UltrafastSecp256k1

History

Vano Chkheidze 28a40d0a37 feat: v3.16.0 -- BIP-340 strict, OpenSSF hardening, FROST RFC 9591, audit infrastructure (#77 ) * feat: v3.16.0 -- BIP-340 strict parsing, CT erasure, local Docker CI Security: - BIP-340 strict parsing: Scalar::parse_bytes_strict, FieldElement::parse_bytes_strict, SchnorrSignature::parse_strict - CT buffer erasure via volatile function-pointer trick in schnorr_sign/ecdsa_sign - lift_x deduplication, Y-parity fix (limbs()[0] & 1), pragma balance fix - C ABI functions now use strict parsing internally Audit: - ct_sidechannel_smoke marked advisory (timing flakes on shared CI runners) - carry_propagation test: cross-validation (generator vs generic path) + hex diagnostics for ARM64 - 31-test BIP-340 strict suite (test_bip340_strict.cpp) Local CI (Docker): - docker-compose.ci.yml: single-command orchestration for 14 CI jobs - pre-push target: warnings + tests + ASan + audit in ~5 min - audit job mirrors audit-report.yml (GCC-13 + Clang-17) - ccache volume for fast rebuilds - scripts/hooks/pre-push + scripts/pre-push-ci.ps1 Docs: - COMPATIBILITY.md, BINDINGS_ERROR_MODEL.md updates - SECURITY.md: library-side erasure, planned items checklist, API stability refs - UFSECP_BITCOIN_STRICT CMake option - packaging.yml release workflow race fix Tests: 26/26 pass locally (0 failures) * feat: ARM64 native dudect CI + ct-verif LLVM pass CI, docs update CI: - ct-arm64.yml: native Apple Silicon (M1) dudect -- smoke per-PR, full nightly - ct-verif.yml: compile-time CT verification via LLVM pass (deterministic) Docs: - SECURITY.md: mark ARM64 dudect + ct-verif as done, update version table - CT_VERIFICATION.md: update known limitations, planned improvements, v3.16.0 - CHANGELOG.md: add CT Verification CI section - README.md: add CT ARM64 + CT-Verif badges * audit: MuSig2/FROST dudect, Valgrind CT CI, SARIF output, perf regression gate - test_ct_sidechannel.cpp: add group [9] MuSig2/FROST protocol timing tests (musig2_partial_sign, frost_sign, frost_lagrange_coefficient) - unified_audit_runner.cpp: add write_sarif_report() + --sarif CLI flag for GitHub Code Scanning integration (SARIF v2.1.0) - valgrind-ct.yml: new CI workflow wrapping scripts/valgrind_ct_check.sh (nightly + on push to main/dev) - bench-regression.yml: per-commit benchmark regression gate (120% threshold, fail-on-alert: true) - audit-report.yml: add --sarif flag + SARIF upload step for linux-gcc job, security-events:write permission - SECURITY.md: check off Valgrind CT, MuSig2/FROST dudect, SARIF, perf gate - CHANGELOG.md: document all new items under v3.16.0 - README.md: add Valgrind CT + Perf Gate workflow badges - CT_VERIFICATION.md: check off dudect expansion + Valgrind CT taint * v3.16.1: OpenSSF Scorecard hardening, FROST RFC 9591 tests, audit progress bar, community files OpenSSF Scorecard (7.3 -> 9+ target): - Pin all GitHub Actions to full SHA (codeql-action v4.32.4, upload-artifact v6.0.0) - Add harden-runner to discord-commits, packaging RPM jobs - Add persist-credentials: false to all checkout steps with write permissions - Standardize action versions across 13 workflow files FROST RFC 9591 Protocol Invariant Tests: - test_rfc9591_invariants: 7 invariants (verification share, Lagrange interpolation, Feldman VSS, partial sig linearity, partial sig verification, wrong share rejection, nonce commitment consistency) - test_rfc9591_3of5: exhaustive 3-of-5 signing over all C(5,3)=10 subsets Audit Sub-test Progress Visibility: - New audit_check.hpp: centralized CHECK macro with 20-char ASCII progress bar - Migrated all 22 audit .cpp files to use shared CHECK macro - Windows-safe unbuffered stdout (setvbuf _IONBF) New Audit Modules: - test_musig2_bip327_vectors.cpp: 35 BIP-327 reference tests - test_ffi_round_trip.cpp: 103 FFI boundary tests - test_fiat_crypto_vectors.cpp: expanded to 752 checks Community Files: - ADOPTERS.md with production/development/hobby categories - 4 GitHub Discussion templates (Q&A, Show-and-Tell, Ideas, Integration Help) Build: 24/26 CTest pass (2 ct_sidechannel = known Windows timing noise) Audit: 48/49 AUDIT-READY (1 advisory dudect smoke) * fix: valgrind_ct_check.sh binary path (audit/ not cpu/), update CHANGELOG for v3.16.0 * fix: valgrind_ct_check.sh grep -c double-zero bug (0\\n0 integer parse failure) grep -c prints '0' on no match but exits 1. The \|\| echo '0' fallback appended a second '0', producing '0\n0' which broke bash [[ -eq 0 ]] comparisons. Changed to \|\| true with default.	2026-03-01 17:09:31 +04:00
..
pre-push	feat: v3.16.0 -- BIP-340 strict, OpenSSF hardening, FROST RFC 9591, audit infrastructure (#77 )	2026-03-01 17:09:31 +04:00

feat: v3.16.0 -- BIP-340 strict, OpenSSF hardening, FROST RFC 9591, audit infrastructure (#77 )

* feat: v3.16.0 -- BIP-340 strict parsing, CT erasure, local Docker CI

Security:
- BIP-340 strict parsing: Scalar::parse_bytes_strict, FieldElement::parse_bytes_strict, SchnorrSignature::parse_strict
- CT buffer erasure via volatile function-pointer trick in schnorr_sign/ecdsa_sign
- lift_x deduplication, Y-parity fix (limbs()[0] & 1), pragma balance fix
- C ABI functions now use strict parsing internally

Audit:
- ct_sidechannel_smoke marked advisory (timing flakes on shared CI runners)
- carry_propagation test: cross-validation (generator vs generic path) + hex diagnostics for ARM64
- 31-test BIP-340 strict suite (test_bip340_strict.cpp)

Local CI (Docker):
- docker-compose.ci.yml: single-command orchestration for 14 CI jobs
- pre-push target: warnings + tests + ASan + audit in ~5 min
- audit job mirrors audit-report.yml (GCC-13 + Clang-17)
- ccache volume for fast rebuilds
- scripts/hooks/pre-push + scripts/pre-push-ci.ps1

Docs:
- COMPATIBILITY.md, BINDINGS_ERROR_MODEL.md updates
- SECURITY.md: library-side erasure, planned items checklist, API stability refs
- UFSECP_BITCOIN_STRICT CMake option
- packaging.yml release workflow race fix

Tests: 26/26 pass locally (0 failures)

* feat: ARM64 native dudect CI + ct-verif LLVM pass CI, docs update

CI:
- ct-arm64.yml: native Apple Silicon (M1) dudect -- smoke per-PR, full nightly
- ct-verif.yml: compile-time CT verification via LLVM pass (deterministic)

Docs:
- SECURITY.md: mark ARM64 dudect + ct-verif as done, update version table
- CT_VERIFICATION.md: update known limitations, planned improvements, v3.16.0
- CHANGELOG.md: add CT Verification CI section
- README.md: add CT ARM64 + CT-Verif badges

* audit: MuSig2/FROST dudect, Valgrind CT CI, SARIF output, perf regression gate

- test_ct_sidechannel.cpp: add group [9] MuSig2/FROST protocol timing
  tests (musig2_partial_sign, frost_sign, frost_lagrange_coefficient)
- unified_audit_runner.cpp: add write_sarif_report() + --sarif CLI flag
  for GitHub Code Scanning integration (SARIF v2.1.0)
- valgrind-ct.yml: new CI workflow wrapping scripts/valgrind_ct_check.sh
  (nightly + on push to main/dev)
- bench-regression.yml: per-commit benchmark regression gate (120% threshold,
  fail-on-alert: true)
- audit-report.yml: add --sarif flag + SARIF upload step for linux-gcc job,
  security-events:write permission
- SECURITY.md: check off Valgrind CT, MuSig2/FROST dudect, SARIF, perf gate
- CHANGELOG.md: document all new items under v3.16.0
- README.md: add Valgrind CT + Perf Gate workflow badges
- CT_VERIFICATION.md: check off dudect expansion + Valgrind CT taint

* v3.16.1: OpenSSF Scorecard hardening, FROST RFC 9591 tests, audit progress bar, community files

OpenSSF Scorecard (7.3 -> 9+ target):
- Pin all GitHub Actions to full SHA (codeql-action v4.32.4, upload-artifact v6.0.0)
- Add harden-runner to discord-commits, packaging RPM jobs
- Add persist-credentials: false to all checkout steps with write permissions
- Standardize action versions across 13 workflow files

FROST RFC 9591 Protocol Invariant Tests:
- test_rfc9591_invariants: 7 invariants (verification share, Lagrange interpolation,
  Feldman VSS, partial sig linearity, partial sig verification, wrong share rejection,
  nonce commitment consistency)
- test_rfc9591_3of5: exhaustive 3-of-5 signing over all C(5,3)=10 subsets

Audit Sub-test Progress Visibility:
- New audit_check.hpp: centralized CHECK macro with 20-char ASCII progress bar
- Migrated all 22 audit .cpp files to use shared CHECK macro
- Windows-safe unbuffered stdout (setvbuf _IONBF)

New Audit Modules:
- test_musig2_bip327_vectors.cpp: 35 BIP-327 reference tests
- test_ffi_round_trip.cpp: 103 FFI boundary tests
- test_fiat_crypto_vectors.cpp: expanded to 752 checks

Community Files:
- ADOPTERS.md with production/development/hobby categories
- 4 GitHub Discussion templates (Q&A, Show-and-Tell, Ideas, Integration Help)

Build: 24/26 CTest pass (2 ct_sidechannel = known Windows timing noise)
Audit: 48/49 AUDIT-READY (1 advisory dudect smoke)

* fix: valgrind_ct_check.sh binary path (audit/ not cpu/), update CHANGELOG for v3.16.0

* fix: valgrind_ct_check.sh grep -c double-zero bug (0\\n0 integer parse failure)

grep -c prints '0' on no match but exits 1. The || echo '0' fallback
appended a second '0', producing '0\n0' which broke bash [[ -eq 0 ]]
comparisons. Changed to || true with  default.

2026-03-01 17:09:31 +04:00

pre-push

feat: v3.16.0 -- BIP-340 strict, OpenSSF hardening, FROST RFC 9591, audit infrastructure (#77 )

2026-03-01 17:09:31 +04:00