Add Schnorrsig half aggregation #130
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This doesn't allow aggregating aggregate sigs. Would be nice if it could. |
rustyrussell
reviewed
Jul 5, 2023
| ARG_CHECK(msg32 != NULL); | ||
| ARG_CHECK(pubkey != NULL); | ||
|
|
||
| if (*aggsig_size < 32*(1 + n_sigs)) { |
There was a problem hiding this comment.
Overflow protection needed here, AFAICT. You probably want to divide aggsig_size, check it's > 0, then sub 1 and compare with n_sigs.
Comment on lines
+112
to
+116
| size_t* aggsig_size, | ||
| unsigned char **sig64, | ||
| unsigned char **msg32, | ||
| secp256k1_xonly_pubkey *pubkey, | ||
| uint32_t n_sigs |
There was a problem hiding this comment.
I know C is sloppy with this, but const unsigned char **sig64 would be nice. And msg32.
Also, n_sigs here and n_msgs below?
There was a problem hiding this comment.
And sig64 adn msg32 are arrays of ptrys, pubkey is a direct array of objects. That's a bit weird? Also, please pubkeys to give the poor user a hint?
| const secp256k1_context* ctx, | ||
| unsigned char **msg32, | ||
| uint32_t n_msgs, | ||
| secp256k1_xonly_pubkey *pubkey, |
Comment on lines
+299
to
+300
| /* TODO: fix endianness issue */ | ||
| secp256k1_sha256_write(&hash, (unsigned char *)&i, sizeof(i)); |
| ARG_CHECK(aggsig != NULL); | ||
|
|
||
| secp256k1_gej_set_infinity(&rhs); | ||
| if (aggsig_size != 32*(1 + n_msgs)) { |
| secp256k1_sha256_initialize(&hash); | ||
| secp256k1_sha256_write(&hash, midhash, sizeof(midhash)); | ||
| /* TODO: fix endianness issue */ | ||
| secp256k1_sha256_write(&hash, (unsigned char *)&i, sizeof(i)); |
|
We should make this PR compliant with the draft spec (which was written after this PR was opened). |
|
Closing in favor of #261 |
real-or-random
added a commit
that referenced
this pull request
Mar 5, 2024
3a9b1d4 New Experimental Module: Incremental Half-Aggregation for Schnorr Signatures (Benedikt) Pull request description: Revisited PR #130 by jonasnick. I am happy to hear your thoughts. **Summary of changes compared to #130:** - Address comments from rustyrussell - Use tagged hash - Compute hashes with common prefix by copying midstate - Allow Incremental Aggregation and make code consistent with the [draft spec](https://github.com/BlockstreamResearch/cross-input-aggregation/blob/master/half-aggregation.mediawiki) ACKs for top commit: real-or-random: ACK 3a9b1d4 Tree-SHA512: 27239033f8b28ecf87ea310b3dd5a19dbbe6fd07495db71ef7017f8f444ec25a12897087d1bea0a2e9c3df77d7f17c38b183d7fe768858da2180f26624add4aa
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Result of a recorded pair-programming session with @real-or-random to demonstrate how to write libsecp(-zkp) code. Therefore the code is still in a very early stage.