ellswift: fix probabilistic test failure when swapping sides #1378

pull jonasnick wants to merge 1 commits into bitcoin-core:master from jonasnick:fix-ellswift-test changing 1 files +3 −1
  1. jonasnick commented at 9:39 AM on July 17, 2023: contributor

    Reported by jonatack in https://github.com/bitcoin/bitcoin/issues/28079.

    When configured with --disable-module-ecdh --enable-module-recovery, then ./tests 64 81af32fd7ab8c9cbc2e62a689f642106 fails with

    src/modules/ellswift/tests_impl.h:396: test condition failed: secp256k1_memcmp_var(share32_bad, share32a, 32) != 0

    This tests verifies that changing the party bit of the secp256k1_ellswift_xdh function results in a different share. However, that's not the case when the secret keys of both parties are the same and this is actually what happens in the observed test failure. The keys can be equal in this test case because they are created by the random_scalar_order_test function whose output is not uniformly random (it's biased towards 0).

    This commit restores the assumption that the secret keys differ.

  2. ellswift: fix probabilistic test failure when swapping sides
    When configured with `--disable-module-ecdh --enable-module-recovery`, then
`./tests  64 81af32fd7ab8c9cbc2e62a689f642106` fails with
```
src/modules/ellswift/tests_impl.h:396: test condition failed: secp256k1_memcmp_var(share32_bad, share32a, 32) != 0
```

This tests verifies that changing the `party` bit of the
`secp256k1_ellswift_xdh` function results in a different share. However, that's
not the case when the secret keys of both parties are the same and this is
actually what happens in the observed test failure. The keys can be equal in
this test case because they are created by the `random_scalar_order_test`
function whose output is not uniformly random (it's biased towards 0).

This commit restores the assummption that the secret keys differ.
    c424e2fb43
  3. jonasnick force-pushed on Jul 17, 2023
  4. real-or-random approved
  5. real-or-random commented at 9:55 AM on July 17, 2023: contributor

    utACK c424e2fb43c8ed959b2af7b2216028ce2a023488

  6. real-or-random commented at 11:51 AM on July 17, 2023: contributor

    random_scalar_order_test function whose output is not uniformly random (it's biased towards 0).

    Or more precisely, the individual bytes are biased towards 0x00 but random_scalar_order_test will ensure that the scalar is not zero.

  7. sipa commented at 2:03 PM on July 17, 2023: contributor

    utACK c424e2fb43c8ed959b2af7b2216028ce2a023488

  8. real-or-random merged this on Jul 17, 2023
  9. real-or-random closed this on Jul 17, 2023
  10. real-or-random added the label refactor/smell on Jul 17, 2023
  11. real-or-random added the label assurance on Jul 17, 2023
  12. fanquake referenced this in commit 56c05c5ec4 on Jul 17, 2023
  13. fanquake referenced this in commit ff061fde18 on Jul 18, 2023
  14. fanquake referenced this in commit 84c5416b03 on Jul 19, 2023
  15. sidhujag referenced this in commit 381fa93615 on Jul 19, 2023
  16. hebasto referenced this in commit 270d2b37b8 on Jul 21, 2023
  17. delta1 referenced this in commit 3f32c20932 on Aug 8, 2023
  18. delta1 referenced this in commit 31ac0c1081 on Aug 31, 2023
  19. janus referenced this in commit 476a2176e7 on Sep 11, 2023
  20. div72 referenced this in commit af627d47c3 on Apr 12, 2025
  21. str4d referenced this in commit 3b49801869 on Jun 4, 2025
  22. DashCoreAutoGuix referenced this in commit fd7dd14700 on Jul 27, 2025
  23. DashCoreAutoGuix referenced this in commit c7ce9af801 on Aug 2, 2025
Contributors
jonasnickreal-or-randomsipa
Labels
assurancetweak/refactor
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-19 06:52 UTC