Commit graph

24 commits

Author SHA1 Message Date
Dave Collins
ac7e4de201 Add field and point addition/multiplicaiton tests.
This commit adds 100% test coverage for the new code.  This brings the
overall btcec coverage up to 99.76%.
2013-12-20 15:09:58 -06:00
Dave Collins
9be5c5cbd9 Significantly optimize signature verification.
This commit essentially rewrites all of the primitives needed to perform
the arithmetic for ECDSA signature verification of secp256k1 signatures to
significantly speed it up.  Benchmarking has shown signature verification
is roughly 10 times faster with this commit over the previous.

In particular, it introduces a new field value which is used to perform the
modular field arithmetic using fixed-precision operations specifically
tailored for the secp256k1 prime.  The field also takes advantage of
special properties of the prime for significantly faster modular reduction
than is available through generic methods.

In addition, the curve point addition and doubling have been optimized
minimize the number of field multiplications in favor field squarings
since they are quite a bit faster.  They routines also now look for
certain assumptions such as z values of 1 or equivalent z values which
can be used to further reduce the number of multiplicaitons needed when
possible.

Note there are still quite a few more optimizations that could be done
such as using precomputation for ScalarBaseMult, making use of the
secp256k1 endomorphism, and using windowed NAF, however this work already
offers significant performance improvements.

For example, testing 10000 random signature verifications resulted in:
New btcec took 15.9821565s
Old btcec took 2m34.1016716s

Closes conformal/btcd#26.
2013-12-20 15:07:15 -06:00
Owain G. Ainsworth
95b3c063e3 remove lazy computation of QPlus1Div4 and do at init time.
Should shut up the race detector (thought this should be harmless)
2013-11-21 18:59:15 +00:00
David Hill
a97fd5fe2c add test for testing IsOnCurve 2013-11-04 14:42:21 -05:00
Josh Rickmar
506c3eacac Add padding for pubkey numbers.
This change pads serialized (big endian) pubkey numbers to a length of
32 bytes.  Previously, because serialized pubkey numbers are read
MSB-first, if a number could be serialized in less than 31 bytes, the
deserialized number would be incorrect.
2013-11-04 10:11:11 -05:00
Josh Rickmar
98ac46b37d Add ParseDERSignature.
This change adds an additional signature parsing function which
performs additional checks to verify the signature is serialized in a
valid DER (and thus, unique) format, instead of allowing the less
strict BER signatures that ParseSignature will happily accept.

Added additional tests and updated test coverage to reflect changes.
2013-10-25 15:09:48 -04:00
Josh Rickmar
e748650cc8 Use uncapitalized error strings 2013-09-30 18:20:46 -04:00
Josh Rickmar
961636c764 Add functions to serialize an ecdsa public key. 2013-09-30 18:18:03 -04:00
Owain G. Ainsworth
abfd6b44af More documentation commentary. 2013-08-06 18:22:16 +01:00
Owain G. Ainsworth
ba51aa8934 partially revert afc2e8100a
Turns out that there are some signatures in the bitcoin blockchain that have
trailing 0s, for example
12a1b29fd6c295075b6a66f5fd90f0126ceb1fda4f15e4b44d92518bd52a5cdf has a signature
length of 0x45 where there are 0x47 bytes following that length check (one is
hashtype and is supposed to be trimmed out prior to calling the function). We
relax the paranoid length check to permit traling data, but not to permit
buffers that are too short. Change the test to passing with a big comment
stating why this is now considered a valid case.
2013-06-24 18:15:25 +01:00
Owain G. Ainsworth
031437decf test 0 length numbers (disallowed) and coordinates of 0 (also) 2013-06-18 00:17:32 +01:00
Owain G. Ainsworth
13cf6091e6 Test the sanity checks for numbers too big for the curve fire correctly. 2013-06-17 23:58:47 +01:00
Owain G. Ainsworth
86d150bbb3 Remove accidentally commited printf. 2013-06-17 23:56:25 +01:00
Owain G. Ainsworth
316faf034c update test coverage stats. 2013-06-17 17:41:37 +01:00
Owain G. Ainsworth
afc2e8100a Make length check a little more paranoid
Remove trailing crap  from the tests (the hashtype) now that this is
correctly caught.
2013-06-17 17:38:16 +01:00
Owain G. Ainsworth
cd61efe8a8 test a bunch of invalid cases in ParseSignature. 2013-06-17 16:18:58 +01:00
Owain G. Ainsworth
5c8c454a18 fix up some indexing in ParseSignature.
a test i was working on was crashing this otherwise. Make length checks more
paranoid.
2013-06-17 16:18:27 +01:00
Owain G. Ainsworth
9cb1f47fb9 add signature test harness and try a valid signature for size.
error paths to come.
2013-06-14 01:11:06 +01:00
Owain G. Ainsworth
7cfebed976 Test the ``parameter is >= P'' pubkey error paths. 2013-06-14 00:28:54 +01:00
Owain G. Ainsworth
9638528b8e test hybrid keys too.
Nothing that I know of uses them, but if we have the code path we should
be pretty sure it works.
2013-06-14 00:06:25 +01:00
Owain G. Ainsworth
217fa5311a go fmt. *sigh* 2013-06-14 00:03:15 +01:00
Owain G. Ainsworth
ffdbcd5cce test a few easy to hit pubkey error paths. 2013-06-13 23:55:52 +01:00
Dave Collins
6e9cc57131 Initial implementation. 2013-06-13 14:38:54 -05:00
Dave Collins
a2c10e34d9 Initial commit. 2013-06-13 12:45:48 -05:00