whitelist: remove ability to specific nonce function

This functionality is inappropriate to expose for a zero-knowledge proof, and was confusingly (and potentially dangerously) implemented.
BlockstreamResearch · Jan 6, 2022 · 11d675d · 11d675d
1 parent 21e2d65
commit 11d675d
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 15 deletions.
diff --git a/include/secp256k1_whitelist.h b/include/secp256k1_whitelist.h
@@ -101,8 +101,6 @@ SECP256K1_API int secp256k1_whitelist_signature_serialize(
  * online_seckey: the secret key to the signer's online pubkey
  * summed_seckey: the secret key to the sum of (whitelisted key, signer's offline pubkey)
  * index: the signer's index in the lists of keys
- * noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used
- * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL)
  * Out: sig: The produced signature.
  *
  * The signatures are of the list of all passed pubkeys in the order
@@ -120,10 +118,8 @@ SECP256K1_API int secp256k1_whitelist_sign(
  const size_t n_keys,
  const secp256k1_pubkey *sub_pubkey,
  const unsigned char *online_seckey,
- const unsigned char *summed_seckey,
- const size_t index,
- secp256k1_nonce_function noncefp,
- const void *noncedata
+ const unsigned char *summed_seckeyx,
+ const size_t index
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(6) SECP256K1_ARG_NONNULL(7) SECP256K1_ARG_NONNULL(8);
 
 /** Verify a whitelist signature

diff --git a/src/bench_whitelist.c b/src/bench_whitelist.c
@@ -39,7 +39,7 @@ static void bench_whitelist(void* arg, int iters) {
 static void bench_whitelist_setup(void* arg) {
  bench_data* data = (bench_data*)arg;
  int i = 0;
- CHECK(secp256k1_whitelist_sign(data->ctx, &data->sig, data->online_pubkeys, data->offline_pubkeys, data->n_keys, &data->sub_pubkey, data->online_seckey[i], data->summed_seckey[i], i, NULL, NULL));
+ CHECK(secp256k1_whitelist_sign(data->ctx, &data->sig, data->online_pubkeys, data->offline_pubkeys, data->n_keys, &data->sub_pubkey, data->online_seckey[i], data->summed_seckey[i], i));
 }
 
 static void run_test(bench_data* data, int iters) {

diff --git a/src/modules/whitelist/main_impl.h b/src/modules/whitelist/main_impl.h
@@ -12,17 +12,13 @@
 
 #define MAX_KEYS SECP256K1_WHITELIST_MAX_N_KEYS /* shorter alias */
 
-int secp256k1_whitelist_sign(const secp256k1_context* ctx, secp256k1_whitelist_signature *sig, const secp256k1_pubkey *online_pubkeys, const secp256k1_pubkey *offline_pubkeys, const size_t n_keys, const secp256k1_pubkey *sub_pubkey, const unsigned char *online_seckey, const unsigned char *summed_seckey, const size_t index, secp256k1_nonce_function noncefp, const void *noncedata) {
+int secp256k1_whitelist_sign(const secp256k1_context* ctx, secp256k1_whitelist_signature *sig, const secp256k1_pubkey *online_pubkeys, const secp256k1_pubkey *offline_pubkeys, const size_t n_keys, const secp256k1_pubkey *sub_pubkey, const unsigned char *online_seckey, const unsigned char *summed_seckey, const size_t index) {
  secp256k1_gej pubs[MAX_KEYS];
  secp256k1_scalar s[MAX_KEYS];
  secp256k1_scalar sec, non;
  unsigned char msg32[32];
  int ret;
 
- if (noncefp == NULL) {
- noncefp = secp256k1_nonce_function_default;
- }
-
  /* Sanity checks */
  VERIFY_CHECK(ctx != NULL);
  ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
@@ -53,7 +49,7 @@ int secp256k1_whitelist_sign(const secp256k1_context* ctx, secp256k1_whitelist_s
  size_t i;
  unsigned char nonce32[32];
  int done;
- ret = noncefp(nonce32, msg32, seckey32, NULL, (void*)noncedata, count);
+ ret = secp256k1_nonce_function_default(nonce32, msg32, seckey32, NULL, NULL, count);
  if (!ret) {
  break;
  }
@@ -67,7 +63,7 @@ int secp256k1_whitelist_sign(const secp256k1_context* ctx, secp256k1_whitelist_s
  for (i = 0; i < n_keys; i++) {
  msg32[0] ^= i + 1;
  msg32[1] ^= (i + 1) / 0x100;
- ret = noncefp(&sig->data[32 * (i + 1)], msg32, seckey32, NULL, (void*)noncedata, count);
+ ret = secp256k1_nonce_function_default(&sig->data[32 * (i + 1)], msg32, seckey32, NULL, NULL, count);
  if (!ret) {
  break;
  }

diff --git a/src/modules/whitelist/tests_impl.h b/src/modules/whitelist/tests_impl.h
@@ -15,7 +15,7 @@ void test_whitelist_end_to_end_internal(const unsigned char *summed_seckey, cons
  secp256k1_whitelist_signature sig;
  secp256k1_whitelist_signature sig1;
 
- CHECK(secp256k1_whitelist_sign(ctx, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey, online_seckey, summed_seckey, signer_i, NULL, NULL));
+ CHECK(secp256k1_whitelist_sign(ctx, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey, online_seckey, summed_seckey, signer_i));
  CHECK(secp256k1_whitelist_verify(ctx, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey) == 1);
  /* Check that exchanging keys causes a failure */
  CHECK(secp256k1_whitelist_verify(ctx, &sig, offline_pubkeys, online_pubkeys, n_keys, sub_pubkey) != 1);