6 #ifndef SECP256K1_MODULE_MUSIG_TESTS_IMPL_H 7 #define SECP256K1_MODULE_MUSIG_TESTS_IMPL_H 12 #include "../../../include/secp256k1.h" 13 #include "../../../include/secp256k1_extrakeys.h" 14 #include "../../../include/secp256k1_musig.h" 18 #include "../../scalar.h" 19 #include "../../field.h" 20 #include "../../group.h" 21 #include "../../hash.h" 22 #include "../../util.h" 23 #include "../../unit_test.h" 32 if (keypair != NULL) {
33 *keypair = keypair_tmp;
41 unsigned char sk[2][32];
46 unsigned char msg[32];
49 unsigned char session_secrand[2][32];
55 unsigned char final_sig[64];
60 for (i = 0; i < 2; i++) {
63 pubnonce_ptr[i] = &pubnonce[i];
64 partial_sig_ptr[i] = &partial_sig[i];
71 uint64_t nonrepeating_cnt = 0;
80 for (i = 0; i < 2; i++) {
100 for (i = 0; i < 2; i++) {
102 pubnonce_ptr[i] = &pubnonce[i];
116 for (i = 0; i < len; i++) {
127 unsigned char pre_sig[64];
128 unsigned char buf[32];
129 unsigned char sk[2][32];
132 unsigned char max64[64];
133 unsigned char zeros132[132] = { 0 };
134 unsigned char session_secrand[2][32];
135 unsigned char nonrepeating_cnt = 0;
141 unsigned char pubnonce_ser[66];
147 unsigned char aggnonce_ser[66];
148 unsigned char msg[32];
160 unsigned char tweak[32];
164 memset(max64, 0xff,
sizeof(max64));
165 memset(&invalid_keypair, 0,
sizeof(invalid_keypair));
166 memset(&invalid_pk, 0,
sizeof(invalid_pk));
167 memset(&invalid_secnonce, 0,
sizeof(invalid_secnonce));
168 memset(&invalid_partial_sig, 0,
sizeof(invalid_partial_sig));
173 memset(&invalid_keyagg_cache, 0,
sizeof(invalid_keyagg_cache));
174 memset(&invalid_pk, 0,
sizeof(invalid_pk));
175 memset(&invalid_pubnonce, 0,
sizeof(invalid_pubnonce));
176 memset(&invalid_session, 0,
sizeof(invalid_session));
180 for (i = 0; i < 2; i++) {
182 invalid_pk_ptr2[i] = &invalid_pk;
183 invalid_pk_ptr3[i] = &
pk[i];
184 pubnonce_ptr[i] = &pubnonce[i];
185 inf_pubnonce_ptr[i] = &inf_pubnonce[i];
186 partial_sig_ptr[i] = &partial_sig[i];
187 invalid_partial_sig_ptr[i] = &partial_sig[i];
192 invalid_pubnonce_ptr[0] = &invalid_pubnonce;
193 invalid_partial_sig_ptr[0] = &invalid_partial_sig;
196 invalid_pk_ptr3[2] = &invalid_pk;
205 for (i = 0; i < 2; i++) {
209 pk_ptr[i] = original_ptr;
235 for (i = 0; i < 2; i++) {
238 CHECK((*tweak_func[i])(
CTX, &tmp_output_pk, &tmp_keyagg_cache,
tweak) == 1);
240 tmp_keyagg_cache = keyagg_cache;
241 CHECK((*tweak_func[i])(
CTX, NULL, &tmp_keyagg_cache,
tweak) == 1);
242 tmp_keyagg_cache = keyagg_cache;
245 tmp_keyagg_cache = keyagg_cache;
248 tmp_keyagg_cache = keyagg_cache;
249 CHECK((*tweak_func[i])(
CTX, &tmp_output_pk, &tmp_keyagg_cache, max64) == 0);
251 tmp_keyagg_cache = keyagg_cache;
278 memcpy(&session_secrand[0], zeros132,
sizeof(session_secrand[0]));
361 for (i = 0; i < 2; i++) {
363 pubnonce_ptr[i] = NULL;
365 pubnonce_ptr[i] = original_ptr;
376 for (i = 0; i < 2; i++) {
416 memcpy(&secnonce_tmp, &secnonce[0],
sizeof(secnonce_tmp));
421 memcpy(&secnonce_tmp, &secnonce[0],
sizeof(secnonce_tmp));
423 memcpy(&secnonce_tmp, &secnonce[0],
sizeof(secnonce_tmp));
427 memcpy(&secnonce_tmp, &secnonce[0],
sizeof(secnonce_tmp));
429 memcpy(&secnonce_tmp, &secnonce[0],
sizeof(secnonce_tmp));
431 unsigned char sk_tmp[32];
436 memcpy(&secnonce_tmp, &secnonce[0],
sizeof(secnonce_tmp));
439 memcpy(&secnonce_tmp, &secnonce[0],
sizeof(secnonce_tmp));
441 memcpy(&secnonce_tmp, &secnonce[0],
sizeof(secnonce_tmp));
443 memcpy(&secnonce_tmp, &secnonce[0],
sizeof(secnonce_tmp));
445 memcpy(&secnonce_tmp, &secnonce[0],
sizeof(secnonce_tmp));
492 for (i = 0; i < 2; i++) {
494 partial_sig_ptr[i] = NULL;
496 partial_sig_ptr[i] = original_ptr;
519 unsigned char *
args[6];
520 unsigned char session_secrand[32];
521 unsigned char sk[32];
522 unsigned char pk[33];
523 unsigned char msg[32];
524 unsigned char agg_pk[32];
525 unsigned char extra_input[32];
537 args[0] = session_secrand;
542 args[5] = extra_input;
543 for (i = 0; i <
COUNT; i++) {
555 memcpy(
pk, session_secrand,
sizeof(session_secrand));
556 memcpy(agg_pk, session_secrand,
sizeof(agg_pk));
557 memcpy(extra_input, session_secrand,
sizeof(extra_input));
564 for (i = 0; i < 6; i++) {
566 for (j = i+1; j < 6; j++) {
579 static const unsigned char tag[] = {
'K',
'e',
'y',
'A',
'g',
'g',
' ',
'l',
'i',
's',
't'};
585 static const unsigned char tag[] = {
'K',
'e',
'y',
'A',
'g',
'g',
' ',
'c',
'o',
'e',
'f',
'f',
'i',
'c',
'i',
'e',
'n',
't'};
591 static const unsigned char tag[] = {
'M',
'u',
'S',
'i',
'g',
'/',
'a',
'u',
'x' };
597 static const unsigned char tag[] = {
'M',
'u',
'S',
'i',
'g',
'/',
'n',
'o',
'n',
'c',
'e' };
603 static const unsigned char tag[] = {
'M',
'u',
'S',
'i',
'g',
'/',
'n',
'o',
'n',
'c',
'e',
'c',
'o',
'e',
'f' };
613 unsigned char session_secrand[2][32];
614 unsigned char msg[32];
623 unsigned char final_sig[64];
626 for (i = 0; i < 2; i++) {
627 pubnonce_ptr[i] = &pubnonce[i];
628 partial_sig_ptr[i] = &partial_sig[i];
655 unsigned char sk[2][32];
659 enum { N_TWEAKS = 8 };
665 for (i = 0; i < 2; i++) {
679 for (i = 1; i <= N_TWEAKS; i++) {
680 unsigned char tweak[32];
694 unsigned char P_serialized[32];
709 unsigned char *agg_pk_ser,
710 const unsigned char pubkeys33[][33],
711 const unsigned char tweaks32[][32],
712 size_t key_indices_len,
713 const size_t *key_indices,
714 size_t tweak_indices_len,
715 const size_t *tweak_indices,
716 const int *is_xonly) {
723 for (i = 0; i < (int)key_indices_len; i++) {
728 pk_ptr[i] = &pubkeys[i];
735 for (i = 0; i < (int)tweak_indices_len; i++) {
758 if (agg_pk_ser != NULL) {
776 unsigned char agg_pk[32];
800 unsigned char session_secrand32[32];
803 const unsigned char *
sk = NULL;
804 const unsigned char *
msg = NULL;
805 const unsigned char *
extra_in = NULL;
807 unsigned char pubnonce66[66];
817 memset(&cache_i, 0,
sizeof(cache_i));
821 keyagg_cache_ptr = &keyagg_cache;
855 unsigned char aggnonce66[66];
857 for (j = 0; j < 2; j++) {
859 pubnonce_ptr[j] = &pubnonce[j];
868 for (j = 0; j < 2; j++) {
900 unsigned char partial_sig32[32];
963 enum { NUM_PUBNONCES = 3 };
973 pubnonce_ptr[j] = &pubnonce[j];
1026 unsigned char partial_sig32[32];
1058 unsigned char final_sig[64];
1060 unsigned char agg_pk32[32];
1072 partial_sig_ptr[j] = &partial_sig[j];
1096 unsigned char pubnonce66[66];
1099 uint64_t nonrepeating_cnt = 0;
1100 unsigned char sk[32] = {
1101 0xEE, 0xC1, 0xCB, 0x7D, 0x1B, 0x72, 0x54, 0xC5,
1102 0xCA, 0xB0, 0xD9, 0xC6, 0x1A, 0xB0, 0x2E, 0x64,
1103 0x3D, 0x46, 0x4A, 0x59, 0xFE, 0x6C, 0x96, 0xA7,
1104 0xEF, 0xE8, 0x71, 0xF0, 0x7C, 0x5A, 0xEF, 0x54,
1106 unsigned char expected_secnonce[64] = {
1107 0x84, 0x2F, 0x13, 0x80, 0xCD, 0x17, 0xA1, 0x98,
1108 0xFC, 0x3D, 0xAD, 0x3B, 0x7D, 0xA7, 0x49, 0x29,
1109 0x41, 0xF4, 0x69, 0x76, 0xF2, 0x70, 0x2F, 0xF7,
1110 0xC6, 0x6F, 0x24, 0xF4, 0x72, 0x03, 0x6A, 0xF1,
1111 0xDA, 0x3F, 0x95, 0x2D, 0xDE, 0x4A, 0x2D, 0xA6,
1112 0xB6, 0x32, 0x57, 0x07, 0xCE, 0x87, 0xA4, 0xE3,
1113 0x61, 0x6D, 0x06, 0xFC, 0x5F, 0x81, 0xA9, 0xC9,
1114 0x93, 0x86, 0xD2, 0x0A, 0x99, 0xCE, 0xCF, 0x99,
1116 unsigned char expected_pubnonce[66] = {
1117 0x03, 0xA5, 0xB9, 0xB6, 0x90, 0x79, 0x42, 0xEA,
1118 0xCD, 0xDA, 0x49, 0xA3, 0x66, 0x01, 0x6E, 0xC2,
1119 0xE6, 0x24, 0x04, 0xA1, 0xBF, 0x4A, 0xB6, 0xD4,
1120 0xDB, 0x82, 0x06, 0x7B, 0xC3, 0xAD, 0xF0, 0x86,
1121 0xD7, 0x03, 0x32, 0x05, 0xDB, 0x9E, 0xB3, 0x4D,
1122 0x5C, 0x7C, 0xE0, 0x28, 0x48, 0xCA, 0xC6, 0x8A,
1123 0x83, 0xED, 0x73, 0xE3, 0x88, 0x34, 0x77, 0xF5,
1124 0x63, 0xF2, 0x3C, 0xE9, 0xA1, 0x1A, 0x77, 0x21,
1145 CASE1(musig_simple_test),
1148 CASE1(musig_tweak_test),
struct musig_sign_error_case sign_error_case[6]
static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b)
Compare two scalars.
static int secp256k1_ge_is_infinity(const secp256k1_ge *a)
Check whether a group element is the point at infinity.
static void musig_tweak_test_internal(void)
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_get(const secp256k1_context *ctx, secp256k1_pubkey *agg_pk, const secp256k1_musig_keyagg_cache *keyagg_cache) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Obtain the aggregate public key from a keyagg_cache.
static void musig_test_vectors_tweak(void)
static int secp256k1_gej_is_infinity(const secp256k1_gej *a)
Check whether a group element is the point at infinity.
This module implements BIP 327 "MuSig2 for BIP340-compatible Multi-Signatures" (https://github.com/bitcoin/bips/blob/master/bip-0327.mediawiki) v1.0.0.
SECP256K1_API int secp256k1_musig_pubnonce_serialize(const secp256k1_context *ctx, unsigned char *out66, const secp256k1_musig_pubnonce *nonce) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize a signer's public nonce.
SECP256K1_API int secp256k1_musig_partial_sign(const secp256k1_context *ctx, secp256k1_musig_partial_sig *partial_sig, secp256k1_musig_secnonce *secnonce, const secp256k1_keypair *keypair, const secp256k1_musig_keyagg_cache *keyagg_cache, const secp256k1_musig_session *session) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6)
Produces a partial signature.
static void secp256k1_ge_neg(secp256k1_ge *r, const secp256k1_ge *a)
Set r equal to the inverse of a (i.e., mirrored around the X axis)
static void testutil_random_ge_test(secp256k1_ge *ge)
struct musig_nonce_agg_test_case valid_case[2]
static void secp256k1_nonce_function_musig(secp256k1_scalar *k, const unsigned char *session_secrand, const unsigned char *msg32, const unsigned char *seckey32, const unsigned char *pk33, const unsigned char *agg_pk32, const unsigned char *extra_input32)
static void secp256k1_keyagg_cache_save(secp256k1_musig_keyagg_cache *cache, const secp256k1_keyagg_cache_internal *cache_i)
int memcmp_and_randomize(unsigned char *value, const unsigned char *expected, size_t len)
Opaque data structure that holds an aggregate public nonce.
unsigned char tweaks[2][32]
struct musig_tweak_case valid_case[5]
static const struct musig_key_agg_vector musig_key_agg_vector
unsigned char pubnonces[3][194]
static void secp256k1_nonce_function_musig_sha256_tagged(secp256k1_sha256 *sha)
static const struct musig_sign_verify_vector musig_sign_verify_vector
SECP256K1_API int secp256k1_musig_nonce_agg(const secp256k1_context *ctx, secp256k1_musig_aggnonce *aggnonce, const secp256k1_musig_pubnonce *const *pubnonces, size_t n_pubnonces) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Aggregates the nonces of all signers into a single nonce.
static void secp256k1_musig_keyagglist_sha256(secp256k1_sha256 *sha)
struct musig_nonce_agg_test_case error_case[3]
static const struct tf_test_entry tests_musig[]
static void secp256k1_musig_secnonce_save(secp256k1_musig_secnonce *secnonce, const secp256k1_scalar *k, const secp256k1_ge *pk)
unsigned char tweaks[5][32]
static void sha256_tag_test(void)
unsigned char expected[32]
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_partial_sig_verify(const secp256k1_context *ctx, const secp256k1_musig_partial_sig *partial_sig, const secp256k1_musig_pubnonce *pubnonce, const secp256k1_pubkey *pubkey, const secp256k1_musig_keyagg_cache *keyagg_cache, const secp256k1_musig_session *session) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6)
Verifies an individual signer's partial signature.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubnonce_parse(const secp256k1_context *ctx, secp256k1_musig_pubnonce *nonce, const unsigned char *in66) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a signer's public nonce.
static void secp256k1_musig_keyaggcoef_sha256(secp256k1_sha256 *sha)
static const struct musig_tweak_vector musig_tweak_vector
memcpy(result.begin(), stream.data(), stream.size())
static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow)
Set a scalar from a big endian byte array.
A group element of the secp256k1 curve, in jacobian coordinates.
struct musig_tweak_case error_case[1]
static void testrand256(unsigned char *b32)
Generate a pseudorandom 32-byte array.
int musig_vectors_keyagg_and_tweak(enum MUSIG_ERROR *error, secp256k1_musig_keyagg_cache *keyagg_cache, unsigned char *agg_pk_ser, const unsigned char pubkeys33[][33], const unsigned char tweaks32[][32], size_t key_indices_len, const size_t *key_indices, size_t tweak_indices_len, const size_t *tweak_indices, const int *is_xonly)
static void musig_test_static_nonce_gen_counter(void)
static int tweak(const secp256k1_context *ctx, secp256k1_xonly_pubkey *agg_pk, secp256k1_musig_keyagg_cache *cache)
struct musig_verify_fail_error_case verify_error_case[2]
Opaque data structure that holds a partial MuSig signature.
unsigned char pubkeys[7][33]
static void testrand_flip(unsigned char *b, size_t len)
Flip a single random bit in a byte array.
struct musig_valid_case valid_case[4]
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_ec_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *output_pubkey, secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Apply plain "EC" tweaking to a public key in a given keyagg_cache by adding the generator multiplied ...
unsigned char extra_in[32]
static void musig_nonce_bitflip(unsigned char **args, size_t n_flip, size_t n_bytes)
static secp256k1_context * STATIC_CTX
SECP256K1_API int secp256k1_musig_partial_sig_serialize(const secp256k1_context *ctx, unsigned char *out32, const secp256k1_musig_partial_sig *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize a MuSig partial signature.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
unsigned char pnonces[7][66]
static void musig_test_vectors_signverify(void)
static int secp256k1_musig_aggnonce_load(const secp256k1_context *ctx, secp256k1_ge *ges, const secp256k1_musig_aggnonce *nonce)
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_process(const secp256k1_context *ctx, secp256k1_musig_session *session, const secp256k1_musig_aggnonce *aggnonce, const unsigned char *msg32, const secp256k1_musig_keyagg_cache *keyagg_cache) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5)
Takes the aggregate nonce and creates a session that is required for signing and verification of part...
static int secp256k1_musig_sum_pubnonces(const secp256k1_context *ctx, secp256k1_gej *summed_pubnonces, const secp256k1_musig_pubnonce *const *pubnonces, size_t n_pubnonces)
unsigned char pubkeys[4][33]
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_agg(const secp256k1_context *ctx, secp256k1_xonly_pubkey *agg_pk, secp256k1_musig_keyagg_cache *keyagg_cache, const secp256k1_pubkey *const *pubkeys, size_t n_pubkeys) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(4)
Computes an aggregate public key and uses it to initialize a keyagg_cache.
unsigned char tweaks[3][32]
Opaque data structure that holds a parsed and valid "x-only" public key.
static void musig_test_vectors_keyagg(void)
static void musig_test_vectors_nonceagg(void)
unsigned char expected[64]
unsigned char aggnonce[66]
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_aggnonce_parse(const secp256k1_context *ctx, secp256k1_musig_aggnonce *nonce, const unsigned char *in66) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an aggregate public nonce.
static secp256k1_context * CTX
static void secp256k1_musig_pubnonce_save(secp256k1_musig_pubnonce *nonce, const secp256k1_ge *ges)
unsigned char aggnonces[5][66]
struct musig_verify_fail_error_case verify_fail_case[3]
SECP256K1_API int secp256k1_musig_partial_sig_agg(const secp256k1_context *ctx, unsigned char *sig64, const secp256k1_musig_session *session, const secp256k1_musig_partial_sig *const *partial_sigs, size_t n_sigs) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Aggregates partial signatures.
unsigned char secnonce[97]
Opaque data structure that holds a signer's secret nonce.
unsigned char pubnonces[5][194]
static void testrand_bytes_test(unsigned char *bytes, size_t len)
Generate pseudorandom bytes with long sequences of zero and one bits.
struct musig_sig_agg_case error_case[1]
MUSIG_ERROR
Automatically generated by .
#define CHECK(cond)
Unconditional failure on condition failure.
static void secp256k1_nonce_function_musig_sha256_tagged_aux(secp256k1_sha256 *sha)
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
A group element in affine coordinates on the secp256k1 curve, or occasionally on an isomorphic curve ...
static void musig_test_vectors_noncegen(void)
A scalar modulo the group order of the secp256k1 curve.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_gen(const secp256k1_context *ctx, secp256k1_musig_secnonce *secnonce, secp256k1_musig_pubnonce *pubnonce, unsigned char *session_secrand32, const unsigned char *seckey, const secp256k1_pubkey *pubkey, const unsigned char *msg32, const secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *extra_input32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(6)
Starts a signing session by generating a nonce.
Opaque data structure that holds a keypair consisting of a secret and a public key.
unsigned char expected_pubnonce[66]
unsigned char secnonces[2][194]
static void musig_api_tests(void)
Opaque data structure that holds a signer's public nonce.
struct musig_key_agg_valid_test_case valid_case[4]
SECP256K1_API int secp256k1_musig_aggnonce_serialize(const secp256k1_context *ctx, unsigned char *out66, const secp256k1_musig_aggnonce *nonce) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an aggregate public nonce.
static void musig_test_set_secnonce(secp256k1_musig_secnonce *secnonce, const unsigned char *secnonce64, const secp256k1_pubkey *pubkey)
Opaque data structure that holds a MuSig session.
struct musig_nonce_gen_test_case test_case[2]
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_xonly_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *output_pubkey, secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Apply x-only tweaking to a public key in a given keyagg_cache by adding the generator multiplied with...
static void musig_tweak_test_helper(const secp256k1_xonly_pubkey *agg_pk, const unsigned char *sk0, const unsigned char *sk1, secp256k1_musig_keyagg_cache *keyagg_cache)
static void test_sha256_tag_midstate(secp256k1_sha256 *sha_tagged, const unsigned char *tag, size_t taglen)
static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n)
Semantics like memcmp.
static SECP256K1_INLINE uint64_t testrand_bits(int bits)
Generate a pseudorandom number in the range [0..2**bits-1].
unsigned char expected_secnonce[97]
unsigned char aggnonce[66]
static void musig_test_vectors_sigagg(void)
unsigned char expected[32]
static int secp256k1_pubkey_load(const secp256k1_context *ctx, secp256k1_ge *ge, const secp256k1_pubkey *pubkey)
unsigned char pubkeys[4][33]
static const struct musig_nonce_gen_vector musig_nonce_gen_vector
unsigned char pubkeys[3][33]
static void musig_simple_test_internal(void)
static SECP256K1_INLINE int secp256k1_xonly_pubkey_load(const secp256k1_context *ctx, secp256k1_ge *ge, const secp256k1_xonly_pubkey *pubkey)
static void secp256k1_musig_compute_noncehash_sha256_tagged(secp256k1_sha256 *sha)
unsigned char psigs[9][32]
unsigned char msgs[1][32]
#define CHECK_ILLEGAL(ctx, expr)
struct musig_sig_agg_case valid_case[4]
static int create_keypair_and_pk(secp256k1_keypair *keypair, secp256k1_pubkey *pk, const unsigned char *sk)
unsigned char expected[32]
unsigned char expected[66]
struct musig_key_agg_error_test_case error_case[5]
static void musig_nonce_test(void)
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_verify(const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_xonly_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(5)
Verify a Schnorr signature.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_gen_counter(const secp256k1_context *ctx, secp256k1_musig_secnonce *secnonce, secp256k1_musig_pubnonce *pubnonce, uint64_t nonrepeating_cnt, const secp256k1_keypair *keypair, const unsigned char *msg32, const secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *extra_input32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(5)
Alternative way to generate a nonce and start a signing session.
static void pubnonce_summing_to_inf(secp256k1_musig_pubnonce *pubnonce)
Opaque data structure that holds a parsed and valid public key.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_partial_sig_parse(const secp256k1_context *ctx, secp256k1_musig_partial_sig *sig, const unsigned char *in32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a MuSig partial signature.
static const struct musig_nonce_agg_vector musig_nonce_agg_vector
static const struct musig_sig_agg_vector musig_sig_agg_vector
1.8.14