-
Notifications
You must be signed in to change notification settings - Fork 271
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add bip340 schnorr #237
Add bip340 schnorr #237
Conversation
a0f1800
to
61b3017
Compare
I think we should have a discussion on what API do we want to use here and how. Maybe we can schedule an IRC call on this sometime? @apoelstra @real-or-random |
I'm happy to add separate type if that's what you think it's best (and if you're ok with it). I tried to keep it minimal for now. But that kind of feedback is really helpful as I'm maintaining a separate branch for DLC things and the less I diverge from mainstream the easier it is to maintain. Anyway keep me updated! |
2a60595
to
7923629
Compare
Updated to add |
src/schnorrsig.rs
Outdated
|
||
/// A Secp256k1 public key, used for verification of signatures | ||
#[derive(Copy, Clone, PartialEq, Eq, Debug, PartialOrd, Ord, Hash)] | ||
pub struct SchnorrPublicKey(ffi::XOnlyPublicKey); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can just be called PublicKey
, it's already in the bip340
module, so users can refer to it as bip340::PublicKey
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
@@ -169,6 +169,7 @@ mod context; | |||
pub mod constants; | |||
pub mod ecdh; | |||
pub mod key; | |||
pub mod schnorrsig; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like the module to be called bip340
rather than Schnorr
. Both as a dig at Schnorr for patenting things, and also to be clear that this is a specific Schnorr-based signature scheme specified in BIP340.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Schnorr has been removed from this module :). Only mentions left are in the sys module as the method calls of secp use it.
+1 to having a separate |
src/schnorrsig.rs
Outdated
use {Message, Signing}; | ||
|
||
/// Represents a schnorr signature. | ||
pub struct SchnorrSignature([u8; constants::SCHNORR_SIGNATURE_SIZE]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similarly we can drop the prefix from this type
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
bb3c4fe
to
1eaf097
Compare
Also wanted to mention a couple of things I haven't handled:
|
I think it's fine to macro-ize the serde stuff. Can you use the same macro to impl serde on the As for the secret key stuff, it'd be better to move the code into a new |
I think bip340 is fine but it may be a good idea to use the same module names as upstream. |
2f99f09
to
8735378
Compare
I couldn't use the same one as
Done. That's neat didn't know about this feature. Pipeline is failing now but AFAICT it seems to be some issue with rustup installation of nightly version. |
pub fn secp256k1_ec_pubkey_tweak_add(cx: *const Context, | ||
pk: *mut PublicKey, | ||
tweak: *const c_uchar) | ||
-> c_int; | ||
|
||
#[deprecated(since = "0.2.0",note = "Please use the secp256k1_ec_seckey_tweak_mul function instead")] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you change this on purpose?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry not sure what I've done there, fixed.
@Tibo-lg can you change the first commit to include all the 0_2_0→0_2_1 mappings in the .rs files? otherwise it doesn't build. |
Can you also reduce the indentation level in
(I guess, update the comment to not say ECDSA) into the file? It makes the diff easier to read. |
8735378
to
d9a83e3
Compare
Yes, I think we should change the prefix to |
cccdb80
to
afebc54
Compare
Updated |
We can't use the same SecretKey operations for schnorr secret key. (ie |
Ah, good catch. I'd forgotten about the keypair API. You're right that we cannot use normal secret keys with the schnorrsig module, at least not without nasty surprises for users. I think the best thing is to replicate the upstream API ... which does mean that you can't tweak secret keys without also tweaking the public ones. The only alternative is that the user keep track of y-parity themselves and this is too fragile and "hand-rolled crypto"-y for this library. |
So @Tibo-lg sorry to jerk you around again, but I think we need to back out the Please don't feel obligated to finish this PR btw -- if you drop it, I can pick it up when I find a free moment (though this may not be for a little while). |
34aad13
to
5ba9d5f
Compare
@apoelstra I don't mind updating the PR if you don't mind reviewing it :) I removed the I also added |
IMO we should only expose the XOnlyPublicKey here, but you can internally convert back and forth between the puckeys where needed, so it will look something like: secp256k1_xonly_pubkey_tweak_add(ctx, &out_pubkey, &xonlypubkey, &tweak);
secp256k1_xonly_pubkey_from_pubkey(ctx, &xonlypubkey, NULL, &out_pubkey) |
+1 to @elichai's suggestion, though I think it's reasonable to also expose a function for the user to expose conversion functions, with the understanding that ordinary pubkeys are not useful for any other part of the schnorr API. Also, I hope we don't wind up converting from xonly to regular anywhere internally, since that's expensive. |
we shouldn't, only the opposite (from pubkey to xonly), which is cheap |
5ba9d5f
to
09b0456
Compare
@elichai Thanks for the suggestion. I added
I added |
|
||
impl XOnlyPublicKey { | ||
/// Create a new (zeroed) x-only public key usable for the FFI interface | ||
pub fn new() -> XOnlyPublicKey { XOnlyPublicKey([0; 64]) } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We shouldn't have this function, as it creates an invalid public key which will trigger assertation failures in upstream.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll fix this in a followup commit/PR. It's a bit subtle because we do need (temporarily) uninitialized values to use the FFI interface.
impl XOnlyPublicKey { | ||
/// Create a new (zeroed) x-only public key usable for the FFI interface | ||
pub fn new() -> XOnlyPublicKey { XOnlyPublicKey([0; 64]) } | ||
pub fn from_array(data: [c_uchar; 64]) -> XOnlyPublicKey { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should rename this to from_array_unchecked
for similar reasons.
msg32: *const c_uchar, | ||
keypair: *const KeyPair, | ||
noncefp: SchnorrNonceFn, | ||
noncedata: *const c_void |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
upstream this is a *mut c_void
&mut self, | ||
secp: &Secp256k1<C>, | ||
tweak: &[u8], | ||
) -> Result<(), Error> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should return the parity as a bool rather than returning ()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ack 0c937d0
Will address nits in a followup PR.
As BIP 340 support was merged in bitcoin core and that I had a branch of rust-secp256k1 with BIP 340 support I thought maybe now was a good time to try to get it merged.
Changes:
secp256k1-sys
to add Schnorr and extra keys modules, as well as the bindings for the related functionsschnorrsig
module in therust-secp256k1
One thing I am unsure is whether types from the extra keys module should be used into the public interfaces (x-only pubkeys and keypairs). For now I implemented to just use
PublicKey
andSecretKey
in public interface, but I can change it.