frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

musig: shorten partial nonce byte array from 33 to 32 bytes

Browse Source
This commit is contained in:
Jonas Nick
2019-12-12 21:45:02 +00:00
parent 62f0b2d867
commit 5b4eb18ec5
4 changed files with 29 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/modules/musig/example.c
View File

@@ -45,7 +45,7 @@ int sign(const secp256k1_context* ctx, unsigned char seckeys[][32], const secp25
unsigned char nonce_commitment[N_SIGNERS][32];
const unsigned char *nonce_commitment_ptr[N_SIGNERS];
secp256k1_musig_session_signer_data signer_data[N_SIGNERS][N_SIGNERS];
unsigned char nonce[N_SIGNERS][33];
unsigned char nonce[N_SIGNERS][32];
int i, j;
secp256k1_musig_partial_signature partial_sig[N_SIGNERS];

22
src/modules/musig/main_impl.h
View File

@@ -141,7 +141,7 @@ int secp256k1_musig_session_init(const secp256k1_context* ctx, secp256k1_musig_s
secp256k1_sha256 sha;
secp256k1_gej pj;
secp256k1_ge p;
unsigned char nonce_ser[33];
unsigned char nonce_ser[32];
size_t nonce_ser_size = sizeof(nonce_ser);
VERIFY_CHECK(ctx != NULL);
@@ -221,10 +221,12 @@ int secp256k1_musig_session_init(const secp256k1_context* ctx, secp256k1_musig_s
/* Compute public nonce and commitment */
secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pj, &secret);
secp256k1_ge_set_gej(&p, &pj);
secp256k1_pubkey_save(&session->nonce, &p);
secp256k1_fe_normalize_var(&p.y);
session->partial_nonce_parity = secp256k1_extrakeys_ge_even_y(&p);
secp256k1_xonly_pubkey_save(&session->nonce, &p);
secp256k1_sha256_initialize(&sha);
secp256k1_ec_pubkey_serialize(ctx, nonce_ser, &nonce_ser_size, &session->nonce, SECP256K1_EC_COMPRESSED);
secp256k1_xonly_pubkey_serialize(ctx, nonce_ser, &session->nonce);
secp256k1_sha256_write(&sha, nonce_ser, nonce_ser_size);
secp256k1_sha256_finalize(&sha, nonce_commitment32);
@@ -237,7 +239,7 @@ int secp256k1_musig_session_get_public_nonce(const secp256k1_context* ctx, secp2
secp256k1_sha256 sha;
unsigned char nonce_commitments_hash[32];
size_t i;
unsigned char nonce_ser[33];
unsigned char nonce_ser[32];
size_t nonce_ser_size = sizeof(nonce_ser);
(void) ctx;
@@ -271,7 +273,7 @@ int secp256k1_musig_session_get_public_nonce(const secp256k1_context* ctx, secp2
secp256k1_sha256_finalize(&sha, nonce_commitments_hash);
memcpy(session->nonce_commitments_hash, nonce_commitments_hash, 32);
secp256k1_ec_pubkey_serialize(ctx, nonce_ser, &nonce_ser_size, &session->nonce, SECP256K1_EC_COMPRESSED);
secp256k1_xonly_pubkey_serialize(ctx, nonce_ser, &session->nonce);
memcpy(nonce, &nonce_ser, nonce_ser_size);
session->round = 1;
return 1;
@@ -326,14 +328,14 @@ int secp256k1_musig_set_nonce(const secp256k1_context* ctx, secp256k1_musig_sess
ARG_CHECK(nonce != NULL);
secp256k1_sha256_initialize(&sha);
secp256k1_sha256_write(&sha, nonce, 33);
secp256k1_sha256_write(&sha, nonce, 32);
secp256k1_sha256_finalize(&sha, commit);
if (memcmp(commit, signer->nonce_commitment, 32) != 0) {
return 0;
}
memcpy(&signer->nonce, nonce, sizeof(*nonce));
if (!secp256k1_ec_pubkey_parse(ctx, &signer->nonce, nonce, 33)) {
if (!secp256k1_xonly_pubkey_parse(ctx, &signer->nonce, nonce)) {
return 0;
}
signer->present = 1;
@@ -362,7 +364,7 @@ int secp256k1_musig_session_combine_nonces(const secp256k1_context* ctx, secp256
return 0;
}
secp256k1_sha256_write(&sha, signers[i].nonce_commitment, 32);
secp256k1_pubkey_load(ctx, &noncep, &signers[i].nonce);
secp256k1_xonly_pubkey_load(ctx, &noncep, &signers[i].nonce);
secp256k1_gej_add_ge_var(&combined_noncej, &combined_noncej, &noncep, NULL);
}
secp256k1_sha256_finalize(&sha, nonce_commitments_hash);
@@ -458,7 +460,7 @@ int secp256k1_musig_partial_sign(const secp256k1_context* ctx, const secp256k1_m
secp256k1_scalar_clear(&k);
return 0;
}
if (session->combined_nonce_parity) {
if (session->partial_nonce_parity != session->combined_nonce_parity) {
secp256k1_scalar_negate(&k, &k);
}
@@ -543,7 +545,7 @@ int secp256k1_musig_partial_sig_verify(const secp256k1_context* ctx, const secp2
secp256k1_musig_coefficient(&mu, session->pre_session.pk_hash, signer->index);
secp256k1_scalar_mul(&e, &e, &mu);
if (!secp256k1_pubkey_load(ctx, &rp, &signer->nonce)) {
if (!secp256k1_xonly_pubkey_load(ctx, &rp, &signer->nonce)) {
return 0;
}
/* If the MuSig-combined point has an odd Y coordinate, the signers will

18
src/modules/musig/tests_impl.h
View File

@@ -31,7 +31,7 @@ void musig_simple_test(secp256k1_scratch_space *scratch) {
unsigned char session_id[2][32];
secp256k1_xonly_pubkey pk[2];
const unsigned char *ncs[2];
unsigned char public_nonce[3][33];
unsigned char public_nonce[3][32];
secp256k1_musig_partial_signature partial_sig[2];
unsigned char final_sig[64];
@@ -238,7 +238,7 @@ void musig_api_tests(secp256k1_scratch_space *scratch) {
/** Signing step 0 -- exchange nonce commitments */
ecount = 0;
{
unsigned char nonce[33];
unsigned char nonce[32];
secp256k1_musig_session session_0_tmp;
memcpy(&session_0_tmp, &session[0], sizeof(session_0_tmp));
@@ -252,7 +252,7 @@ void musig_api_tests(secp256k1_scratch_space *scratch) {
/** Signing step 1 -- exchange nonces */
ecount = 0;
{
unsigned char public_nonce[3][33];
unsigned char public_nonce[3][32];
secp256k1_musig_session session_0_tmp;
memcpy(&session_0_tmp, &session[0], sizeof(session_0_tmp));
@@ -479,7 +479,7 @@ void musig_state_machine_diff_signer_msghash_test(unsigned char *msghash, secp25
secp256k1_xonly_pubkey pks_tmp[2];
secp256k1_xonly_pubkey combined_pk_tmp;
secp256k1_musig_pre_session pre_session_tmp;
unsigned char nonce[33];
unsigned char nonce[32];
/* Set up signers with different public keys */
secp256k1_testrand256(sk_dummy);
@@ -512,7 +512,7 @@ int musig_state_machine_diff_signers_combine_nonce_test(secp256k1_xonly_pubkey *
secp256k1_musig_session_signer_data *signers_to_use;
unsigned char nonce_commitment[32];
unsigned char session_id[32];
unsigned char nonce[33];
unsigned char nonce[32];
const unsigned char *ncs[2];
/* Initialize new signers */
@@ -545,7 +545,7 @@ void musig_state_machine_late_msg_test(secp256k1_xonly_pubkey *pks, secp256k1_xo
secp256k1_musig_session_signer_data signers[2];
unsigned char nonce_commitment[32];
const unsigned char *ncs[2];
unsigned char nonce[33];
unsigned char nonce[32];
secp256k1_musig_partial_signature partial_sig;
secp256k1_context_set_illegal_callback(ctx_tmp, counting_illegal_callback_fn, &ecount);
@@ -586,7 +586,7 @@ void musig_state_machine_tests(secp256k1_scratch_space *scratch) {
secp256k1_xonly_pubkey pk[2];
secp256k1_xonly_pubkey combined_pk;
secp256k1_musig_pre_session pre_session;
unsigned char nonce[2][33];
unsigned char nonce[2][32];
const unsigned char *ncs[2];
secp256k1_musig_partial_signature partial_sig[2];
unsigned char sig[64];
@@ -706,8 +706,8 @@ void scriptless_atomic_swap(secp256k1_scratch_space *scratch) {
unsigned char noncommit_b[2][32];
const unsigned char *noncommit_a_ptr[2];
const unsigned char *noncommit_b_ptr[2];
unsigned char pubnon_a[2][33];
unsigned char pubnon_b[2][33];
unsigned char pubnon_a[2][32];
unsigned char pubnon_b[2][32];
int combined_nonce_parity_a;
int combined_nonce_parity_b;
secp256k1_musig_session_signer_data data_a[2];