Minimize secp256k1 precomputed table

Makefile

@@ -54,7 +54,7 @@ build/dump_secp256k1_data_20210801: c/dump_secp256k1_data_20210801.c $(SECP256K1
 $(SECP256K1_SRC_20210801):
 	cd deps/secp256k1-20210801 && \
 		./autogen.sh && \
-		CC=$(CC) LD=$(LD) ./configure --with-bignum=no --enable-ecmult-static-precomputation --enable-endomorphism --enable-module-recovery --host=$(TARGET) && \
+		CC=$(CC) LD=$(LD) ./configure --enable-ecmult-static-precomputation --with-ecmult-window=6 --enable-module-recovery --host=$(TARGET) && \
 		make src/ecmult_static_pre_context.h src/ecmult_static_context.h
 
 $(LIBECC_OPTIMIZED_FILES): libecc

Makefile.clang

@@ -71,8 +71,8 @@ build/dump_secp256k1_data_20210801: c/dump_secp256k1_data_20210801.c $(SECP256K1
 $(SECP256K1_SRC_20210801):
 	cd deps/secp256k1-20210801 && \
 		./autogen.sh && \
-		CC=$(CC) LD=$(LD) ./configure --with-bignum=no --with-asm=no \
-			--enable-ecmult-static-precomputation --enable-endomorphism --enable-module-recovery \
+		CC=$(CC) LD=$(LD) ./configure --with-asm=no \
+			--enable-ecmult-static-precomputation --with-ecmult-window=6 --enable-module-recovery \
 		&& \
 		make src/ecmult_static_pre_context.h src/ecmult_static_context.h
 

c/auth.c

@@ -98,8 +98,7 @@ static int _recover_secp256k1_pubkey(const uint8_t *sig, size_t sig_len,
 
     /* Load signature */
     secp256k1_context context;
-    uint8_t secp_data[CKB_SECP256K1_DATA_SIZE];
-    ret = ckb_secp256k1_custom_verify_only_initialize(&context, secp_data);
+    ret = ckb_secp256k1_custom_verify_only_initialize(&context);
     if (ret != 0) {
         return ret;
     }
@@ -184,8 +183,7 @@ static int _recover_secp256k1_pubkey_btc(const uint8_t *sig, size_t sig_len,
     }
 
     secp256k1_context context;
-    uint8_t secp_data[CKB_SECP256K1_DATA_SIZE];
-    ret = ckb_secp256k1_custom_verify_only_initialize(&context, secp_data);
+    ret = ckb_secp256k1_custom_verify_only_initialize(&context);
     if (ret != 0) {
         return ret;
     }
@@ -363,8 +361,7 @@ int validate_signature_schnorr(uint8_t *prefilled_data, uint8_t algorithm_id,
         return ERROR_INVALID_ARG;
     }
     secp256k1_context ctx;
-    uint8_t secp_data[CKB_SECP256K1_DATA_SIZE];
-    err = ckb_secp256k1_custom_verify_only_initialize(&ctx, secp_data);
+    err = ckb_secp256k1_custom_verify_only_initialize(&ctx);
     if (err != 0) return err;
 
     secp256k1_xonly_pubkey pk;
@@ -1034,8 +1031,7 @@ int verify_multisig(uint8_t *prefilled_data, const uint8_t *lock_bytes,
     // contract, you don't have to wait for the foundation to ship a new
     // cryptographic algorithm. You can just build and ship your own.
     secp256k1_context context;
-    uint8_t secp_data[CKB_SECP256K1_DATA_SIZE];
-    ret = ckb_secp256k1_custom_verify_only_initialize(&context, secp_data);
+    ret = ckb_secp256k1_custom_verify_only_initialize(&context);
     if (ret != 0) return ret;
 
     // We will perform *threshold* number of signature verifications here.

c/dump_secp256k1_data_20210801.c

@@ -1,5 +1,4 @@
 #include <stdio.h>
-
 #include "blake2b.h"
 
 /*
@@ -36,22 +35,23 @@ int main(int argc, char* argv[]) {
     fprintf(fp, "#define CKB_SECP256K1_DATA_PRE_SIZE %ld\n", pre_size);
     fprintf(fp, "#define CKB_SECP256K1_DATA_PRE128_SIZE %ld\n", pre128_size);
 
-    blake2b_state blake2b_ctx;
-    uint8_t hash[32];
-    blake2b_init(&blake2b_ctx, 32);
-    blake2b_update(&blake2b_ctx, secp256k1_ecmult_static_pre_context, pre_size);
-    blake2b_update(&blake2b_ctx, secp256k1_ecmult_static_pre128_context,
-                   pre128_size);
-    blake2b_final(&blake2b_ctx, hash, 32);
-
-    fprintf(fp, "static uint8_t ckb_secp256k1_data_hash[32] = {\n  ");
-    for (int i = 0; i < 32; i++) {
-        fprintf(fp, "%u", hash[i]);
-        if (i != 31) {
+    fprintf(fp, "static uint8_t ckb_secp256k1_data[] = {\n  ");
+    unsigned char* p = (unsigned char*)secp256k1_ecmult_static_pre_context;
+    for (int i = 0; i < pre_size; i++) {
+        fprintf(fp, "0x%02x", p[i]);
+        fprintf(fp, ", ");
+    }
+    fprintf(fp, "\n");
+    p = (unsigned char*)secp256k1_ecmult_static_pre128_context;
+    for (int i = 0; i < pre128_size; i++) {
+        fprintf(fp, "0x%02x", p[i]);
+        if (i != (pre128_size - 1)) {
             fprintf(fp, ", ");
         }
     }
+
     fprintf(fp, "\n};\n");
+
     fprintf(fp, "#endif\n");
     fclose(fp);
 

c/ripple.h

@@ -223,9 +223,8 @@ int verify_ripple(RippleSignatureData *data) {
         mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
     CHECK(mbedtls_md(md_info, data->sign_msg, data->sign_msg_len, msg_hash));
 
-    uint8_t secp256k1_ctx_buf[CKB_SECP256K1_DATA_SIZE];
     secp256k1_context ctx;
-    ckb_secp256k1_custom_verify_only_initialize(&ctx, secp256k1_ctx_buf);
+    ckb_secp256k1_custom_verify_only_initialize(&ctx);
 
     secp256k1_pubkey pubkey;
     secp256k1_ecdsa_signature sig;
@@ -258,4 +257,4 @@ int get_ripple_pubkey_hash(const uint8_t *pubkey, uint8_t *output) {
     return err;
 }
 
-#endif  // _CKB_AUTH_C_RIPPLE_H_
+#endif  // _CKB_AUTH_C_RIPPLE_H_

c/secp256k1_helper_20210801.h

@@ -33,51 +33,15 @@ void secp256k1_default_error_callback_fn(const char* str, void* data) {
  * data should at least be CKB_SECP256K1_DATA_SIZE big
  * so as to hold all loaded data.
  */
-int ckb_secp256k1_custom_verify_only_initialize(secp256k1_context* context,
-                                                void* data) {
-    size_t index = 0;
-    int running = 1;
-    while (running && index < SIZE_MAX) {
-        uint64_t len = 32;
-        uint8_t hash[32];
-
-        int ret =
-            ckb_load_cell_by_field(hash, &len, 0, index, CKB_SOURCE_CELL_DEP,
-                                   CKB_CELL_FIELD_DATA_HASH);
-        switch (ret) {
-            case CKB_ITEM_MISSING:
-                break;
-            case CKB_SUCCESS:
-                if (memcmp(ckb_secp256k1_data_hash, hash, 32) == 0) {
-                    /* Found a match, load data here */
-                    len = CKB_SECP256K1_DATA_SIZE;
-                    ret = ckb_load_cell_data(data, &len, 0, index,
-                                             CKB_SOURCE_CELL_DEP);
-                    if (ret != CKB_SUCCESS || len != CKB_SECP256K1_DATA_SIZE) {
-                        return CKB_SECP256K1_HELPER_ERROR_LOADING_DATA;
-                    }
-                    running = 0;
-                }
-                break;
-            default:
-                return CKB_SECP256K1_HELPER_ERROR_LOADING_DATA;
-        }
-        if (running) {
-            index++;
-        }
-    }
-    if (index == SIZE_MAX) {
-        return CKB_SECP256K1_HELPER_ERROR_LOADING_DATA;
-    }
-
+int ckb_secp256k1_custom_verify_only_initialize(secp256k1_context* context) {
     context->illegal_callback = default_illegal_callback;
     context->error_callback = default_error_callback;
 
     secp256k1_ecmult_context_init(&context->ecmult_ctx);
     secp256k1_ecmult_gen_context_init(&context->ecmult_gen_ctx);
 
     /* Recasting data to (uint8_t*) for pointer math */
-    uint8_t* p = data;
+    uint8_t* p = ckb_secp256k1_data;
     secp256k1_ge_storage(*pre_g)[] = (secp256k1_ge_storage(*)[])p;
     secp256k1_ge_storage(*pre_g_128)[] =
         (secp256k1_ge_storage(*)[])(&p[CKB_SECP256K1_DATA_PRE_SIZE]);