--- Log opened Thu Jun 27 00:00:36 2024
00:01 -!- lbia [~lbia@user/lbia] has joined #secp256k1
00:48 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
02:06 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
02:19 < elichai2> Is there a discussion somewhere about the security of using the same non-hardened xpriv for deriving bip-340 and ecdsa keys? (as they have a known linear relationship)
02:33 < elichai2> Just found this :) https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-February/018384.html
03:04 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
03:55 < bitcoin-git> [secp256k1] hebasto closed pull request #1552: [POC, DO NOT MERGE] cmake: Switch to CMake utilities repository (master...240625-shared-cmake) https://github.com/bitcoin-core/secp256k1/pull/1552
04:45 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
05:00 -!- josie_ is now known as josie
05:21 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
06:22 -!- lbia [~lbia@user/lbia] has quit [Ping timeout: 256 seconds]
07:15 < josie> thestack, real_or_random: im adding the new test case for sum to zero / point at infinity to the silent payments module PR and it occurred to me we could have a subset of private keys sum to 0 but still have the overall sum be non-zero. my initial instinct is to check for a zero sum after all the private keys / public keys have been summed, but wanted to get a second opinion
07:44 -!- lbia [~lbia@user/lbia] has joined #secp256k1
07:52 < bitcoin-git> [secp256k1] EduMenges opened pull request #1555: Fixed O3 replacement (master...master) https://github.com/bitcoin-core/secp256k1/pull/1555
07:58 -!- preimage [~halosghos@user/halosghost] has joined #secp256k1
08:32 < theStack> josie: interesting point, haven't considered that case. i think there is no easy way to thoroughly detect such cases, as the best we could do is to check if the intermediate sum is zero in the course of summing up. e.g. if two keys s1 and s2 cancel each other out, s3 is another unrelated one, and we sum them up in the order s1, s3, s2, we wouldn't notice that anything is wrong.
08:32 < theStack> so my non-cryptographer initial instinct would also say that checking for zero / point at infinity at the end is sufficient
08:54 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
09:08 < josie> theStack: yeah, thats what the module is currently doing with a `VERIFY_CHECK` after each incremental add. but since that doesnt actually catch if *any* subsets sum to zero and instead only catches if certain orderings would produce a subset equal to zero, i opted to do one check at the end
09:22 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
09:37 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
10:06 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
10:36 < theStack> josie: agree that it makes sense to do only the one check with the final sum, it's also what the bip states now (one could argue to change it again to be even stricter, but imho it's not worth it)
10:55 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
11:23 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
11:51 -!- uasf [~uasf@2604:a880:2:d0::1bda:1001] has quit [Remote host closed the connection]
11:52 -!- uasf [~uasf@2604:a880:2:d0::1bda:1001] has joined #secp256k1
12:33 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
12:53 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
14:54 -!- preimage [~halosghos@user/halosghost] has quit [Quit: WeeChat 4.3.2]
15:07 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
18:40 -!- jon_atack [~jonatack@user/jonatack] has joined #secp256k1
18:42 -!- jonatack [~jonatack@user/jonatack] has quit [Ping timeout: 268 seconds]
19:18 -!- jon_atack [~jonatack@user/jonatack] has quit [Ping timeout: 256 seconds]
19:20 -!- jonatack [~jonatack@user/jonatack] has joined #secp256k1
19:51 -!- jonatack [~jonatack@user/jonatack] has quit [Ping timeout: 264 seconds]
19:52 -!- jonatack [~jonatack@user/jonatack] has joined #secp256k1
21:05 -!- jonatack [~jonatack@user/jonatack] has quit [Ping timeout: 264 seconds]
21:07 -!- jonatack [~jonatack@user/jonatack] has joined #secp256k1
--- Log closed Fri Jun 28 00:00:37 2024