frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

musig: represent a combined_nonce as an xonly_pubkey

Browse Source
This commit is contained in:
Jonas Nick 2019-12-12 20:04:31 +00:00
parent 2117e7466a
commit 73792e4a27
2 changed files with 8 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/secp256k1_musig.h
View File

@ -77,7 +77,7 @@ typedef struct {
unsigned char secnonce[32]; unsigned char secnonce[32];
secp256k1_pubkey nonce; secp256k1_pubkey nonce;
unsigned char nonce_commitments_hash[32]; unsigned char nonce_commitments_hash[32];
secp256k1_pubkey combined_nonce; secp256k1_xonly_pubkey combined_nonce;
int combined_nonce_parity; int combined_nonce_parity;
} secp256k1_musig_session; } secp256k1_musig_session;

17
src/modules/musig/main_impl.h
View File

@ -376,18 +376,15 @@ int secp256k1_musig_session_combine_nonces(const secp256k1_context* ctx, secp256
secp256k1_pubkey_load(ctx, &noncep, adaptor); secp256k1_pubkey_load(ctx, &noncep, adaptor);
secp256k1_gej_add_ge_var(&combined_noncej, &combined_noncej, &noncep, NULL); secp256k1_gej_add_ge_var(&combined_noncej, &combined_noncej, &noncep, NULL);
} }
/* Negate nonce if Y coordinate is not square */
secp256k1_ge_set_gej(&combined_noncep, &combined_noncej); secp256k1_ge_set_gej(&combined_noncep, &combined_noncej);
secp256k1_fe_normalize(&combined_noncep.y); secp256k1_fe_normalize_var(&combined_noncep.y);
if (!secp256k1_fe_is_odd(&combined_noncep.y)) { session->combined_nonce_parity = secp256k1_extrakeys_ge_even_y(&combined_noncep);
session->combined_nonce_parity = 0;
} else {
session->combined_nonce_parity = 1;
secp256k1_ge_neg(&combined_noncep, &combined_noncep);
}
if (nonce_parity != NULL) { if (nonce_parity != NULL) {
*nonce_parity = session->combined_nonce_parity; *nonce_parity = session->combined_nonce_parity;
} }
secp256k1_pubkey_save(&session->combined_nonce, &combined_noncep); secp256k1_xonly_pubkey_save(&session->combined_nonce, &combined_noncep);
session->round = 2; session->round = 2;
return 1; return 1;
} }
@ -417,7 +414,7 @@ static void secp256k1_musig_compute_messagehash(const secp256k1_context *ctx, un
VERIFY_CHECK(session->round >= 2); VERIFY_CHECK(session->round >= 2);
secp256k1_schnorrsig_sha256_tagged(&sha); secp256k1_schnorrsig_sha256_tagged(&sha);
secp256k1_pubkey_load(ctx, &rp, &session->combined_nonce); secp256k1_xonly_pubkey_load(ctx, &rp, &session->combined_nonce);
secp256k1_fe_get_b32(buf, &rp.x); secp256k1_fe_get_b32(buf, &rp.x);
secp256k1_sha256_write(&sha, buf, 32); secp256k1_sha256_write(&sha, buf, 32);
@ -498,7 +495,7 @@ int secp256k1_musig_partial_sig_combine(const secp256k1_context* ctx, const secp
secp256k1_scalar_add(&s, &s, &term); secp256k1_scalar_add(&s, &s, &term);
} }
secp256k1_pubkey_load(ctx, &noncep, &session->combined_nonce); secp256k1_xonly_pubkey_load(ctx, &noncep, &session->combined_nonce);
VERIFY_CHECK(!secp256k1_fe_is_odd(&noncep.y)); VERIFY_CHECK(!secp256k1_fe_is_odd(&noncep.y));
secp256k1_fe_normalize(&noncep.x); secp256k1_fe_normalize(&noncep.x);
secp256k1_fe_get_b32(&sig64[0], &noncep.x); secp256k1_fe_get_b32(&sig64[0], &noncep.x);