--- Log opened Fri Jul 19 00:00:14 2019
02:06 -!- Madars_ [~null@unaffiliated/madars] has quit [Ping timeout: 248 seconds]
02:08 -!- Madars_ [~null@unaffiliated/madars] has joined #secp256k1
04:32 -!- jtimon [~quassel@73.58.132.37.dynamic.jazztel.es] has joined #secp256k1
04:33 -!- jtimon [~quassel@73.58.132.37.dynamic.jazztel.es] has quit [Remote host closed the connection]
05:48 -!- reallll [~belcher@unaffiliated/belcher] has joined #secp256k1
05:52 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 272 seconds]
06:13 -!- Cory [~Cory@unaffiliated/cory] has quit [Ping timeout: 248 seconds]
08:05 -!- elichai2 [uid212594@gateway/web/irccloud.com/x-hlsjfvnbaqmaiepj] has joined #secp256k1
14:03 < elichai2> the library doesn't expose a "hash to curve" function right? (to generate points without known DL with "nothing up my sleeve")
14:04 < sipa> it does not
14:04 < sipa> there's no standard way of doing so, and it isn't used in bitcoin anywhere (libsecp tries to only include things relevant to bitcoin)
14:05 < sipa> though secp256k1-zkp (the branch we use in elements) does have a hash-to-curve operation (in the experimental "generator" module), though it's a fairly advanced and slow, but constant time one
14:06 < elichai2> shouldn't you just hash in a loop until it's a valid X point? (and calc the Y)
14:09 < sipa> maybe
14:09 < sipa> that depends on the requirements
14:09 < sipa> in some places a variable-time operation would be a vulnerability
14:10 < sipa> also there may be protocols where the iteration count is passed along with the data, so a single hash is enough
14:27 < elichai2> hmm ok, altough it's quite easy to implement this without library integration
14:28 < elichai2> btw, I see now that bitcoin compiles libsecp without gmp and without endomorphism, won't that be a big time increase for IBD?
14:32 < sipa> no
14:32 < sipa> endomorphism is a 20-30% speedup
14:32 < sipa> gmp doesn't matter much
14:41 -!- reallll is now known as belcher
14:56 < elichai2> really? shouldn't gmp matter a lot for verification? that's what I understood from andytoshi's comment here: https://github.com/rust-bitcoin/rust-secp256k1/issues/118
14:58 < sipa> i think that was just a (minor) issue there
14:58 < sipa> also lack of asm code, 32-bit vs 64-bit maybe, ecdsa vs just ec multiplication
14:58 < sipa> can't remember all the missing things
15:02 < sipa> hmm, i misremember!
15:03 < sipa> with endomorphism, with gmp i get 68.6 us per ECDSA validation; without gmp i get 76.2 us
15:27 < elichai2> cirious by how much precentages will this increase block verification
21:13 -!- elichai2 [uid212594@gateway/web/irccloud.com/x-hlsjfvnbaqmaiepj] has quit [Quit: Connection closed for inactivity]
--- Log closed Sat Jul 20 00:00:17 2019