This commit changes the behavior of BitCurve.Add to be more inline
with btcd. It fixes two different bugs:
1) When adding a point at infinity to another point, the other point
should be returned. While this is undefined behavior, it is better
to be more inline with the go standard library.
Thus (0,0) + (a, b) = (a,b)
2) Adding the same point to itself produced the point at infinity.
This is incorrect, now doubleJacobian is used to correctly calculate it.
Thus (a,b) + (a,b) == 2* (a,b) and not (0,0) anymore.
The change also adds a differential fuzzer for Add, testing it against btcd.
Co-authored-by: Felix Lange <fjl@twurst.com>
The z == 0 check is hit whenever we Add two points with the same x1/x2
coordinate. crypto/elliptic uses the same check in their affineFromJacobian
function. This change does not affect block processing or tx signature verification
in any way, because it does not use the Add or Double methods.
* common/math: optimize PaddedBigBytes, use it more
name old time/op new time/op delta
PaddedBigBytes-8 71.1ns ± 5% 46.1ns ± 1% -35.15% (p=0.000 n=20+19)
name old alloc/op new alloc/op delta
PaddedBigBytes-8 48.0B ± 0% 32.0B ± 0% -33.33% (p=0.000 n=20+20)
* all: unify big.Int zero checks
Various checks were in use. This commit replaces them all with Int.Sign,
which is cheaper and less code.
eg templates:
func before(x *big.Int) bool { return x.BitLen() == 0 }
func after(x *big.Int) bool { return x.Sign() == 0 }
func before(x *big.Int) bool { return x.BitLen() > 0 }
func after(x *big.Int) bool { return x.Sign() != 0 }
func before(x *big.Int) int { return x.Cmp(common.Big0) }
func after(x *big.Int) int { return x.Sign() }
* common/math, crypto/secp256k1: make ReadBits public in package math
- Use defined constants instead of hard-coding their integer value.
- Allocate secp256k1 structs on the C stack instead of converting []byte
- Remove dead code
