frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,759 Commits 14 Branches 0 Tags
Commit Graph

293 Commits

Author SHA1 Message Date
Andrew Poelstra
005fe79262 Merge commit '8ab24e8d' into tmp 2020-11-04 21:46:54 +00:00
Andrew Poelstra
a11250330b (actually) remove schnorrsig module 2020-11-04 21:45:18 +00:00
Andrew Poelstra
a3a3a17f47
Merge pull request #94 from apoelstra/temp-merge-1309c03c45beece646a7d21fdb6a0e3d38adee2b 
[upstream PR #773]: Fix some compile problems on weird/old compilers.
 2020-09-25 14:23:54 +00:00
Jonas Nick
4e43520026 schnorrsig: Add BIP-340 compatible signing and verification 2020-09-06 19:00:03 +00:00
Jonas Nick
7332d2db6b schnorrsig: Add BIP-340 nonce function 2020-09-06 19:00:03 +00:00
Jonas Nick
7a703fd97d schnorrsig: Init empty experimental module 2020-09-06 19:00:03 +00:00
Jonas Nick
6fcb5b845d extrakeys: Add keypair_xonly_tweak_add 2020-09-06 19:00:00 +00:00
Jonas Nick
58254463f9 extrakeys: Add keypair struct with create, pub and pub_xonly 2020-09-06 18:59:57 +00:00
Jonas Nick
910d9c284c extrakeys: Add xonly_pubkey_tweak_add & xonly_pubkey_tweak_add_test 2020-09-06 18:59:57 +00:00
Jonas Nick
4cd2ee474d extrakeys: Add xonly_pubkey with serialize, parse and from_pubkey 2020-09-06 18:59:50 +00:00
Jonas Nick
47e6618e11 extrakeys: Init empty experimental module 
This is to prepare for xonly_pubkeys and keypairs.
 2020-08-26 19:52:55 +00:00
Gregory Maxwell
1309c03c45 Fix some compile problems on weird/old compilers. 
The visibility attribute is a GCC 4+ feature.
GCC 2.95 also warns about the unsigned/signed comparision.
 2020-07-26 05:26:56 +00:00
Jonas Nick
96201b4f6e Require message in musig protocol in an earlier state. In particular, 
remove the set_msg function and require the message in get_public_nonce
at the latest.
 2020-07-24 14:59:36 +02:00
Jonas Nick
b368a5d163 Fix ARG_NONNULL macro usage in musig include 2020-07-24 14:59:36 +02:00
Jonas Nick
bedff79848 Add cplusplus directive to musig include 2020-07-24 14:59:36 +02:00
Jonas Nick
d924027765 Add tweak32 parameter to musig_partial_sig_combine which allows to sign for p2c/taproot commitments 2020-07-24 14:59:36 +02:00
Roman Zeyde
bd70820123 allow reducing surjection proof size (to lower generation stack usage) 2020-07-24 14:59:36 +02:00
Andrew Poelstra
56f69d979f surjectionproof: introduce SECP256K1_SURJECTIONPROOF_MAX_USED_INPUTS constant and set it to 16 2020-07-24 14:59:36 +02:00
Dmitry Petukhov
2dc868f35b work in progress: add _allocate_initialized/destroy funcs 2020-07-24 14:59:36 +02:00
Roman Zeyde
f35b5e271f Fix a small typo in the generator parameter name 2020-07-24 14:59:36 +02:00
Andrew Poelstra
3424cb1fa3 musig: add user documentation 2020-07-24 14:59:36 +02:00
Jonas Nick
13ef445721 Add 3-of-3 MuSig example 2020-07-24 14:59:36 +02:00
Jonas Nick
b86c210747 Add MuSig module which allows creating n-of-n multisignatures and adaptor signatures. 2020-07-24 14:59:36 +02:00
Andrew Poelstra
c59c602dd6 Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification. 
[0] https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki
 2020-07-24 14:59:36 +02:00
Jonas Nick
f416e039bb Add comment to explain effect of max_n_iterations in surjectionproof_init 2020-07-24 14:50:49 +02:00
Andrew Poelstra
edb879f578 rangeproof: verify correctness of pedersen commitments when parsing 2020-07-24 14:50:48 +02:00
Andrew Poelstra
fca4c3b62f generator: verify correctness of point when parsing 2020-07-24 14:50:48 +02:00
Frank V. Castellucci
0c5cb7cd08 Expose generator in shared library 
Was failing linking to `*.so` library
 2020-07-24 14:50:48 +02:00
Gregory Sanders
dbc49df80c fix spelling in documentation 2020-07-24 14:50:48 +02:00
Andrew Poelstra
4320490e88 generator: add API tests 2020-07-24 14:49:33 +02:00
Jonas Nick
3997128ad9 Fix pedersen_blind_generator_blind_sum return value documentation 2020-07-24 14:49:33 +02:00
Jonas Nick
04f4c09111 Add n_keys argument to whitelist_verify 2020-07-24 14:49:33 +02:00
Jonas Nick
dbf3d752a8 Fix checks of whitelist serialize/parse arguments 2020-07-24 14:49:33 +02:00
Andrew Poelstra
29d0d562dc whitelist: fix serialize/parse API to take serialized length 2020-07-24 14:49:33 +02:00
Jonas Nick
660ad39fb3 Fix include/secp256k1_rangeproof.h function argument documentation. 2020-07-24 14:49:33 +02:00
Andrew Poelstra
e13bdf2f23 rangeproof: add API tests 2020-07-24 14:49:33 +02:00
Andrew Poelstra
ba8b4f53ef add surjection proof module 
Includes fix and tests by Jonas Nick.
 2020-07-24 14:49:33 +02:00
Andrew Poelstra
8c77fe1590 Implement ring-signature based whitelist delegation scheme 2020-07-24 14:49:33 +02:00
Andrew Poelstra
94425d4a67 rangeproof: several API changes 
* add summing function for blinded generators
* drop `excess` and `gen` from `verify_tally`
* add extra_commit to rangeproof sign and verify
 2020-07-24 14:49:33 +02:00
Pieter Wuille
f6c84a02f3 Expose generator in pedersen/rangeproof API 2020-07-24 14:49:33 +02:00
Pieter Wuille
360e218043 Constant-time generator module 2020-07-24 14:49:33 +02:00
Andrew Poelstra
e7a8a5f638 rangeproof: expose sidechannel message field in the signing API 
Including a fix by Jonas Nick.
 2020-07-24 14:49:33 +02:00
Andrew Poelstra
a88db4a744 [RANGEPROOF BREAK] Use quadratic residue for tie break and modularity cleanup 
Switch to secp256k1_pedersen_commitment by Andrew Poelstra.
Switch to quadratic residue based disambiguation by Pieter Wuille.
 2020-07-24 14:49:33 +02:00
Gregory Maxwell
16618fcd8d Pedersen commitments, borromean ring signatures, and ZK range proofs. 
This commit adds three new cryptosystems to libsecp256k1:

Pedersen commitments are a system for making blinded commitments
 to a value.  Functionally they work like:
  commit_b,v = H(blind_b || value_v),
 except they are additively homorphic, e.g.
  C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and
  C(b1, v1) - C(b1, v1) = 0, etc.
 The commitments themselves are EC points, serialized as 33 bytes.
 In addition to the commit function this implementation includes
 utility functions for verifying that a set of commitments sums
 to zero, and for picking blinding factors that sum to zero.
 If the blinding factors are uniformly random, pedersen commitments
 have information theoretic privacy.

Borromean ring signatures are a novel efficient ring signature
 construction for AND/OR admissions policies (the code here implements
 an AND of ORs, each of any size).  This construction requires
 32 bytes of signature per pubkey used plus 32 bytes of constant
 overhead. With these you can construct signatures like "Given pubkeys
 A B C D E F G, the signer knows the discrete logs
 satisifying (A || B) & (C || D || E) & (F || G)".

ZK range proofs allow someone to prove a pedersen commitment is in
 a particular range (e.g. [0..2^64)) without revealing the specific
 value.  The construction here is based on the above borromean
 ring signature and uses a radix-4 encoding and other optimizations
 to maximize efficiency.  It also supports encoding proofs with a
 non-private base-10 exponent and minimum-value to allow trading
 off secrecy for size and speed (or just avoiding wasting space
 keeping data private that was already public due to external
 constraints).

A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of
 this can be used to communicate a private message to a receiver
 who shares a secret random seed with the prover.

Also: get rid of precomputed H tables (Pieter Wuille)
 2020-07-24 14:49:33 +02:00
Jonas Nick
7e3952ae82 Clarify documentation of tweak functions. 
In particular, mention that the functions return 0 if seckey or tweak are
invalid (as opposed to saying "should" or "must" be valid).
 2020-03-30 20:51:47 +00:00
Jonas Nick
89853a0f2e Make tweak function documentation more consistent. 
Do this by adding a newline after the first sentence and aligning the rest.
 2020-03-30 20:51:47 +00:00
Jonas Nick
41fc785602 Make ec_privkey functions aliases for ec_seckey_negate, ec_seckey_tweak_add and ec_seckey_mul 2020-03-30 20:51:47 +00:00
Jonas Nick
22911ee6da Rename private key to secret key in public API (with the exception of function names) 2020-03-30 20:51:47 +00:00
Jonas Nick
5a73f14d6c Mention that value is unspecified for In/Out parameters if the function returns 0 2020-03-30 20:51:47 +00:00
Jonas Nick
f03df0e6d7 Define valid ECDSA keys in the documentation of seckey_verify 2020-03-30 20:51:47 +00:00