Bitcoin Core 31.99.0
P2P Digital Currency
musig.cpp
Go to the documentation of this file.
1// Copyright (c) 2024-present The Bitcoin Core developers
2// Distributed under the MIT software license, see the accompanying
3// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5#include <musig.h>
6#include <key.h>
7#include <random.h>
8#include <support/allocators/secure.h>
9
10#include <secp256k1_musig.h>
11
13using namespace util::hex_literals;
14const ChainCode MUSIG_CHAINCODE{"868087ca02a6f974c4598924c36b57762d32cb45717167e300622c7167e38965"_hex_u8};
15
16static bool GetMuSig2KeyAggCache(const std::vector<CPubKey>& pubkeys, secp256k1_musig_keyagg_cache& keyagg_cache)
17{
18 if (pubkeys.empty()) {
19 return false;
20 }
21
22 // Parse the pubkeys
23 std::vector<secp256k1_pubkey> secp_pubkeys;
24 std::vector<const secp256k1_pubkey*> pubkey_ptrs;
25 for (const CPubKey& pubkey : pubkeys) {
26 if (!secp256k1_ec_pubkey_parse(secp256k1_context_static, &secp_pubkeys.emplace_back(), pubkey.data(), pubkey.size())) {
27 return false;
28 }
29 }
30 pubkey_ptrs.reserve(secp_pubkeys.size());
31 for (const secp256k1_pubkey& p : secp_pubkeys) {
32 pubkey_ptrs.push_back(&p);
33 }
34
35 // Aggregate the pubkey
36 if (!secp256k1_musig_pubkey_agg(secp256k1_context_static, nullptr, &keyagg_cache, pubkey_ptrs.data(), pubkey_ptrs.size())) {
37 return false;
38 }
39 return true;
40}
41
42static std::optional<CPubKey> GetCPubKeyFromMuSig2KeyAggCache(secp256k1_musig_keyagg_cache& keyagg_cache)
43{
44 // Get the plain aggregated pubkey
45 secp256k1_pubkey agg_pubkey;
46 if (!secp256k1_musig_pubkey_get(secp256k1_context_static, &agg_pubkey, &keyagg_cache)) {
47 return std::nullopt;
48 }
49
50 // Turn into CPubKey
51 unsigned char ser_agg_pubkey[CPubKey::COMPRESSED_SIZE];
52 size_t ser_agg_pubkey_len = CPubKey::COMPRESSED_SIZE;
53 secp256k1_ec_pubkey_serialize(secp256k1_context_static, ser_agg_pubkey, &ser_agg_pubkey_len, &agg_pubkey, SECP256K1_EC_COMPRESSED);
54 return CPubKey(ser_agg_pubkey, ser_agg_pubkey + ser_agg_pubkey_len);
55}
56
57std::optional<CPubKey> MuSig2AggregatePubkeys(const std::vector<CPubKey>& pubkeys, secp256k1_musig_keyagg_cache& keyagg_cache, const std::optional<CPubKey>& expected_aggregate)
58{
59 if (!GetMuSig2KeyAggCache(pubkeys, keyagg_cache)) {
60 return std::nullopt;
61 }
62 std::optional<CPubKey> agg_key = GetCPubKeyFromMuSig2KeyAggCache(keyagg_cache);
63 if (!agg_key.has_value()) return std::nullopt;
64 if (expected_aggregate.has_value() && expected_aggregate != agg_key) return std::nullopt;
65 return agg_key;
66}
67
68std::optional<CPubKey> MuSig2AggregatePubkeys(const std::vector<CPubKey>& pubkeys)
69{
70 secp256k1_musig_keyagg_cache keyagg_cache;
71 return MuSig2AggregatePubkeys(pubkeys, keyagg_cache, std::nullopt);
72}
73
74CExtPubKey CreateMuSig2SyntheticXpub(const CPubKey& pubkey)
75{
76 CExtPubKey extpub;
77 extpub.nDepth = 0;
78 std::memset(extpub.vchFingerprint, 0, 4);
79 extpub.nChild = 0;
80 extpub.chaincode = MUSIG_CHAINCODE;
81 extpub.pubkey = pubkey;
82 return extpub;
83}
84
85class MuSig2SecNonceImpl
86{
87private:
89 secure_unique_ptr<secp256k1_musig_secnonce> m_nonce;
90
91public:
92 MuSig2SecNonceImpl() : m_nonce{make_secure_unique<secp256k1_musig_secnonce>()} {}
93
94 // Delete copy constructors
95 MuSig2SecNonceImpl(const MuSig2SecNonceImpl&) = delete;
96 MuSig2SecNonceImpl& operator=(const MuSig2SecNonceImpl&) = delete;
97
98 secp256k1_musig_secnonce* Get() const { return m_nonce.get(); }
99 void Invalidate() { m_nonce.reset(); }
100 bool IsValid() { return m_nonce != nullptr; }
101};
102
103MuSig2SecNonce::MuSig2SecNonce() : m_impl{std::make_unique<MuSig2SecNonceImpl>()} {}
104
105MuSig2SecNonce::MuSig2SecNonce(MuSig2SecNonce&&) noexcept = default;
106MuSig2SecNonce& MuSig2SecNonce::operator=(MuSig2SecNonce&&) noexcept = default;
107
108MuSig2SecNonce::~MuSig2SecNonce() = default;
109
110secp256k1_musig_secnonce* MuSig2SecNonce::Get() const
111{
112 return m_impl->Get();
113}
114
115void MuSig2SecNonce::Invalidate()
116{
117 return m_impl->Invalidate();
118}
119
120bool MuSig2SecNonce::IsValid()
121{
122 return m_impl->IsValid();
123}
124
125uint256 MuSig2SessionID(const CPubKey& script_pubkey, const CPubKey& part_pubkey, const uint256& sighash, const std::vector<uint8_t>& pubnonce)
126{
127 HashWriter hasher;
128 hasher << script_pubkey << part_pubkey << sighash << pubnonce;
129 return hasher.GetSHA256();
130}
131
132std::vector<uint8_t> CreateMuSig2Nonce(MuSig2SecNonce& secnonce, const uint256& sighash, const CKey& our_seckey, const CPubKey& aggregate_pubkey, const std::vector<CPubKey>& pubkeys)
133{
134 // Get the keyagg cache and aggregate pubkey
135 secp256k1_musig_keyagg_cache keyagg_cache;
136 if (!MuSig2AggregatePubkeys(pubkeys, keyagg_cache, aggregate_pubkey)) return {};
137
138 // Parse participant pubkey
139 CPubKey our_pubkey = our_seckey.GetPubKey();
140 secp256k1_pubkey pubkey;
141 if (!secp256k1_ec_pubkey_parse(secp256k1_context_static, &pubkey, our_pubkey.data(), our_pubkey.size())) {
142 return {};
143 }
144
145 // Generate randomness for nonce
146 uint256 rand;
147 GetStrongRandBytes(rand);
148
149 // Generate nonce
150 secp256k1_musig_pubnonce pubnonce;
151 if (!secp256k1_musig_nonce_gen(GetSecp256k1SignContext(), secnonce.Get(), &pubnonce, rand.data(), UCharCast(our_seckey.begin()), &pubkey, sighash.data(), &keyagg_cache, nullptr)) {
152 return {};
153 }
154
155 // Serialize pubnonce
156 std::vector<uint8_t> out;
157 out.resize(MUSIG2_PUBNONCE_SIZE);
158 if (!secp256k1_musig_pubnonce_serialize(secp256k1_context_static, out.data(), &pubnonce)) {
159 return {};
160 }
161
162 return out;
163}
164
165std::optional<uint256> CreateMuSig2PartialSig(const uint256& sighash, const CKey& our_seckey, const CPubKey& aggregate_pubkey, const std::vector<CPubKey>& pubkeys, const std::map<CPubKey, std::vector<uint8_t>>& pubnonces, MuSig2SecNonce& secnonce, const std::vector<std::pair<uint256, bool>>& tweaks)
166{
167 secp256k1_keypair keypair;
168 if (!secp256k1_keypair_create(GetSecp256k1SignContext(), &keypair, UCharCast(our_seckey.begin()))) return std::nullopt;
169
170 // Get the keyagg cache and aggregate pubkey
171 secp256k1_musig_keyagg_cache keyagg_cache;
172 if (!MuSig2AggregatePubkeys(pubkeys, keyagg_cache, aggregate_pubkey)) return std::nullopt;
173
174 // Check that there are enough pubnonces
175 if (pubnonces.size() != pubkeys.size()) return std::nullopt;
176
177 // Parse the pubnonces
178 std::vector<std::pair<secp256k1_pubkey, secp256k1_musig_pubnonce>> signers_data;
179 std::vector<const secp256k1_musig_pubnonce*> pubnonce_ptrs;
180 std::optional<size_t> our_pubkey_idx;
181 CPubKey our_pubkey = our_seckey.GetPubKey();
182 for (const CPubKey& part_pk : pubkeys) {
183 const auto& pn_it = pubnonces.find(part_pk);
184 if (pn_it == pubnonces.end()) return std::nullopt;
185 const std::vector<uint8_t> pubnonce = pn_it->second;
186 if (pubnonce.size() != MUSIG2_PUBNONCE_SIZE) return std::nullopt;
187 if (part_pk == our_pubkey) {
188 our_pubkey_idx = signers_data.size();
189 }
190
191 auto& [secp_pk, secp_pn] = signers_data.emplace_back();
192
193 if (!secp256k1_ec_pubkey_parse(secp256k1_context_static, &secp_pk, part_pk.data(), part_pk.size())) {
194 return std::nullopt;
195 }
196
197 if (!secp256k1_musig_pubnonce_parse(secp256k1_context_static, &secp_pn, pubnonce.data())) {
198 return std::nullopt;
199 }
200 }
201 if (our_pubkey_idx == std::nullopt) {
202 return std::nullopt;
203 }
204 pubnonce_ptrs.reserve(signers_data.size());
205 for (auto& [_, pn] : signers_data) {
206 pubnonce_ptrs.push_back(&pn);
207 }
208
209 // Aggregate nonces
210 secp256k1_musig_aggnonce aggnonce;
211 if (!secp256k1_musig_nonce_agg(secp256k1_context_static, &aggnonce, pubnonce_ptrs.data(), pubnonce_ptrs.size())) {
212 return std::nullopt;
213 }
214
215 // Apply tweaks
216 for (const auto& [tweak, xonly] : tweaks) {
217 if (xonly) {
218 if (!secp256k1_musig_pubkey_xonly_tweak_add(secp256k1_context_static, nullptr, &keyagg_cache, tweak.data())) {
219 return std::nullopt;
220 }
221 } else if (!secp256k1_musig_pubkey_ec_tweak_add(secp256k1_context_static, nullptr, &keyagg_cache, tweak.data())) {
222 return std::nullopt;
223 }
224 }
225
226 // Create musig_session
227 secp256k1_musig_session session;
228 if (!secp256k1_musig_nonce_process(secp256k1_context_static, &session, &aggnonce, sighash.data(), &keyagg_cache)) {
229 return std::nullopt;
230 }
231
232 // Create partial signature
233 secp256k1_musig_partial_sig psig;
234 if (!secp256k1_musig_partial_sign(secp256k1_context_static, &psig, secnonce.Get(), &keypair, &keyagg_cache, &session)) {
235 return std::nullopt;
236 }
237 // The secnonce must be deleted after signing to prevent nonce reuse.
238 secnonce.Invalidate();
239
240 // Verify partial signature
241 if (!secp256k1_musig_partial_sig_verify(secp256k1_context_static, &psig, &(signers_data.at(*our_pubkey_idx).second), &(signers_data.at(*our_pubkey_idx).first), &keyagg_cache, &session)) {
242 return std::nullopt;
243 }
244
245 // Serialize
246 uint256 sig;
247 if (!secp256k1_musig_partial_sig_serialize(secp256k1_context_static, sig.data(), &psig)) {
248 return std::nullopt;
249 }
250
251 return sig;
252}
253
254std::optional<std::vector<uint8_t>> CreateMuSig2AggregateSig(const std::vector<CPubKey>& part_pubkeys, const CPubKey& aggregate_pubkey, const std::vector<std::pair<uint256, bool>>& tweaks, const uint256& sighash, const std::map<CPubKey, std::vector<uint8_t>>& pubnonces, const std::map<CPubKey, uint256>& partial_sigs)
255{
256 if (!part_pubkeys.size()) return std::nullopt;
257
258 // Get the keyagg cache and aggregate pubkey
259 secp256k1_musig_keyagg_cache keyagg_cache;
260 if (!MuSig2AggregatePubkeys(part_pubkeys, keyagg_cache, aggregate_pubkey)) return std::nullopt;
261
262 // Check if enough pubnonces and partial sigs
263 if (pubnonces.size() != part_pubkeys.size()) return std::nullopt;
264 if (partial_sigs.size() != part_pubkeys.size()) return std::nullopt;
265
266 // Parse the pubnonces and partial sigs
267 std::vector<std::tuple<secp256k1_pubkey, secp256k1_musig_pubnonce, secp256k1_musig_partial_sig>> signers_data;
268 std::vector<const secp256k1_musig_pubnonce*> pubnonce_ptrs;
269 std::vector<const secp256k1_musig_partial_sig*> partial_sig_ptrs;
270 for (const CPubKey& part_pk : part_pubkeys) {
271 const auto& pn_it = pubnonces.find(part_pk);
272 if (pn_it == pubnonces.end()) return std::nullopt;
273 const std::vector<uint8_t> pubnonce = pn_it->second;
274 if (pubnonce.size() != MUSIG2_PUBNONCE_SIZE) return std::nullopt;
275 const auto& it = partial_sigs.find(part_pk);
276 if (it == partial_sigs.end()) return std::nullopt;
277 const uint256& partial_sig = it->second;
278
279 auto& [secp_pk, secp_pn, secp_ps] = signers_data.emplace_back();
280
281 if (!secp256k1_ec_pubkey_parse(secp256k1_context_static, &secp_pk, part_pk.data(), part_pk.size())) {
282 return std::nullopt;
283 }
284
285 if (!secp256k1_musig_pubnonce_parse(secp256k1_context_static, &secp_pn, pubnonce.data())) {
286 return std::nullopt;
287 }
288
289 if (!secp256k1_musig_partial_sig_parse(secp256k1_context_static, &secp_ps, partial_sig.data())) {
290 return std::nullopt;
291 }
292 }
293 pubnonce_ptrs.reserve(signers_data.size());
294 partial_sig_ptrs.reserve(signers_data.size());
295 for (auto& [_, pn, ps] : signers_data) {
296 pubnonce_ptrs.push_back(&pn);
297 partial_sig_ptrs.push_back(&ps);
298 }
299
300 // Aggregate nonces
301 secp256k1_musig_aggnonce aggnonce;
302 if (!secp256k1_musig_nonce_agg(secp256k1_context_static, &aggnonce, pubnonce_ptrs.data(), pubnonce_ptrs.size())) {
303 return std::nullopt;
304 }
305
306 // Apply tweaks
307 for (const auto& [tweak, xonly] : tweaks) {
308 if (xonly) {
309 if (!secp256k1_musig_pubkey_xonly_tweak_add(secp256k1_context_static, nullptr, &keyagg_cache, tweak.data())) {
310 return std::nullopt;
311 }
312 } else if (!secp256k1_musig_pubkey_ec_tweak_add(secp256k1_context_static, nullptr, &keyagg_cache, tweak.data())) {
313 return std::nullopt;
314 }
315 }
316
317 // Create musig_session
318 secp256k1_musig_session session;
319 if (!secp256k1_musig_nonce_process(secp256k1_context_static, &session, &aggnonce, sighash.data(), &keyagg_cache)) {
320 return std::nullopt;
321 }
322
323 // Verify partial sigs
324 for (const auto& [pk, pb, ps] : signers_data) {
325 if (!secp256k1_musig_partial_sig_verify(secp256k1_context_static, &ps, &pb, &pk, &keyagg_cache, &session)) {
326 return std::nullopt;
327 }
328 }
329
330 // Aggregate partial sigs
331 std::vector<uint8_t> sig;
332 sig.resize(64);
333 if (!secp256k1_musig_partial_sig_agg(secp256k1_context_static, sig.data(), &session, partial_sig_ptrs.data(), partial_sig_ptrs.size())) {
334 return std::nullopt;
335 }
336
337 return sig;
338}
CKey
An encapsulated private key.
Definition: key.h:37
CKey::begin
const std::byte * begin() const
Definition: key.h:121
CKey::GetPubKey
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:182
CPubKey
An encapsulated public key.
Definition: pubkey.h:32
CPubKey::data
const unsigned char * data() const
Definition: pubkey.h:111
CPubKey::COMPRESSED_SIZE
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:38
CPubKey::size
unsigned int size() const
Simple read-only vector-like interface to the pubkey data.
Definition: pubkey.h:110
ChainCode
A BIP32 chain code.
Definition: hash.h:23
HashWriter
A writer stream (for serialization) that computes a 256-bit hash.
Definition: hash.h:109
HashWriter::GetSHA256
uint256 GetSHA256()
Compute the SHA256 hash of all data written to this object.
Definition: hash.h:134
MuSig2SecNonce
MuSig2SecNonce encapsulates a secret nonce in use in a MuSig2 signing session.
Definition: musig.h:41
MuSig2SecNonce::Invalidate
void Invalidate()
Definition: musig.cpp:115
MuSig2SecNonce::IsValid
bool IsValid()
Definition: musig.cpp:120
MuSig2SecNonce::Get
secp256k1_musig_secnonce * Get() const
Definition: musig.cpp:110
MuSig2SecNonce::m_impl
std::unique_ptr< MuSig2SecNonceImpl > m_impl
Definition: musig.h:43
MuSig2SecNonceImpl::Get
secp256k1_musig_secnonce * Get() const
Definition: musig.cpp:98
MuSig2SecNonceImpl::operator=
MuSig2SecNonceImpl & operator=(const MuSig2SecNonceImpl &)=delete
MuSig2SecNonceImpl::m_nonce
secure_unique_ptr< secp256k1_musig_secnonce > m_nonce
The actual secnonce itself.
Definition: musig.cpp:89
MuSig2SecNonceImpl::Invalidate
void Invalidate()
Definition: musig.cpp:99
MuSig2SecNonceImpl::MuSig2SecNonceImpl
MuSig2SecNonceImpl(const MuSig2SecNonceImpl &)=delete
base_blob::data
constexpr const unsigned char * data() const
Definition: uint256.h:98
uint256
256-bit opaque blob.
Definition: uint256.h:196
GetSecp256k1SignContext
secp256k1_context * GetSecp256k1SignContext()
Access the secp256k1 context used for signing and MuSig2 nonce generation.
Definition: key.cpp:448
tweak
static int tweak(const secp256k1_context *ctx, secp256k1_xonly_pubkey *agg_pk, secp256k1_musig_keyagg_cache *cache)
Definition: musig.c:64
MUSIG_CHAINCODE
const ChainCode MUSIG_CHAINCODE
Definition: musig.cpp:14
CreateMuSig2Nonce
std::vector< uint8_t > CreateMuSig2Nonce(MuSig2SecNonce &secnonce, const uint256 &sighash, const CKey &our_seckey, const CPubKey &aggregate_pubkey, const std::vector< CPubKey > &pubkeys)
Definition: musig.cpp:132
MuSig2SessionID
uint256 MuSig2SessionID(const CPubKey &script_pubkey, const CPubKey &part_pubkey, const uint256 &sighash, const std::vector< uint8_t > &pubnonce)
Computes an arbitrary unique session ID to identify ongoing signing sessions.
Definition: musig.cpp:125
CreateMuSig2SyntheticXpub
CExtPubKey CreateMuSig2SyntheticXpub(const CPubKey &pubkey)
Construct the BIP 328 synthetic xpub for a pubkey.
Definition: musig.cpp:74
CreateMuSig2PartialSig
std::optional< uint256 > CreateMuSig2PartialSig(const uint256 &sighash, const CKey &our_seckey, const CPubKey &aggregate_pubkey, const std::vector< CPubKey > &pubkeys, const std::map< CPubKey, std::vector< uint8_t > > &pubnonces, MuSig2SecNonce &secnonce, const std::vector< std::pair< uint256, bool > > &tweaks)
Definition: musig.cpp:165
CreateMuSig2AggregateSig
std::optional< std::vector< uint8_t > > CreateMuSig2AggregateSig(const std::vector< CPubKey > &part_pubkeys, const CPubKey &aggregate_pubkey, const std::vector< std::pair< uint256, bool > > &tweaks, const uint256 &sighash, const std::map< CPubKey, std::vector< uint8_t > > &pubnonces, const std::map< CPubKey, uint256 > &partial_sigs)
Definition: musig.cpp:254
GetCPubKeyFromMuSig2KeyAggCache
static std::optional< CPubKey > GetCPubKeyFromMuSig2KeyAggCache(secp256k1_musig_keyagg_cache &keyagg_cache)
Definition: musig.cpp:42
GetMuSig2KeyAggCache
static bool GetMuSig2KeyAggCache(const std::vector< CPubKey > &pubkeys, secp256k1_musig_keyagg_cache &keyagg_cache)
Definition: musig.cpp:16
MuSig2AggregatePubkeys
std::optional< CPubKey > MuSig2AggregatePubkeys(const std::vector< CPubKey > &pubkeys, secp256k1_musig_keyagg_cache &keyagg_cache, const std::optional< CPubKey > &expected_aggregate)
Compute the full aggregate pubkey from the given participant pubkeys in their current order.
Definition: musig.cpp:57
MUSIG2_PUBNONCE_SIZE
constexpr size_t MUSIG2_PUBNONCE_SIZE
Definition: musig.h:18
tests_wycheproof_generate_ecdh.pk
def pk
Definition: tests_wycheproof_generate_ecdh.py:115
tests_wycheproof_generate_ecdsa.out
string out
Definition: tests_wycheproof_generate_ecdsa.py:24
util::hex_literals
""_hex is a compile-time user-defined literal returning a std::array<std::byte>, equivalent to ParseH...
Definition: strencodings.h:393
GetStrongRandBytes
void GetStrongRandBytes(std::span< unsigned char > bytes) noexcept
Gather entropy from various sources, feed it into the internal PRNG, and generate random data using i...
Definition: random.cpp:607
secp256k1_ec_pubkey_serialize
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:287
secp256k1_ec_pubkey_parse
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
Definition: secp256k1.c:269
SECP256K1_EC_COMPRESSED
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:225
secp256k1_context_static
SECP256K1_API const secp256k1_context *const secp256k1_context_static
A built-in constant secp256k1 context object with static storage duration, to be used in conjunction ...
Definition: secp256k1.h:246
secp256k1_keypair_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_create(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the keypair for a valid secret key.
Definition: main_impl.h:196
secp256k1_musig.h
secp256k1_musig_pubkey_ec_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_ec_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *output_pubkey, secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Apply plain "EC" tweaking to a public key in a given keyagg_cache by adding the generator multiplied ...
Definition: keyagg_impl.h:267
secp256k1_musig_pubkey_xonly_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_xonly_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *output_pubkey, secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Apply x-only tweaking to a public key in a given keyagg_cache by adding the generator multiplied with...
Definition: keyagg_impl.h:271
secp256k1_musig_partial_sig_parse
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_partial_sig_parse(const secp256k1_context *ctx, secp256k1_musig_partial_sig *sig, const unsigned char *in32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a MuSig partial signature.
Definition: session_impl.h:262
secp256k1_musig_pubnonce_parse
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubnonce_parse(const secp256k1_context *ctx, secp256k1_musig_pubnonce *nonce, const unsigned char *in66) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a signer's public nonce.
Definition: session_impl.h:188
secp256k1_musig_nonce_agg
SECP256K1_API int secp256k1_musig_nonce_agg(const secp256k1_context *ctx, secp256k1_musig_aggnonce *aggnonce, const secp256k1_musig_pubnonce *const *pubnonces, size_t n_pubnonces) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Aggregates the nonces of all signers into a single nonce.
Definition: session_impl.h:510
secp256k1_musig_partial_sign
SECP256K1_API int secp256k1_musig_partial_sign(const secp256k1_context *ctx, secp256k1_musig_partial_sig *partial_sig, secp256k1_musig_secnonce *secnonce, const secp256k1_keypair *keypair, const secp256k1_musig_keyagg_cache *keyagg_cache, const secp256k1_musig_session *session) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6)
Produces a partial signature.
Definition: session_impl.h:632
secp256k1_musig_pubkey_get
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_get(const secp256k1_context *ctx, secp256k1_pubkey *agg_pk, const secp256k1_musig_keyagg_cache *keyagg_cache) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Obtain the aggregate public key from a keyagg_cache.
Definition: keyagg_impl.h:217
secp256k1_musig_nonce_gen
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_gen(const secp256k1_context *ctx, secp256k1_musig_secnonce *secnonce, secp256k1_musig_pubnonce *pubnonce, unsigned char *session_secrand32, const unsigned char *seckey, const secp256k1_pubkey *pubkey, const unsigned char *msg32, const secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *extra_input32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(6)
Starts a signing session by generating a nonce.
Definition: session_impl.h:437
secp256k1_musig_partial_sig_serialize
SECP256K1_API int secp256k1_musig_partial_sig_serialize(const secp256k1_context *ctx, unsigned char *out32, const secp256k1_musig_partial_sig *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize a MuSig partial signature.
Definition: session_impl.h:281
secp256k1_musig_partial_sig_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_partial_sig_verify(const secp256k1_context *ctx, const secp256k1_musig_partial_sig *partial_sig, const secp256k1_musig_pubnonce *pubnonce, const secp256k1_pubkey *pubkey, const secp256k1_musig_keyagg_cache *keyagg_cache, const secp256k1_musig_session *session) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6)
Verifies an individual signer's partial signature.
Definition: session_impl.h:702
secp256k1_musig_partial_sig_agg
SECP256K1_API int secp256k1_musig_partial_sig_agg(const secp256k1_context *ctx, unsigned char *sig64, const secp256k1_musig_session *session, const secp256k1_musig_partial_sig *const *partial_sigs, size_t n_sigs) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Aggregates partial signatures.
Definition: session_impl.h:765
secp256k1_musig_pubkey_agg
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_agg(const secp256k1_context *ctx, secp256k1_xonly_pubkey *agg_pk, secp256k1_musig_keyagg_cache *keyagg_cache, const secp256k1_pubkey *const *pubkeys, size_t n_pubkeys) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(4)
Computes an aggregate public key and uses it to initialize a keyagg_cache.
Definition: keyagg_impl.h:156
secp256k1_musig_nonce_process
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_process(const secp256k1_context *ctx, secp256k1_musig_session *session, const secp256k1_musig_aggnonce *aggnonce, const unsigned char *msg32, const secp256k1_musig_keyagg_cache *keyagg_cache) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5)
Takes the aggregate nonce and creates a session that is required for signing and verification of part...
Definition: session_impl.h:586
secp256k1_musig_pubnonce_serialize
SECP256K1_API int secp256k1_musig_pubnonce_serialize(const secp256k1_context *ctx, unsigned char *out66, const secp256k1_musig_pubnonce *nonce) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize a signer's public nonce.
Definition: session_impl.h:208
make_secure_unique
secure_unique_ptr< T > make_secure_unique(Args &&... as)
Definition: secure.h:66
secure_unique_ptr
std::unique_ptr< T, SecureUniqueDeleter< T > > secure_unique_ptr
Definition: secure.h:63
UCharCast
unsigned char * UCharCast(char *c)
Definition: span.h:95
CExtPubKey::chaincode
ChainCode chaincode
Definition: pubkey.h:339
CExtPubKey::vchFingerprint
unsigned char vchFingerprint[4]
Definition: pubkey.h:337
CExtPubKey::nDepth
unsigned char nDepth
Definition: pubkey.h:336
CExtPubKey::pubkey
CPubKey pubkey
Definition: pubkey.h:340
CExtPubKey::nChild
unsigned int nChild
Definition: pubkey.h:338
secp256k1_keypair
Opaque data structure that holds a keypair consisting of a secret and a public key.
Definition: secp256k1_extrakeys.h:33
secp256k1_musig_aggnonce
Opaque data structure that holds an aggregate public nonce.
Definition: secp256k1_musig.h:77
secp256k1_musig_aggnonce::data
unsigned char data[132]
Definition: secp256k1_musig.h:78
secp256k1_musig_keyagg_cache
This module implements BIP 327 "MuSig2 for BIP340-compatible Multi-Signatures" (https://github....
Definition: secp256k1_musig.h:43
secp256k1_musig_keyagg_cache::data
unsigned char data[197]
Definition: secp256k1_musig.h:44
secp256k1_musig_partial_sig
Opaque data structure that holds a partial MuSig signature.
Definition: secp256k1_musig.h:96
secp256k1_musig_pubnonce
Opaque data structure that holds a signer's public nonce.
Definition: secp256k1_musig.h:68
secp256k1_musig_secnonce
Opaque data structure that holds a signer's secret nonce.
Definition: secp256k1_musig.h:59
secp256k1_musig_session
Opaque data structure that holds a MuSig session.
Definition: secp256k1_musig.h:87
secp256k1_musig_session::data
unsigned char data[133]
Definition: secp256k1_musig.h:88
secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:62
_
consteval auto _(util::TranslatedLiteral str)
Definition: translation.h:79
Generated on Tue Jun 23 2026 20:06:26 for Bitcoin Core by doxygen 1.9.4