 |
Bitcoin Core 28.99.0
P2P Digital Currency
|
|
Bitcoin Core 28.99.0
P2P Digital Currency
|
#include <string.h>#include "keyagg.h"#include "../../eckey.h"#include "../../ecmult.h"#include "../../field.h"#include "../../group.h"#include "../../hash.h"#include "../../util.h"Go to the source code of this file.
Classes | |
| struct | secp256k1_musig_pubkey_agg_ecmult_data |
Functions | |
| static void | secp256k1_keyagg_cache_save (secp256k1_musig_keyagg_cache *cache, const secp256k1_keyagg_cache_internal *cache_i) |
| static int | secp256k1_keyagg_cache_load (const secp256k1_context *ctx, secp256k1_keyagg_cache_internal *cache_i, const secp256k1_musig_keyagg_cache *cache) |
| static void | secp256k1_musig_keyagglist_sha256 (secp256k1_sha256 *sha) |
| static int | secp256k1_musig_compute_pks_hash (const secp256k1_context *ctx, unsigned char *pks_hash, const secp256k1_pubkey *const *pks, size_t np) |
| static void | secp256k1_musig_keyaggcoef_sha256 (secp256k1_sha256 *sha) |
| static void | secp256k1_musig_keyaggcoef_internal (secp256k1_scalar *r, const unsigned char *pks_hash, secp256k1_ge *pk, const secp256k1_ge *second_pk) |
| static void | secp256k1_musig_keyaggcoef (secp256k1_scalar *r, const secp256k1_keyagg_cache_internal *cache_i, secp256k1_ge *pk) |
| static int | secp256k1_musig_pubkey_agg_callback (secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *data) |
| int | secp256k1_musig_pubkey_agg (const secp256k1_context *ctx, secp256k1_xonly_pubkey *agg_pk, secp256k1_musig_keyagg_cache *keyagg_cache, const secp256k1_pubkey *const *pubkeys, size_t n_pubkeys) |
| Computes an aggregate public key and uses it to initialize a keyagg_cache. More... | |
| int | secp256k1_musig_pubkey_get (const secp256k1_context *ctx, secp256k1_pubkey *agg_pk, const secp256k1_musig_keyagg_cache *keyagg_cache) |
| Obtain the aggregate public key from a keyagg_cache. More... | |
| static int | secp256k1_musig_pubkey_tweak_add_internal (const secp256k1_context *ctx, secp256k1_pubkey *output_pubkey, secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32, int xonly) |
| int | secp256k1_musig_pubkey_ec_tweak_add (const secp256k1_context *ctx, secp256k1_pubkey *output_pubkey, secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32) |
Apply plain "EC" tweaking to a public key in a given keyagg_cache by adding the generator multiplied with tweak32 to it. More... | |
| int | secp256k1_musig_pubkey_xonly_tweak_add (const secp256k1_context *ctx, secp256k1_pubkey *output_pubkey, secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32) |
Apply x-only tweaking to a public key in a given keyagg_cache by adding the generator multiplied with tweak32 to it. More... | |
Variables | |
| static const unsigned char | secp256k1_musig_keyagg_cache_magic [4] = { 0xf4, 0xad, 0xbb, 0xdf } |
|
static |
Definition at line 46 of file keyagg_impl.h.
|
static |
Definition at line 31 of file keyagg_impl.h.
|
static |
Definition at line 79 of file keyagg_impl.h.
|
static |
|
static |
Definition at line 118 of file keyagg_impl.h.
|
static |
Definition at line 99 of file keyagg_impl.h.
|
static |
Definition at line 64 of file keyagg_impl.h.
| int secp256k1_musig_pubkey_agg | ( | const secp256k1_context * | ctx, |
| secp256k1_xonly_pubkey * | agg_pk, | ||
| secp256k1_musig_keyagg_cache * | keyagg_cache, | ||
| const secp256k1_pubkey *const * | pubkeys, | ||
| size_t | n_pubkeys | ||
| ) |
Computes an aggregate public key and uses it to initialize a keyagg_cache.
Different orders of pubkeys result in different agg_pks.
Before aggregating, the pubkeys can be sorted with secp256k1_ec_pubkey_sort which ensures the same agg_pk result for the same multiset of pubkeys. This is useful to do before pubkey_agg, such that the order of pubkeys does not affect the aggregate public key.
Returns: 0 if the arguments are invalid, 1 otherwise Args: ctx: pointer to a context object Out: agg_pk: the MuSig-aggregated x-only public key. If you do not need it, this arg can be NULL. keyagg_cache: if non-NULL, pointer to a musig_keyagg_cache struct that is required for signing (or observing the signing session and verifying partial signatures). In: pubkeys: input array of pointers to public keys to aggregate. The order is important; a different order will result in a different aggregate public key. n_pubkeys: length of pubkeys array. Must be greater than 0.
Definition at line 175 of file keyagg_impl.h.
|
static |
Definition at line 160 of file keyagg_impl.h.
| int secp256k1_musig_pubkey_ec_tweak_add | ( | const secp256k1_context * | ctx, |
| secp256k1_pubkey * | output_pubkey, | ||
| secp256k1_musig_keyagg_cache * | keyagg_cache, | ||
| const unsigned char * | tweak32 | ||
| ) |
Apply plain "EC" tweaking to a public key in a given keyagg_cache by adding the generator multiplied with tweak32 to it.
This is useful for deriving child keys from an aggregate public key via BIP 32 where tweak32 is set to a hash as defined in BIP 32.
Callers are responsible for deriving tweak32 in a way that does not reduce the security of MuSig (for example, by following BIP 32).
The tweaking method is the same as secp256k1_ec_pubkey_tweak_add. So after the following pseudocode buf and buf2 have identical contents (absent earlier failures).
secp256k1_musig_pubkey_agg(..., keyagg_cache, pubkeys, ...) secp256k1_musig_pubkey_get(..., agg_pk, keyagg_cache) secp256k1_musig_pubkey_ec_tweak_add(..., output_pk, tweak32, keyagg_cache) secp256k1_ec_pubkey_serialize(..., buf, ..., output_pk, ...) secp256k1_ec_pubkey_tweak_add(..., agg_pk, tweak32) secp256k1_ec_pubkey_serialize(..., buf2, ..., agg_pk, ...)
This function is required if you want to sign for a tweaked aggregate key. If you are only computing a public key but not intending to create a signature for it, use secp256k1_ec_pubkey_tweak_add instead.
Returns: 0 if the arguments are invalid, 1 otherwise Args: ctx: pointer to a context object Out: output_pubkey: pointer to a public key to store the result. Will be set to an invalid value if this function returns 0. If you do not need it, this arg can be NULL. In/Out: keyagg_cache: pointer to a musig_keyagg_cache struct initialized by musig_pubkey_agg In: tweak32: pointer to a 32-byte tweak. The tweak is valid if it passes secp256k1_ec_seckey_verify and is not equal to the secret key corresponding to the public key represented by keyagg_cache or its negation. For uniformly random 32-byte arrays the chance of being invalid is negligible (around 1 in 2^128).
Definition at line 283 of file keyagg_impl.h.
| int secp256k1_musig_pubkey_get | ( | const secp256k1_context * | ctx, |
| secp256k1_pubkey * | agg_pk, | ||
| const secp256k1_musig_keyagg_cache * | keyagg_cache | ||
| ) |
Obtain the aggregate public key from a keyagg_cache.
This is only useful if you need the non-xonly public key, in particular for plain (non-xonly) tweaking or batch-verifying multiple key aggregations (not implemented).
Returns: 0 if the arguments are invalid, 1 otherwise Args: ctx: pointer to a context object Out: agg_pk: the MuSig-aggregated public key. In: keyagg_cache: pointer to a musig_keyagg_cache struct initialized by musig_pubkey_agg
Definition at line 233 of file keyagg_impl.h.
|
static |
Definition at line 247 of file keyagg_impl.h.
| int secp256k1_musig_pubkey_xonly_tweak_add | ( | const secp256k1_context * | ctx, |
| secp256k1_pubkey * | output_pubkey, | ||
| secp256k1_musig_keyagg_cache * | keyagg_cache, | ||
| const unsigned char * | tweak32 | ||
| ) |
Apply x-only tweaking to a public key in a given keyagg_cache by adding the generator multiplied with tweak32 to it.
This is useful for creating Taproot outputs where tweak32 is set to a TapTweak hash as defined in BIP 341.
Callers are responsible for deriving tweak32 in a way that does not reduce the security of MuSig (for example, by following Taproot BIP 341).
The tweaking method is the same as secp256k1_xonly_pubkey_tweak_add. So in the following pseudocode xonly_pubkey_tweak_add_check (absent earlier failures) returns 1.
secp256k1_musig_pubkey_agg(..., agg_pk, keyagg_cache, pubkeys, ...) secp256k1_musig_pubkey_xonly_tweak_add(..., output_pk, keyagg_cache, tweak32) secp256k1_xonly_pubkey_serialize(..., buf, output_pk) secp256k1_xonly_pubkey_tweak_add_check(..., buf, ..., agg_pk, tweak32)
This function is required if you want to sign for a tweaked aggregate key. If you are only computing a public key but not intending to create a signature for it, use secp256k1_xonly_pubkey_tweak_add instead.
Returns: 0 if the arguments are invalid, 1 otherwise Args: ctx: pointer to a context object Out: output_pubkey: pointer to a public key to store the result. Will be set to an invalid value if this function returns 0. If you do not need it, this arg can be NULL. In/Out: keyagg_cache: pointer to a musig_keyagg_cache struct initialized by musig_pubkey_agg In: tweak32: pointer to a 32-byte tweak. The tweak is valid if it passes secp256k1_ec_seckey_verify and is not equal to the secret key corresponding to the public key represented by keyagg_cache or its negation. For uniformly random 32-byte arrays the chance of being invalid is negligible (around 1 in 2^128).
Definition at line 287 of file keyagg_impl.h.
|
static |
Definition at line 19 of file keyagg_impl.h.
1.9.4