Skip to content

Commit

Permalink
Use updated secp256k1 library
Browse files Browse the repository at this point in the history
  • Loading branch information
martonp committed Sep 20, 2024
1 parent 04d1f1a commit 3dea188
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 30 deletions.
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ require (
github.com/decred/dcrd/crypto/blake256 v1.0.1
github.com/decred/dcrd/dcrec v1.0.1
github.com/decred/dcrd/dcrec/edwards/v2 v2.0.3
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.1-0.20240912225101-7333f805850b
github.com/decred/dcrd/dcrjson/v4 v4.1.0
github.com/decred/dcrd/dcrutil/v4 v4.0.2
github.com/decred/dcrd/gcs/v4 v4.1.0
Expand Down
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -295,6 +295,8 @@ github.com/decred/dcrd/dcrec/edwards/v2 v2.0.3/go.mod h1:AKpV6+wZ2MfPRJnTbQ6NPgW
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnNEcHYvcCuK6dPZSg=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.1-0.20240912225101-7333f805850b h1:HIjTBv19sQRjUiifEKPy6BLFKkOtV44uCnDThmYQ37s=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.1-0.20240912225101-7333f805850b/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
github.com/decred/dcrd/dcrjson/v4 v4.1.0 h1:WJVogRnYnNxB5hWoGHODvP4fNTG1JycTuHHKt/XucHk=
github.com/decred/dcrd/dcrjson/v4 v4.1.0/go.mod h1:2qVikafVF9/X3PngQVmqkbUbyAl32uik0k/kydgtqMc=
github.com/decred/dcrd/dcrutil/v4 v4.0.2 h1:eIl3E6gGln54qE8nk5o5lLtjh2/9C2Rz63OpD662h+8=
Expand Down
38 changes: 9 additions & 29 deletions internal/adaptorsigs/adaptor.go
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,6 @@ func ParseAdaptorSignature(b []byte) (*AdaptorSignature, error) {
str := "invalid signature: not for a valid curve point"
return nil, errors.New(str)
}
t.y.Normalize()

pubKeyTweak := b[96]&1 == 1

Expand Down Expand Up @@ -266,12 +265,8 @@ func (sig *AdaptorSignature) Verify(hash []byte, pubKey *secp256k1.PublicKey) er
func (sig *AdaptorSignature) Decrypt(tweak *secp256k1.ModNScalar) (*schnorr.Signature, error) {
var expectedT secp256k1.JacobianPoint
secp256k1.ScalarBaseMultNonConst(tweak, &expectedT)
expectedT.ToAffine()
if !expectedT.X.Equals(&sig.t.x) {
return nil, fmt.Errorf("tweak X does not match expected")
}
if !expectedT.Y.Equals(&sig.t.y) {
return nil, fmt.Errorf("tweak Y does not match expected")
if !expectedT.EquivalentNonConst(sig.t.asJacobian()) {
return nil, fmt.Errorf("tweak does not match expected value")
}

s := new(secp256k1.ModNScalar).Set(tweak)
Expand All @@ -290,19 +285,14 @@ func (sig *AdaptorSignature) RecoverTweak(validSig *schnorr.Signature) (*secp256
return nil, fmt.Errorf("only pub key tweaked sigs can be recovered")
}

_, s := parseSig(validSig)

t := new(secp256k1.ModNScalar).NegateVal(&sig.s).Add(s)
s := validSig.S()
t := new(secp256k1.ModNScalar).NegateVal(&sig.s).Add(&s)

// Verify the recovered tweak
var expectedT secp256k1.JacobianPoint
secp256k1.ScalarBaseMultNonConst(t, &expectedT)
expectedT.ToAffine()
if !expectedT.X.Equals(&sig.t.x) {
return nil, fmt.Errorf("recovered tweak does not match expected")
}
if !expectedT.Y.Equals(&sig.t.y) {
return nil, fmt.Errorf("recovered tweak does not match expected")
if !expectedT.EquivalentNonConst(sig.t.asJacobian()) {
return nil, fmt.Errorf("tweak does not match expected value")
}

return t, nil
Expand Down Expand Up @@ -483,27 +473,17 @@ func PublicKeyTweakedAdaptorSig(privKey *secp256k1.PrivateKey, hash []byte, T *s
}
}

func parseSig(sig *schnorr.Signature) (r *secp256k1.FieldVal, s *secp256k1.ModNScalar) {
sigB := sig.Serialize()
r, s = new(secp256k1.FieldVal), new(secp256k1.ModNScalar)
r.SetBytes((*[32]byte)(sigB[0:32]))
s.SetBytes((*[32]byte)(sigB[32:64]))
return r, s
}

// PrivateKeyTweakedAdaptorSig creates a private key tweaked adaptor signature.
// This is created by a party which knows the hidden value.
func PrivateKeyTweakedAdaptorSig(sig *schnorr.Signature, pubKey *secp256k1.PublicKey, t *secp256k1.ModNScalar) *AdaptorSignature {
T := new(secp256k1.JacobianPoint)
secp256k1.ScalarBaseMultNonConst(t, T)
T.ToAffine()

r, s := parseSig(sig)
tweakedS := new(secp256k1.ModNScalar).Add2(s, t)

s := sig.S()
return &AdaptorSignature{
r: *r,
s: *tweakedS,
r: sig.R(),
s: *new(secp256k1.ModNScalar).Add2(&s, t),
t: affinePoint{x: T.X, y: T.Y},
}
}

0 comments on commit 3dea188

Please sign in to comment.