--- Log opened Mon Apr 15 00:00:27 2024
00:27 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
01:03 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
01:55 -!- jon_atack [~jonatack@user/jonatack] has joined #secp256k1
01:57 -!- jonatack [~jonatack@user/jonatack] has quit [Ping timeout: 256 seconds]
02:49 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
02:50 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
04:36 -!- jon_atack [~jonatack@user/jonatack] has quit [Ping timeout: 260 seconds]
04:38 -!- jonatack [~jonatack@user/jonatack] has joined #secp256k1
07:52 -!- achow101 [~achow101@user/achow101] has quit [Ping timeout: 256 seconds]
08:08 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
08:15 < bitcoin-git> [secp256k1] real-or-random opened pull request #1517: autotools: Disable eager MSan in ctime_tests (master...202404-msan-retval) https://github.com/bitcoin-core/secp256k1/pull/1517
08:33 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
08:35 -!- achow101 [~achow101@user/achow101] has joined #secp256k1
08:41 -!- achow101 [~achow101@user/achow101] has quit [Remote host closed the connection]
08:42 -!- achow101 [~achow101@user/achow101] has joined #secp256k1
08:43 -!- achow101 [~achow101@user/achow101] has quit [Remote host closed the connection]
08:43 -!- achow101 [~achow101@user/achow101] has joined #secp256k1
10:13 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
10:23 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
10:34 -!- sorcus [~sorcus@wireguard/tunneler/sorcus] has joined #secp256k1
10:34 < sorcus> Hi everyone.
10:39 < sorcus> I have a silly question. How to do subtraction between two points? I tried direct subtraction as addition in secp256k1_fe_impl_add, but the result is a bit different from what it should be.
10:43 < sorcus> I also tried secp256k1_fe_impl_add and then secp256k1_fe_impl_negate_unchecked, but the result is the same (if I understand correctly, it's the same as subtraction, right?).
10:53 < andytoshi> gej_neg followed by ge_add_gej probably ... but how are you accessing these functions? are you implementing a module within the library?
11:20 < sorcus> I use it directly in my small pet project.
11:20 < sipa> sorcus: you're confusing field additions with group additions
11:21 < sipa> group operations are implemented in terms of field operations, and group additions do involve field additions, but group subtractions will be very different from just turning the field additions into field subtractions
11:21 < sipa> if you want to perform group subtraction, first negate the operand and use addition, as andytoshi says
11:26 < sorcus> https://gist.github.com/MrSorcus/896aaa8672f638ae975480786db26a75 - this is what I tried. And result is b204789d7dcb527c88b95039ff12ecdc2b632b315f29b25c5a13737a7e7a72a2, but actual result is b204789d7dcc527c88b95039ff12ecdc2b632c315f29b25c5a23737a7e7a72a2.
11:27 < sipa> you're doing field operations
11:27 < sipa> the group operations use the ge_ and gej_ functions
11:28 < sorcus> sipa: Yeah, I'm not smart enough for such complicated math...
11:28 < sipa> well then what are you trying to do?
11:29 < sipa> elliptic curve cryptography does involve elliptic curve arithmetic, so there isn't a way around learning how that works if you want to work with code at such low level  :)
11:30 < sorcus> sipa: Hmm, but the ge_ and gej_ functions are for Jacobi coordinates, not Affine, right?
11:30 < sipa> ge is affine, gej is jacobian
11:30 < sorcus> siv2r: Ah, right.
11:31 < sipa> also, direct (C operator) subtraction on the fields of a secp256k1_fe will not give you field subtraction; you need to use fe_negate and fe_add instead due to how field elements are represented
11:31 < sipa> but again, even that (field subtraction) is unrelated to what you're asking about (point subtraction)
11:34 < sorcus> sipa: https://github.com/albertobsd/keyhunt/blob/2134a2024e524775b13f82aa1fa07b1c8053f867/keyhunt.cpp#L2590-L2644 - I'm trying to implement this part of the algo using libsecp256k1. It may be silly, but it's interesting and fun for me.
11:35 < sipa> what is that supposed to do?
11:36 < sorcus> sipa: Sorry if I confused you by using the wrong names for fields / points / etc.
11:36 < sipa> sorcus: i'm more worried you're confusing yourself
11:37 < sipa> if you can't grasp the distinction between field operations and group operations, you'll have a hard time working with the codebase
11:37 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
11:37 < sorcus> sipa: I tried to use fe_negate and fe_add, but result is the same. That's why I'm asking.
11:38 < sipa> i have a hard time believing that
11:41 < sorcus> sipa: Yeah, I know. I'm pretty sure I'm doing something wrong.
11:44 < sorcus> sipa: This algo creates a pubkey for the next sequential privkey using the x,y affine coordinates for the privkey...
11:46 < sipa> sorcus: you really don't need to touch field arithmetic for that
11:46 < sorcus> sipa: For example pubkey for 0x24802 is 0x038e7b10b972, using x,y for 0x24802 we can get pubkey for 0x24801, which is 0x032bb6cfe...
11:47 < sipa> we have point additon algorithm
11:48 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
11:49 < sorcus> sipa: You mean secp256k1_gej_add_ functions? I didn't find addition function for ge_.
11:50 < sipa> sorcus: you can add a ge and gej, resulting in a gej, and then convert the result to a ge
11:51 < sipa> addition always internally works with jacobian coordinates, it's just way fastet
11:51 < sipa> *faster
12:43 < sorcus> sipa: Yes, but algo from keyhunt shown performance much higher for sequential privkey, than addition + converting from gej to ge.
12:50 < sipa> oh, the goal is to scan many keys quickly?
12:50 < sipa> there are definitely more efficient algorithms for that
12:50 < sipa> you can use batch inversion, exploit the endomorphisms, ...
12:51 < sipa> we actually have a PR to add some of that https://github.com/bitcoin-core/secp256k1/pull/507, but that's not nearly the best you can do
12:53 < sipa> but still, none of that involves messing with field-level arithmetic
12:53 < sorcus> sipa: Only for puzzles with small keys.
12:53 < sipa> hmm?
12:53 < sipa> what puzzles?
12:55 < sorcus> sipa: https://bitcointalk.org/index.php?topic=1306983.0
12:57 < sipa> i don't understand the comment "only for puzzles with small keys"
12:58 < sorcus> sipa: Fow some reason gej_to_ge shows performance about 900k/s on my laptop, but algo from keyhunt shows 7.7m/s. Just surprized by such big difference, because libsecp256k1 don't even close to that numbers...
12:59 < sipa> sorcus: sure, you're doing an inversion per point that way
12:59 < sipa> but there exist batch inversion algorithms too, which are a bit slower, but can perform many inversions simultaneously
12:59 < sipa> but that's just one trick
12:59 < sorcus> sipa: https://privatekeys.pw/puzzles/bitcoin-puzzle-tx - here is a list of ranges, where are these "puzzle" keys located.
13:00 < sipa> well i'm not interesting in working on that puzzle, or assist with it, so good luck :)
13:01 < sorcus> sipa: Yeah, I understand and I'm not asking about help with solving this puzzle. Original question wasn't about it.
13:05 < sorcus> sipa: Anyway, libsecp256k1 is a cool library. Sadly, I'm not even close to being able to create such genius mathematical and cryptographic stuff.
14:19 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
19:23 -!- lbia [~lbia@user/lbia] has quit [Quit: lbia]
22:41 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
22:51 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
22:59 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
23:21 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Read error: Connection reset by peer]
23:24 -!- sorcus [~sorcus@wireguard/tunneler/sorcus] has quit [Quit: WeeChat 4.2.1]
23:25 -!- sorcus [~sorcus@wireguard/tunneler/sorcus] has joined #secp256k1
23:40 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
--- Log closed Tue Apr 16 00:00:28 2024