Closed webwarrior-ws closed 1 year ago
Your test also fails if you try it against the latest version of bitcoin-core's secp lib https://github.com/bitcoin-core/secp256k1. All of our core scalar code is derived from versions of that (and not anything we would have ever modified ourselves). If there is a provable issue, you definitely want to focus efforts there as opposed to our fork.
Apparently scalars use different order than field characteristic, so there's no bug. https://github.com/bitcoin-core/secp256k1/issues/1180#issuecomment-1356859346
Some scalars add to the wrong number (see https://github.com/webwarrior-ws/secp256k1-zkp/commit/1c27f7096ca3eb2413e7ed2ca040c076e567e747). Numbers in that commit were cross-checked using Wolfram Alpha, Python and Pharo. So I assume there is either a bug in addition or in byte array representation of scalars.