frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

musig: turn off multiexponentiation for now

Browse Source 
Before turning it on we need to have a discussion about our confidence in the
correctness of the multiexponentiation code.
This commit is contained in:
Jonas Nick 2021-12-17 13:41:47 +00:00
parent 3c79d97bd9
commit ac1e36769d
2 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
include/secp256k1_musig.h
View File

@ -197,11 +197,13 @@ SECP256K1_API int secp256k1_musig_partial_sig_parse(
* *
* Returns: 0 if the arguments are invalid, 1 otherwise * Returns: 0 if the arguments are invalid, 1 otherwise
* Args: ctx: pointer to a context object initialized for verification * Args: ctx: pointer to a context object initialized for verification
* scratch: scratch space used to compute the aggregate pubkey by * scratch: should be NULL because it is not yet implemented. If it
* multiexponentiation. Generally, the larger the scratch * was implemented then the scratch space would be used to
* space, the faster this function. However, the returns of * compute the aggregate pubkey by multiexponentiation.
* providing a larger scratch space are diminishing. If NULL, * Generally, the larger the scratch space, the faster this
* an inefficient algorithm is used. * function. However, the returns of providing a larger
* scratch space are diminishing. If NULL, an inefficient
* algorithm is used.
* Out: agg_pk: the MuSig-aggregated x-only public key. If you do not need it, * Out: agg_pk: the MuSig-aggregated x-only public key. If you do not need it,
* this arg can be NULL. * this arg can be NULL.
* keyagg_cache: if non-NULL, pointer to a musig_keyagg_cache struct that * keyagg_cache: if non-NULL, pointer to a musig_keyagg_cache struct that

5
src/modules/musig/keyagg_impl.h
View File

@ -190,6 +190,7 @@ int secp256k1_musig_pubkey_agg(const secp256k1_context* ctx, secp256k1_scratch_s
secp256k1_gej pkj; secp256k1_gej pkj;
secp256k1_ge pkp; secp256k1_ge pkp;
size_t i; size_t i;
(void) scratch;
VERIFY_CHECK(ctx != NULL); VERIFY_CHECK(ctx != NULL);
if (agg_pk != NULL) { if (agg_pk != NULL) {
@ -216,7 +217,9 @@ int secp256k1_musig_pubkey_agg(const secp256k1_context* ctx, secp256k1_scratch_s
if (!secp256k1_musig_compute_pk_hash(ctx, ecmult_data.pk_hash, pubkeys, n_pubkeys)) { if (!secp256k1_musig_compute_pk_hash(ctx, ecmult_data.pk_hash, pubkeys, n_pubkeys)) {
return 0; return 0;
} }
if (!secp256k1_ecmult_multi_var(&ctx->error_callback, scratch, &pkj, NULL, secp256k1_musig_pubkey_agg_callback, (void *) &ecmult_data, n_pubkeys)) { /* TODO: actually use optimized ecmult_multi algorithms by providing a
* scratch space */
if (!secp256k1_ecmult_multi_var(&ctx->error_callback, NULL, &pkj, NULL, secp256k1_musig_pubkey_agg_callback, (void *) &ecmult_data, n_pubkeys)) {
/* In order to reach this line with the current implementation of /* In order to reach this line with the current implementation of
* ecmult_multi_var one would need to provide a callback that can * ecmult_multi_var one would need to provide a callback that can
* fail. */ * fail. */