josibake
diff --git a/‎src/secp256k1/.gitignore
+1 b/‎src/secp256k1/.gitignore
+1
diff --git a/‎src/secp256k1/CMakeLists.txt
+15-5 b/‎src/secp256k1/CMakeLists.txt
+15-5
diff --git a/‎src/secp256k1/README.md
+1 b/‎src/secp256k1/README.md
+1
diff --git a/‎src/secp256k1/batch_example
1.43 MB b/‎src/secp256k1/batch_example
1.43 MB
diff --git a/‎src/secp256k1/ci/cirrus.sh
+82 b/‎src/secp256k1/ci/cirrus.sh
+82
diff --git a/‎src/secp256k1/doc/speedup-batch.md
+15 b/‎src/secp256k1/doc/speedup-batch.md
+15
diff --git a/‎src/secp256k1/doc/speedup-batch/.gitignore
+1 b/‎src/secp256k1/doc/speedup-batch/.gitignore
+1
diff --git a/‎src/secp256k1/doc/speedup-batch/Makefile
+23 b/‎src/secp256k1/doc/speedup-batch/Makefile
+23
diff --git a/‎src/secp256k1/doc/speedup-batch/bench.sh
+13 b/‎src/secp256k1/doc/speedup-batch/bench.sh
+13
diff --git a/‎src/secp256k1/doc/speedup-batch/bench_output.txt
+137 b/‎src/secp256k1/doc/speedup-batch/bench_output.txt
+137
@@ -12,6 +12,7 @@ ecdsa_example
 schnorr_example
 ellswift_example
 musig_example
+batch_example
 *.exe
 *.so
 *.a
 
@@ -7,7 +7,7 @@ project(libsecp256k1
   # The package (a.k.a. release) version is based on semantic versioning 2.0.0 of
   # the API. All changes in experimental modules are treated as
   # backwards-compatible and therefore at most increase the minor version.
-  VERSION 0.6.0
+  VERSION 0.6.1
   DESCRIPTION "Optimized C library for ECDSA signatures and secret/public key operations on curve secp256k1."
   HOMEPAGE_URL "https://github.com/bitcoin-core/secp256k1"
   LANGUAGES C
@@ -32,7 +32,7 @@ endif()
 # All changes in experimental modules are treated as if they don't affect the
 # interface and therefore only increase the revision.
 set(${PROJECT_NAME}_LIB_VERSION_CURRENT 5)
-set(${PROJECT_NAME}_LIB_VERSION_REVISION 0)
+set(${PROJECT_NAME}_LIB_VERSION_REVISION 1)
 set(${PROJECT_NAME}_LIB_VERSION_AGE 0)
 
 #=============================
@@ -55,13 +55,13 @@ option(SECP256K1_INSTALL "Enable installation." ${PROJECT_IS_TOP_LEVEL})
 ## Modules
 
 # We declare all options before processing them, to make sure we can express
-# dependendencies while processing.
+# dependencies while processing.
 option(SECP256K1_ENABLE_MODULE_ECDH "Enable ECDH module." ON)
 option(SECP256K1_ENABLE_MODULE_RECOVERY "Enable ECDSA pubkey recovery module." OFF)
 option(SECP256K1_ENABLE_MODULE_EXTRAKEYS "Enable extrakeys module." ON)
 option(SECP256K1_ENABLE_MODULE_SCHNORRSIG "Enable schnorrsig module." ON)
 option(SECP256K1_ENABLE_MODULE_MUSIG "Enable musig module." ON)
-option(SECP256K1_ENABLE_MODULE_ELLSWIFT "Enable ElligatorSwift module." ON)
+option(SECP256K1_ENABLE_MODULE_ELLSWIFT "Enable ElligatorSwift module." OFF)
 
 # Processing must be done in a topological sorting of the dependency graph
 # (dependent module first).
@@ -156,13 +156,22 @@ elseif(SECP256K1_ASM)
   endif()
 endif()
 
-option(SECP256K1_EXPERIMENTAL "Allow experimental configuration options." OFF)
+option(SECP256K1_EXPERIMENTAL "Allow experimental configuration options." ON)
 if(NOT SECP256K1_EXPERIMENTAL)
   if(SECP256K1_ASM STREQUAL "arm32")
     message(FATAL_ERROR "ARM32 assembly is experimental. Use -DSECP256K1_EXPERIMENTAL=ON to allow.")
   endif()
 endif()
 
+option(SECP256K1_ENABLE_MODULE_BATCH "Enable batch verification module." ON)
+if(SECP256K1_ENABLE_MODULE_BATCH)
+  if(DEFINED SECP256K1_EXPERIMENTAL AND NOT SECP256K1_EXPERIMENTAL)
+    message(FATAL_ERROR "Batch verification module is experimental")
+  endif()
+  set(SECP256K1_ENABLE_MODULE_BATCH ON)
+  add_compile_definitions(ENABLE_MODULE_BATCH=1)
+endif()
+
 set(SECP256K1_VALGRIND "AUTO" CACHE STRING "Build with extra checks for running inside Valgrind. [default=AUTO]")
 set_property(CACHE SECP256K1_VALGRIND PROPERTY STRINGS "AUTO" "OFF" "ON")
 check_string_option_value(SECP256K1_VALGRIND)
@@ -327,6 +336,7 @@ message("  extrakeys ........................... ${SECP256K1_ENABLE_MODULE_EXTRA
 message("  schnorrsig .......................... ${SECP256K1_ENABLE_MODULE_SCHNORRSIG}")
 message("  musig ............................... ${SECP256K1_ENABLE_MODULE_MUSIG}")
 message("  ElligatorSwift ...................... ${SECP256K1_ENABLE_MODULE_ELLSWIFT}")
+message("  Batch ............................... ${SECP256K1_ENABLE_MODULE_BATCH}")
 message("Parameters:")
 message("  ecmult window size .................. ${SECP256K1_ECMULT_WINDOW_SIZE}")
 message("  ecmult gen table size ............... ${SECP256K1_ECMULT_GEN_KB} KiB")
 
@@ -22,6 +22,7 @@ Features:
 * Optional module for Schnorr signatures according to [BIP-340](https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki).
 * Optional module for ElligatorSwift key exchange according to [BIP-324](https://github.com/bitcoin/bips/blob/master/bip-0324.mediawiki).
 * Optional module for MuSig2 Schnorr multi-signatures according to [BIP-327](https://github.com/bitcoin/bips/blob/master/bip-0327.mediawiki).
+* Optional module for Batch Verification (experimental).
 
 Implementation details
 ----------------------
 
@@ -0,0 +1,82 @@
+#!/bin/sh
+
+set -e
+set -x
+
+export LC_ALL=C
+
+# Start persistent wineserver if necessary.
+# This speeds up jobs with many invocations of wine (e.g., ./configure with MSVC) tremendously.
+case "$WRAPPER_CMD" in
+    *wine*)
+        # This is apparently only reliable when we run a dummy command such as "hh.exe" afterwards.
+        wineserver -p && wine hh.exe
+        ;;
+esac
+
+env >> test_env.log
+
+$CC -v || true
+valgrind --version || true
+$WRAPPER_CMD --version || true
+
+./autogen.sh
+
+./configure \
+    --enable-experimental="$EXPERIMENTAL" \
+    --with-test-override-wide-multiply="$WIDEMUL" --with-asm="$ASM" \
+    --with-ecmult-window="$ECMULTWINDOW" \
+    --with-ecmult-gen-precision="$ECMULTGENPRECISION" \
+    --enable-module-ecdh="$ECDH" --enable-module-recovery="$RECOVERY" \
+    --enable-module-schnorrsig="$SCHNORRSIG" \
+    --enable-module-batch="$BATCH" \
+    --enable-examples="$EXAMPLES" \
+    --with-valgrind="$WITH_VALGRIND" \
+    --host="$HOST" $EXTRAFLAGS
+
+# We have set "-j<n>" in MAKEFLAGS.
+make
+
+# Print information about binaries so that we can see that the architecture is correct
+file *tests* || true
+file bench* || true
+file .libs/* || true
+
+# This tells `make check` to wrap test invocations.
+export LOG_COMPILER="$WRAPPER_CMD"
+
+make "$BUILD"
+
+if [ "$BENCH" = "yes" ]
+then
+    # Using the local `libtool` because on macOS the system's libtool has nothing to do with GNU libtool
+    EXEC='./libtool --mode=execute'
+    if [ -n "$WRAPPER_CMD" ]
+    then
+        EXEC="$EXEC $WRAPPER_CMD"
+    fi
+    {
+        $EXEC ./bench_ecmult
+        $EXEC ./bench_internal
+        $EXEC ./bench
+    } >> bench.log 2>&1
+fi
+
+if [ "$CTIMETEST" = "yes" ]
+then
+    ./libtool --mode=execute valgrind --error-exitcode=42 ./valgrind_ctime_test > valgrind_ctime_test.log 2>&1
+fi
+
+# Rebuild precomputed files (if not cross-compiling).
+if [ -z "$HOST" ]
+then
+    make clean-precomp
+    make precomp
+fi
+
+# Shutdown wineserver again
+wineserver -k || true
+
+# Check that no repo files have been modified by the build.
+# (This fails for example if the precomp files need to be updated in the repo.)
+git diff --exit-code
@@ -0,0 +1,15 @@
+# Schnorrsig Batch Verification Speedup
+
+![Speedup over single verification](speedup-batch/schnorrsig-speedup-batch.png)
+
+# Tweak Pubkey Check Batch Verification Speedup
+
+![Speedup over single verification](speedup-batch/tweakcheck-speedup-batch.png)
+
+Build steps
+-----------
+To generate the above graphs on your local machine:
+
+    $ cd doc/speedup-batch
+    $ make
+    $ make speedup-batch.png
@@ -0,0 +1 @@
+*.dat
@@ -0,0 +1,23 @@
+schnorrsig_data = schnorrsig_batch.dat schnorrsig_single.dat
+tweak_data = tweak_batch.dat tweak_single.dat
+
+bench_output.txt: bench.sh
+	SECP256K1_BENCH_ITERS=500000 ./bench.sh bench_output.txt
+
+schnorrsig_batch.dat: bench_output.txt
+	cat bench_output.txt | grep -v "schnorrsig_batch_verify_1 " | awk '{ gsub(/ /,""); print }' | awk -F, 'match($$0, /schnorrsig_batch_verify_([0-9]+)/, arr) {print arr[1] " " $$3}' > schnorrsig_batch.dat
+
+schnorrsig_single.dat: bench_output.txt
+	cat bench_output.txt | awk '{ gsub(/ /,""); print }' | awk -F, 'match($$0, /schnorrsig_verify/) {print $$3}' > schnorrsig_single.dat
+
+tweak_batch.dat: bench_output.txt
+	cat bench_output.txt | grep -v "tweak_check_batch_verify_1 " | awk '{ gsub(/ /,""); print }' | awk -F, 'match($$0, /tweak_check_batch_verify_([0-9]+)/, arr) {print arr[1] " " $$3}' > tweak_batch.dat
+
+tweak_single.dat: bench_output.txt
+	cat bench_output.txt | awk '{ gsub(/ /,""); print }' | awk -F, 'match($$0, /tweak_add_check/) {print $$3}' > tweak_single.dat
+
+speedup-batch.png: $(schnorrsig_data) $(tweak_data) plot.gp
+	gnuplot plot.gp
+
+clean:
+	rm *.log *.txt *.dat *.png
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+output_file=$1
+cur_dir=$(pwd)
+
+cd ../../
+echo "HEAD: $(git rev-parse --short HEAD)" > "$cur_dir/$output_file.log"
+make clean
+./autogen.sh
+./configure --enable-experimental --enable-module-batch --enable-module-schnorrsig >> "$cur_dir/$output_file.log"
+make -j
+./bench schnorrsig > "$cur_dir/$output_file"
+./bench extrakeys >> "$cur_dir/$output_file"
@@ -0,0 +1,137 @@
+Benchmark                          ,    Min(us)    ,    Avg(us)    ,    Max(us)    
+
+schnorrsig_sign                    ,    50.4       ,    50.5       ,    50.7    
+schnorrsig_verify                  ,    89.1       ,    89.2       ,    89.3    
+schnorrsig_batch_verify_1          ,   104.0       ,   104.0       ,   104.0    
+schnorrsig_batch_verify_2          ,    89.0       ,    89.1       ,    89.1    
+schnorrsig_batch_verify_3          ,    84.1       ,    84.1       ,    84.1    
+schnorrsig_batch_verify_4          ,    81.5       ,    81.5       ,    81.5    
+schnorrsig_batch_verify_5          ,    79.9       ,    79.9       ,    79.9    
+schnorrsig_batch_verify_7          ,    78.0       ,    78.1       ,    78.3    
+schnorrsig_batch_verify_9          ,    77.0       ,    77.0       ,    77.1    
+schnorrsig_batch_verify_11         ,    76.2       ,    76.3       ,    76.3    
+schnorrsig_batch_verify_14         ,    75.6       ,    75.6       ,    75.6    
+schnorrsig_batch_verify_17         ,    75.2       ,    75.2       ,    75.2    
+schnorrsig_batch_verify_21         ,    74.8       ,    74.8       ,    74.8    
+schnorrsig_batch_verify_26         ,    74.5       ,    74.6       ,    74.9    
+schnorrsig_batch_verify_32         ,    74.3       ,    74.5       ,    74.7    
+schnorrsig_batch_verify_39         ,    74.1       ,    74.1       ,    74.1    
+schnorrsig_batch_verify_47         ,    73.9       ,    73.9       ,    73.9    
+schnorrsig_batch_verify_57         ,    74.5       ,    74.5       ,    74.5    
+schnorrsig_batch_verify_69         ,    74.3       ,    74.3       ,    74.5    
+schnorrsig_batch_verify_83         ,    74.1       ,    74.1       ,    74.2    
+schnorrsig_batch_verify_100        ,    73.9       ,    74.0       ,    74.1    
+schnorrsig_batch_verify_121        ,    74.1       ,    74.1       ,    74.2    
+schnorrsig_batch_verify_146        ,    73.9       ,    73.9       ,    74.0    
+schnorrsig_batch_verify_176        ,    74.0       ,    74.2       ,    74.5    
+schnorrsig_batch_verify_212        ,    73.9       ,    74.1       ,    74.1    
+schnorrsig_batch_verify_255        ,    74.0       ,    74.0       ,    74.1    
+schnorrsig_batch_verify_307        ,    73.9       ,    74.0       ,    74.1    
+schnorrsig_batch_verify_369        ,    73.9       ,    73.9       ,    73.9    
+schnorrsig_batch_verify_443        ,    73.9       ,    74.1       ,    74.3    
+schnorrsig_batch_verify_532        ,    74.0       ,    74.0       ,    74.1    
+schnorrsig_batch_verify_639        ,    73.9       ,    74.0       ,    74.0    
+schnorrsig_batch_verify_767        ,    73.9       ,    73.9       ,    73.9    
+schnorrsig_batch_verify_921        ,    74.0       ,    74.0       ,    74.1    
+schnorrsig_batch_verify_1106       ,    73.9       ,    73.9       ,    73.9    
+schnorrsig_batch_verify_1328       ,    73.9       ,    74.1       ,    74.2    
+schnorrsig_batch_verify_1594       ,    74.0       ,    74.1       ,    74.1    
+schnorrsig_batch_verify_1913       ,    74.0       ,    74.0       ,    74.0    
+schnorrsig_batch_verify_2296       ,    74.0       ,    74.0       ,    74.0    
+schnorrsig_batch_verify_2756       ,    73.9       ,    74.0       ,    74.1    
+schnorrsig_batch_verify_3308       ,    74.1       ,    74.1       ,    74.2    
+schnorrsig_batch_verify_3970       ,    74.1       ,    74.2       ,    74.4    
+schnorrsig_batch_verify_4765       ,    74.0       ,    74.1       ,    74.2    
+schnorrsig_batch_verify_5719       ,    74.0       ,    74.1       ,    74.1    
+schnorrsig_batch_verify_6863       ,    74.0       ,    74.1       ,    74.1    
+schnorrsig_batch_verify_8236       ,    74.0       ,    74.1       ,    74.1    
+schnorrsig_batch_verify_9884       ,    74.0       ,    74.1       ,    74.3    
+schnorrsig_batch_verify_11861      ,    74.0       ,    74.0       ,    74.1    
+schnorrsig_batch_verify_14234      ,    73.9       ,    74.0       ,    74.1    
+schnorrsig_batch_verify_17081      ,    73.9       ,    73.9       ,    73.9    
+schnorrsig_batch_verify_20498      ,    73.9       ,    74.0       ,    74.0    
+schnorrsig_batch_verify_24598      ,    73.9       ,    74.0       ,    74.1    
+schnorrsig_batch_verify_29518      ,    73.9       ,    74.0       ,    74.1    
+schnorrsig_batch_verify_35422      ,    73.9       ,    73.9       ,    73.9    
+schnorrsig_batch_verify_42507      ,    73.9       ,    74.0       ,    74.0    
+schnorrsig_batch_verify_51009      ,    73.9       ,    74.1       ,    74.3    
+schnorrsig_batch_verify_61211      ,    73.9       ,    73.9       ,    74.0    
+schnorrsig_batch_verify_73454      ,    73.9       ,    74.0       ,    74.3    
+schnorrsig_batch_verify_88145      ,    73.9       ,    74.0       ,    74.1    
+schnorrsig_batch_verify_105775     ,    74.0       ,    74.1       ,    74.1    
+schnorrsig_batch_verify_126931     ,    73.9       ,    74.0       ,    74.1    
+schnorrsig_batch_verify_152318     ,    73.9       ,    73.9       ,    74.0    
+schnorrsig_batch_verify_182782     ,    73.9       ,    73.9       ,    74.0    
+schnorrsig_batch_verify_219339     ,    73.9       ,    73.9       ,    74.0    
+schnorrsig_batch_verify_263207     ,    74.0       ,    74.1       ,    74.3    
+schnorrsig_batch_verify_315849     ,    73.9       ,    74.0       ,    74.0    
+schnorrsig_batch_verify_379019     ,    73.9       ,    73.9       ,    73.9    
+schnorrsig_batch_verify_454823     ,    74.0       ,    74.0       ,    74.0    
+Benchmark                          ,    Min(us)    ,    Avg(us)    ,    Max(us)    
+
+tweak_add_check                    ,    64.7       ,    64.7       ,    65.0    
+tweak_check_batch_verify_1         ,    69.7       ,    69.8       ,    69.8    
+tweak_check_batch_verify_2         ,    57.2       ,    57.2       ,    57.3    
+tweak_check_batch_verify_3         ,    52.0       ,    52.1       ,    52.2    
+tweak_check_batch_verify_4         ,    49.4       ,    49.5       ,    49.5    
+tweak_check_batch_verify_5         ,    47.9       ,    47.9       ,    47.9    
+tweak_check_batch_verify_7         ,    46.1       ,    46.1       ,    46.2    
+tweak_check_batch_verify_9         ,    45.2       ,    45.2       ,    45.4    
+tweak_check_batch_verify_11        ,    44.5       ,    44.6       ,    44.6    
+tweak_check_batch_verify_14        ,    43.9       ,    43.9       ,    43.9    
+tweak_check_batch_verify_17        ,    43.5       ,    43.5       ,    43.5    
+tweak_check_batch_verify_21        ,    43.1       ,    43.1       ,    43.1    
+tweak_check_batch_verify_26        ,    42.8       ,    42.8       ,    42.8    
+tweak_check_batch_verify_32        ,    42.5       ,    42.6       ,    42.6    
+tweak_check_batch_verify_39        ,    42.3       ,    42.4       ,    42.4    
+tweak_check_batch_verify_47        ,    42.2       ,    42.2       ,    42.2    
+tweak_check_batch_verify_57        ,    42.1       ,    42.2       ,    42.3    
+tweak_check_batch_verify_69        ,    42.0       ,    42.1       ,    42.1    
+tweak_check_batch_verify_83        ,    41.9       ,    41.9       ,    41.9    
+tweak_check_batch_verify_100       ,    41.8       ,    41.9       ,    41.9    
+tweak_check_batch_verify_121       ,    42.1       ,    42.1       ,    42.1    
+tweak_check_batch_verify_146       ,    42.0       ,    42.0       ,    42.0    
+tweak_check_batch_verify_176       ,    41.9       ,    41.9       ,    42.0    
+tweak_check_batch_verify_212       ,    41.8       ,    41.9       ,    41.9    
+tweak_check_batch_verify_255       ,    41.9       ,    41.9       ,    41.9    
+tweak_check_batch_verify_307       ,    41.8       ,    41.9       ,    41.9    
+tweak_check_batch_verify_369       ,    41.9       ,    42.0       ,    42.1    
+tweak_check_batch_verify_443       ,    41.9       ,    41.9       ,    41.9    
+tweak_check_batch_verify_532       ,    41.9       ,    41.9       ,    41.9    
+tweak_check_batch_verify_639       ,    41.9       ,    41.9       ,    42.0    
+tweak_check_batch_verify_767       ,    41.9       ,    41.9       ,    41.9    
+tweak_check_batch_verify_921       ,    41.9       ,    41.9       ,    41.9    
+tweak_check_batch_verify_1106      ,    41.9       ,    41.9       ,    41.9    
+tweak_check_batch_verify_1328      ,    41.9       ,    41.9       ,    42.0    
+tweak_check_batch_verify_1594      ,    41.9       ,    41.9       ,    42.0    
+tweak_check_batch_verify_1913      ,    41.9       ,    41.9       ,    41.9    
+tweak_check_batch_verify_2296      ,    41.9       ,    41.9       ,    41.9    
+tweak_check_batch_verify_2756      ,    41.8       ,    41.9       ,    41.9    
+tweak_check_batch_verify_3308      ,    41.9       ,    41.9       ,    42.0    
+tweak_check_batch_verify_3970      ,    41.9       ,    41.9       ,    41.9    
+tweak_check_batch_verify_4765      ,    41.8       ,    41.9       ,    41.9    
+tweak_check_batch_verify_5719      ,    41.9       ,    42.0       ,    42.1    
+tweak_check_batch_verify_6863      ,    42.0       ,    42.0       ,    42.0    
+tweak_check_batch_verify_8236      ,    42.0       ,    42.0       ,    42.0    
+tweak_check_batch_verify_9884      ,    41.9       ,    41.9       ,    42.0    
+tweak_check_batch_verify_11861     ,    41.9       ,    42.0       ,    42.1    
+tweak_check_batch_verify_14234     ,    41.9       ,    42.0       ,    42.0    
+tweak_check_batch_verify_17081     ,    41.8       ,    41.9       ,    41.9    
+tweak_check_batch_verify_20498     ,    41.8       ,    41.9       ,    41.9    
+tweak_check_batch_verify_24598     ,    41.8       ,    41.9       ,    41.9    
+tweak_check_batch_verify_29518     ,    41.9       ,    41.9       ,    41.9    
+tweak_check_batch_verify_35422     ,    41.9       ,    41.9       ,    41.9    
+tweak_check_batch_verify_42507     ,    41.8       ,    41.8       ,    41.9    
+tweak_check_batch_verify_51009     ,    41.9       ,    41.9       ,    41.9    
+tweak_check_batch_verify_61211     ,    41.8       ,    41.8       ,    41.8    
+tweak_check_batch_verify_73454     ,    41.8       ,    42.0       ,    42.2    
+tweak_check_batch_verify_88145     ,    41.9       ,    41.9       ,    41.9    
+tweak_check_batch_verify_105775    ,    41.8       ,    41.8       ,    41.8    
+tweak_check_batch_verify_126931    ,    41.8       ,    41.9       ,    41.9    
+tweak_check_batch_verify_152318    ,    41.8       ,    41.9       ,    42.0    
+tweak_check_batch_verify_182782    ,    41.9       ,    41.9       ,    41.9    
+tweak_check_batch_verify_219339    ,    41.9       ,    42.0       ,    42.0    
+tweak_check_batch_verify_263207    ,    41.9       ,    42.0       ,    42.1    
+tweak_check_batch_verify_315849    ,    41.9       ,    41.9       ,    41.9    
+tweak_check_batch_verify_379019    ,    41.9       ,    41.9       ,    42.0    
+tweak_check_batch_verify_454823    ,    41.9       ,    41.9       ,    41.9