mimblewimble · GeneFerneau · Jun 3, 2021 · Apr 21, 2021 · Apr 22, 2021 · May 19, 2021
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/api/src/types.rs b/api/src/types.rs
@@ -171,6 +171,7 @@ impl TxHashSetNode {
 pub enum OutputType {
 	Coinbase,
 	Transaction,
+	Multisig,
 }
 
 #[derive(Debug, Serialize, Deserialize, Clone)]
@@ -285,6 +286,8 @@ impl OutputPrintable {
 	) -> Result<OutputPrintable, chain::Error> {
 		let output_type = if output.is_coinbase() {
 			OutputType::Coinbase
+		} else if output.is_multisig() {
+			OutputType::Multisig
 		} else {
 			OutputType::Transaction
 		};

diff --git a/core/src/core/transaction.rs b/core/src/core/transaction.rs
@@ -742,6 +742,7 @@ impl TxKernel {
 			&sig,
 			&self.msg_to_sign()?,
 			None,
+			None,
 			&pubkey,
 			Some(&pubkey),
 			false,
@@ -1979,6 +1980,8 @@ enum_from_primitive! {
 		Plain = 0,
 		/// A coinbase output.
 		Coinbase = 1,
+		/// Multisignature output with shared ownership
+		Multisig = 2,
 	}
 }
 
@@ -2071,6 +2074,11 @@ impl OutputFeatures {
 	pub fn is_plain(self) -> bool {
 		self == OutputFeatures::Plain
 	}
+
+	/// Is this a multisig output?
+	pub fn is_multisig(self) -> bool {
+		self == OutputFeatures::Multisig
+	}
 }
 
 impl Output {
@@ -2107,6 +2115,11 @@ impl Output {
 		self.identifier.is_plain()
 	}
 
+	/// Is this a multisig output?
+	pub fn is_multisig(&self) -> bool {
+		self.identifier.is_multisig()
+	}
+
 	/// Range proof for the output
 	pub fn proof(&self) -> RangeProof {
 		self.proof
@@ -2190,6 +2203,11 @@ impl OutputIdentifier {
 		self.features.is_plain()
 	}
 
+	/// Is this a multisig output?
+	pub fn is_multisig(&self) -> bool {
+		self.features.is_multisig()
+	}
+
 	/// Converts this identifier to a full output, provided a RangeProof
 	pub fn into_output(self, proof: RangeProof) -> Output {
 		Output {
@@ -2400,7 +2418,7 @@ mod test {
 		let pubkey = excess.to_pubkey(&keychain.secp()).unwrap();
 
 		let excess_sig =
-			aggsig::sign_single(&keychain.secp(), &msg, &skey, None, Some(&pubkey)).unwrap();
+			aggsig::sign_single(&keychain.secp(), &msg, &skey, None, None, Some(&pubkey)).unwrap();
 
 		kernel.excess = excess;
 		kernel.excess_sig = excess_sig;

diff --git a/core/src/libtx/aggsig.rs b/core/src/libtx/aggsig.rs
@@ -86,6 +86,7 @@ pub fn create_secnonce(secp: &Secp256k1) -> Result<SecretKey, Error> {
 ///     &secp,
 ///     &secret_key,
 ///     &secret_nonce,
+///     None,
 ///     &pub_nonce_sum,
 ///     Some(&pub_key_sum),
 ///     &message,
@@ -96,6 +97,7 @@ pub fn calculate_partial_sig(
 	secp: &Secp256k1,
 	sec_key: &SecretKey,
 	sec_nonce: &SecretKey,
+	sec_nonce_extra: Option<&SecretKey>,
 	nonce_sum: &PublicKey,
 	pubkey_sum: Option<&PublicKey>,
 	msg: &secp::Message,
@@ -106,7 +108,7 @@ pub fn calculate_partial_sig(
 		&msg,
 		sec_key,
 		Some(sec_nonce),
-		None,
+		sec_nonce_extra,
 		Some(nonce_sum),
 		pubkey_sum,
 		Some(nonce_sum),
@@ -156,6 +158,7 @@ pub fn calculate_partial_sig(
 ///     &secp,
 ///     &secret_key,
 ///     &secret_nonce,
+///     None,
 ///     &pub_nonce_sum,
 ///     Some(&pub_key_sum),
 ///     &message,
@@ -169,6 +172,7 @@ pub fn calculate_partial_sig(
 ///     &secp,
 ///     &sig_part,
 ///     &pub_nonce_sum,
+///     None,
 ///     &public_key,
 ///     Some(&pub_key_sum),
 ///     &message,
@@ -179,6 +183,7 @@ pub fn verify_partial_sig(
 	secp: &Secp256k1,
 	sig: &Signature,
 	pub_nonce_sum: &PublicKey,
+	pub_nonce_extra: Option<&PublicKey>,
 	pubkey: &PublicKey,
 	pubkey_sum: Option<&PublicKey>,
 	msg: &secp::Message,
@@ -188,6 +193,7 @@ pub fn verify_partial_sig(
 		sig,
 		&msg,
 		Some(&pub_nonce_sum),
+		pub_nonce_extra,
 		pubkey,
 		pubkey_sum,
 		true,
@@ -323,7 +329,7 @@ pub fn verify_single_from_commit(
 	commit: &Commitment,
 ) -> Result<(), Error> {
 	let pubkey = commit.to_pubkey(secp)?;
-	if !verify_single(secp, sig, msg, None, &pubkey, Some(&pubkey), false) {
+	if !verify_single(secp, sig, msg, None, None, &pubkey, Some(&pubkey), false) {
 		return Err(ErrorKind::Signature("Signature validation error".to_string()).into());
 	}
 	Ok(())
@@ -369,6 +375,7 @@ pub fn verify_single_from_commit(
 ///     &secp,
 ///     &secret_key,
 ///     &secret_nonce,
+///     None,
 ///     &pub_nonce_sum,
 ///     Some(&pub_key_sum),
 ///     &message,
@@ -391,7 +398,7 @@ pub fn verify_completed_sig(
 	pubkey_sum: Option<&PublicKey>,
 	msg: &secp::Message,
 ) -> Result<(), Error> {
-	if !verify_single(secp, sig, msg, None, pubkey, pubkey_sum, true) {
+	if !verify_single(secp, sig, msg, None, None, pubkey, pubkey_sum, true) {
 		return Err(ErrorKind::Signature("Signature validation error".to_string()).into());
 	}
 	Ok(())
@@ -414,9 +421,19 @@ pub fn sign_single(
 	msg: &Message,
 	skey: &SecretKey,
 	snonce: Option<&SecretKey>,
+	snonce_extra: Option<&SecretKey>,
 	pubkey_sum: Option<&PublicKey>,
 ) -> Result<Signature, Error> {
-	let sig = aggsig::sign_single(secp, &msg, skey, snonce, None, None, pubkey_sum, None)?;
+	let sig = aggsig::sign_single(
+		secp,
+		&msg,
+		skey,
+		snonce,
+		snonce_extra,
+		None,
+		pubkey_sum,
+		None,
+	)?;
 	Ok(sig)
 }
 
@@ -426,12 +443,20 @@ pub fn verify_single(
 	sig: &Signature,
 	msg: &Message,
 	pubnonce: Option<&PublicKey>,
+	pubnonce_extra: Option<&PublicKey>,
 	pubkey: &PublicKey,
 	pubkey_sum: Option<&PublicKey>,
 	is_partial: bool,
 ) -> bool {
 	aggsig::verify_single(
-		secp, sig, msg, pubnonce, pubkey, pubkey_sum, None, is_partial,
+		secp,
+		sig,
+		msg,
+		pubnonce,
+		pubkey,
+		pubkey_sum,
+		pubnonce_extra,
+		is_partial,
 	)
 }