đź“… Original date posted:2015-08-18
đź“ť Original message:See responses inline.
On Tue, Aug 18, 2015 at 6:31 AM, Tamas Blummer <tamas at bitsofproof.com> wrote:
> Thanks a lot Cory for following through the test case and producing a patch.
>
> I confirm that libconsensus is now running stable within the Bits of Proof
> stack,
> in-line with test cases we use to verify the java implementation of the
> script engine,
> that are BTW borrowed from Bitcoin Core.
>
> The performance of libconsensus is surprisingly close to the java one.
> Validating a 2-of-2 a multi-sig transaction runs at 1021 ops/sec with java
> and 1135 ops/sec
> in libconsensus. This is on a 2.2GH i7 laptop (4 hyper threading cores used
> by 8 threads).
> Another nice demonstration why one should not trade in advances
> of languages for the last decades for a marginal gain of performance with
> C/C++,
> I assume thereby that Bouncy Castle’ EC lib s not superior to OpenSSL's.
A few points there. First, Core is switching to libsecp256k1 for
several reasons, and one of them is speed. I seem to recall it being
up to 8x faster than OpenSSL.
Also, it can depend heavily on compiler switches and optimization
levels. For example, In playing with my test-case for hitting the
OpenSSL race issue, I managed to get a ~100% speedup by simply using
-O3 and lto.
>
> I disagree that the problem was rare in the real-world, it should affect any
> modern
> implementation that validates transactions parallel in multiple threads.
>
Well I'd say you're a bit biased in this case ;)
It's only those using ancient (0.98 or 1.00) versions of OpenSSL who
are affected, or those with OPENSSL_BN_ASM_MONT support disabled or
missing. Note that official releases of libbitcoinconsensus are
compiled against a much newer version and shouldn't have any issues.
The earlier patches for locking callbacks should be unnecessary.
> Aborting also does not make the problem less severe in my opinion.
Well it's not a good thing by any means, but it's certainly better
than incorrect results! In any undefined/error condition for the
consensus library, aborting is the right thing to do. If we can't
explain how we've reached a certain "unreachable" condition as is the
case here, the only reasonable recourse is to shut down. Otherwise we
risk network forks, DOS, etc.
> Therefore hope the pull will be included into Core with next release.
>
It will likely be unnecessary for the next release, but I do think
it's worth backporting to the 0.10 and 0.9 series.
> I can’t assign a timeline to “near future" secp256k1 integration. Can you?
I believe the libsecp256k1 guys are generally happy with the lib these
days, but I'll avoid guessing at a timeline. We can discuss that on
the PR for this fix, which I'll do today.
Regards,
Cory
Cory Fields [ARCHIVE] /
npub19r…yj32s
2023-06-07 19:35:08
in reply to nevent1q…h6cx
Author Public Key
npub19r53ufymeycp9wzk3yzru55y5u46e4vva2lj7nak4zrn6yhrna7qsyj32sPublished at
2023-06-07 19:35:08Event JSON
{
"id": "8d434c643d3cf1849d45f2f63b70a4dab3e6727c425fc0daabfa88e2f76e06bf",
"pubkey": "28e91e249bc93012b85689043e5284a72bacd58ceabf2f4fb6a8873d12e39f7c",
"created_at": 1686159308,
"kind": 1,
"tags": [
[
"e",
"5e87c1c5b6b95d03c7c3f314616cbba90476f1e9f2b72c5259bffe6fc7f08cb9",
"",
"root"
],
[
"e",
"6e17b95b8c2d72ac21e9e630326ba9bf4e111e56b7e4bcb3b0ab6608f04f0191",
"",
"reply"
],
[
"p",
"c632841665fccdabf021322b1d969539c9c1f829ceed38844fea24e8512962d7"
]
],
"content": "📅 Original date posted:2015-08-18\n📝 Original message:See responses inline.\n\nOn Tue, Aug 18, 2015 at 6:31 AM, Tamas Blummer \u003ctamas at bitsofproof.com\u003e wrote:\n\u003e Thanks a lot Cory for following through the test case and producing a patch.\n\u003e\n\u003e I confirm that libconsensus is now running stable within the Bits of Proof\n\u003e stack,\n\u003e in-line with test cases we use to verify the java implementation of the\n\u003e script engine,\n\u003e that are BTW borrowed from Bitcoin Core.\n\u003e\n\u003e The performance of libconsensus is surprisingly close to the java one.\n\u003e Validating a 2-of-2 a multi-sig transaction runs at 1021 ops/sec with java\n\u003e and 1135 ops/sec\n\u003e in libconsensus. This is on a 2.2GH i7 laptop (4 hyper threading cores used\n\u003e by 8 threads).\n\u003e Another nice demonstration why one should not trade in advances\n\u003e of languages for the last decades for a marginal gain of performance with\n\u003e C/C++,\n\u003e I assume thereby that Bouncy Castle’ EC lib s not superior to OpenSSL's.\n\nA few points there. First, Core is switching to libsecp256k1 for\nseveral reasons, and one of them is speed. I seem to recall it being\nup to 8x faster than OpenSSL.\n\nAlso, it can depend heavily on compiler switches and optimization\nlevels. For example, In playing with my test-case for hitting the\nOpenSSL race issue, I managed to get a ~100% speedup by simply using\n-O3 and lto.\n\n\u003e\n\u003e I disagree that the problem was rare in the real-world, it should affect any\n\u003e modern\n\u003e implementation that validates transactions parallel in multiple threads.\n\u003e\n\nWell I'd say you're a bit biased in this case ;)\n\nIt's only those using ancient (0.98 or 1.00) versions of OpenSSL who\nare affected, or those with OPENSSL_BN_ASM_MONT support disabled or\nmissing. Note that official releases of libbitcoinconsensus are\ncompiled against a much newer version and shouldn't have any issues.\n\nThe earlier patches for locking callbacks should be unnecessary.\n\n\u003e Aborting also does not make the problem less severe in my opinion.\n\nWell it's not a good thing by any means, but it's certainly better\nthan incorrect results! In any undefined/error condition for the\nconsensus library, aborting is the right thing to do. If we can't\nexplain how we've reached a certain \"unreachable\" condition as is the\ncase here, the only reasonable recourse is to shut down. Otherwise we\nrisk network forks, DOS, etc.\n\n\u003e Therefore hope the pull will be included into Core with next release.\n\u003e\n\nIt will likely be unnecessary for the next release, but I do think\nit's worth backporting to the 0.10 and 0.9 series.\n\n\u003e I can’t assign a timeline to “near future\" secp256k1 integration. Can you?\n\nI believe the libsecp256k1 guys are generally happy with the lib these\ndays, but I'll avoid guessing at a timeline. We can discuss that on\nthe PR for this fix, which I'll do today.\n\nRegards,\nCory",
"sig": "dbca9cf14134fe40b2d7c7a7c73464038f116b3cfaa375d3db26339caeee677d246670407e1ded34a5f061c715f565d208a21b486da381aeda4113130e5bd8e0"
}