Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Notice of copyright infringement #316

Open
gmaxwell opened this issue Mar 28, 2017 · 3 comments
Open

Notice of copyright infringement #316

gmaxwell opened this issue Mar 28, 2017 · 3 comments

Comments

@gmaxwell
Copy link

https://github.com/jl777/SuperNET/blob/master/iguana/iguana_secp.c

And many other files contain large amounts of code copied directly from the Bitcoin project, libsecp256k1 and other places where I am a copyright holder. In all these cases this was performed in violation of the very permissive software license: stripping off all attribution and copyright notices.

Please remedy this.

Thanks.

@jl777
Copy link
Owner

jl777 commented Mar 29, 2017

The libsecp256k1 library was included at the source level and their copyright notices are intact. the file iguana_secp.c is calling the licsecp256k1 functions and I wrote them, so I did not think that it made sense to add the copyright notice of the functions it was calling.

can you please point out the specific code in iguana_secp.c that you feel is infringing your copyright? I assure you that any file that is externally created retains its copyright notices, unless there was an oversight made. I just dont see any such in iguana_secp.c

Please tell me what code inside iguana_secp.c that you wrote. If I overlooked any or included more than fair use principles allow, I will immediately correct this.

@gmaxwell
Copy link
Author

uh. Come on, almost the entire file is copied, you even copied the comments verbatim -- https://github.com/jl777/SuperNET/blob/master/iguana/iguana_secp.c#L455

@jl777
Copy link
Owner

jl777 commented Mar 29, 2017

You mean the single test function that is #ifdef disabled?

/*

  • The intended procedure for creating a multiparty signature is:
    • Each signer S[i] with private key x[i] and public key Q[i] runs
  • secp256k1_schnorr_generate_nonce_pair to produce a pair (k[i],R[i]) of private/public nonces.
    • All signers communicate their public nonces to each other (revealing your
  • private nonce can lead to discovery of your private key, so it should be considered secret).
    • All signers combine all the public nonces they received (excluding their
  • own) using secp256k1_ec_pubkey_combine to obtain an Rall[i] = sum(R[0..i-1,i+1..n]).
    • All signers produce a partial signature using
  • secp256k1_schnorr_partial_sign, passing in their own private key x[i],
  • their own private nonce k[i], and the sum of the others' public nonces Rall[i].
    • All signers communicate their partial signatures to each other.
    • Someone combines all partial signatures using secp256k1_schnorr_partial_combine, to obtain a full signature.
    • The resulting signature is validatable using secp256k1_schnorr_verify, with
  • public key equal to the result of secp256k1_ec_pubkey_combine of the signers' public keys (sum(Q[0..n])).
  • Note that secp256k1_schnorr_partial_combine and secp256k1_ec_pubkey_combine
  • function take their arguments in any order, and it is possible to
  • pre-combine several inputs already with one call, and add more inputs later
  • by calling the function again (they are commutative and associative).
    */

#ifdef test_schnorr
#include "secp256k1/src/util.h"
#include "secp256k1/src/hash_impl.h"
#include "secp256k1/src/testrand_impl.h"

void test_schnorr_threshold(void ctx) {
unsigned char msg[32];
unsigned char sec[5][32];
secp256k1_pubkey pub[5];
unsigned char nonce[5][32];
secp256k1_pubkey pubnonce[5];
unsigned char sig[5][64];
const unsigned char
sigs[5];
unsigned char allsig[64];
const secp256k1_pubkey* pubs[5];
secp256k1_pubkey allpub;
int n, i;
int damage;
int ret = 0;

damage = secp256k1_rand_bits(1) ? (1 + secp256k1_rand_int(4)) : 0;
secp256k1_rand256_test(msg);
n = 2 + secp256k1_rand_int(4);
for (i = 0; i < n; i++) {
    do {
        secp256k1_rand256_test(sec[i]);
    } while (!secp256k1_ec_seckey_verify(ctx, sec[i]));
    CHECK(secp256k1_ec_pubkey_create(ctx, &pub[i], sec[i]));
    CHECK(secp256k1_schnorr_generate_nonce_pair(ctx, &pubnonce[i], nonce[i], msg, sec[i], NULL, NULL));
    pubs[i] = &pub[i];
}
if (damage == 1) {
    nonce[secp256k1_rand_int(n)][secp256k1_rand_int(32)] ^= 1 + secp256k1_rand_int(255);
} else if (damage == 2) {
    sec[secp256k1_rand_int(n)][secp256k1_rand_int(32)] ^= 1 + secp256k1_rand_int(255);
}
for (i = 0; i < n; i++) {
    secp256k1_pubkey allpubnonce;
    const secp256k1_pubkey *pubnonces[4];
    int j;
    for (j = 0; j < i; j++) {
        pubnonces[j] = &pubnonce[j];
    }
    for (j = i + 1; j < n; j++) {
        pubnonces[j - 1] = &pubnonce[j];
    }
    CHECK(secp256k1_ec_pubkey_combine(ctx, &allpubnonce, pubnonces, n - 1));
    ret |= (secp256k1_schnorr_partial_sign(ctx, sig[i], msg, sec[i], &allpubnonce, nonce[i]) != 1) * 1;
    sigs[i] = sig[i];
}
if (damage == 3) {
    sig[secp256k1_rand_int(n)][secp256k1_rand_bits(6)] ^= 1 + secp256k1_rand_int(255);
}
ret |= (secp256k1_ec_pubkey_combine(ctx, &allpub, pubs, n) != 1) * 2;
if ((ret & 1) == 0) {
    ret |= (secp256k1_schnorr_partial_combine(ctx, allsig, sigs, n) != 1) * 4;
}
if (damage == 4) {
    allsig[secp256k1_rand_int(32)] ^= 1 + secp256k1_rand_int(255);
}
if ((ret & 7) == 0) {
    ret |= (secp256k1_schnorr_verify(ctx, allsig, msg, &allpub) != 1) * 8;
}
CHECK((ret == 0) == (damage == 0));

}
#endif

I have removed this from the source tree (dev branch). Thank you for finding this single function that was still there and not deleted in a file without the libsecp copyright notice. Let me know if you find any other functions you wrote in my files.

I have no idea what you mean by saying almost the entire file is copied. Are you seriously claiming that you have copyright for functions like: bits256 bitcoin_pubkey33(secp256k1_context *ctx,uint8_t *data,bits256 privkey)

it uses the bits256 data type that is something I made, so how can you claim that you wrote it? I dont remember if falsely accusing someone is slander or libel. 1 out of 24 functions in the file, and one that was ifdef'ed out does not equal "almost the entire file"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants