Bitcoin Core 31.99.0
P2P Digital Currency
musig.cpp
Go to the documentation of this file.
1// Copyright (c) 2024-present The Bitcoin Core developers
2// Distributed under the MIT software license, see the accompanying
3// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5#include <musig.h>
6#include <key.h>
7#include <random.h>
8#include <support/allocators/secure.h>
9
10#include <secp256k1_musig.h>
11
13using namespace util::hex_literals;
14constexpr uint256 MUSIG_CHAINCODE{
15 // Use immediate lambda to work around GCC-14 bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117966
16 []() consteval { return uint256{"868087ca02a6f974c4598924c36b57762d32cb45717167e300622c7167e38965"_hex_u8}; }(),
17};
18
19static bool GetMuSig2KeyAggCache(const std::vector<CPubKey>& pubkeys, secp256k1_musig_keyagg_cache& keyagg_cache)
20{
21 if (pubkeys.empty()) {
22 return false;
23 }
24
25 // Parse the pubkeys
26 std::vector<secp256k1_pubkey> secp_pubkeys;
27 std::vector<const secp256k1_pubkey*> pubkey_ptrs;
28 for (const CPubKey& pubkey : pubkeys) {
29 if (!secp256k1_ec_pubkey_parse(secp256k1_context_static, &secp_pubkeys.emplace_back(), pubkey.data(), pubkey.size())) {
30 return false;
31 }
32 }
33 pubkey_ptrs.reserve(secp_pubkeys.size());
34 for (const secp256k1_pubkey& p : secp_pubkeys) {
35 pubkey_ptrs.push_back(&p);
36 }
37
38 // Aggregate the pubkey
39 if (!secp256k1_musig_pubkey_agg(secp256k1_context_static, nullptr, &keyagg_cache, pubkey_ptrs.data(), pubkey_ptrs.size())) {
40 return false;
41 }
42 return true;
43}
44
45static std::optional<CPubKey> GetCPubKeyFromMuSig2KeyAggCache(secp256k1_musig_keyagg_cache& keyagg_cache)
46{
47 // Get the plain aggregated pubkey
48 secp256k1_pubkey agg_pubkey;
49 if (!secp256k1_musig_pubkey_get(secp256k1_context_static, &agg_pubkey, &keyagg_cache)) {
50 return std::nullopt;
51 }
52
53 // Turn into CPubKey
54 unsigned char ser_agg_pubkey[CPubKey::COMPRESSED_SIZE];
55 size_t ser_agg_pubkey_len = CPubKey::COMPRESSED_SIZE;
56 secp256k1_ec_pubkey_serialize(secp256k1_context_static, ser_agg_pubkey, &ser_agg_pubkey_len, &agg_pubkey, SECP256K1_EC_COMPRESSED);
57 return CPubKey(ser_agg_pubkey, ser_agg_pubkey + ser_agg_pubkey_len);
58}
59
60std::optional<CPubKey> MuSig2AggregatePubkeys(const std::vector<CPubKey>& pubkeys, secp256k1_musig_keyagg_cache& keyagg_cache, const std::optional<CPubKey>& expected_aggregate)
61{
62 if (!GetMuSig2KeyAggCache(pubkeys, keyagg_cache)) {
63 return std::nullopt;
64 }
65 std::optional<CPubKey> agg_key = GetCPubKeyFromMuSig2KeyAggCache(keyagg_cache);
66 if (!agg_key.has_value()) return std::nullopt;
67 if (expected_aggregate.has_value() && expected_aggregate != agg_key) return std::nullopt;
68 return agg_key;
69}
70
71std::optional<CPubKey> MuSig2AggregatePubkeys(const std::vector<CPubKey>& pubkeys)
72{
73 secp256k1_musig_keyagg_cache keyagg_cache;
74 return MuSig2AggregatePubkeys(pubkeys, keyagg_cache, std::nullopt);
75}
76
77CExtPubKey CreateMuSig2SyntheticXpub(const CPubKey& pubkey)
78{
79 CExtPubKey extpub;
80 extpub.nDepth = 0;
81 std::memset(extpub.vchFingerprint, 0, 4);
82 extpub.nChild = 0;
83 extpub.chaincode = MUSIG_CHAINCODE;
84 extpub.pubkey = pubkey;
85 return extpub;
86}
87
88class MuSig2SecNonceImpl
89{
90private:
92 secure_unique_ptr<secp256k1_musig_secnonce> m_nonce;
93
94public:
95 MuSig2SecNonceImpl() : m_nonce{make_secure_unique<secp256k1_musig_secnonce>()} {}
96
97 // Delete copy constructors
98 MuSig2SecNonceImpl(const MuSig2SecNonceImpl&) = delete;
99 MuSig2SecNonceImpl& operator=(const MuSig2SecNonceImpl&) = delete;
100
101 secp256k1_musig_secnonce* Get() const { return m_nonce.get(); }
102 void Invalidate() { m_nonce.reset(); }
103 bool IsValid() { return m_nonce != nullptr; }
104};
105
106MuSig2SecNonce::MuSig2SecNonce() : m_impl{std::make_unique<MuSig2SecNonceImpl>()} {}
107
108MuSig2SecNonce::MuSig2SecNonce(MuSig2SecNonce&&) noexcept = default;
109MuSig2SecNonce& MuSig2SecNonce::operator=(MuSig2SecNonce&&) noexcept = default;
110
111MuSig2SecNonce::~MuSig2SecNonce() = default;
112
113secp256k1_musig_secnonce* MuSig2SecNonce::Get() const
114{
115 return m_impl->Get();
116}
117
118void MuSig2SecNonce::Invalidate()
119{
120 return m_impl->Invalidate();
121}
122
123bool MuSig2SecNonce::IsValid()
124{
125 return m_impl->IsValid();
126}
127
128uint256 MuSig2SessionID(const CPubKey& script_pubkey, const CPubKey& part_pubkey, const uint256& sighash, const std::vector<uint8_t>& pubnonce)
129{
130 HashWriter hasher;
131 hasher << script_pubkey << part_pubkey << sighash << pubnonce;
132 return hasher.GetSHA256();
133}
134
135std::vector<uint8_t> CreateMuSig2Nonce(MuSig2SecNonce& secnonce, const uint256& sighash, const CKey& our_seckey, const CPubKey& aggregate_pubkey, const std::vector<CPubKey>& pubkeys)
136{
137 // Get the keyagg cache and aggregate pubkey
138 secp256k1_musig_keyagg_cache keyagg_cache;
139 if (!MuSig2AggregatePubkeys(pubkeys, keyagg_cache, aggregate_pubkey)) return {};
140
141 // Parse participant pubkey
142 CPubKey our_pubkey = our_seckey.GetPubKey();
143 secp256k1_pubkey pubkey;
144 if (!secp256k1_ec_pubkey_parse(secp256k1_context_static, &pubkey, our_pubkey.data(), our_pubkey.size())) {
145 return {};
146 }
147
148 // Generate randomness for nonce
149 uint256 rand;
150 GetStrongRandBytes(rand);
151
152 // Generate nonce
153 secp256k1_musig_pubnonce pubnonce;
154 if (!secp256k1_musig_nonce_gen(GetSecp256k1SignContext(), secnonce.Get(), &pubnonce, rand.data(), UCharCast(our_seckey.begin()), &pubkey, sighash.data(), &keyagg_cache, nullptr)) {
155 return {};
156 }
157
158 // Serialize pubnonce
159 std::vector<uint8_t> out;
160 out.resize(MUSIG2_PUBNONCE_SIZE);
161 if (!secp256k1_musig_pubnonce_serialize(secp256k1_context_static, out.data(), &pubnonce)) {
162 return {};
163 }
164
165 return out;
166}
167
168std::optional<uint256> CreateMuSig2PartialSig(const uint256& sighash, const CKey& our_seckey, const CPubKey& aggregate_pubkey, const std::vector<CPubKey>& pubkeys, const std::map<CPubKey, std::vector<uint8_t>>& pubnonces, MuSig2SecNonce& secnonce, const std::vector<std::pair<uint256, bool>>& tweaks)
169{
170 secp256k1_keypair keypair;
171 if (!secp256k1_keypair_create(GetSecp256k1SignContext(), &keypair, UCharCast(our_seckey.begin()))) return std::nullopt;
172
173 // Get the keyagg cache and aggregate pubkey
174 secp256k1_musig_keyagg_cache keyagg_cache;
175 if (!MuSig2AggregatePubkeys(pubkeys, keyagg_cache, aggregate_pubkey)) return std::nullopt;
176
177 // Check that there are enough pubnonces
178 if (pubnonces.size() != pubkeys.size()) return std::nullopt;
179
180 // Parse the pubnonces
181 std::vector<std::pair<secp256k1_pubkey, secp256k1_musig_pubnonce>> signers_data;
182 std::vector<const secp256k1_musig_pubnonce*> pubnonce_ptrs;
183 std::optional<size_t> our_pubkey_idx;
184 CPubKey our_pubkey = our_seckey.GetPubKey();
185 for (const CPubKey& part_pk : pubkeys) {
186 const auto& pn_it = pubnonces.find(part_pk);
187 if (pn_it == pubnonces.end()) return std::nullopt;
188 const std::vector<uint8_t> pubnonce = pn_it->second;
189 if (pubnonce.size() != MUSIG2_PUBNONCE_SIZE) return std::nullopt;
190 if (part_pk == our_pubkey) {
191 our_pubkey_idx = signers_data.size();
192 }
193
194 auto& [secp_pk, secp_pn] = signers_data.emplace_back();
195
196 if (!secp256k1_ec_pubkey_parse(secp256k1_context_static, &secp_pk, part_pk.data(), part_pk.size())) {
197 return std::nullopt;
198 }
199
200 if (!secp256k1_musig_pubnonce_parse(secp256k1_context_static, &secp_pn, pubnonce.data())) {
201 return std::nullopt;
202 }
203 }
204 if (our_pubkey_idx == std::nullopt) {
205 return std::nullopt;
206 }
207 pubnonce_ptrs.reserve(signers_data.size());
208 for (auto& [_, pn] : signers_data) {
209 pubnonce_ptrs.push_back(&pn);
210 }
211
212 // Aggregate nonces
213 secp256k1_musig_aggnonce aggnonce;
214 if (!secp256k1_musig_nonce_agg(secp256k1_context_static, &aggnonce, pubnonce_ptrs.data(), pubnonce_ptrs.size())) {
215 return std::nullopt;
216 }
217
218 // Apply tweaks
219 for (const auto& [tweak, xonly] : tweaks) {
220 if (xonly) {
221 if (!secp256k1_musig_pubkey_xonly_tweak_add(secp256k1_context_static, nullptr, &keyagg_cache, tweak.data())) {
222 return std::nullopt;
223 }
224 } else if (!secp256k1_musig_pubkey_ec_tweak_add(secp256k1_context_static, nullptr, &keyagg_cache, tweak.data())) {
225 return std::nullopt;
226 }
227 }
228
229 // Create musig_session
230 secp256k1_musig_session session;
231 if (!secp256k1_musig_nonce_process(secp256k1_context_static, &session, &aggnonce, sighash.data(), &keyagg_cache)) {
232 return std::nullopt;
233 }
234
235 // Create partial signature
236 secp256k1_musig_partial_sig psig;
237 if (!secp256k1_musig_partial_sign(secp256k1_context_static, &psig, secnonce.Get(), &keypair, &keyagg_cache, &session)) {
238 return std::nullopt;
239 }
240 // The secnonce must be deleted after signing to prevent nonce reuse.
241 secnonce.Invalidate();
242
243 // Verify partial signature
244 if (!secp256k1_musig_partial_sig_verify(secp256k1_context_static, &psig, &(signers_data.at(*our_pubkey_idx).second), &(signers_data.at(*our_pubkey_idx).first), &keyagg_cache, &session)) {
245 return std::nullopt;
246 }
247
248 // Serialize
249 uint256 sig;
250 if (!secp256k1_musig_partial_sig_serialize(secp256k1_context_static, sig.data(), &psig)) {
251 return std::nullopt;
252 }
253
254 return sig;
255}
256
257std::optional<std::vector<uint8_t>> CreateMuSig2AggregateSig(const std::vector<CPubKey>& part_pubkeys, const CPubKey& aggregate_pubkey, const std::vector<std::pair<uint256, bool>>& tweaks, const uint256& sighash, const std::map<CPubKey, std::vector<uint8_t>>& pubnonces, const std::map<CPubKey, uint256>& partial_sigs)
258{
259 if (!part_pubkeys.size()) return std::nullopt;
260
261 // Get the keyagg cache and aggregate pubkey
262 secp256k1_musig_keyagg_cache keyagg_cache;
263 if (!MuSig2AggregatePubkeys(part_pubkeys, keyagg_cache, aggregate_pubkey)) return std::nullopt;
264
265 // Check if enough pubnonces and partial sigs
266 if (pubnonces.size() != part_pubkeys.size()) return std::nullopt;
267 if (partial_sigs.size() != part_pubkeys.size()) return std::nullopt;
268
269 // Parse the pubnonces and partial sigs
270 std::vector<std::tuple<secp256k1_pubkey, secp256k1_musig_pubnonce, secp256k1_musig_partial_sig>> signers_data;
271 std::vector<const secp256k1_musig_pubnonce*> pubnonce_ptrs;
272 std::vector<const secp256k1_musig_partial_sig*> partial_sig_ptrs;
273 for (const CPubKey& part_pk : part_pubkeys) {
274 const auto& pn_it = pubnonces.find(part_pk);
275 if (pn_it == pubnonces.end()) return std::nullopt;
276 const std::vector<uint8_t> pubnonce = pn_it->second;
277 if (pubnonce.size() != MUSIG2_PUBNONCE_SIZE) return std::nullopt;
278 const auto& it = partial_sigs.find(part_pk);
279 if (it == partial_sigs.end()) return std::nullopt;
280 const uint256& partial_sig = it->second;
281
282 auto& [secp_pk, secp_pn, secp_ps] = signers_data.emplace_back();
283
284 if (!secp256k1_ec_pubkey_parse(secp256k1_context_static, &secp_pk, part_pk.data(), part_pk.size())) {
285 return std::nullopt;
286 }
287
288 if (!secp256k1_musig_pubnonce_parse(secp256k1_context_static, &secp_pn, pubnonce.data())) {
289 return std::nullopt;
290 }
291
292 if (!secp256k1_musig_partial_sig_parse(secp256k1_context_static, &secp_ps, partial_sig.data())) {
293 return std::nullopt;
294 }
295 }
296 pubnonce_ptrs.reserve(signers_data.size());
297 partial_sig_ptrs.reserve(signers_data.size());
298 for (auto& [_, pn, ps] : signers_data) {
299 pubnonce_ptrs.push_back(&pn);
300 partial_sig_ptrs.push_back(&ps);
301 }
302
303 // Aggregate nonces
304 secp256k1_musig_aggnonce aggnonce;
305 if (!secp256k1_musig_nonce_agg(secp256k1_context_static, &aggnonce, pubnonce_ptrs.data(), pubnonce_ptrs.size())) {
306 return std::nullopt;
307 }
308
309 // Apply tweaks
310 for (const auto& [tweak, xonly] : tweaks) {
311 if (xonly) {
312 if (!secp256k1_musig_pubkey_xonly_tweak_add(secp256k1_context_static, nullptr, &keyagg_cache, tweak.data())) {
313 return std::nullopt;
314 }
315 } else if (!secp256k1_musig_pubkey_ec_tweak_add(secp256k1_context_static, nullptr, &keyagg_cache, tweak.data())) {
316 return std::nullopt;
317 }
318 }
319
320 // Create musig_session
321 secp256k1_musig_session session;
322 if (!secp256k1_musig_nonce_process(secp256k1_context_static, &session, &aggnonce, sighash.data(), &keyagg_cache)) {
323 return std::nullopt;
324 }
325
326 // Verify partial sigs
327 for (const auto& [pk, pb, ps] : signers_data) {
328 if (!secp256k1_musig_partial_sig_verify(secp256k1_context_static, &ps, &pb, &pk, &keyagg_cache, &session)) {
329 return std::nullopt;
330 }
331 }
332
333 // Aggregate partial sigs
334 std::vector<uint8_t> sig;
335 sig.resize(64);
336 if (!secp256k1_musig_partial_sig_agg(secp256k1_context_static, sig.data(), &session, partial_sig_ptrs.data(), partial_sig_ptrs.size())) {
337 return std::nullopt;
338 }
339
340 return sig;
341}
CKey
An encapsulated private key.
Definition: key.h:37
CKey::begin
const std::byte * begin() const
Definition: key.h:121
CKey::GetPubKey
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:182
CPubKey
An encapsulated public key.
Definition: pubkey.h:34
CPubKey::data
const unsigned char * data() const
Definition: pubkey.h:113
CPubKey::COMPRESSED_SIZE
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:40
CPubKey::size
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
Definition: pubkey.h:112
HashWriter
A writer stream (for serialization) that computes a 256-bit hash.
Definition: hash.h:101
HashWriter::GetSHA256
uint256 GetSHA256()
Compute the SHA256 hash of all data written to this object.
Definition: hash.h:126
MuSig2SecNonce
MuSig2SecNonce encapsulates a secret nonce in use in a MuSig2 signing session.
Definition: musig.h:41
MuSig2SecNonce::Invalidate
void Invalidate()
Definition: musig.cpp:118
MuSig2SecNonce::IsValid
bool IsValid()
Definition: musig.cpp:123
MuSig2SecNonce::Get
secp256k1_musig_secnonce * Get() const
Definition: musig.cpp:113
MuSig2SecNonce::m_impl
std::unique_ptr< MuSig2SecNonceImpl > m_impl
Definition: musig.h:43
MuSig2SecNonceImpl::Get
secp256k1_musig_secnonce * Get() const
Definition: musig.cpp:101
MuSig2SecNonceImpl::operator=
MuSig2SecNonceImpl & operator=(const MuSig2SecNonceImpl &)=delete
MuSig2SecNonceImpl::m_nonce
secure_unique_ptr< secp256k1_musig_secnonce > m_nonce
The actual secnonce itself.
Definition: musig.cpp:92
MuSig2SecNonceImpl::Invalidate
void Invalidate()
Definition: musig.cpp:102
MuSig2SecNonceImpl::MuSig2SecNonceImpl
MuSig2SecNonceImpl(const MuSig2SecNonceImpl &)=delete
base_blob::data
constexpr const unsigned char * data() const
Definition: uint256.h:98
uint256
256-bit opaque blob.
Definition: uint256.h:196
GetSecp256k1SignContext
secp256k1_context * GetSecp256k1SignContext()
Access the secp256k1 context used for signing and MuSig2 nonce generation.
Definition: key.cpp:448
tweak
static int tweak(const secp256k1_context *ctx, secp256k1_xonly_pubkey *agg_pk, secp256k1_musig_keyagg_cache *cache)
Definition: musig.c:64
CreateMuSig2Nonce
std::vector< uint8_t > CreateMuSig2Nonce(MuSig2SecNonce &secnonce, const uint256 &sighash, const CKey &our_seckey, const CPubKey &aggregate_pubkey, const std::vector< CPubKey > &pubkeys)
Definition: musig.cpp:135
MuSig2SessionID
uint256 MuSig2SessionID(const CPubKey &script_pubkey, const CPubKey &part_pubkey, const uint256 &sighash, const std::vector< uint8_t > &pubnonce)
Computes an arbitrary unique session ID to identify ongoing signing sessions.
Definition: musig.cpp:128
CreateMuSig2SyntheticXpub
CExtPubKey CreateMuSig2SyntheticXpub(const CPubKey &pubkey)
Construct the BIP 328 synthetic xpub for a pubkey.
Definition: musig.cpp:77
CreateMuSig2PartialSig
std::optional< uint256 > CreateMuSig2PartialSig(const uint256 &sighash, const CKey &our_seckey, const CPubKey &aggregate_pubkey, const std::vector< CPubKey > &pubkeys, const std::map< CPubKey, std::vector< uint8_t > > &pubnonces, MuSig2SecNonce &secnonce, const std::vector< std::pair< uint256, bool > > &tweaks)
Definition: musig.cpp:168
CreateMuSig2AggregateSig
std::optional< std::vector< uint8_t > > CreateMuSig2AggregateSig(const std::vector< CPubKey > &part_pubkeys, const CPubKey &aggregate_pubkey, const std::vector< std::pair< uint256, bool > > &tweaks, const uint256 &sighash, const std::map< CPubKey, std::vector< uint8_t > > &pubnonces, const std::map< CPubKey, uint256 > &partial_sigs)
Definition: musig.cpp:257
GetCPubKeyFromMuSig2KeyAggCache
static std::optional< CPubKey > GetCPubKeyFromMuSig2KeyAggCache(secp256k1_musig_keyagg_cache &keyagg_cache)
Definition: musig.cpp:45
MUSIG_CHAINCODE
constexpr uint256 MUSIG_CHAINCODE
Definition: musig.cpp:14
GetMuSig2KeyAggCache
static bool GetMuSig2KeyAggCache(const std::vector< CPubKey > &pubkeys, secp256k1_musig_keyagg_cache &keyagg_cache)
Definition: musig.cpp:19
MuSig2AggregatePubkeys
std::optional< CPubKey > MuSig2AggregatePubkeys(const std::vector< CPubKey > &pubkeys, secp256k1_musig_keyagg_cache &keyagg_cache, const std::optional< CPubKey > &expected_aggregate)
Compute the full aggregate pubkey from the given participant pubkeys in their current order.
Definition: musig.cpp:60
MUSIG2_PUBNONCE_SIZE
constexpr size_t MUSIG2_PUBNONCE_SIZE
Definition: musig.h:18
std
Definition: common.h:30
tests_wycheproof_generate_ecdh.pk
def pk
Definition: tests_wycheproof_generate_ecdh.py:115
tests_wycheproof_generate_ecdsa.out
string out
Definition: tests_wycheproof_generate_ecdsa.py:24
util::hex_literals
""_hex is a compile-time user-defined literal returning a std::array<std::byte>, equivalent to ParseH...
Definition: strencodings.h:393
GetStrongRandBytes
void GetStrongRandBytes(std::span< unsigned char > bytes) noexcept
Gather entropy from various sources, feed it into the internal PRNG, and generate random data using i...
Definition: random.cpp:607
secp256k1_ec_pubkey_serialize
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:287
secp256k1_ec_pubkey_parse
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
Definition: secp256k1.c:269
SECP256K1_EC_COMPRESSED
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:225
secp256k1_context_static
SECP256K1_API const secp256k1_context *const secp256k1_context_static
A built-in constant secp256k1 context object with static storage duration, to be used in conjunction ...
Definition: secp256k1.h:246
secp256k1_keypair_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_create(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the keypair for a valid secret key.
Definition: main_impl.h:196
secp256k1_musig.h
secp256k1_musig_pubkey_ec_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_ec_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *output_pubkey, secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Apply plain "EC" tweaking to a public key in a given keyagg_cache by adding the generator multiplied ...
Definition: keyagg_impl.h:267
secp256k1_musig_pubkey_xonly_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_xonly_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *output_pubkey, secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Apply x-only tweaking to a public key in a given keyagg_cache by adding the generator multiplied with...
Definition: keyagg_impl.h:271
secp256k1_musig_partial_sig_parse
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_partial_sig_parse(const secp256k1_context *ctx, secp256k1_musig_partial_sig *sig, const unsigned char *in32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a MuSig partial signature.
Definition: session_impl.h:262
secp256k1_musig_pubnonce_parse
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubnonce_parse(const secp256k1_context *ctx, secp256k1_musig_pubnonce *nonce, const unsigned char *in66) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a signer's public nonce.
Definition: session_impl.h:188
secp256k1_musig_nonce_agg
SECP256K1_API int secp256k1_musig_nonce_agg(const secp256k1_context *ctx, secp256k1_musig_aggnonce *aggnonce, const secp256k1_musig_pubnonce *const *pubnonces, size_t n_pubnonces) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Aggregates the nonces of all signers into a single nonce.
Definition: session_impl.h:512
secp256k1_musig_partial_sign
SECP256K1_API int secp256k1_musig_partial_sign(const secp256k1_context *ctx, secp256k1_musig_partial_sig *partial_sig, secp256k1_musig_secnonce *secnonce, const secp256k1_keypair *keypair, const secp256k1_musig_keyagg_cache *keyagg_cache, const secp256k1_musig_session *session) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6)
Produces a partial signature.
Definition: session_impl.h:634
secp256k1_musig_pubkey_get
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_get(const secp256k1_context *ctx, secp256k1_pubkey *agg_pk, const secp256k1_musig_keyagg_cache *keyagg_cache) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Obtain the aggregate public key from a keyagg_cache.
Definition: keyagg_impl.h:217
secp256k1_musig_nonce_gen
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_gen(const secp256k1_context *ctx, secp256k1_musig_secnonce *secnonce, secp256k1_musig_pubnonce *pubnonce, unsigned char *session_secrand32, const unsigned char *seckey, const secp256k1_pubkey *pubkey, const unsigned char *msg32, const secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *extra_input32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(6)
Starts a signing session by generating a nonce.
Definition: session_impl.h:437
secp256k1_musig_partial_sig_serialize
SECP256K1_API int secp256k1_musig_partial_sig_serialize(const secp256k1_context *ctx, unsigned char *out32, const secp256k1_musig_partial_sig *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize a MuSig partial signature.
Definition: session_impl.h:281
secp256k1_musig_partial_sig_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_partial_sig_verify(const secp256k1_context *ctx, const secp256k1_musig_partial_sig *partial_sig, const secp256k1_musig_pubnonce *pubnonce, const secp256k1_pubkey *pubkey, const secp256k1_musig_keyagg_cache *keyagg_cache, const secp256k1_musig_session *session) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6)
Verifies an individual signer's partial signature.
Definition: session_impl.h:704
secp256k1_musig_partial_sig_agg
SECP256K1_API int secp256k1_musig_partial_sig_agg(const secp256k1_context *ctx, unsigned char *sig64, const secp256k1_musig_session *session, const secp256k1_musig_partial_sig *const *partial_sigs, size_t n_sigs) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Aggregates partial signatures.
Definition: session_impl.h:767
secp256k1_musig_pubkey_agg
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_agg(const secp256k1_context *ctx, secp256k1_xonly_pubkey *agg_pk, secp256k1_musig_keyagg_cache *keyagg_cache, const secp256k1_pubkey *const *pubkeys, size_t n_pubkeys) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(4)
Computes an aggregate public key and uses it to initialize a keyagg_cache.
Definition: keyagg_impl.h:156
secp256k1_musig_nonce_process
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_process(const secp256k1_context *ctx, secp256k1_musig_session *session, const secp256k1_musig_aggnonce *aggnonce, const unsigned char *msg32, const secp256k1_musig_keyagg_cache *keyagg_cache) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5)
Takes the aggregate nonce and creates a session that is required for signing and verification of part...
Definition: session_impl.h:588
secp256k1_musig_pubnonce_serialize
SECP256K1_API int secp256k1_musig_pubnonce_serialize(const secp256k1_context *ctx, unsigned char *out66, const secp256k1_musig_pubnonce *nonce) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize a signer's public nonce.
Definition: session_impl.h:208
make_secure_unique
secure_unique_ptr< T > make_secure_unique(Args &&... as)
Definition: secure.h:66
secure_unique_ptr
std::unique_ptr< T, SecureUniqueDeleter< T > > secure_unique_ptr
Definition: secure.h:63
UCharCast
unsigned char * UCharCast(char *c)
Definition: span.h:95
CExtPubKey::chaincode
ChainCode chaincode
Definition: pubkey.h:341
CExtPubKey::vchFingerprint
unsigned char vchFingerprint[4]
Definition: pubkey.h:339
CExtPubKey::nDepth
unsigned char nDepth
Definition: pubkey.h:338
CExtPubKey::pubkey
CPubKey pubkey
Definition: pubkey.h:342
CExtPubKey::nChild
unsigned int nChild
Definition: pubkey.h:340
secp256k1_keypair
Opaque data structure that holds a keypair consisting of a secret and a public key.
Definition: secp256k1_extrakeys.h:33
secp256k1_musig_aggnonce
Opaque data structure that holds an aggregate public nonce.
Definition: secp256k1_musig.h:77
secp256k1_musig_aggnonce::data
unsigned char data[132]
Definition: secp256k1_musig.h:78
secp256k1_musig_keyagg_cache
This module implements BIP 327 "MuSig2 for BIP340-compatible Multi-Signatures" (https://github....
Definition: secp256k1_musig.h:43
secp256k1_musig_keyagg_cache::data
unsigned char data[197]
Definition: secp256k1_musig.h:44
secp256k1_musig_partial_sig
Opaque data structure that holds a partial MuSig signature.
Definition: secp256k1_musig.h:96
secp256k1_musig_pubnonce
Opaque data structure that holds a signer's public nonce.
Definition: secp256k1_musig.h:68
secp256k1_musig_secnonce
Opaque data structure that holds a signer's secret nonce.
Definition: secp256k1_musig.h:59
secp256k1_musig_session
Opaque data structure that holds a MuSig session.
Definition: secp256k1_musig.h:87
secp256k1_musig_session::data
unsigned char data[133]
Definition: secp256k1_musig.h:88
secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:62
_
consteval auto _(util::TranslatedLiteral str)
Definition: translation.h:79
Generated on Tue Jun 2 2026 20:00:31 for Bitcoin Core by doxygen 1.9.4