-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Schnorr sign-to-contract and anti-exfil #1140
base: master
Are you sure you want to change the base?
Commits on Jul 11, 2023
-
The files are copied from: - https://github.com/ElementsProject/secp256k1-zkp/blob/d22774e248c703a191049b78f8d04f37d6fcfa05/src/eccommit.h - https://github.com/ElementsProject/secp256k1-zkp/blob/d22774e248c703a191049b78f8d04f37d6fcfa05/src/eccommit_impl.h The test is copied from: https://github.com/ElementsProject/secp256k1-zkp/blob/d22774e248c703a191049b78f8d04f37d6fcfa05/src/tests.c#L3755 Originally introduced in: BlockstreamResearch/secp256k1-zkp@826bd04, where it was used to implement sign-to-contract for ECDSA. Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com> Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 4ae2cd5 - Browse repository at this point
Copy the full SHA 4ae2cd5View commit details -
add schnorr sign-to-contract opening with parse/ serialize functions
Adapted from bitcoin-core#589. Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 999c82f - Browse repository at this point
Copy the full SHA 999c82fView commit details
Commits on Jul 29, 2023
-
allow creating and verifying Schnorr sign-to-contract commitments
Adapted from bitcoin-core#589. The data is hashed using a tagged hash with the "s2c/schnorr/data" tag, which is consistent with the data hashing done in the ECDSA version of sign-to-contract (in ElementsProject/secp256k1-zkp), where the "s2c/ecdsa/data" tag is used. Similarly, the tweak hash tag is "s2c/schnorr/point". Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for a8c192d - Browse repository at this point
Copy the full SHA a8c192dView commit details -
add Schnorr anti-exfil functions
These functions allow to perform the anti-exfil protocol. It is very similar to the implementation of the same protocol for ECDSA in ElementsProject/secp256k1-zkp. The opening struct can't be use in `secp256k1_schnorrsig_anti_exfil_signer_commit()` as it contains the ``nonce_is_negated` field, which can only be set correctly during signing with s2c data. As a result, we must use the opening in the commitment verification, so we also must check that the signer commitment is the same as the one used during signing. The alternative is to only compare the x-coordinate, in which case the opening struct could skip `nonce_is_negated` and the struct could be reused in `secp256k1_schnorrsig_anti_exfil_signer_commit()`, but it seems to have a downside that it would prevent batch-verification of the commitments.
Configuration menu - View commit details
-
Copy full SHA for 82557b4 - Browse repository at this point
Copy the full SHA 82557b4View commit details -
use the magic in the schnorrsig extraparams struct for versioning
This ensures compatibility in that it makes sure that the `secp256k1_schnorrsig_sign_custom()` works for users using an older version of the headers but linking against a newer version of the library.
Configuration menu - View commit details
-
Copy full SHA for e6978c4 - Browse repository at this point
Copy the full SHA e6978c4View commit details