Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Schnorr sign-to-contract and anti-exfil #1140

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Schnorr sign-to-contract and anti-exfil #1140

wants to merge 5 commits into from

Commits on Jul 11, 2023

  1. add eccommit functionality 

    The files are copied from:

- https://github.com/ElementsProject/secp256k1-zkp/blob/d22774e248c703a191049b78f8d04f37d6fcfa05/src/eccommit.h
- https://github.com/ElementsProject/secp256k1-zkp/blob/d22774e248c703a191049b78f8d04f37d6fcfa05/src/eccommit_impl.h

The test is copied from:

https://github.com/ElementsProject/secp256k1-zkp/blob/d22774e248c703a191049b78f8d04f37d6fcfa05/src/tests.c#L3755

Originally introduced in:
BlockstreamResearch/secp256k1-zkp@826bd04,
where it was used to implement sign-to-contract for ECDSA.

Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com>
Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
    @apoelstra @benma @jonasnick
    3 people committed Jul 11, 2023
    Configuration menu
    Copy the full SHA
    4ae2cd5 View commit details
    Browse the repository at this point in the history

  2. add schnorr sign-to-contract opening with parse/ serialize functions 

    Adapted from bitcoin-core#589.

Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com>
    @jonasnick @benma
    jonasnick and benma committed Jul 11, 2023
    Configuration menu
    Copy the full SHA
    999c82f View commit details
    Browse the repository at this point in the history

Commits on Jul 29, 2023

  1. allow creating and verifying Schnorr sign-to-contract commitments 

    Adapted from bitcoin-core#589.

The data is hashed using a tagged hash with the "s2c/schnorr/data"
tag, which is consistent with the data hashing done in the ECDSA
version of sign-to-contract (in ElementsProject/secp256k1-zkp), where
the "s2c/ecdsa/data" tag is used. Similarly, the tweak hash tag is
"s2c/schnorr/point".

Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
    @benma @jonasnick
    benma and jonasnick committed Jul 29, 2023
    Configuration menu
    Copy the full SHA
    a8c192d View commit details
    Browse the repository at this point in the history

  2. add Schnorr anti-exfil functions 

    These functions allow to perform the anti-exfil protocol. It is very
similar to the implementation of the same protocol for ECDSA in
ElementsProject/secp256k1-zkp.

The opening struct can't be use in
`secp256k1_schnorrsig_anti_exfil_signer_commit()` as it contains the
``nonce_is_negated` field, which can only be set correctly during
signing with s2c data. As a result, we must use the opening in the
commitment verification, so we also must check that the signer
commitment is the same as the one used during signing. The alternative
is to only compare the x-coordinate, in which case the opening struct
could skip `nonce_is_negated` and the struct could be reused in
`secp256k1_schnorrsig_anti_exfil_signer_commit()`, but it seems to
have a downside that it would prevent batch-verification of the
commitments.
    @benma
    benma committed Jul 29, 2023
    Configuration menu
    Copy the full SHA
    82557b4 View commit details
    Browse the repository at this point in the history

  3. use the magic in the schnorrsig extraparams struct for versioning 

    This ensures compatibility in that it makes sure that the
`secp256k1_schnorrsig_sign_custom()` works for users using an older
version of the headers but linking against a newer version of the
library.
    @benma
    benma committed Jul 29, 2023
    Configuration menu
    Copy the full SHA
    e6978c4 View commit details
    Browse the repository at this point in the history