schnorrsig_2main__impl_8h_source.html

/***********************************************************************

 * Copyright (c) 2018-2020 Andrew Poelstra, Jonas Nick                 *

 * Distributed under the MIT software license, see the accompanying    *

 * file COPYING or https://www.opensource.org/licenses/mit-license.php.*

 ***********************************************************************/


#ifndef SECP256K1_MODULE_SCHNORRSIG_MAIN_H

#define SECP256K1_MODULE_SCHNORRSIG_MAIN_H


#include "../../../include/secp256k1.h"

#include "../../../include/secp256k1_schnorrsig.h"

#include "../../hash.h"


/* Initializes SHA256 with fixed midstate. This midstate was computed by applying

 * SHA256 to SHA256("BIP0340/nonce")||SHA256("BIP0340/nonce"). */

static void secp256k1_nonce_function_bip340_sha256_tagged(secp256k1_sha256 *sha) {

    static const uint32_t midstate[8] = {

        0x46615b35ul, 0xf4bfbff7ul, 0x9f8dc671ul, 0x83627ab3ul,

        0x60217180ul, 0x57358661ul, 0x21a29e54ul, 0x68b07b4cul

    };

    secp256k1_sha256_initialize_midstate(sha, 64, midstate);

}


/* Initializes SHA256 with fixed midstate. This midstate was computed by applying

 * SHA256 to SHA256("BIP0340/aux")||SHA256("BIP0340/aux"). */

static void secp256k1_nonce_function_bip340_sha256_tagged_aux(secp256k1_sha256 *sha) {

    static const uint32_t midstate[8] = {

        0x24dd3219ul, 0x4eba7e70ul, 0xca0fabb9ul, 0x0fa3166dul,

        0x3afbe4b1ul, 0x4c44df97ul, 0x4aac2739ul, 0x249e850aul

    };

    secp256k1_sha256_initialize_midstate(sha, 64, midstate);

}


/* algo argument for nonce_function_bip340 to derive the nonce exactly as stated in BIP-340

 * by using the correct tagged hash function. */

static const unsigned char bip340_algo[] = {'B', 'I', 'P', '0', '3', '4', '0', '/', 'n', 'o', 'n', 'c', 'e'};


static const unsigned char schnorrsig_extraparams_magic[4] = SECP256K1_SCHNORRSIG_EXTRAPARAMS_MAGIC;


static int nonce_function_bip340_impl(const secp256k1_hash_ctx *hash_ctx, unsigned char *nonce32, const unsigned char *msg, size_t msglen, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo, size_t algolen, void *data) {

    secp256k1_sha256 sha;

    unsigned char masked_key[32];

    int i;


    if (algo == NULL) {

        return 0;

    }


    if (data != NULL) {

        secp256k1_nonce_function_bip340_sha256_tagged_aux(&sha);

        secp256k1_sha256_write(hash_ctx, &sha, data, 32);

        secp256k1_sha256_finalize(hash_ctx, &sha, masked_key);

        for (i = 0; i < 32; i++) {

            masked_key[i] ^= key32[i];

        }

    } else {

        /* Precomputed TaggedHash("BIP0340/aux", 0x0000...00); */

        static const unsigned char ZERO_MASK[32] = {

              84, 241, 105, 207, 201, 226, 229, 114,

             116, 128,  68,  31, 144, 186,  37, 196,

             136, 244,  97, 199,  11,  94, 165, 220,

             170, 247, 175, 105, 39,  10, 165,  20

        };

        for (i = 0; i < 32; i++) {

            masked_key[i] = key32[i] ^ ZERO_MASK[i];

        }

    }


    /* Tag the hash with algo which is important to avoid nonce reuse across

     * algorithms. If this nonce function is used in BIP-340 signing as defined

     * in the spec, an optimized tagging implementation is used. */

    if (algolen == sizeof(bip340_algo)

            && secp256k1_memcmp_var(algo, bip340_algo, algolen) == 0) {

        secp256k1_nonce_function_bip340_sha256_tagged(&sha);

    } else {

        secp256k1_sha256_initialize_tagged(hash_ctx, &sha, algo, algolen);

    }


    /* Hash masked-key||pk||msg using the tagged hash as per the spec */

    secp256k1_sha256_write(hash_ctx, &sha, masked_key, 32);

    secp256k1_sha256_write(hash_ctx, &sha, xonly_pk32, 32);

    secp256k1_sha256_write(hash_ctx, &sha, msg, msglen);

    secp256k1_sha256_finalize(hash_ctx, &sha, nonce32);

    secp256k1_sha256_clear(&sha);

    secp256k1_memclear_explicit(masked_key, sizeof(masked_key));


    return 1;

}


static int nonce_function_bip340(unsigned char *nonce32, const unsigned char *msg, size_t msglen, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo, size_t algolen, void *data) {

    return nonce_function_bip340_impl(secp256k1_get_hash_context(secp256k1_context_static), nonce32, msg, msglen, key32, xonly_pk32, algo, algolen, data);

}


const secp256k1_nonce_function_hardened secp256k1_nonce_function_bip340 = nonce_function_bip340;


/* Initializes SHA256 with fixed midstate. This midstate was computed by applying

 * SHA256 to SHA256("BIP0340/challenge")||SHA256("BIP0340/challenge"). */

static void secp256k1_schnorrsig_sha256_tagged(secp256k1_sha256 *sha) {

    static const uint32_t midstate[8] = {

        0x9cecba11ul, 0x23925381ul, 0x11679112ul, 0xd1627e0ful,

        0x97c87550ul, 0x003cc765ul, 0x90f61164ul, 0x33e9b66aul

    };

    secp256k1_sha256_initialize_midstate(sha, 64, midstate);

}


static void secp256k1_schnorrsig_challenge(const secp256k1_hash_ctx *hash_ctx, secp256k1_scalar* e, const unsigned char *r32, const unsigned char *msg, size_t msglen, const unsigned char *pubkey32)

{

    unsigned char buf[32];

    secp256k1_sha256 sha;


    /* tagged hash(r.x, pk.x, msg) */

    secp256k1_schnorrsig_sha256_tagged(&sha);

    secp256k1_sha256_write(hash_ctx, &sha, r32, 32);

    secp256k1_sha256_write(hash_ctx, &sha, pubkey32, 32);

    secp256k1_sha256_write(hash_ctx, &sha, msg, msglen);

    secp256k1_sha256_finalize(hash_ctx, &sha, buf);

    /* Set scalar e to the challenge hash modulo the curve order as per

     * BIP340. */

    secp256k1_scalar_set_b32(e, buf, NULL);

}


static int secp256k1_schnorrsig_sign_internal(const secp256k1_context* ctx, unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_keypair *keypair, secp256k1_nonce_function_hardened noncefp, void *ndata) {

    secp256k1_scalar sk;

    secp256k1_scalar e;

    secp256k1_scalar k;

    secp256k1_gej rj;

    secp256k1_ge pk;

    secp256k1_ge r;

    unsigned char nonce32[32] = { 0 };

    unsigned char pk_buf[32];

    unsigned char seckey[32];

    int ret = 1;


    VERIFY_CHECK(ctx != NULL);

    ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));

    ARG_CHECK(sig64 != NULL);

    ARG_CHECK(msg != NULL || msglen == 0);

    ARG_CHECK(keypair != NULL);


    ret &= secp256k1_keypair_load(ctx, &sk, &pk, keypair);

    /* Because we are signing for a x-only pubkey, the secret key is negated

     * before signing if the point corresponding to the secret key does not

     * have an even Y. */

    if (secp256k1_fe_is_odd(&pk.y)) {

        secp256k1_scalar_negate(&sk, &sk);

    }


    secp256k1_scalar_get_b32(seckey, &sk);

    secp256k1_fe_get_b32(pk_buf, &pk.x);


    /* Compute nonce */

    if (noncefp == NULL || noncefp == secp256k1_nonce_function_bip340) {

        /* Use context-aware nonce function by default */

        ret &= nonce_function_bip340_impl(secp256k1_get_hash_context(ctx), nonce32, msg, msglen, seckey, pk_buf, bip340_algo, sizeof(bip340_algo), ndata);

    } else {

        ret &= !!noncefp(nonce32, msg, msglen, seckey, pk_buf, bip340_algo, sizeof(bip340_algo), ndata);

    }


    secp256k1_scalar_set_b32(&k, nonce32, NULL);

    ret &= !secp256k1_scalar_is_zero(&k);

    secp256k1_scalar_cmov(&k, &secp256k1_scalar_one, !ret);


    secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &rj, &k);

    secp256k1_ge_set_gej(&r, &rj);


    /* We declassify r to allow using it as a branch point. This is fine

     * because r is not a secret. */

    secp256k1_declassify(ctx, &r, sizeof(r));

    secp256k1_fe_normalize_var(&r.y);

    if (secp256k1_fe_is_odd(&r.y)) {

        secp256k1_scalar_negate(&k, &k);

    }

    secp256k1_fe_normalize_var(&r.x);

    secp256k1_fe_get_b32(&sig64[0], &r.x);


    secp256k1_schnorrsig_challenge(secp256k1_get_hash_context(ctx), &e, &sig64[0], msg, msglen, pk_buf);

    secp256k1_scalar_mul(&e, &e, &sk);

    secp256k1_scalar_add(&e, &e, &k);

    secp256k1_scalar_get_b32(&sig64[32], &e);


    secp256k1_memczero(sig64, 64, !ret);

    secp256k1_scalar_clear(&k);

    secp256k1_scalar_clear(&sk);

    secp256k1_memclear_explicit(seckey, sizeof(seckey));

    secp256k1_memclear_explicit(nonce32, sizeof(nonce32));

    secp256k1_gej_clear(&rj);


    return ret;

}


int secp256k1_schnorrsig_sign32(const secp256k1_context* ctx, unsigned char *sig64, const unsigned char *msg32, const secp256k1_keypair *keypair, const unsigned char *aux_rand32) {

    /* We cast away const from the passed aux_rand32 argument since we know the default nonce function does not modify it. */

    return secp256k1_schnorrsig_sign_internal(ctx, sig64, msg32, 32, keypair, secp256k1_nonce_function_bip340, (unsigned char*)aux_rand32);

}


int secp256k1_schnorrsig_sign(const secp256k1_context* ctx, unsigned char *sig64, const unsigned char *msg32, const secp256k1_keypair *keypair, const unsigned char *aux_rand32) {

    return secp256k1_schnorrsig_sign32(ctx, sig64, msg32, keypair, aux_rand32);

}


int secp256k1_schnorrsig_sign_custom(const secp256k1_context* ctx, unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_keypair *keypair, secp256k1_schnorrsig_extraparams *extraparams) {

    secp256k1_nonce_function_hardened noncefp = NULL;

    void *ndata = NULL;

    VERIFY_CHECK(ctx != NULL);


    if (extraparams != NULL) {

        ARG_CHECK(secp256k1_memcmp_var(extraparams->magic,

                                       schnorrsig_extraparams_magic,

                                       sizeof(extraparams->magic)) == 0);

        noncefp = extraparams->noncefp;

        ndata = extraparams->ndata;

    }

    return secp256k1_schnorrsig_sign_internal(ctx, sig64, msg, msglen, keypair, noncefp, ndata);

}


int secp256k1_schnorrsig_verify(const secp256k1_context* ctx, const unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_xonly_pubkey *pubkey) {

    secp256k1_scalar s;

    secp256k1_scalar e;

    secp256k1_gej rj;

    secp256k1_ge pk;

    secp256k1_gej pkj;

    secp256k1_fe rx;

    secp256k1_ge r;

    unsigned char buf[32];

    int overflow;


    VERIFY_CHECK(ctx != NULL);

    ARG_CHECK(sig64 != NULL);

    ARG_CHECK(msg != NULL || msglen == 0);

    ARG_CHECK(pubkey != NULL);


    if (!secp256k1_fe_set_b32_limit(&rx, &sig64[0])) {

        return 0;

    }


    secp256k1_scalar_set_b32(&s, &sig64[32], &overflow);

    if (overflow) {

        return 0;

    }


    if (!secp256k1_xonly_pubkey_load(ctx, &pk, pubkey)) {

        return 0;

    }


    /* Compute e. */

    secp256k1_fe_get_b32(buf, &pk.x);

    secp256k1_schnorrsig_challenge(secp256k1_get_hash_context(ctx), &e, &sig64[0], msg, msglen, buf);


    /* Compute rj =  s*G + (-e)*pkj */

    secp256k1_scalar_negate(&e, &e);

    secp256k1_gej_set_ge(&pkj, &pk);

    secp256k1_ecmult(&rj, &pkj, &e, &s);


    secp256k1_ge_set_gej_var(&r, &rj);

    if (secp256k1_ge_is_infinity(&r)) {

        return 0;

    }


    secp256k1_fe_normalize_var(&r.y);

    return !secp256k1_fe_is_odd(&r.y) &&

           secp256k1_fe_equal(&rx, &r.x);

}


#endif

ret
int ret
Definition: bitcoin-cli.cpp:1402

secp256k1_ecmult
static void secp256k1_ecmult(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng)
Double multiply: R = na*A + ng*G.

secp256k1_ecmult_gen
static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context *ctx, secp256k1_gej *r, const secp256k1_scalar *a)
Multiply with the generator: R = a*G.

secp256k1_ecmult_gen_context_is_built
static int secp256k1_ecmult_gen_context_is_built(const secp256k1_ecmult_gen_context *ctx)
Definition: ecmult_gen_impl.h:22

secp256k1_keypair_load
static int secp256k1_keypair_load(const secp256k1_context *ctx, secp256k1_scalar *sk, secp256k1_ge *pk, const secp256k1_keypair *keypair)
Definition: main_impl.h:176

secp256k1_xonly_pubkey_load
static SECP256K1_INLINE int secp256k1_xonly_pubkey_load(const secp256k1_context *ctx, secp256k1_ge *ge, const secp256k1_xonly_pubkey *pubkey)
Definition: main_impl.h:14

secp256k1_fe_is_odd
#define secp256k1_fe_is_odd
Definition: field.h:85

secp256k1_fe_normalize_var
#define secp256k1_fe_normalize_var
Definition: field.h:80

secp256k1_fe_set_b32_limit
#define secp256k1_fe_set_b32_limit
Definition: field.h:88

secp256k1_fe_get_b32
#define secp256k1_fe_get_b32
Definition: field.h:89

secp256k1_fe_equal
static int secp256k1_fe_equal(const secp256k1_fe *a, const secp256k1_fe *b)
Determine whether two field elements are equal.

secp256k1_gej_clear
static void secp256k1_gej_clear(secp256k1_gej *r)
Clear a secp256k1_gej to prevent leaking sensitive information.

secp256k1_ge_set_gej
static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a)
Set a group element equal to another which is given in jacobian coordinates.

secp256k1_ge_is_infinity
static int secp256k1_ge_is_infinity(const secp256k1_ge *a)
Check whether a group element is the point at infinity.

secp256k1_gej_set_ge
static void secp256k1_gej_set_ge(secp256k1_gej *r, const secp256k1_ge *a)
Set a group element (jacobian) equal to another which is given in affine coordinates.

secp256k1_ge_set_gej_var
static void secp256k1_ge_set_gej_var(secp256k1_ge *r, secp256k1_gej *a)
Set a group element equal to another which is given in jacobian coordinates.

secp256k1_sha256_initialize_tagged
static void secp256k1_sha256_initialize_tagged(const secp256k1_hash_ctx *hash_ctx, secp256k1_sha256 *hash, const unsigned char *tag, size_t taglen)
Definition: hash_impl.h:196

test_vectors_musig2_generate.s
tuple s
Definition: test_vectors_musig2_generate.py:72

test_vectors_musig2_generate.data
data
Definition: test_vectors_musig2_generate.py:98

tests_wycheproof_generate_ecdh.sk
sk
Definition: tests_wycheproof_generate_ecdh.py:101

tests_wycheproof_generate_ecdh.pk
def pk
Definition: tests_wycheproof_generate_ecdh.py:115

tests_wycheproof_generate_ecdsa.msg
msg
Definition: tests_wycheproof_generate_ecdsa.py:52

secp256k1_scalar_cmov
static void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag)
If flag is 1, set *r equal to *a; if flag is 0, leave it.

secp256k1_scalar_set_b32
static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow)
Set a scalar from a big endian byte array.

secp256k1_scalar_is_zero
static int secp256k1_scalar_is_zero(const secp256k1_scalar *a)
Check whether a scalar equals zero.

secp256k1_scalar_get_b32
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)
Convert a scalar to a byte array.

secp256k1_scalar_add
static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
Add two scalars together (modulo the group order).

secp256k1_scalar_mul
static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
Multiply two scalars (modulo the group order).

secp256k1_scalar_negate
static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the complement of a scalar (modulo the group order).

secp256k1_scalar_clear
static void secp256k1_scalar_clear(secp256k1_scalar *r)
Clear a scalar to prevent the leak of sensitive data.

secp256k1_scalar_one
static const secp256k1_scalar secp256k1_scalar_one
Definition: scalar_impl.h:27

nonce_function_bip340
static int nonce_function_bip340(unsigned char *nonce32, const unsigned char *msg, size_t msglen, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo, size_t algolen, void *data)
Definition: main_impl.h:90

schnorrsig_extraparams_magic
static const unsigned char schnorrsig_extraparams_magic[4]
Definition: main_impl.h:38

secp256k1_nonce_function_bip340_sha256_tagged_aux
static void secp256k1_nonce_function_bip340_sha256_tagged_aux(secp256k1_sha256 *sha)
Definition: main_impl.h:26

secp256k1_schnorrsig_sign
int secp256k1_schnorrsig_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const secp256k1_keypair *keypair, const unsigned char *aux_rand32)
Same as secp256k1_schnorrsig_sign32, but DEPRECATED.
Definition: main_impl.h:196

secp256k1_nonce_function_bip340_sha256_tagged
static void secp256k1_nonce_function_bip340_sha256_tagged(secp256k1_sha256 *sha)
Definition: main_impl.h:16

secp256k1_schnorrsig_challenge
static void secp256k1_schnorrsig_challenge(const secp256k1_hash_ctx *hash_ctx, secp256k1_scalar *e, const unsigned char *r32, const unsigned char *msg, size_t msglen, const unsigned char *pubkey32)
Definition: main_impl.h:106

secp256k1_schnorrsig_sha256_tagged
static void secp256k1_schnorrsig_sha256_tagged(secp256k1_sha256 *sha)
Definition: main_impl.h:98

secp256k1_schnorrsig_sign_custom
int secp256k1_schnorrsig_sign_custom(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_keypair *keypair, secp256k1_schnorrsig_extraparams *extraparams)
Create a Schnorr signature with a more flexible API.
Definition: main_impl.h:200

secp256k1_schnorrsig_sign32
int secp256k1_schnorrsig_sign32(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const secp256k1_keypair *keypair, const unsigned char *aux_rand32)
Create a Schnorr signature.
Definition: main_impl.h:191

bip340_algo
static const unsigned char bip340_algo[]
Definition: main_impl.h:36

secp256k1_schnorrsig_sign_internal
static int secp256k1_schnorrsig_sign_internal(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_keypair *keypair, secp256k1_nonce_function_hardened noncefp, void *ndata)
Definition: main_impl.h:122

secp256k1_nonce_function_bip340
const secp256k1_nonce_function_hardened secp256k1_nonce_function_bip340
Definition: main_impl.h:94

secp256k1_schnorrsig_verify
int secp256k1_schnorrsig_verify(const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_xonly_pubkey *pubkey)
Verify a Schnorr signature.
Definition: main_impl.h:215

nonce_function_bip340_impl
static int nonce_function_bip340_impl(const secp256k1_hash_ctx *hash_ctx, unsigned char *nonce32, const unsigned char *msg, size_t msglen, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo, size_t algolen, void *data)
Definition: main_impl.h:40

secp256k1_sha256_finalize
static void secp256k1_sha256_finalize(const secp256k1_hash_ctx *hash_ctx, secp256k1_sha256 *hash, unsigned char *out32)

secp256k1_sha256_initialize_midstate
static void secp256k1_sha256_initialize_midstate(secp256k1_sha256 *hash, uint64_t bytes, const uint32_t state[8])

secp256k1_sha256_write
static void secp256k1_sha256_write(const secp256k1_hash_ctx *hash_ctx, secp256k1_sha256 *hash, const unsigned char *data, size_t size)

secp256k1_sha256_clear
static void secp256k1_sha256_clear(secp256k1_sha256 *hash)

secp256k1_memclear_explicit
static SECP256K1_INLINE void secp256k1_memclear_explicit(void *ptr, size_t len)
Definition: util.h:258

secp256k1_memcmp_var
static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n)
Semantics like memcmp.
Definition: util.h:271

VERIFY_CHECK
#define VERIFY_CHECK(cond)
Definition: util.h:159

secp256k1_memczero
static SECP256K1_INLINE void secp256k1_memczero(void *s, size_t len, int flag)
Definition: util.h:210

ARG_CHECK
#define ARG_CHECK(cond)
Definition: secp256k1.c:45

secp256k1_declassify
static SECP256K1_INLINE void secp256k1_declassify(const secp256k1_context *ctx, const void *p, size_t len)
Definition: secp256k1.c:255

secp256k1_get_hash_context
static SECP256K1_INLINE const secp256k1_hash_ctx * secp256k1_get_hash_context(const secp256k1_context *ctx)
Definition: secp256k1.c:238

secp256k1_context_static
SECP256K1_API const secp256k1_context *const secp256k1_context_static
A built-in constant secp256k1 context object with static storage duration, to be used in conjunction ...
Definition: secp256k1.h:246

SECP256K1_SCHNORRSIG_EXTRAPARAMS_MAGIC
#define SECP256K1_SCHNORRSIG_EXTRAPARAMS_MAGIC
Definition: secp256k1_schnorrsig.h:88

secp256k1_nonce_function_hardened
int(* secp256k1_nonce_function_hardened)(unsigned char *nonce32, const unsigned char *msg, size_t msglen, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo, size_t algolen, void *data)
This module implements a variant of Schnorr signatures compliant with Bitcoin Improvement Proposal 34...
Definition: secp256k1_schnorrsig.h:41

ByteUnit::k
@ k

secp256k1_context_struct
Definition: secp256k1.c:61

secp256k1_context_struct::ecmult_gen_ctx
secp256k1_ecmult_gen_context ecmult_gen_ctx
Definition: secp256k1.c:62

secp256k1_fe
This field implementation represents the value as 10 uint32_t limbs in base 2^26.
Definition: field_10x26.h:14

secp256k1_ge
A group element in affine coordinates on the secp256k1 curve, or occasionally on an isomorphic curve ...
Definition: group.h:16

secp256k1_ge::x
secp256k1_fe x
Definition: group.h:17

secp256k1_ge::y
secp256k1_fe y
Definition: group.h:18

secp256k1_gej
A group element of the secp256k1 curve, in jacobian coordinates.
Definition: group.h:28

secp256k1_hash_ctx
Definition: hash.h:13

secp256k1_keypair
Opaque data structure that holds a keypair consisting of a secret and a public key.
Definition: secp256k1_extrakeys.h:33

secp256k1_scalar
A scalar modulo the group order of the secp256k1 curve.
Definition: scalar_4x64.h:13

secp256k1_schnorrsig_extraparams
Data structure that contains additional arguments for schnorrsig_sign_custom.
Definition: secp256k1_schnorrsig.h:82

secp256k1_schnorrsig_extraparams::noncefp
secp256k1_nonce_function_hardened noncefp
Definition: secp256k1_schnorrsig.h:84

secp256k1_schnorrsig_extraparams::ndata
void * ndata
Definition: secp256k1_schnorrsig.h:85

secp256k1_schnorrsig_extraparams::magic
unsigned char magic[4]
Definition: secp256k1_schnorrsig.h:83

secp256k1_sha256
Definition: hash.h:19

secp256k1_xonly_pubkey
Opaque data structure that holds a parsed and valid "x-only" public key.
Definition: secp256k1_extrakeys.h:22