Assert field magnitude at control-flow join #1673
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sipa
reviewed
May 20, 2025
jonasnick
approved these changes
May 24, 2025
hebasto
added a commit
to hebasto/bitcoin
that referenced
this pull request
Jun 5, 2025
51d2ecd6e9 cmake: add a helper for linking into static libs 201b2b8f06 Merge bitcoin-core/secp256k1#1675: cmake: Bump minimum required CMake version to 3.22 3af71987a8 cmake: Bump minimum required CMake version to 3.22 92394476e9 Merge bitcoin-core/secp256k1#1673: Assert field magnitude at control-flow join 3a4f448cb4 Assert field magnitude at control-flow join 9fab425256 Merge bitcoin-core/secp256k1#1668: bench_ecmult: add benchmark for ecmult_const_xonly 05445377f4 bench_ecmult: add benchmark for ecmult_const_xonly bb597b3d39 Merge bitcoin-core/secp256k1#1670: tests: update wycheproof files d73ed99479 tests: update wycheproof files git-subtree-dir: src/secp256k1 git-subtree-split: 51d2ecd6e9f8ec1048d04fae34c2430c749d3bff
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As I was re-reading the xonly method I noticed that the author had taken some care about the magnitude of
gin each branch. It's probably worth documenting magnitude assumptions when control flows join like this.Actually I would even prefer a new field method (perhaps
_fe_join) that calls SECP256K1_FE_VERIFY_MAGNITUDE, and then sets the magnitude to that value. That would be more in line with the static analysis view of magnitudes that I recall being discussed, though I have not been following closely lately.