bitcoin/bips
1
0
Fork 0
mirror of https://github.com/bitcoin/bips.git synced 2026-01-12 14:58:52 +00:00
Code Issues Releases Wiki Activity

BIP-327: correct DeterministicSign pubnonce and key length (#2071)

Browse Source 
Co-authored-by: lisenokdonbassenok <lisdonbassa@gmail.com>
This commit is contained in:
Tim Ruffing 2026-01-05 19:23:11 +01:00 committed by GitHub
parent fc00f51c22
commit e2f9fe0c04
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bip-0327.mediawiki
View File

@ -606,7 +606,7 @@ Algorithm ''DeterministicSign(sk, aggothernonce, pk<sub>1..u</sub>, tweak<sub>1.
** The secret signing key ''sk'': a 32-byte array
** The aggregate public nonce ''aggothernonce'' (see [[#modifications-to-nonce-generation|above]]): a 66-byte array
** The number ''u'' of individual public keys with ''0 < u < 2^32''
** The individual public keys ''pk<sub>1..u</sub>'': ''u'' 32-byte arrays
** The individual public keys ''pk<sub>1..u</sub>'': ''u'' 33-byte arrays
** The number ''v'' of tweaks with ''0 &le; v < 2^32''
** The tweaks ''tweak<sub>1..v</sub>'': ''v'' 32-byte arrays
** The tweak methods ''is_xonly_t<sub>1..v</sub>'': ''v'' booleans
@ -623,7 +623,7 @@ Algorithm ''DeterministicSign(sk, aggothernonce, pk<sub>1..u</sub>, tweak<sub>1.
* Let ''k<sub>i</sub> = int(hash<sub>MuSig/deterministic/nonce</sub>(sk' || aggothernonce || aggpk || bytes(8, len(m)) || m || bytes(1, i - 1))) mod n'' for ''i = 1,2''
* Fail if ''k<sub>1</sub> = 0'' or ''k<sub>2</sub> = 0''
* Let ''R<sub>,1</sub> = k<sub>1</sub>⋅G, R<sub>,2</sub> = k<sub>2</sub>⋅G''
* Let ''pubnonce = cbytes(R<sub>,2</sub>) || cbytes(R<sub>,2</sub>)''
* Let ''pubnonce = cbytes(R<sub>,1</sub>) || cbytes(R<sub>,2</sub>)''
* Let ''d = int(sk)''
* Fail if ''d = 0'' or ''d &ge; n''
* Let ''pk = cbytes(d⋅G)''
@ -782,6 +782,8 @@ An exception to this rule is <code>MAJOR</code> version zero (0.y.z) which is fo
The <code>MINOR</code> version is incremented whenever the inputs or the output of an algorithm changes in a backward-compatible way or new backward-compatible functionality is added.
The <code>PATCH</code> version is incremented for other changes that are noteworthy (bug fixes, test vectors, important clarifications, etc.).
* '''1.0.3''' (2026-01-05):
** Fix minor bugs in the specification of ''DeterministicSign''.
* '''1.0.2''' (2024-07-22):
** Fix minor bug in the specification of ''DeterministicSign'' and add small improvement to a ''PartialSigAgg'' test vector.
* '''1.0.1''' (2024-05-14):