubi_ [~ese168@unaffiliated/arubi] has joined #secp256k1
16:11 -!- arubi [~ese168@unaffiliated/arubi] has quit [Ping timeout: 244 seconds]
16:13 -!- arubi [~ese168@unaffiliated/arubi] has joined #secp256k1
16:16 -!- arubi_ [~ese168@unaffiliated/arubi] has quit [Ping timeout: 276 seconds]
16:37 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has quit [Read error: Connection reset by peer]
16:37 -!- GAit [~GAit@2-230-161-158.ip202.fastwebnet.it] has joined #secp256k1
18:02 -!- jtimon [~quassel@38.110.132.37.dynamic.jazztel.es] has quit [Ping timeout: 265 seconds]
18:13 -!- mdavid613 [~Adium@cpe-104-172-191-85.socal.res.rr.com] has quit [Quit: Leaving.]
18:49 -!- FNinTak [~jonhbit@2601:600:8c01:6ab0:ee1a:59ff:fec0:acd6] has joined #secp256k1
18:51 -!- FNinTak [~jonhbit@2601:600:8c01:6ab0:ee1a:59ff:fec0:acd6] has quit [Client Quit]
18:56 -!- mdavid613 [~Adium@cpe-172-251-161-231.socal.res.rr.com] has joined #secp256k1
18:59 -!- mdavid613 [~Adium@cpe-172-251-161-231.socal.res.rr.com] has quit [Client Quit]
19:57 -!- Guest43826 is now known as amiller
19:57 -!- amiller [~socrates1@li175-104.members.linode.com] has quit [Changing host]
19:57 -!- amiller [~socrates1@unaffiliated/socrates1024] has joined #secp256k1