Bitcoin Core 29.99.0
P2P Digital Currency
ellswift.c
Go to the documentation of this file.
1/*************************************************************************
2 * Written in 2024 by Sebastian Falbesoner *
3 * To the extent possible under law, the author(s) have dedicated all *
4 * copyright and related and neighboring rights to the software in this *
5 * file to the public domain worldwide. This software is distributed *
6 * without any warranty. For the CC0 Public Domain Dedication, see *
7 * EXAMPLES_COPYING or https://creativecommons.org/publicdomain/zero/1.0 *
8 *************************************************************************/
9
15#include <stdio.h>
16#include <stdlib.h>
17#include <assert.h>
18#include <string.h>
19
20#include <secp256k1.h>
21#include <secp256k1_ellswift.h>
22
23#include "examples_util.h"
24
25int main(void) {
27 unsigned char randomize[32];
28 unsigned char auxrand1[32];
29 unsigned char auxrand2[32];
30 unsigned char seckey1[32];
31 unsigned char seckey2[32];
32 unsigned char ellswift_pubkey1[64];
33 unsigned char ellswift_pubkey2[64];
34 unsigned char shared_secret1[32];
35 unsigned char shared_secret2[32];
36 int return_val;
37
38 /* Create a secp256k1 context */
40 if (!fill_random(randomize, sizeof(randomize))) {
41 printf("Failed to generate randomness\n");
42 return EXIT_FAILURE;
43 }
44 /* Randomizing the context is recommended to protect against side-channel
45 * leakage. See `secp256k1_context_randomize` in secp256k1.h for more
46 * information about it. This should never fail. */
47 return_val = secp256k1_context_randomize(ctx, randomize);
48 assert(return_val);
49
50 /*** Generate secret keys ***/
51 if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) {
52 printf("Failed to generate randomness\n");
53 return EXIT_FAILURE;
54 }
55 /* If the secret key is zero or out of range (greater than secp256k1's
56 * order), we fail. Note that the probability of this occurring is negligible
57 * with a properly functioning random number generator. */
58 if (!secp256k1_ec_seckey_verify(ctx, seckey1) || !secp256k1_ec_seckey_verify(ctx, seckey2)) {
59 printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n");
60 return EXIT_FAILURE;
61 }
62
63 /* Generate ElligatorSwift public keys. This should never fail with valid context and
64 verified secret keys. Note that providing additional randomness (fourth parameter) is
65 optional, but recommended. */
66 if (!fill_random(auxrand1, sizeof(auxrand1)) || !fill_random(auxrand2, sizeof(auxrand2))) {
67 printf("Failed to generate randomness\n");
68 return EXIT_FAILURE;
69 }
70 return_val = secp256k1_ellswift_create(ctx, ellswift_pubkey1, seckey1, auxrand1);
71 assert(return_val);
72 return_val = secp256k1_ellswift_create(ctx, ellswift_pubkey2, seckey2, auxrand2);
73 assert(return_val);
74
75 /*** Create the shared secret on each side ***/
76
77 /* Perform x-only ECDH with seckey1 and ellswift_pubkey2. Should never fail
78 * with a verified seckey and valid pubkey. Note that both parties pass both
79 * EllSwift pubkeys in the same order; the pubkey of the calling party is
80 * determined by the "party" boolean (sixth parameter). */
81 return_val = secp256k1_ellswift_xdh(ctx, shared_secret1, ellswift_pubkey1, ellswift_pubkey2,
83 assert(return_val);
84
85 /* Perform x-only ECDH with seckey2 and ellswift_pubkey1. Should never fail
86 * with a verified seckey and valid pubkey. */
87 return_val = secp256k1_ellswift_xdh(ctx, shared_secret2, ellswift_pubkey1, ellswift_pubkey2,
89 assert(return_val);
90
91 /* Both parties should end up with the same shared secret */
92 return_val = memcmp(shared_secret1, shared_secret2, sizeof(shared_secret1));
93 assert(return_val == 0);
94
95 printf( " Secret Key1: ");
96 print_hex(seckey1, sizeof(seckey1));
97 printf( "EllSwift Pubkey1: ");
98 print_hex(ellswift_pubkey1, sizeof(ellswift_pubkey1));
99 printf("\n Secret Key2: ");
100 print_hex(seckey2, sizeof(seckey2));
101 printf( "EllSwift Pubkey2: ");
102 print_hex(ellswift_pubkey2, sizeof(ellswift_pubkey2));
103 printf("\n Shared Secret: ");
104 print_hex(shared_secret1, sizeof(shared_secret1));
105
106 /* This will clear everything from the context and free the memory */
108
109 /* It's best practice to try to clear secrets from memory after using them.
110 * This is done because some bugs can allow an attacker to leak memory, for
111 * example through "out of bounds" array access (see Heartbleed), or the OS
112 * swapping them to disk. Hence, we overwrite the secret key buffer with zeros.
113 *
114 * Here we are preventing these writes from being optimized out, as any good compiler
115 * will remove any writes that aren't used. */
116 secure_erase(seckey1, sizeof(seckey1));
117 secure_erase(seckey2, sizeof(seckey2));
118 secure_erase(shared_secret1, sizeof(shared_secret1));
119 secure_erase(shared_secret2, sizeof(shared_secret2));
120
121 return EXIT_SUCCESS;
122}
return EXIT_SUCCESS
int main(void)
This file demonstrates how to use the ElligatorSwift module to perform a key exchange according to BI...
Definition: ellswift.c:25
static int fill_random(unsigned char *data, size_t size)
Definition: examples_util.h:43
static void secure_erase(void *ptr, size_t len)
Definition: examples_util.h:86
static void print_hex(unsigned char *data, size_t size)
Definition: examples_util.h:72
void printf(FormatStringCheck< sizeof...(Args)> fmt, const Args &... args)
Format list of arguments to std::cout, according to the given format string.
Definition: tinyformat.h:1096
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:187
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Randomizes the context to provide enhanced protection against side-channel leakage.
Definition: secp256k1.c:747
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an elliptic curve secret key.
Definition: secp256k1.c:580
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:141
#define SECP256K1_CONTEXT_NONE
Context flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size,...
Definition: secp256k1.h:202
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ellswift_create(const secp256k1_context *ctx, unsigned char *ell64, const unsigned char *seckey32, const unsigned char *auxrnd32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute an ElligatorSwift public key for a secret key.
Definition: main_impl.h:450
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ellswift_xdh(const secp256k1_context *ctx, unsigned char *output, const unsigned char *ell_a64, const unsigned char *ell_b64, const unsigned char *seckey32, int party, secp256k1_ellswift_xdh_hash_function hashfp, void *data) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(7)
Given a private key, and ElligatorSwift public keys sent in both directions, compute a shared secret ...
Definition: main_impl.h:551
SECP256K1_API const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_bip324
An implementation of an secp256k1_ellswift_xdh_hash_function compatible with BIP324.
assert(!tx.IsCoinBase())