See https://github.com/bitcoin/bips/commits/master/bip-0340 for a list
of contributors. I have obtained permission to do this change from all
contributors in private. Nevertheless, it would be good to get an ACK
from every contributor in order to have publicly available evidence.
- [ ] @sipa
- [ ] @jonasnick
- [ ] @theStack
- [ ] @ysangkok
I haven't contacted @Sajjon and @satsie, whose contributions constitute
of fixing not more than two typos and are thus below the threshold of
originality required for copyright to be applicable.
Although the variant "implementor" predominated for much of the late 20th
century, today "implementer" is considered standard, and the former spelling
triggers the typos spelling checker.
In order for this section to fully be grasped by readers, minor grammatical errors need to be fixed, especially when explaining the "Nonce exfiltration protection"
bip-0340.mediawiki defines lift_x as taking an integer argument. This commit
changes the argument of lift_x in the reference code to be identical to the
specification. Previously it took a byte array.
Without this commit, it's not defined what happens if x is not in range 0..p-1.
However, lift_x may easily be called with out of range values. The reference
implementation of lift_x correctly returns failure in such cases.
This avoids having to update the BIP with a fresh graph every time there's a
change to libsecp and suggests that the expected speedup depends on the specific
implementation.
- key prefixing means prefixing the message
- array indexing starts with 0
- 'Gennaro' is spelled with two n's
- has_even_y definition takes P as argument
Thanks to Alan Szepieniec for pointing out these issues.
* Recommend a byte length for aux random data
* Clarify that with signature verification by default at the end of the signing algorithm, using public keys from untrusted sources is not an issue.
* A few editorial nits
