Re-arrange functionality to make ECDSA and Schnorr equal-ish citizens #327
Conversation
thomaseizinger
force-pushed
the
ecdsa-schnorr
branch
from
c9f0034
to
c88dedf
Compare
|
I had an idea that might make review easier: I could move all tests to |
thomaseizinger
force-pushed
the
ecdsa-schnorr
branch
2 times, most recently
from
0c4854a
to
c7c21be
Compare
|
Hm, yeah, in fact we should do something like this in upstream... But don't assume it will happen, so I'm indifferent to the changes here. The resulting structure is certainly more natural but also not so aligned with upstream, which may make it harder to maintain. One comment: I really prefer "schnorrsig" instead of "schnorr". Schnorr is not a signature scheme but a living human being. |
|
Thanks for the feedback!
I think aligning -sys with upstream makes sense. Everything on top should IMO be as Rust idiomatic as possible and hide underlying details / structures.
I agree with your reasoning. The question is, do the modules necessarily have to be named after the scheme or is it good enough (maybe better) to find a name that acts as an unambiguous and clear qualifier? Bear in mind that the whole point of this is to allow users to import the module and qualify the types inside:
I prefer the first one out of these two. |
In this special case, I do prefer the first one. But this is a somewhat extreme case. In general, I prefer |
|
I would be okay with the module being named |
|
Just did a PR doing the same: #329. I concept ACK this PR and the fact that I independently proposed the same API proves that these changes are intuitive and required. |
+1 . Concept ACK, will review this in the near future. |
src/lib.rs
Outdated
| @@ -772,7 +492,18 @@ impl<C: Signing> Secp256k1<C> { | |||
| /// signature implementation of bitcoin core. In average, this function | |||
| /// will perform two signing operations. | |||
| /// Requires a signing capable context. | |||
| pub fn sign_low_r(&self, msg: &Message, sk: &key::SecretKey) -> Signature { | |||
| #[deprecated(since = "0.21.0", note = "Use sign_ecdsa_grind_r instead.")] | |||
There was a problem hiding this comment.
I don't understand grinding APIs well. But this should be Use sign_ecdsa_sign_low instead
There was a problem hiding this comment.
Ups totally! This is a copy-paste error 😅
src/lib.rs
Outdated
| pub fn sign_low_r(&self, msg: &Message, sk: &key::SecretKey) -> Signature { | ||
| #[deprecated(since = "0.21.0", note = "Use sign_ecdsa_grind_r instead.")] | ||
| pub fn sign_low_r(&self, msg: &Message, sk: &SecretKey) -> ecdsa::Signature { | ||
| return self.sign_grind_with_check(msg, sk, compact_sig_has_zero_first_bit) |
There was a problem hiding this comment.
nit: Even though the implementation is the same, using self.sign_ecdsa_low_r makes for easier review
There was a problem hiding this comment.
Also a copy paste error, thanks for spotting it! :)
|
Can someone of maintainer review this PR pls? |
There was a problem hiding this comment.
I think the refactor looks nice, though maybe I feel like putting everything into the key module makes it not so clear that PublicKey is meant to be used for ECDSA while KeyPair and XOnlyPublicKey are meant to be used for Schnorr signatures. Could be worth at least emphasizing this in the docs for PublicKey and KeyPair (XOnlyPublicKey already mentions it).
Also, maybe it's not a valid concern, but if at some point we wanted to make either ECDSA or Schnorr sig optional it would make things a bit more tedious than if the types were in separated modules.
Otherwise just had two tiny nits.
I think I agree but I wanted to limit this PR to not-so-controversial changes because it is already big enough ! If we can get this in, then I think it will be much easier to send smaller follow-up PRs that make the situation even better :)
It might be worth it to create two submodules under |
SGTM.
I guess a point could be made that the keys are not tight to the signature scheme per se. I don't have that strong of an opinion tbh and if my concern is unfounded I'll be happy with everything under |
|
Happy to merge this today, but it needs a rebase. |
I will only be able to do this from the 9th as I am currently on vacation without a computer. Will rebase once I am back! |
|
Also, great news! I am excited for this to get merged :) |
src/schnorr.rs
Outdated
| @@ -7,13 +7,12 @@ use rand::thread_rng; | |||
| #[cfg(any(test, feature = "rand"))] | |||
| use rand::{CryptoRng, Rng}; | |||
|
|
|||
| use super::Error::{InvalidPublicKey, InvalidSecretKey, InvalidSignature}; | |||
| use super::Error::InvalidSignature; | |||
There was a problem hiding this comment.
I believe better name for this file is bip340, since (a) we need a name of the signing scheme like ECDSA, and the scheme is defined in BIP-340 by P.Wuille (using Schnorr algorithm) and not by Schnorr
There was a problem hiding this comment.
Just FYI, but there was a similar discussion at the time of adding the schnorr module and it was decided to use the same name as upstream at the end: #237 (comment)
It was also decided to use schnorrsig instead of schnorr: #237 (comment)
(I don't personally have a strong opinion)
We re-export all structs residing in that module. There is no reason to expose the internal module structure of the library publicly.
Tests are usually placed next to the code they are testing. As such, importing `super::*` is a good starting point.
thomaseizinger
dismissed stale reviews from apoelstra and sanket1729
via
7eceb18
thomaseizinger
force-pushed
the
ecdsa-schnorr
branch
from
975c212
to
7eceb18
Compare
With the introduction of Schnorr signatures, exporting a `Signature` type without any further qualification is ambiguous. To minimize the ambiguity, the `ecdsa` module is public which should encourage users to refer to its types as `ecdsa::Signature` and `ecdsa::SerializedSignature`. To reduce ambiguity in the APIs on `Secp256k1`, we deprecate several fucntions and introduce new variants that explicitly mention the use of the ECDSA signature algorithm. Due to the move of `Signature` and `SerializedSignature` to a new module, this patch is a breaking change. The impact is minimal though and fixing the compile errors encourages a qualified naming of the type.
The `KeyPair` type is semantically unrelated to the schnorr signature algorithm.
The public key is unrelated to the signature algorithm. It will be moved out of the module in another commit. For ease of review, the renamed is kept separate.
Schnorr is commenly known as a signature algorithm, we don't need to restate that in the name of the module.
The naming scheme we employ is `{sign,verify, ...}_{ecdsa,schnorr}`.
This is not C89. We can declare the more important things first.
thomaseizinger
force-pushed
the
ecdsa-schnorr
branch
from
7eceb18
to
d244b4d
Compare
|
@dr-orlovsky @Tibo-lg Nits have been addressed as part of rebase. |
|
|
||
| /// Constructs a signature for `msg` using the secret key `sk`, RFC6979 nonce | ||
| /// and "grinds" the nonce by passing extra entropy if necessary to produce | ||
| /// a signature that is less than 71 - bytes_to_grund bytes. The number |
There was a problem hiding this comment.
Not introduced by this PR but there is a typo here, I think this should be 'bytes_to_grind' not 'grund'. There are two occurrences of 'grund' in this file.
There was a problem hiding this comment.
To avoid having to get re-ACKs, I propose this to be patched in a follow-up PR.
This patch-set tries to re-structure the library a bit. What we currently have seems to have been mostly driven by historical growth. For example, with the addition of Schnorr signatures, just exposing
secp256k1::Signatureis ambiguous.This PR only contains renames and moving around of code. I've tried to structure the patches in such a way that makes this reasonably easy to review. Feedback welcome!