--- Log opened Mon Jun 28 00:00:51 2021 01:55 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:992:7ee3:6f49:438] has joined #secp256k1 02:04 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:992:7ee3:6f49:438] has quit [Quit: I am away from my computer] 05:33 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:f025:227d:3e76:811c] has joined #secp256k1 06:49 -!- meshcollider [meshcollid@user/meshcollider] has quit [Quit: :wave:] 06:54 -!- roconnor_ is now known as roconnor 06:56 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:f025:227d:3e76:811c] has quit [Quit: I am away from my computer] 07:05 -!- meshcollider [meshcollid@meshcollider.jujube.ircnow.org] has joined #secp256k1 07:07 < real_or_random> https://github.com/bitcoin-core/secp256k1/pull/959 :O this had a red cirrus run (due to failed randomness tests), which scared me of for a second... 07:07 < real_or_random> we should really fix the seed there 07:10 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:f025:227d:3e76:811c] has joined #secp256k1 07:19 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:f025:227d:3e76:811c] has quit [Quit: I am away from my computer] 07:20 < gmaxwell> the randomness test itself should get a fixed seed. 07:20 < gmaxwell> but not a fixed seed for the rest. 07:20 < gmaxwell> It's really good that the other tests are randomized, and if they have any false positive's noticed thats a flaw in the tests. 07:21 < gmaxwell> The false positives are MUCH worse for downstream users than for the developers here-- at least people here can quickly figure out that they're false positives. 07:21 < gmaxwell> Vs downstream it'll cause them to not run the tests at all, or not pay attention to them even when they report true errors. 07:23 < gmaxwell> the rng tests are themselves only testing testing code. They're useful because totally bursting the test randomness is easily undetected... but it's really hard to make randomness tests that are sensitive enough to be useful but won't have false positives. 07:33 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:f025:227d:3e76:811c] has joined #secp256k1 07:46 < real_or_random> yep, sure, the other tests should still be randomized 08:37 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:f025:227d:3e76:811c] has quit [Quit: I am away from my computer] 08:58 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:f025:227d:3e76:811c] has joined #secp256k1 09:58 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:f025:227d:3e76:811c] has quit [Quit: I am away from my computer] 10:15 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:f025:227d:3e76:811c] has joined #secp256k1 10:25 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:f025:227d:3e76:811c] has quit [Quit: I am away from my computer] 11:07 < andytoshi> Peter Schwabe emailed me (and probably several others) doing an academic survey of OSS crypto projects and constant timeness 11:08 < andytoshi> the survey has a giant list of sidechannel analysis tools, none of which we are using (i filled out the whole survey and mentioned repeatedly that you can use valgrind for this :P) 11:08 < andytoshi> but it's worth doing the survey just for that list, which includes links to papers and github 11:08 < sipa> andytoshi: i think it received the same survey 11:09 < sipa> and described our approach as "ctgrind-like" 11:09 < gmaxwell> ditto. I didn't comment because I doubt we're supposed to coordinate answers. :P 11:10 < andytoshi> lol oops :P 11:11 < andytoshi> i guess it would be interesting to them if we all gave wildly different answers 11:34 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:f025:227d:3e76:811c] has joined #secp256k1 11:48 < roconnor> what the criterion for inclusion into selftest.h? 11:59 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:f025:227d:3e76:811c] has quit [Quit: I am away from my computer] 12:01 < gmaxwell> Well I've actually used a bunch of the other tools they asked about, so I had other feedback. 12:01 < gmaxwell> which I bet none of you had. 12:01 < gmaxwell> (including using them on the codebase or trying to) 12:09 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:f025:227d:3e76:811c] has joined #secp256k1 12:21 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:f025:227d:3e76:811c] has quit [Quit: I am away from my computer] 13:01 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:f025:227d:3e76:811c] has joined #secp256k1 13:30 < roconnor> #define ECMULT_TABLE_SIZE(w) (1 << ((w)-2)) 13:30 -!- michaelfolkson2 [~michael@2a00:23c7:6080:9301:f025:227d:3e76:811c] has left #secp256k1 [Textual IRC Client: www.textualapp.com] 13:30 < roconnor> does this need to be (1UL << ((w)-2))? 13:31 < roconnor> w seems to be, more or les, restricted to being between 2 and 24 inclusive. 13:33 -!- belcher_ is now known as belcher 13:36 < roconnor> okay so the U is hated, so (1L << ((w)-2)) then? 13:39 < sipa> ah, because lohg is guaranteed to be at least 32 bits? 13:39 < sipa> makes sense 13:39 < sipa> long 13:54 < roconnor> I've pushed a new draft of https://github.com/bitcoin-core/secp256k1/pull/956. It is still WIP, but the ecmult_static_pre_g.h file is now 2.4M in size. 13:57 < roconnor> gmaxwell: do you have any references to this debian source file header policy? I couldn't immediately find it, so it makes it hard to address. 13:59 < gmaxwell> I realize I owe you this, I was kinda hoping that someone else in here would link it. lol. lemme try 13:59 < gmaxwell> it might actually exclude these files but since they have some automation it might need some kind of markup 14:00 < sipa> before we go this road, we should probably benchmark if the current size of table is stillcoptimal 14:00 < sipa> if it turns out that one notch smaller isn't meaningfully slower, we could halve it 14:02 < roconnor> sipa: I think that is fair, though I'm not sure certain anything has meaningfully changed. The modular inverse stuff isn't related to ecmult. But it has probably been a while since this was investigated. 14:03 < gmaxwell> It's easy to change later but if it was going to be halved it would be nice to keep the bigger one out of the repo completely. 14:03 < gmaxwell> I doubt that will be the result, however. esp since machine caches have been getting bigger. :P 14:08 < gmaxwell> roconnor: https://wiki.debian.org/CopyrightReviewTools licensecheck is the thing I'm trying to satisify I think. So the policy actually is that there is a copyrights file in debian packages which provides licensing metadata, and that tool automatically checks that this file gets updated. 14:11 < roconnor> So there isn't a requirement that every header file has a preamble? 14:12 < gmaxwell> Correct. But there is an automated tool used by packagers that will squak unless whitelisted. Seems easy enough since there would be only one or two exceptions 14:13 < gmaxwell> I'm trying to find the source though and see what premable would fit-- it's free for us to include one if we know what to include. 14:14 < roconnor> Right. That is in line with what I did manage to dig up which seemed to be about requiring a copyright / license file somewhere ... I forget exactly what I read but it didn't seem to be about preables in source files so I moved on. 14:15 < gmaxwell> looks like it might be okay with /* This file was automatically generated. */ 14:15 < roconnor> my current line is 14:15 < roconnor> /* This file has been generated by gen_pre_g */ 14:16 < roconnor> I can throw in the word automatically 14:16 < roconnor> change has to was 14:16 < roconnor> maybe add a period. 14:17 < gmaxwell> Yeah, I'm trying to build the tool now. 14:17 < gmaxwell> the reason I say "/* This file was automatically generated. */" is thats a test vector, I haven't dared look at the regexp. 14:18 < gmaxwell> may be that you're already good and I wasted your time. 14:18 < roconnor> $ nix run nixpkgs.licensecheck 14:18 < roconnor> error: attribute 'licensecheck' in selection path 'nixpkgs.licensecheck' not found 14:18 < roconnor> :( 14:19 < roconnor> It's been a while since I've bumped into software that isn't packaged under Nix. 14:20 < gmaxwell> well this is some debian sausagemaking stuff. I just recall being nagged in other projects by debian developers over it. (and really, it seems like a fairly reasonable request overall) 14:20 < gmaxwell> esp due to autoconf stuff the package has files with different licenses. 14:25 < gmaxwell> real_or_random: #959 is a good case for collecting coverage info in a more fine grained way. In particular, seperating out unit-ish tests collection from system collection.. So we can see if unit tests don't cover something. 14:25 < gmaxwell> Every part of the codebase should be tested by both unit-like tests and system-like tests. 14:27 < gmaxwell> I wish there was tidy coverage instrumentation, so you could start and stop collection, and switch files... There is some coverage api stuff but it's pretty awful and doesn't really integrate with lcov. 14:46 < gmaxwell> [gmaxwell@bean bin]$ perl licensecheck ../t/flaws/generated/gslcdf-module.c 14:46 < gmaxwell> ../t/flaws/generated/gslcdf-module.c: *No copyright* [generated file] 14:46 < gmaxwell> [gmaxwell@bean bin]$ perl licensecheck ~/src/secp256k1/src/ecmult_static_pre_g.h 14:46 < gmaxwell> /home/gmaxwell/src/secp256k1/src/ecmult_static_pre_g.h: *No copyright* [generated file] 14:46 < gmaxwell> roconnor: sorry for the goose chase! it's already happy with it! 16:56 -!- andytoshi [~apoelstra@s66-183-0-205.bc.hsia.telus.net] has quit [Ping timeout: 244 seconds] 16:56 -!- andytoshi [~apoelstra@s66-183-0-205.bc.hsia.telus.net] has joined #secp256k1 17:21 -!- belcher_ [~belcher@user/belcher] has joined #secp256k1 17:24 < roconnor> no worries 17:24 -!- belcher [~belcher@user/belcher] has quit [Ping timeout: 268 seconds] --- Log closed Tue Jun 29 00:00:51 2021