ellswift: introduce ElligatorSwift encoding and decoding funcs #2219
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The BIP324 ElligatorSwift test vectors are also included.
Pull Request Test Coverage Report for Build 10097360170Details
💛 - Coveralls |
|
This is great! fwiw, I had great success using the csv files from the BIP324 directly for the tests and it gave me great test coverage too, see esp the big test running through all the "packet_encoding_test_vectors.csv" rows here |
|
cc: @ellemouton @ProofOfKeags for review |
lnliz
reviewed
Aug 27, 2024
| t.Fatalf("t value different than expected") | ||
| } | ||
|
|
||
| return |
There was a problem hiding this comment.
I think this needs to be "continue" because otherwise the entire TestXSwiftECInvVectors() test suite ends here.
ProofOfKeags
approved these changes
Aug 30, 2024
| // public key (u, t) and return the point on the curve it maps to. | ||
| // TODO: Rewrite these so to avoid new(FieldVal).Add(...) usage? | ||
| // NOTE: u, t MUST be normalized. The result x is normalized. | ||
| func XSwiftEC(u, t *FieldVal) *FieldVal { |
There was a problem hiding this comment.
🫡 Leaving this comment for myself but XSwiftEC looks good.
| // ElligatorSwift encoding. | ||
| // TODO: Rewrite these so to avoid new(FieldVal).Add(...) usage? | ||
| // NOTE: u, x MUST be normalized. The result `t` is normalized. | ||
| func XSwiftECInv(u, x *FieldVal, caseNum int) *FieldVal { |
| // XElligatorSwift takes the x-coordinate of a point on secp256k1 and generates | ||
| // ElligatorSwift encoding of that point composed of two field elements (u, t). | ||
| // NOTE: x MUST be normalized. The return values u, t are normalized. | ||
| func XElligatorSwift(x *FieldVal) (*FieldVal, *FieldVal, error) { |
| // We'll choose a random `u` value and a random case so that we can | ||
| // generate a `t` value. | ||
| // TODO: How does this loop need to be bounded, see secp256k1 repo's impl. | ||
| for i := 0; i < 15000; i++ { |
There was a problem hiding this comment.
Yeah this seems like it's not part of the spec. I'd imagine you did this as a "just in case". Given that the loop starts with rand generation there is exponential dropoff in the likelihood of failing every loop?
|
|
||
| // EllswiftCreate generates a random private key and returns that along with | ||
| // the ElligatorSwift encoding of its corresponding public key. | ||
| func EllswiftCreate() (*PrivateKey, [64]byte, error) { |
|
|
||
| // EllswiftECDHXOnly takes the ElligatorSwift-encoded public key of a | ||
| // counter-party and performs ECDH with our private key. | ||
| func EllswiftECDHXOnly(ellswiftTheirs [64]byte, privKey *PrivateKey) ([32]byte, |
| msg = append(msg, ellswiftOurs[:]...) | ||
| msg = append(msg, ellswiftTheirs[:]...) | ||
| msg = append(msg, ecdhPoint[:]...) | ||
| return chainhash.TaggedHash([]byte("bip324_ellswift_xonly_ecdh"), msg), |
There was a problem hiding this comment.
extract to single const?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The BIP324 ElligatorSwift test vectors are also included. They can be found here and here. This code could be more optimized, possibly by not using so many
new(FieldVal)invocations among some other things.