Add bip340 schnorr #237
Add bip340 schnorr #237
Conversation
Tibo-lg
force-pushed
the
add-bip340-schnorr
branch
6 times, most recently
from
a0f1800
to
61b3017
Compare
|
I think we should have a discussion on what API do we want to use here and how. Maybe we can schedule an IRC call on this sometime? @apoelstra @real-or-random |
|
I'm happy to add separate type if that's what you think it's best (and if you're ok with it). I tried to keep it minimal for now. But that kind of feedback is really helpful as I'm maintaining a separate branch for DLC things and the less I diverge from mainstream the easier it is to maintain. Anyway keep me updated! |
Tibo-lg
force-pushed
the
add-bip340-schnorr
branch
3 times, most recently
from
2a60595
to
7923629
Compare
|
Updated to add |
src/schnorrsig.rs
Outdated
|
|
||
| /// A Secp256k1 public key, used for verification of signatures | ||
| #[derive(Copy, Clone, PartialEq, Eq, Debug, PartialOrd, Ord, Hash)] | ||
| pub struct SchnorrPublicKey(ffi::XOnlyPublicKey); |
There was a problem hiding this comment.
This can just be called PublicKey, it's already in the bip340 module, so users can refer to it as bip340::PublicKey
| @@ -169,6 +169,7 @@ mod context; | |||
| pub mod constants; | |||
| pub mod ecdh; | |||
| pub mod key; | |||
| pub mod schnorrsig; | |||
There was a problem hiding this comment.
I'd like the module to be called bip340 rather than Schnorr. Both as a dig at Schnorr for patenting things, and also to be clear that this is a specific Schnorr-based signature scheme specified in BIP340.
There was a problem hiding this comment.
Schnorr has been removed from this module :). Only mentions left are in the sys module as the method calls of secp use it.
|
+1 to having a separate |
src/schnorrsig.rs
Outdated
| use {Message, Signing}; | ||
|
|
||
| /// Represents a schnorr signature. | ||
| pub struct SchnorrSignature([u8; constants::SCHNORR_SIGNATURE_SIZE]); |
There was a problem hiding this comment.
Similarly we can drop the prefix from this type
Tibo-lg
force-pushed
the
add-bip340-schnorr
branch
2 times, most recently
from
bb3c4fe
to
1eaf097
Compare
Also wanted to mention a couple of things I haven't handled:
|
|
I think it's fine to macro-ize the serde stuff. Can you use the same macro to impl serde on the As for the secret key stuff, it'd be better to move the code into a new |
|
I think bip340 is fine but it may be a good idea to use the same module names as upstream. |
Tibo-lg
force-pushed
the
add-bip340-schnorr
branch
4 times, most recently
from
2f99f09
to
8735378
Compare
I couldn't use the same one as
Done. That's neat didn't know about this feature. Pipeline is failing now but AFAICT it seems to be some issue with rustup installation of nightly version. |
| pub fn secp256k1_ec_pubkey_tweak_add(cx: *const Context, | ||
| pk: *mut PublicKey, | ||
| tweak: *const c_uchar) | ||
| -> c_int; | ||
|
|
||
| #[deprecated(since = "0.2.0",note = "Please use the secp256k1_ec_seckey_tweak_mul function instead")] |
There was a problem hiding this comment.
Did you change this on purpose?
There was a problem hiding this comment.
Sorry not sure what I've done there, fixed.
|
@Tibo-lg can you change the first commit to include all the 0_2_0→0_2_1 mappings in the .rs files? otherwise it doesn't build. |
|
Can you also reduce the indentation level in (I guess, update the comment to not say ECDSA) into the file? It makes the diff easier to read. |
Tibo-lg
force-pushed
the
add-bip340-schnorr
branch
from
8735378
to
d9a83e3
Compare
|
Yes, I think we should change the prefix to |
Tibo-lg
force-pushed
the
add-bip340-schnorr
branch
2 times, most recently
from
cccdb80
to
afebc54
Compare
Updated |
|
We can't use the same SecretKey operations for schnorr secret key. (ie |
|
Ah, good catch. I'd forgotten about the keypair API. You're right that we cannot use normal secret keys with the schnorrsig module, at least not without nasty surprises for users. I think the best thing is to replicate the upstream API ... which does mean that you can't tweak secret keys without also tweaking the public ones. The only alternative is that the user keep track of y-parity themselves and this is too fragile and "hand-rolled crypto"-y for this library. |
|
So @Tibo-lg sorry to jerk you around again, but I think we need to back out the Please don't feel obligated to finish this PR btw -- if you drop it, I can pick it up when I find a free moment (though this may not be for a little while). |
Tibo-lg
force-pushed
the
add-bip340-schnorr
branch
2 times, most recently
from
34aad13
to
5ba9d5f
Compare
|
@apoelstra I don't mind updating the PR if you don't mind reviewing it :) I removed the I also added |
IMO we should only expose the XOnlyPublicKey here, but you can internally convert back and forth between the puckeys where needed, so it will look something like: secp256k1_xonly_pubkey_tweak_add(ctx, &out_pubkey, &xonlypubkey, &tweak);
secp256k1_xonly_pubkey_from_pubkey(ctx, &xonlypubkey, NULL, &out_pubkey) |
|
+1 to @elichai's suggestion, though I think it's reasonable to also expose a function for the user to expose conversion functions, with the understanding that ordinary pubkeys are not useful for any other part of the schnorr API. Also, I hope we don't wind up converting from xonly to regular anywhere internally, since that's expensive. |
we shouldn't, only the opposite (from pubkey to xonly), which is cheap |
Tibo-lg
force-pushed
the
add-bip340-schnorr
branch
from
5ba9d5f
to
09b0456
Compare
|
@elichai Thanks for the suggestion. I added
I added |
|
|
||
| impl XOnlyPublicKey { | ||
| /// Create a new (zeroed) x-only public key usable for the FFI interface | ||
| pub fn new() -> XOnlyPublicKey { XOnlyPublicKey([0; 64]) } |
There was a problem hiding this comment.
We shouldn't have this function, as it creates an invalid public key which will trigger assertation failures in upstream.
There was a problem hiding this comment.
I'll fix this in a followup commit/PR. It's a bit subtle because we do need (temporarily) uninitialized values to use the FFI interface.
| impl XOnlyPublicKey { | ||
| /// Create a new (zeroed) x-only public key usable for the FFI interface | ||
| pub fn new() -> XOnlyPublicKey { XOnlyPublicKey([0; 64]) } | ||
| pub fn from_array(data: [c_uchar; 64]) -> XOnlyPublicKey { |
There was a problem hiding this comment.
We should rename this to from_array_unchecked for similar reasons.
| msg32: *const c_uchar, | ||
| keypair: *const KeyPair, | ||
| noncefp: SchnorrNonceFn, | ||
| noncedata: *const c_void |
There was a problem hiding this comment.
upstream this is a *mut c_void
| &mut self, | ||
| secp: &Secp256k1<C>, | ||
| tweak: &[u8], | ||
| ) -> Result<(), Error> { |
There was a problem hiding this comment.
This should return the parity as a bool rather than returning ()
As BIP 340 support was merged in bitcoin core and that I had a branch of rust-secp256k1 with BIP 340 support I thought maybe now was a good time to try to get it merged.
Changes:
secp256k1-systo add Schnorr and extra keys modules, as well as the bindings for the related functionsschnorrsigmodule in therust-secp256k1One thing I am unsure is whether types from the extra keys module should be used into the public interfaces (x-only pubkeys and keypairs). For now I implemented to just use
PublicKeyandSecretKeyin public interface, but I can change it.