Commit Graph

1 Commits

Author SHA1 Message Date
W. J. van der Laan
bc61867454
Merge #21573: Update libsecp256k1 subtree to latest master
5c7ee1b2da6bf783d27034fca9dfd3a64ed525cb libsecp256k1 no longer has --with-bignum= configure option (Pieter Wuille)
bdca9bcb6c9379707d09c63f02326884befbefb2 Squashed 'src/secp256k1/' changes from 3967d96bf1..efad3506a8 (Pieter Wuille)
cabb5661234f8d832dbc3b65bf80b0acc02db0a0 Disable certain false positive warnings for libsecp256k1 msvc build (Pieter Wuille)

Pull request description:

  This updates our src/secp256k1 subtree to the latest upstream master. The changes include:

  * The introduction of safegcd-based modular inverses, reducing ECDSA signing time by 25%-30% and ECDSA verification time by 15%-17%.
    * [Original paper](https://gcd.cr.yp.to/papers.html) by Daniel J. Bernstein and Bo-Yin Yang
    * [Implementation](https://github.com/bitcoin-core/secp256k1/pull/767) by Peter Dettman; [final](https://github.com/bitcoin-core/secp256k1/pull/831) version
    * [Explanation](https://github.com/bitcoin-core/secp256k1/blob/master/doc/safegcd_implementation.md) of the algorithm using Python snippets
    * [Analysis](https://github.com/sipa/safegcd-bounds) of the maximum number of iterations the algorithm needs
    * [Formal proof in Coq](https://medium.com/blockstream/a-formal-proof-of-safegcd-bounds-695e1735a348) by Russell O'Connor, for a high-level equivalent algorithm
  * Removal of libgmp as an (optional) dependency (which wasn't used in the Bitcoin Core build)
  * CI changes (Travis -> Cirrus)
  * Build system improvements

ACKs for top commit:
  laanwj:
    Tested ACK 5c7ee1b2da6bf783d27034fca9dfd3a64ed525cb

Tree-SHA512: ad8ac3746264d279556a4aa7efdde3733e114fdba8856dd53218588521f04d83950366f5c1ea8fd56329b4c7fe08eedf8e206f8f26dbe3f0f81852e138655431
2021-08-11 00:05:23 +03:00