Gregory Maxwell
ae9e648526
Define SECP256K1_BUILD in secp256k1.c directly.
...
This avoids building without it and makes it safer to use a custom
building environment. Test harnesses need to #include secp256k1.c
first now.
2021-05-01 19:27:27 +00:00
Jonas Nick
0881633dfd
secp256k1.h: clarify that by default arguments must be != NULL
...
The same file says that the illegal callback will only triger for violations
explicitly mentioned, which is not true without this commit because we often
don't mention that an argument is not allowed to be NULL.
2021-04-29 10:21:26 +00:00
Jonas Nick
f3708a1ecb
Merge #117 : Add ECDSA adaptor signatures module
...
b0ffa92319 ecdsa_adaptor: add tests (Jesse Posner)
6955af5ca8 ecdsa_adaptor: add ECDSA adaptor signature APIs (Jesse Posner)
b508e5dd9b ecdsa_adaptor: add support for proof of discrete logarithm equality (Jesse Posner)
d8f336564f ecdsa_adaptor: add nonce function and tags (Jesse Posner)
654cd633f5 ecdsa_adaptor: initialize project (Jesse Posner)
Pull request description:
ACKs for top commit:
LLFourn:
ACK b0ffa92319 I've added a small warning to the spec too.
jonasnick:
ACK b0ffa92319
Tree-SHA512: f14e6f32265518d435d4da00a73423615ba900de68c28039ae26ac7ee7b4088db44358741411d96c42bd497db79483ff0766fc2d076d95a9116bcc168b80802d
2021-04-06 12:13:51 +00:00
Jesse Posner
6955af5ca8
ecdsa_adaptor: add ECDSA adaptor signature APIs
...
This commit adds the ECDSA adaptor signature APIs:
- Encrypted Signing
Creates an adaptor signature, which includes a proof to verify the adaptor
signature.
- Encryption Verification
Verifies that the adaptor decryption key can be extracted from the adaptor
signature and the completed ECDSA signature.
- Signature Decryption
Derives an ECDSA signature from an adaptor signature and an adaptor decryption
key.
- Key Recovery
Extracts the adaptor decryption key from the complete signature and the adaptor
signature.
2021-03-26 16:04:52 -07:00
Sanket Kanjalkar
cc82ad5ab7
Make function argument name consistent with doc
2021-03-24 01:44:15 -07:00
Jesse Posner
d8f336564f
ecdsa_adaptor: add nonce function and tags
...
This commit adds a nonce function that will be used by default
for ECDSA adaptor signatures.
This nonce function is similar to secp256k1_nonce_function_hardened
except it uses the compressed 33-byte encoding for the pubkey argument.
We need 33 bytes instead of 32 because, unlike with BIP-340, an ECDSA
X-coordinate alone is not sufficient to disambiguate the Y-coordinate.
2021-03-16 16:13:34 -07:00
Jesse Posner
654cd633f5
ecdsa_adaptor: initialize project
...
This commit adds the foundational configuration and building scripts
and an initial structure for the project.
2021-03-16 16:13:31 -07:00
Jonas Nick
d4ca81f48e
Merge commits 'dc6e5c3a 2d9e7175 b61f9da5 98dac878 8c727b90 328aaef2 f2d9aeae b732701f db726782 5671e5f3 a4abaab7 659d0d47 f8c0b57e 24d1656c 3a8b47bc ebdba03c 4c3ba88c ' into temp-merge-901
...
Also add -zkp modules to .cirrus.yml.
2021-03-08 13:35:16 +00:00
Andrew Poelstra
e354c5751d
ecdsa_s2c: rename anti-klepto to anti-exfil
2021-02-09 22:47:24 +00:00
Tim Ruffing
328aaef22a
Merge #845 : Extract the secret key from a keypair
...
33cb3c2b1f Add secret key extraction from keypair to constant time tests (Elichai Turkel)
36d9dc1e8e Add seckey extraction from keypair to the extrakeys tests (Elichai Turkel)
fc96aa73f5 Add a function to extract the secretkey from a keypair (Elichai Turkel)
Pull request description:
With schnorrsig if you need to tweak the secret key (for BIP32) you must use the keypair API to get compatible secret/public keys which you do by calling `secp256k1_keypair_xonly_tweak_add()`, but after that there's no currently a way to extract the secret key back for storage.
so I added a `secp256k1_keypair_seckey` function to extract the key
ACKs for top commit:
jonasnick:
ACK 33cb3c2b1f
real-or-random:
ACK 33cb3c2b1f code inspection, tests pass
Tree-SHA512: 11212db38c8b87a87e2dc35c4d6993716867b45215b94b20522b1b3164ca63d4c6bf5192a6bff0e9267b333779cc8164844c56669a94e9be72df9ef025ffcfd4
2021-01-12 10:56:14 +01:00
Jonas Nick
41d6963bc1
rangeproof: clarify rewind outlen argument
2021-01-05 13:42:58 +00:00
Ferdinando M. Ametrano
b7bc3a4aaa
fixed typo
2020-12-22 22:31:29 +01:00
Andrew Poelstra
396b558273
ecdsa-s2c: add anti-klepto protocol
...
Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com >
Co-authored-by: Jonas Nick <jonasd.nick@gmail.com >
2020-12-21 20:50:19 +00:00
Andrew Poelstra
290dee566e
ecdsa-s2c: add actual sign-to-contract functionality
...
Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com >
Co-authored-by: Jonas Nick <jonasd.nick@gmail.com >
2020-12-21 20:50:17 +00:00
Andrew Poelstra
8e46cac5b3
ecdsa-s2c: block in module
...
Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com >
Co-authored-by: Jonas Nick <jonasd.nick@gmail.com >
2020-12-21 20:49:41 +00:00
Elichai Turkel
fc96aa73f5
Add a function to extract the secretkey from a keypair
2020-12-19 11:00:25 +02:00
Jonas Nick
6e85d675aa
Rename tweak to tweak32 in public API
2020-12-04 14:16:43 +00:00
Jonas Nick
f587f04e35
Rename msg32 to msghash32 in ecdsa_sign/verify and add explanation
2020-12-04 14:12:38 +00:00
Andrew Poelstra
ff4714e641
Merge pull request #105 from jonasnick/update-musig
...
MuSig state machine simplifictions, API improvements and taproot tweaking
2020-11-30 16:11:34 +00:00
Jonas Nick
b9d91b3ecb
musig: add pubkey_tweak_add function to allow taproot tweaking
2020-11-30 15:40:09 +00:00
Thomas Eizinger
4d20713425
Remove unused context initializer functions
...
Fixes #15 .
2020-11-24 10:43:28 +11:00
Jonas Nick
5b4eb18ec5
musig: shorten partial nonce byte array from 33 to 32 bytes
2020-11-13 16:05:37 +00:00
Jonas Nick
62f0b2d867
musig: make musig partial nonces byte arrays instead of "pubkeys"
2020-11-13 16:05:37 +00:00
Jonas Nick
73792e4a27
musig: represent a combined_nonce as an xonly_pubkey
2020-11-13 16:05:36 +00:00
Jonas Nick
2117e7466a
musig: improve variable naming and be consistent with schnorrsig module
...
session_initialize -> session_init
msg_is_set -> is_msg_set
is_negated -> pk_parity
nonce_is_negated -> nonce_parity
2020-11-13 16:05:36 +00:00
Jonas Nick
ebc31f1f9d
musig: add ARG_CHECKs to functions to help debuggability
2020-11-13 16:05:36 +00:00
Jonas Nick
ac2d0e6697
musig: add magic to session to detect if session is uninitalized
2020-11-13 16:05:36 +00:00
Jonas Nick
29b4bd85d7
musig: simplify state machine by adding explicit round to session struct
2020-11-13 16:05:36 +00:00
Jonas Nick
23900a0d86
Fix the MuSig module after integrating bip-schnorr updates
...
1. using xonly_pubkeys in MuSig for input public keys and the combined
pk. For that to work we need to store whether the MuSig aggregated point
has an even y in the session, may need to negate each signers secret
key and may need to negate each signers public key in
musig_partial_sig_verify.
2. using a tagged hash for the message hash.
3. use !fe_is_odd in place of fe_is_quad_var
2020-11-04 21:47:09 +00:00
Andrew Poelstra
005fe79262
Merge commit '8ab24e8d' into tmp
2020-11-04 21:46:54 +00:00
Andrew Poelstra
a11250330b
(actually) remove schnorrsig module
2020-11-04 21:45:18 +00:00
Andrew Poelstra
a3a3a17f47
Merge pull request #94 from apoelstra/temp-merge-1309c03c45beece646a7d21fdb6a0e3d38adee2b
...
[upstream PR #773 ]: Fix some compile problems on weird/old compilers.
2020-09-25 14:23:54 +00:00
Jonas Nick
4e43520026
schnorrsig: Add BIP-340 compatible signing and verification
2020-09-06 19:00:03 +00:00
Jonas Nick
7332d2db6b
schnorrsig: Add BIP-340 nonce function
2020-09-06 19:00:03 +00:00
Jonas Nick
7a703fd97d
schnorrsig: Init empty experimental module
2020-09-06 19:00:03 +00:00
Jonas Nick
6fcb5b845d
extrakeys: Add keypair_xonly_tweak_add
2020-09-06 19:00:00 +00:00
Jonas Nick
58254463f9
extrakeys: Add keypair struct with create, pub and pub_xonly
2020-09-06 18:59:57 +00:00
Jonas Nick
910d9c284c
extrakeys: Add xonly_pubkey_tweak_add & xonly_pubkey_tweak_add_test
2020-09-06 18:59:57 +00:00
Jonas Nick
4cd2ee474d
extrakeys: Add xonly_pubkey with serialize, parse and from_pubkey
2020-09-06 18:59:50 +00:00
Jonas Nick
47e6618e11
extrakeys: Init empty experimental module
...
This is to prepare for xonly_pubkeys and keypairs.
2020-08-26 19:52:55 +00:00
Gregory Maxwell
1309c03c45
Fix some compile problems on weird/old compilers.
...
The visibility attribute is a GCC 4+ feature.
GCC 2.95 also warns about the unsigned/signed comparision.
2020-07-26 05:26:56 +00:00
Jonas Nick
96201b4f6e
Require message in musig protocol in an earlier state. In particular,
...
remove the set_msg function and require the message in get_public_nonce
at the latest.
2020-07-24 14:59:36 +02:00
Jonas Nick
b368a5d163
Fix ARG_NONNULL macro usage in musig include
2020-07-24 14:59:36 +02:00
Jonas Nick
bedff79848
Add cplusplus directive to musig include
2020-07-24 14:59:36 +02:00
Jonas Nick
d924027765
Add tweak32 parameter to musig_partial_sig_combine which allows to sign for p2c/taproot commitments
2020-07-24 14:59:36 +02:00
Roman Zeyde
bd70820123
allow reducing surjection proof size (to lower generation stack usage)
2020-07-24 14:59:36 +02:00
Andrew Poelstra
56f69d979f
surjectionproof: introduce SECP256K1_SURJECTIONPROOF_MAX_USED_INPUTS constant and set it to 16
2020-07-24 14:59:36 +02:00
Dmitry Petukhov
2dc868f35b
work in progress: add _allocate_initialized/destroy funcs
2020-07-24 14:59:36 +02:00
Roman Zeyde
f35b5e271f
Fix a small typo in the generator parameter name
2020-07-24 14:59:36 +02:00
Andrew Poelstra
3424cb1fa3
musig: add user documentation
2020-07-24 14:59:36 +02:00