frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

f remove markdown indentation

Browse Source
This commit is contained in:
Andrew Poelstra 2019-02-12 14:54:29 +00:00
parent 0512dd2ba9
commit 9125c16622
1 changed files with 97 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/modules/musig/musig.md
View File

@ -12,7 +12,7 @@ API in ways that could lead to accidental signatures or loss of key material.
In MuSig all participants contribute key material to a single signing key,
using the equation
P = sum_i µ_i * P_i
P = sum_i µ_i - P_i
where `P_i` is the public key of the `i`th participant and `µ_i` is a so-called
_MuSig coefficient_ computed according to the following equation
@ -74,24 +74,24 @@ signature process, which is also a supported mode) acts as follows.
1. The signer starts the session by calling `secp256k1_musig_session_initialize`.
This function outputs
* an initialized session state in the out-pointer `session`
* an array of initialized signer data in the out-pointer `signers`
* a commitment `H(R_i)` to a nonce in the out-pointer `nonce_commitment32`
- an initialized session state in the out-pointer `session`
- an array of initialized signer data in the out-pointer `signers`
- a commitment `H(R_i)` to a nonce in the out-pointer `nonce_commitment32`
It takes as input
* a unique session ID `session_id32`
* (optionally) a message to be signed `msg32`
* the combined public key output from `secp256k1_musig_pubkey_combine`
* the public key hash output from `secp256k1_musig_pubkey_combine`
* the signer's index `i` `my_index`
* the signer's secret key `seckey`
- a unique session ID `session_id32`
- (optionally) a message to be signed `msg32`
- the combined public key output from `secp256k1_musig_pubkey_combine`
- the public key hash output from `secp256k1_musig_pubkey_combine`
- the signer's index `i` `my_index`
- the signer's secret key `seckey`
2. The signer then communicates `H(R_i)` to all other signers, and receives
commitments `H(R_j)` from all other signers `j`. These hashes are simply
length-32 byte arrays which can be communicated however is communicated.
3. Once all signers nonce commitments have been received, the signer records
these commitments with the function `secp256k1_musig_session_get_public_nonce`.
This function updates in place
* the session state `session`
* the array of signer data `signers`
- the session state `session`
- the array of signer data `signers`
taking in as input the list of commitments `commitments` and outputting the
signer's public nonce `R_i` in the out-pointer `nonce`.
4. The signer then communicates `R_i` to all other signers, and receives `R_j`
@ -105,8 +105,8 @@ signature process, which is also a supported mode) acts as follows.
5. Once all nonces have been exchanged in this way, signers are able to compute
their partial signatures. They do so by calling `secp256k1_musig_session_combine_nonces`
which updates in place
* the session state `session`
* the array of signer data `signers`
- the session state `session`
- the array of signer data `signers`
It outputs an auxilary integer `nonce_is_negated` and has an auxilary input
`adaptor`. Both of these may be set to NULL for ordinary signing purposes.
If the signer did not provide a message to `secp256k1_musig_session_initialize`,