Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MuSig2: Catch up to 0.4.0 #1865

Merged
merged 11 commits into from Aug 11, 2022
Merged

MuSig2: Catch up to 0.4.0 #1865

merged 11 commits into from Aug 11, 2022

Conversation

sputn1ck
Copy link
Collaborator

@sputn1ck sputn1ck commented Jun 24, 2022
edited

This PR fixes nonce generation to include XORing the passed secret key with the random bytes. (see: https://github.com/jonasnick/bips/blob/musig2/bip-musig2.mediawiki#nonce-generation-1)

Additionally I updated the nonce generation to 0.3.0 and added the testcases
(https://github.com/jonasnick/bips/blob/musig2/bip-musig2.mediawiki#Change_Log)
(jonasnick/bips@f421692)

I'm currently in the progress of catching up to 0.4.0

  • 0.3.0: Hash i - 1 instead of i in NonceGen
  • 0.3.1: Add NonceGen test vectors
  • 0.3.2: Add a lot of test vectors and improve handling of invalid contributions in reference code.
    • Aggregate Keys testvectors
    • Aggregate Nonces testvectores
    • Sign testvectors
    • Partial Sign testvectors
    • Sig Agg testvectors
  • 0.4.0: Allow the output of NonceAgg to be infinity and add test vectors

@Roasbeef Roasbeef mentioned this pull request Jun 24, 2022
Closed
@sputn1ck sputn1ck force-pushed the musig2_0.3.0 branch 2 times, most recently from 1a73614 to a862f9b Compare June 27, 2022 21:59
@sputn1ck sputn1ck changed the title MuSig2: Fix nonce generation and update to 0.3.0 MuSig2: Catch up to 0.4.0 Jun 27, 2022
Roasbeef
Roasbeef requested changes Jun 30, 2022
View reviewed changes
Copy link
Member

@Roasbeef Roasbeef left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work! Happy to see there weren't any fundamental correctness issues discovered with the addition of the new test vectors.

Completed an initial pass, mainly some style comments, and also some suggestions to elevate the utility functions added to the top-level module. This'll allow us to de-dup common routines like parsing a point into jacobian coords across a few of our projects.

btcec/schnorr/musig2/nonces.go Outdated Show resolved Hide resolved
btcec/schnorr/musig2/musig2_test.go Outdated Show resolved Hide resolved
btcec/schnorr/musig2/keys.go Show resolved Hide resolved
btcec/schnorr/musig2/musig2_test.go Outdated Show resolved Hide resolved
btcec/schnorr/musig2/musig2_test.go Outdated Show resolved Hide resolved
btcec/schnorr/musig2/nonces.go Outdated Show resolved Hide resolved
btcec/schnorr/musig2/nonces.go Outdated Show resolved Hide resolved
btcec/schnorr/musig2/nonces.go Outdated Show resolved Hide resolved
btcec/schnorr/musig2/sign.go Outdated Show resolved Hide resolved
btcec/schnorr/musig2/musig2_test.go Show resolved Hide resolved
@coveralls
Copy link

coveralls commented Jul 15, 2022
edited

Pull Request Test Coverage Report for Build 2822779180

  • 108 of 119 (90.76%) changed or added relevant lines in 6 files are covered.
  • 18 unchanged lines in 4 files lost coverage.
  • Overall coverage increased (+0.09%) to 55.127%
Changes Missing Coverage Covered Lines Changed/Added Lines %
btcec/error.go 0 3 0.0%
btcec/curve.go 28 32 87.5%
btcec/schnorr/musig2/sign.go 40 44 90.91%
Files with Coverage Reduction New Missed Lines %
btcutil/gcs/gcs.go 1 81.25%
connmgr/connmanager.go 2 86.07%
txscript/taproot.go 2 95.93%
peer/peer.go 13 73.2%
Totals Coverage Status
Change from base Build 2456385554: 0.09%
Covered Lines: 26516
Relevant Lines: 48100
💛 - Coveralls

@Roasbeef
Copy link
Member

Bump.

@sputn1ck sputn1ck force-pushed the musig2_0.3.0 branch 3 times, most recently from d7acd5d to cb1d4b5 Compare July 29, 2022 09:25
@sputn1ck
Copy link
Collaborator Author

Added the requested changes, however I'm unsure re continue on error vs return

Roasbeef
Roasbeef reviewed Aug 2, 2022
View reviewed changes
Copy link
Member

@Roasbeef Roasbeef left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Latest changes are looking really good! Just a few minor comments

btcec/btcec.go Show resolved Hide resolved
btcec/schnorr/musig2/keys.go Show resolved Hide resolved
btcec/schnorr/musig2/musig2_test.go Outdated Show resolved Hide resolved
btcec/schnorr/musig2/musig2_test.go
return nil, err
}

var nonce, r1J, r2J btcec.JacobianPoint
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean reducing duplication by moving some of the above into a new routine, so we can use it elsewhere. Don't consider it a blocker though, IIRC there's an existing TODO lingering around somewhere for it

btcec/curve.go Outdated Show resolved Hide resolved
btcec/curve.go Outdated Show resolved Hide resolved
btcec/schnorr/musig2/nonces.go Outdated
)

nonceJ, err := btcec.ParseJacobian(
slicer(pubNonceBytes))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it can fit all one the next line? If not, the closing paren here should be on a new line

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be 81 chars

@Roasbeef
Copy link
Member

Roasbeef commented Aug 2, 2022

cc @guggero

guggero
guggero reviewed Aug 3, 2022
View reviewed changes
Copy link
Collaborator

@guggero guggero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice PR! Just a few minor comments, mostly style nits.

btcec/schnorr/musig2/nonces.go Outdated Show resolved Hide resolved
btcec/schnorr/musig2/nonces.go Outdated Show resolved Hide resolved
btcec/schnorr/musig2/musig2_test.go Show resolved Hide resolved
btcec/schnorr/musig2/musig2_test.go Show resolved Hide resolved
btcec/schnorr/musig2/nonces.go Outdated Show resolved Hide resolved
btcec/schnorr/musig2/musig2_test.go Outdated Show resolved Hide resolved
btcec/schnorr/musig2/musig2_test.go Show resolved Hide resolved
btcec/schnorr/musig2/musig2_test.go Outdated Show resolved Hide resolved
btcec/curve.go Outdated Show resolved Hide resolved
btcec/curve.go Show resolved Hide resolved
@sputn1ck
btcec/schnorr/musig2: XOR rand with secret key
3376655 
This commit XORs the secret key (if a secret key is specified)
with the random bytes as per MuSig2 Spec
(https://github.com/jonasnick/bips/blob/musig2/bip-musig2.mediawiki#nonce-generation-1)
@sputn1ck
btcec/schnorr/musig2: Update to MuSig 0.3.0
4ad819e 
This commit changes the i's in GenNonces to 0 and 1 as per
https://github.com/jonasnick/bips/blob/musig2/bip-musig2.mediawiki#change-log
0.3
@sputn1ck
btcec/schnorr/musig2: Add nonce generation testcases
478a2f7 
This commit adds the testcases specified under version 0.3.1 from
https://github.com/jonasnick/bips/blob/musig2/bip-musig2.mediawiki#change-log

and the fixes from
jonasnick/bips@79438fd
@sputn1ck
btcec/schnorr/musig2: Add AggregateKeys testvectors
1b85a60 
This commit adds the testvectors from
jonasnick/bips@20f60b0
to the testcases
@sputn1ck
btcec/schnorr/musig2: Add AggregateNonce testvectors
8b59e7a 
This commit adds the testvectors from
jonasnick/bips@0ec2aef
to the testcases
@sputn1ck
btcec/schnorr/musig2: Add Sign test vectors
53f47d6 
This commit adds the testvectors from
jonasnick/bips@4c06f31
to the testcases
@sputn1ck
btcec/schnorr/musig2: Throw error on invalid partial sig
85356e8
@sputn1ck
btcec/schnorr/musig2: Add PartialSigVerify testvectors
5e96007 
Adds testvectors from
jonasnick/bips@ebb6a74
and
jonasnick/bips@6788ee5
@sputn1ck
btcec/schnorr/musig2: Add CombineSig testvectors
4b2fe9f 
This commit adds the testvectors from
jonasnick/bips@cdc3520
@sputn1ck
Copy link
Collaborator Author

sputn1ck commented Aug 4, 2022

Pushed the requested changes from @Roasbeef and @guggero

Roasbeef
Roasbeef approved these changes Aug 9, 2022
View reviewed changes
Copy link
Member

@Roasbeef Roasbeef left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🌺

@sputn1ck
btcec/schnorr/musig2: Allow infinity nonces
44eb8c6 
This commit updates the musig2 module to allow
infinity nonces, as per Musig2 0.4.0.
@sputn1ck
btcec/schnorr/musig2: add infinity testvectors
06ce960 
This commit adds the testvectors from
jonasnick/bips@20ba031
@Roasbeef Roasbeef merged commit da4b534 into btcsuite:master Aug 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Roasbeef Roasbeef Roasbeef requested changes

@guggero guggero guggero approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@sputn1ck @coveralls @Roasbeef @guggero