Flesh out Schnorr/BIP340 functionality

[brandonblack]

• Add and export sign/verify sync for Schnorr
• Add a cache for tagged hash prefixes
• Simplify creating tag bytes for tagged hash
• Export taggedHash and new taggedHashSync

[brandonblack]

Started down this path to let noble-secp256k1 plug into bitcoinjs-lib https://github.com/bitcoinjs/bip32/blob/master/ts-src/bip32.ts#L58 as an alternative to tiny-secp256k1.

[brandonblack]

I added the remaining functions necessary to let this library be wrapped up and used with bitcoinjs-lib. You can see in the above mentioned PR where it's being tied together in the BitGo SDK.

edit to add link to the WIP wrapper: https://github.com/BitGo/BitGoJS/blob/bitcoinjs_lib_6_sync/modules/utxo-lib/src/noble_ecc.ts

This PR at least needs some tests for the new functions. I'll try to get those added early next week.

[paulmillr]

Great!

[brandonblack]

Alright, got those tests in. I see you already had vectors for the more complex two. Was there a strong reason they weren't implemented?

[paulmillr]

More complex two?

[brandonblack]

pointAddScalar and pointMultiply already had test vectors, but weren't in the implementation.

[brandonblack]

• Add a cache for tagged hash prefixes
• Simplify creating tag bytes for tagged hash

BTW, I forgot to mention that I benchmarked many different ways of doing this, found all the ways that don't depend on nodejs Buffer to be slow, and settled on using a cache with one of the slower, but simpler methods.

For a million iterations of converting the tag to bytes, the original code is ~1s on my computer vs. the new at ~2s.

The only way that was marginally faster (.7s) was:

  const arr = new Uint8Array(tag.length);
  for (let j = 0; j < tag.length; j++) {
    arr[j] = tag.charCodeAt(j);
  }

[paulmillr]

Going through the review, a bit slowly — sorry, in a war right now, hoping to merge this ASAP!

[brandonblack]

in a war right now

Usually developers say that tongue in cheek because a server is throwing 500s, but you really mean it. Sorry. Stay safe out there!

[paulmillr]

@brandonblack why do you need these?

  privateAdd: (privateKey: PrivKey, tweak: Hex): Uint8Array
  privateNegate: (privateKey: PrivKey): Uint8Array
  pointAddScalar: (p: Hex, tweak: Hex, isCompressed?: boolean): Uint8Array
  pointMultiply: (p: Hex, tweak: Hex, isCompressed?: boolean): Uint8Array

Is it only for BIP32? I'd prefer to not add them into noble, because in this case we'll have two different methods of doing the same thing.

[brandonblack]

Is it only for BIP32? I'd prefer to not add them into noble, because in this case we'll have two different methods of doing the same thing.

Yes, I added these for bitcoinjs/bip32 support.

https://github.com/BitGo/BitGoJS/pull/2054/files#diff-870b71613a9210366ce2c5f077e72747a328bb881c7121d7f890ba5dc4bc80f3R55-R71