3d08027789 ci: enable silentpayments module
85946762a5 tests: add BIP-352 test vectors
bf349c2a08 silentpayments: add examples/silentpayments.c
9a7106e19c silentpayments: add recipient light client support
f113564298 silentpayments: add recipient scanning routine
4fb8716f4f silentpayments: add opaque data type `public_data`
987d829e8f silentpayments: add recipient label support
14ca754578 silentpayments: add sender routine
9b965927da silentpayments: implement output pubkey creation
a0fcc2c780 silentpayments: implement shared secret creation
13f203dacd silentpayments: add sortable recipient struct
a9326bdd7a doc: add module description for silentpayments
15d3e71cc1 build: add skeleton for new silentpayments (BIP352) module
cc7d18a8a8 extrakeys: add secp256k1_pubkey_sort

git-subtree-dir: src/secp256k1
git-subtree-split: 3d080277895655e8274ee73aacd154c4ead143e3

…secp256k1

0270b14309 labels: actually set the label

git-subtree-dir: src/secp256k1
git-subtree-split: 0270b1430981584582645161a04a4df67cd187bb

…secp256k1

92f592023f ci: enable silentpayments module
8ddc4574c9 tests: add BIP-352 test vectors
8315abd830 silentpayments: add benchmark for `scan_outputs`
f3a9516ec8 silentpayments: add examples/silentpayments.c
7e11e7613b silentpayments: add recipient light client support
3321771b0e silentpayments: add recipient scanning routine
766567f099 silentpayments: add opaque data type `public_data`
8d0bb06ce7 silentpayments: add recipient label support
9c9bd057bc silentpayments: add sender routine
036e688fd0 silentpayments: implement output pubkey creation
1ffee123d6 silentpayments: implement shared secret creation
7a5683260c silentpayments: add sortable recipient struct
a8d6f4b8e1 doc: add module description for silentpayments
1121a4d376 build: add skeleton for new silentpayments (BIP352) module
7d2591ce12 Add secp256k1_pubkey_sort
da515074e3 Merge bitcoin-core/secp256k1#1058: Signed-digit multi-comb ecmult_gen algorithm
4c341f89ab Add changelog entry for SDMC
a043940253 Permit COMB_BITS < 256 for exhaustive tests
39b2f2a321 Add test case for ecmult_gen recoded = {-1,0,1}
644e86de9a Reintroduce projective blinding
07810d9abb Reduce side channels from single-bit reads
a0d32b597d Optimization: use Nx32 representation for recoded bits
e03dcc44b5 Make secp256k1_scalar_get_bits support 32-bit reads
5005abee60 Rename scalar_get_bits -> scalar_get_bits_limb32; return uint32_t
6247f485b6 Optimization: avoid unnecessary doublings in precomputation
15d0cca2a6 Optimization: first table lookup needs no point addition
7a33db35cd Optimization: move (2^COMB_BITS-1)/2 term into ctx->scalar_offset
ed2a056f3d Provide 3 configurations accessible through ./configure
5f7be9f6a5 Always generate tables for current (blocks,teeth) config
fde1dfcd8d Signed-digit multi-comb ecmult_gen algorithm
486518b350 Make exhaustive tests's scalar_inverse(&x,&x) work
ab45c3e089 Initial gej blinding -> final ge blinding
aa00a6b892 Introduce CEIL_DIV macro and use it
REVERT: 0270b14309 labels: actually set the label
REVERT: 3d08027789 ci: enable silentpayments module
REVERT: 85946762a5 tests: add BIP-352 test vectors
REVERT: bf349c2a08 silentpayments: add examples/silentpayments.c
REVERT: 9a7106e19c silentpayments: add recipient light client support
REVERT: f113564298 silentpayments: add recipient scanning routine
REVERT: 4fb8716f4f silentpayments: add opaque data type `public_data`
REVERT: 987d829e8f silentpayments: add recipient label support
REVERT: 14ca754578 silentpayments: add sender routine
REVERT: 9b965927da silentpayments: implement output pubkey creation
REVERT: a0fcc2c780 silentpayments: implement shared secret creation
REVERT: 13f203dacd silentpayments: add sortable recipient struct
REVERT: a9326bdd7a doc: add module description for silentpayments
REVERT: 15d3e71cc1 build: add skeleton for new silentpayments (BIP352) module
REVERT: cc7d18a8a8 extrakeys: add secp256k1_pubkey_sort

git-subtree-dir: src/secp256k1
git-subtree-split: 92f592023f3f4d6a66724772349fbdc4967ab50f

…secp256k1

Bech32(m) was defined with a 90 character limit so that certain
guarantees for error detection could be made for segwit addresses.
However, there is nothing about the encoding scheme itself that requires
a limit and in practice bech32(m) has been used without the 90 char
limit (e.g. lightning invoices).

Further, increasing the character limit doesn't do away with error
detection, it simply lessons the guarantees.

Model charlimit as an Enum, so that if a different address scheme is
using bech32(m), the character limit for that address scheme can be
used, rather than always using the 90 charlimit defined for segwit
addresses.

Wrap the silentpayments module from libsecp256k1. This is placed in
common as it is intended to be used by:

  * RPCs: for parsing addresses
  * Wallet: for sending, receiving, spending silent payment outputs
  * Node: for creating silent payment indexes for light clients

Have `IsValidDestination` return false for silent payment destinations
and set an error string when decoding a silent payment address.

This prevents anyone from sending to a silent payment address before
sending is implemented in the wallet, but also allows the functions to
be used in the unit testing famework.

Use the test vectors to test sending and receiving. A few cases are not
covered here, namely anything that requires testing specific to the
wallet. For example:

* Taproot script path spending is not tested, as that is better tested in
  a wallets coin selection / signing logic
* Re-computing outputs during RBF is not tested, as that is better
  tested in a wallets RBF logic

The unit tests are written in such a way that adding new test cases is
as easy as updating the JSON file