secp256k1-zkp/include/secp256k1_ecdsa_adaptor.h

#ifndef SECP256K1_ECDSA_ADAPTOR_H
#define SECP256K1_ECDSA_ADAPTOR_H

#ifdef __cplusplus
extern "C" {
#endif

/** This module implements single signer ECDSA adaptor signatures following
 *  "One-Time Verifiably Encrypted Signatures A.K.A. Adaptor Signatures" by
 *  Lloyd Fournier
 *  (https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-November/002316.html
 *  and https://github.com/LLFourn/one-time-VES/blob/master/main.pdf).
*/

/** A pointer to a function to deterministically generate a nonce.
 *
 *  Same as secp256k1_nonce_function_hardened with the exception of using the
 *  compressed 33-byte encoding for the pubkey argument.
 *
 *  Returns: 1 if a nonce was successfully generated. 0 will cause signing to
 *           return an error.
 *  Out:     nonce32:   pointer to a 32-byte array to be filled by the function
 *  In:        msg32:   the 32-byte message hash being verified
 *             key32:   pointer to a 32-byte secret key
 *              pk33:   the 33-byte serialized pubkey corresponding to key32
 *              algo:   pointer to an array describing the signature algorithm
 *           algolen:   the length of the algo array
 *              data:   arbitrary data pointer that is passed through
 *
 *  Except for test cases, this function should compute some cryptographic hash of
 *  the message, the key, the pubkey, the algorithm description, and data.
 */
typedef int (*secp256k1_nonce_function_hardened_ecdsa_adaptor)(
    unsigned char *nonce32,
    const unsigned char *msg32,
    const unsigned char *key32,
    const unsigned char *pk33,
    const unsigned char *algo,
    size_t algolen,
    void *data
);

/** A modified BIP-340 nonce generation function. If a data pointer is passed, it is
 *  assumed to be a pointer to 32 bytes of auxiliary random data as defined in BIP-340.
 *  The hash will be tagged with algo after removing all terminating null bytes.
 */
SECP256K1_API extern const secp256k1_nonce_function_hardened_ecdsa_adaptor secp256k1_nonce_function_ecdsa_adaptor;

#ifdef __cplusplus
}
#endif

#endif /* SECP256K1_ECDSA_ADAPTOR_H */
ecdsa_adaptor: initialize project This commit adds the foundational configuration and building scripts and an initial structure for the project. 2021-03-04 23:38:48 -08:00			`#ifndef SECP256K1_ECDSA_ADAPTOR_H`
			`#define SECP256K1_ECDSA_ADAPTOR_H`

			`#ifdef __cplusplus`
			`extern "C" {`
			`#endif`

			`/** This module implements single signer ECDSA adaptor signatures following`
			`* "One-Time Verifiably Encrypted Signatures A.K.A. Adaptor Signatures" by`
			`* Lloyd Fournier`
			`* (https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-November/002316.html`
			`* and https://github.com/LLFourn/one-time-VES/blob/master/main.pdf).`
			`*/`

ecdsa_adaptor: add nonce function and tags This commit adds a nonce function that will be used by default for ECDSA adaptor signatures. This nonce function is similar to secp256k1_nonce_function_hardened except it uses the compressed 33-byte encoding for the pubkey argument. We need 33 bytes instead of 32 because, unlike with BIP-340, an ECDSA X-coordinate alone is not sufficient to disambiguate the Y-coordinate. 2021-03-05 00:00:13 -08:00			`/** A pointer to a function to deterministically generate a nonce.`
			`*`
			`* Same as secp256k1_nonce_function_hardened with the exception of using the`
			`* compressed 33-byte encoding for the pubkey argument.`
			`*`
			`* Returns: 1 if a nonce was successfully generated. 0 will cause signing to`
			`* return an error.`
			`* Out: nonce32: pointer to a 32-byte array to be filled by the function`
			`* In: msg32: the 32-byte message hash being verified`
			`* key32: pointer to a 32-byte secret key`
			`* pk33: the 33-byte serialized pubkey corresponding to key32`
			`* algo: pointer to an array describing the signature algorithm`
			`* algolen: the length of the algo array`
			`* data: arbitrary data pointer that is passed through`
			`*`
			`* Except for test cases, this function should compute some cryptographic hash of`
			`* the message, the key, the pubkey, the algorithm description, and data.`
			`*/`
			`typedef int (*secp256k1_nonce_function_hardened_ecdsa_adaptor)(`
			`unsigned char *nonce32,`
			`const unsigned char *msg32,`
			`const unsigned char *key32,`
			`const unsigned char *pk33,`
			`const unsigned char *algo,`
			`size_t algolen,`
			`void *data`
			`);`

			`/** A modified BIP-340 nonce generation function. If a data pointer is passed, it is`
			`* assumed to be a pointer to 32 bytes of auxiliary random data as defined in BIP-340.`
			`* The hash will be tagged with algo after removing all terminating null bytes.`
			`*/`
			`SECP256K1_API extern const secp256k1_nonce_function_hardened_ecdsa_adaptor secp256k1_nonce_function_ecdsa_adaptor;`

ecdsa_adaptor: initialize project This commit adds the foundational configuration and building scripts and an initial structure for the project. 2021-03-04 23:38:48 -08:00			`#ifdef __cplusplus`
			`}`
			`#endif`

			`#endif /* SECP256K1_ECDSA_ADAPTOR_H */`