|
Title: How to build Libsecp256k1 when running Electrum from a cloned repository. Post by: Accardo on November 30, 2021, 10:54:42 AM Lib; is a library for cryptography on the secp256k1 made available for the public.
Electrum we know is a python program. They are different methods of running an electrum like TAR.gz which the installation code for electrum is made available on github to be. Code: sudo apt-get install python3-setuptools python3-pip This thread shows the implementation details of Libsecp256K1 (https://github.com/bitcoin-core/secp256k1) when running Electrum alternatively. Below is a script provided to build Libsecp256k1 Code: sudo apt-get install automake libtool How to Build Libsecp256k1 It's highly necessary to write your own code (optimized assembly) to improve the performance of your program. Using Gcc-03 Requirement = Autotool Code: $ ./autogen.sh Checking for Bugs Code: $ ./exhaustive_tests Memory debugging using Valgrind Code: $ valgrind --max-stackframe=2500000 ./exhaustive_tests CREATE A TEST COVERAGE USING GCC WITH Quote --enable-coverage Code: $ ./configure --enable-coverage Execute the test Code: $ make check Open a report using gcovr Code: $ gcovr --exclude 'src/bench*' --print-summary Open a HTML report with colored and annotated source code Code: $ mkdir -p coverage These codes were shared on github. I decided to share on this forum to reduce the hassle of looking for them on github. My source: https://github.com/spesmilo/electrum . The link above consists of the code required to run Electrum. Would appreciate if you contribute to this thread, I seek knowledge on this aswell. cheers. Title: Re: How to build Libsecp256k1 when running Electrum from a cloned repository. Post by: NotATether on November 30, 2021, 04:08:40 PM It's highly necessary to write your own code (optimized assembly) to improve the performance of your program. Using Gcc-03 Actually, this is something you do not want to do with any cryptography library or any other encryption library, because sometimes, -O3 introduces side-channel attacks that are difficult to find because they are not in the code. A classic example is removing no-op codes that don't appear to do anything, but stall execution so that someone can't hook up an oscilloscope to your computer to make a graph of the heat coming out of your processor (indicates when an operation is doing a slow operation instead of a fast one e.g. multiply instead of add). Since the encryption algorithms go through a lot of loops, the same procedure can be used to discover the computational operations done in each loop. It is better to not build with any optimization at all, and pass these flags to the build process: Code: CFLAGS="-fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2" Turns on ASLR (https://en.wikipedia.org/wiki/Address_space_layout_randomization) (Address Space Layout Randomization), and protects you from buffer overflows and stacks belonging to random functions from being overwritten by bad code. If you do want faster performance for these kind of programs then you must buy a faster processor, there's no way around it. Title: Re: How to build Libsecp256k1 when running Electrum from a cloned repository. Post by: Accardo on November 30, 2021, 05:31:53 PM It's highly necessary to write your own code (optimized assembly) to improve the performance of your program. Using Gcc-03 Actually, this is something you do not want to do with any cryptography library or any other encryption library, because sometimes, -O3 introduces side-channel attacks that are difficult to find because they are not in the code. A classic example is removing no-op codes that don't appear to do anything, but stall execution so that someone can't hook up an oscilloscope to your computer to make a graph of the heat coming out of your processor (indicates when an operation is doing a slow operation instead of a fast one e.g. multiply instead of add). Since the encryption algorithms go through a lot of loops, the same procedure can be used to discover the computational operations done in each loop. It is better to not build with any optimization at all, and pass these flags to the build process: Code: CFLAGS="-fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2" Turns on ASLR (https://en.wikipedia.org/wiki/Address_space_layout_randomization) (Address Space Layout Randomization), and protects you from buffer overflows and stacks belonging to random functions from being overwritten by bad code. If you do want faster performance for these kind of programs then you must buy a faster processor, there's no way around it. Thank you for schooling me about the implementation attack attached to using Gcc-03. Quote If you do want faster performance for these kind of programs then you must buy a faster processor, there's no way around it. Focusing on speed, the march option -march=cpu-type helps so much. For instance, -malign-double is compatible to *86-64. When a double variable is arranged with a two word boundaries the speed of the code sets to run faster on a Pentium and takes much memory. At the level of my understanding, Image affects the speed of a program using gcc. So, my question is, are you condemning gcc entirely on this kind of program or just for the side channel attack disadvantage that it comes with? Title: Re: How to build Libsecp256k1 when running Electrum from a cloned repository. Post by: NotATether on December 01, 2021, 02:08:26 PM Focusing on speed, the march option -march=cpu-type helps so much. For instance, -malign-double is compatible to *86-64. When a double variable is arranged with a two word boundaries the speed of the code sets to run faster on a Pentium and takes much memory. When I'm just building software just for a local machine, passing -march=native and -mtune=native is an easy way to turn on maximum CPU arch optimization without having to research the specifics of the CPU model I'm compiling on. At the level of my understanding, Image affects the speed of a program using gcc. So, my question is, are you condemning gcc entirely on this kind of program or just for the side channel attack disadvantage that it comes with? GCC without any optimization options is suitable for cryptographic and programs with sensitive consensus rules such as Bitcoin Core because then the binary output corresponds to the code (which can easily be audited by security professionals) and it is the way that libsecp256k1 is compiled for distributions as far as I know. |