--- Log opened Fri Aug 27 00:00:50 2021
01:05 -!- jonatack [~jonatack@user/jonatack] has joined #secp256k1
02:20 -!- jonatack [~jonatack@user/jonatack] has quit [Quit: Client closed]
05:58 -!- jonatack [~jonatack@user/jonatack] has joined #secp256k1
06:20 -!- siv2r09300 [~siv2r@103.77.37.144] has joined #secp256k1
08:00 -!- siv2r09300 [~siv2r@103.77.37.144] has quit [Ping timeout: 240 seconds]
10:18 < real_or_random> hm I'm working on a PR to that adds prebuilt  signing tables to the repo 
10:19 < real_or_random> now what I had in mind is to remove the --enable-ecmult-static-precomputation option entirely to have have fully static tables (as discussed in #893)
10:20 < sipa> right
10:20 < real_or_random> but what if you never want to sign? at the moment, you can --disable-ecmult-static-precomputation and never create a signing context 
10:20 < real_or_random> after the PR, you'd always have the static table in your binary
10:21 < gmaxwell> why? it's only used from the signing functions that you don't call.
10:21 < gmaxwell> the linker will remove it.
10:21 < gmaxwell> along with all the other signing only code.
10:21 < real_or_random> you mean if you #include the library instead of linking to it?
10:21 < sipa> you don't #include a library, you include a header...?
10:22 < sipa> you still need to link to it somehow
10:22 < gmaxwell> if you statically link your program.  If you're dynamically linking it it's kind of a non-issue there.
10:22 < real_or_random> (and you claim this is what embedded users that care about binary sizes, will do?)
10:22 < sipa> you need -ffunction-sections and -fdata-sections
10:22 < gmaxwell> Yes, they statically link the program. If they don't they're also picking up all the other unused code in any case, which is probably larger than the table.
10:23 < real_or_random> hm, I never thought that the static linker will remove dead code
10:23 < gmaxwell> (and unless something has broken it, statically linking a program without signing was successfully leaving out all the signing only code (e.g. all the constant time stuff that isn't otherwise used)).
10:23 < gmaxwell> it'll leave out any symbol that isn't refereced, because static linking resolves all the symbols.
10:24 < sipa> you need -ffunction-sections -fdata-sections and -Wl,--gc-sections (unless those are default now)
10:24 < real_or_random> yeah, it makes sense
10:24 < sipa> but apart from that, yes, the linker will remove unreachable symbols
10:25 < sipa> i also wouldn't object to having a --disable-signing or so configure option, but only if there's actual demand for that
10:25 < gmaxwell> In any case, to the extent that something would be useful there, it would be more useful to have a --disable-signing that ifdefs out the code too.
10:25 < gmaxwell> So I wouldn't worry about the table.
10:25 < real_or_random> I think in the case of the verification tables, we simply didn't care because everyone will want at least a negligibly-sized table with window size 2
10:26 < gmaxwell> oh nah, the size of the verify only code is fairly considerable.
10:26 < real_or_random> but not the size of the table?
10:27 < sipa> for schnorr, BIP340 does state that you should verify the output of signing, which means you can't really avoid it...
10:27 < gmaxwell> Yes that too, but I'm saying if you don't need verify your solution shouldn't be setting the size of the table to 2. ... it should be having the linker remove the dead code/data. (or disabling it)
10:28 < real_or_random> ok yes
10:29 < real_or_random> the gcc docs say about the two options: Only use these options when there are significant benefits from doing so. When you specify these options, the assembler and linker create larger object and executable files and are also slower. These options affect code generation. They prevent optimizations by the compiler and assembler using relative locations inside a translation unit since the locations are unknown until link time. 
10:29 < real_or_random> An example of such an optimization is relaxing calls to short call instructions. 
10:31 < gmaxwell> Just go try it, w/ bench sign. the standalone functions all (used to) get left out. perhaps some things are still left in by inlining that might not otherwise be, but most of it is removed.
10:32 < real_or_random> sounds reasonable
10:33 < sipa> hmm, i thought the linker can only remove entire sections
10:33 < real_or_random> yep, that's what the docs say (and that's why you need the two options)
10:34 < real_or_random> I think what gmaxwell is suggesting is to benchmark if adding the options is bad for performace. if not, we can just do it
10:35 < sipa> bench_verify does invoke secp256k1_ecdsa_sign, so it certainly can't just remove it
10:36 < gmaxwell> No, I'm saying I tested this previously and it removed it.  It may be I was testing on a device whos toolchain defaulted to doing that.
10:36 < sipa> my currently-built bench_sign does include ecdsa verification code, despite not being invoked
10:36 < gmaxwell> sipa: which would be why I said bench_sign. 
10:37 < gmaxwell> interesting.
10:38 < sipa> with the options they do indeed get removed
10:38 < sipa> with the options: 117320 bench_sign, 1188248 bench_verify
10:39 < sipa> oh let me strip
10:39 < sipa> with the options: 112848 bench_sign, 1181904 bench_verify
10:40 < sipa> without: 1190104 bench_sign, 1190104 bench_verify
10:41 < gmaxwell> My error then, though I wonder if the arm system I was testing on had -ffunction-sections -fdata-sections and -Wl,--gc-sections by default or implied by Os or something.
10:46 -!- siv2r09300 [~siv2r@103.77.37.144] has joined #secp256k1
11:17 -!- siv2r09300 [~siv2r@103.77.37.144] has quit [Ping timeout: 240 seconds]
11:23 -!- belcher [~belcher@user/belcher] has quit [Ping timeout: 252 seconds]
11:31 -!- siv2r09300 [~siv2r@103.77.37.144] has joined #secp256k1
11:34 -!- belcher [~belcher@user/belcher] has joined #secp256k1
13:01 -!- meshcollider [meshcollid@user/meshcollider] has quit [Ping timeout: 240 seconds]
13:12 -!- meshcollider [meshcollid@jujube.ircnow.org] has joined #secp256k1
13:24 -!- belcher_ [~belcher@user/belcher] has joined #secp256k1
13:25 -!- belcher [~belcher@user/belcher] has quit [Ping timeout: 248 seconds]
13:29 -!- belcher_ is now known as belcher
15:09 -!- roconnor [~roconnor@host-45-58-210-199.dyn.295.ca] has joined #secp256k1
15:12 < roconnor> secp256k1 says: "To compare keys, use secp256k1_xonly_pubkey_cmp."
15:12 < roconnor> https://github.com/bitcoin-core/secp256k1/blob/9a5a87e0f1276e0284446af1172056ea4693737f/include/secp256k1_extrakeys.h#L19-L20
15:12 < roconnor> bitcon core says: "That's just, like, your opinion man."
15:12 < roconnor> https://github.com/bitcoin/bitcoin/blob/33707a2a8828c68e3c0586bdadea52c84873d386/src/pubkey.h#L279
15:14 < sipa> it's not comparing key objects, but their serialization
15:14 < sipa> which is obviously also fine
15:49 -!- meshcollider [meshcollid@jujube.ircnow.org] has quit [Changing host]
15:49 -!- meshcollider [meshcollid@user/meshcollider] has joined #secp256k1
16:25 -!- luke-jr [~luke-jr@user/luke-jr] has quit [Quit: ZNC - http://znc.sourceforge.net]
16:26 -!- luke-jr [~luke-jr@user/luke-jr] has joined #secp256k1
17:16 -!- belcher_ [~belcher@user/belcher] has joined #secp256k1
17:17 -!- belcher [~belcher@user/belcher] has quit [Ping timeout: 240 seconds]
21:39 -!- siv2r09300 [~siv2r@103.77.37.144] has quit [Ping timeout: 252 seconds]
22:00 -!- Netsplit *.net <-> *.split quits: jonatack
23:32 -!- belcher_ is now known as belcher
--- Log closed Sat Aug 28 00:00:51 2021