f can never equal -m - Githubissues

bitcoin-core / secp256k1

Optimized C library for EC operations on curve secp256k1

MIT License

2.06k stars 1k forks source link

Open roconnor-blockstream opened 4 weeks ago

roconnor-blockstream commented 4 weeks ago

In fact, before reaching this particular VERIFY_CHECK, we had already successfully passed through

VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */

ensuring that f is not -m.

roconnor-blockstream commented 1 week ago

Just to be clear, this PR isn't removing a redundant check, it is strengthening the existing check by removing a disjunctive clause.

real-or-random commented 1 week ago

Just to be clear, this PR isn't removing a redundant check, it is strengthening the existing check by removing a disjunctive clause.

Oh, right, I got this wrong. But I still think the change makes sense.

roconnor-blockstream commented 1 week ago

Done. I've also added the same change to the constant-time versions of these functions.