Add module "musig" that implements MuSig2 multi-signatures (BIP 327) #1479
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jonasnick
force-pushed
the
musig2-module
branch
from
f5a74fd
to
fb60ae9
Compare
jonasnick
force-pushed
the
musig2-module
branch
5 times, most recently
from
ab7fc1e
to
eaf1e78
Compare
jonasnick
force-pushed
the
musig2-module
branch
from
eaf1e78
to
70bb685
Compare
|
Rebased on top of master to get #1480 which allowed dropping a commit. Old state is preserved at https://github.com/jonasnick/secp256k1/tree/musig2-module-backup. |
|
FWIW, we have JVM bindings on top of this branch in ACINQ/secp256k1-kmp#93 and an implementation of swap-in-potentiam (musig2 key-path with alternative delayed script path) in ACINQ/bitcoin-kmp#107 and everything is working fine, and the API is easy enough to use! |
jonasnick
force-pushed
the
musig2-module
branch
from
70bb685
to
dd4932b
Compare
|
Rebased. Thanks @t-bast, that's good to hear. |
|
Attaching a visualization for the API flow.
Edit: The above visualization is incorrect. I will update it with the correct one soon. |
siv2r
reviewed
Feb 5, 2024
| pubkeys_ptr[i] = &signers[i].pubkey; | ||
| } | ||
| printf("ok\n"); | ||
| printf("Combining public keys..."); |
There was a problem hiding this comment.
Do we recommend that users sort their pubkeys before aggregating them? The musig_pubkey_agg API documentation simply says the user "can" do it.
If we recommend the sorting step, including it in the example file would be helpful.
There was a problem hiding this comment.
I think there's no catch-all recommendation. BIP327 says "The aggregate public key produced by KeyAgg (regardless of the type) depends on the order of the individual public keys. If the application does not have a canonical order of the signers, the individual public keys can be sorted with the KeySort algorithm to ensure that the aggregate public key is independent of the order of signers."
In other words: If in your application, the collection of pubkeys (or signers represented by them) is conceptually an (ordered) list, then don't bother with sorting. If in your application, the collection of pubkeys is conceptually an (unordered) set, i.e., the application doesn't want to care about the order of pubkeys, then sort to make sure the set has a canonical serialization.
Perhaps we can explain this somewhere in more detail, either in the API docs or in the example.
There was a problem hiding this comment.
nit: I think it would be nice to including sorting in the example for the following reasons:
- It provides a practical example on how to use the sorting API
- It's a good hook for adding a comment explaining what @real-or-random just explained above. Feels a bit nicer to have that comment in the example, vs the API docs
There was a problem hiding this comment.
Added sorting and a comment.
siv2r
reviewed
Feb 6, 2024
22 tasks
jonasnick
force-pushed
the
musig2-module
branch
from
2017bbe
to
4619706
Compare
josibake
reviewed
Apr 8, 2024
src/modules/extrakeys/main_impl.h
Outdated
Comment on lines
305
to
309
| /* Suppress wrong warning (fixed in MSVC 19.33) */ | ||
| #if defined(_MSC_VER) && (_MSC_VER < 1933) | ||
| #pragma warning(push) | ||
| #pragma warning(disable: 4090) | ||
| #endif |
There was a problem hiding this comment.
in 26dde29 ("extrakeys: add secp256k1_pubkey_sort"):
Does it make sense to move this block into the secp256k1_sort function? I ended up copying these lines while writing a secp256k1_silentpayments_recipient_sort function, which made me realize anyone else would also need to copy these lines when writing a sort function for heapsort.
There was a problem hiding this comment.
You mean into secp256k1_hsort? I'd guess the wrong warning is emitted when secp256k1_hsort is called and therefore it would be to late when the warning was disabled in secp256k1_hsort.
jonasnick
force-pushed
the
musig2-module
branch
from
352cd3b
to
168c920
Compare
fixed |
|
reACK 168c920 |
|
We have an open issue for |
theStack
approved these changes
Oct 7, 2024
This was referenced Oct 7, 2024
theStack
added a commit
to theStack/secp256k1
that referenced
this pull request
Oct 11, 2024
Quoting sipa (see bitcoin-core#1479 (comment)): "When performing an EC multiplication A = aG for secret a, the resulting _affine_ coordinates of A are presumed to not leak information about a (ECDLP), but the same is not necessarily true for the Jacobian coordinates that come out of our multiplication algorithm." For the ECDH point multiplication result, the result in Jacobi coordinates should be cleared not only to avoid leaking the scalar, but even more so as it's a representation of the resulting shared secret.
achow101
added a commit
to achow101/bitcoin
that referenced
this pull request
Oct 12, 2024
a88aa935063 Merge bitcoin-core/secp256k1#1603: f can never equal -m 3660fe5e2a9 Merge bitcoin-core/secp256k1#1479: Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 168c92011f5 build: allow enabling the musig module in cmake f411841a46b Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 0be79660f38 util: add constant-time is_zero_array function c8fbdb1b972 group: add ge_to_bytes_ext and ge_from_bytes_ext ef7ff03407f f can never equal -m 4c57c7a5a95 Merge bitcoin-core/secp256k1#1554: cmake: Clean up testing code 472faaa8ee6 Merge bitcoin-core/secp256k1#1604: doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 292310fbb24 doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 85e224dd97f group: add ge_to_bytes and ge_from_bytes 7c987ec89e6 cmake: Call `enable_testing()` unconditionally 6aa576515ef cmake: Delete `CTest` module git-subtree-dir: src/secp256k1 git-subtree-split: a88aa9350633c2d2472bace5c290aa291c7f12c9
hebasto
added a commit
to hebasto/bitcoin
that referenced
this pull request
Oct 16, 2024
4f64b9f4cd build: Drop no longer needed `-fvisibility=hidden` compiler option 5d978f1899 ci: Run `tools/symbol-check.py` 258dba9e11 test: Add `tools/symbol-check.py` 3144ba99f3 Introduce `SECP256K1_LOCAL_VAR` macro e2571385e0 Do not export `secp256k1_musig_nonce_gen_internal` e59158b6eb Merge bitcoin-core/secp256k1#1553: cmake: Set top-level target output locations 18f9b967c2 Merge bitcoin-core/secp256k1#1616: examples: do not retry generating seckey randomness in musig 5bab8f6d3c examples: make key generation doc consistent e8908221a4 examples: do not retry generating seckey randomness in musig 70b6be1834 extrakeys: improve doc of keypair_create (don't suggest retry) 01b5893389 Merge bitcoin-core/secp256k1#1599: bitcoin#1570 improve examples: remove key generation loop cd4f84f3ba Improve examples/documentation: remove key generation loops a88aa93506 Merge bitcoin-core/secp256k1#1603: f can never equal -m 3660fe5e2a Merge bitcoin-core/secp256k1#1479: Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 168c92011f build: allow enabling the musig module in cmake f411841a46 Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 0be79660f3 util: add constant-time is_zero_array function c8fbdb1b97 group: add ge_to_bytes_ext and ge_from_bytes_ext ef7ff03407 f can never equal -m c232486d84 Revert "cmake: Set `ENVIRONMENT` property for examples on Windows" 26e4a7c214 cmake: Set top-level target output locations 4c57c7a5a9 Merge bitcoin-core/secp256k1#1554: cmake: Clean up testing code 472faaa8ee Merge bitcoin-core/secp256k1#1604: doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 292310fbb2 doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 85e224dd97 group: add ge_to_bytes and ge_from_bytes 7c987ec89e cmake: Call `enable_testing()` unconditionally 6aa576515e cmake: Delete `CTest` module git-subtree-dir: src/secp256k1 git-subtree-split: 4f64b9f4cdf130d2c6d6b7bd855a04faf6f88e08
theStack
added a commit
to theStack/secp256k1
that referenced
this pull request
Oct 22, 2024
Quoting sipa (see bitcoin-core#1479 (comment)): "When performing an EC multiplication A = aG for secret a, the resulting _affine_ coordinates of A are presumed to not leak information about a (ECDLP), but the same is not necessarily true for the Jacobian coordinates that come out of our multiplication algorithm." For the ECDH point multiplication result, the result in Jacobi coordinates should be cleared not only to avoid leaking the scalar, but even more so as it's a representation of the resulting shared secret.
achow101
added a commit
to achow101/bitcoin
that referenced
this pull request
Oct 24, 2024
68b55209f1b Merge bitcoin-core/secp256k1#1619: musig: ctimetests: fix _declassify range for generated nonce points f0868a9b3d8 Merge bitcoin-core/secp256k1#1595: build: 45839th attempt to fix symbol visibility on Windows 1fae76f50c0 Merge bitcoin-core/secp256k1#1620: Remove unused scratch space from API 8be3839fb2e Remove unused scratch space from API 57eda3ba300 musig: ctimetests: fix _declassify range for generated nonce points e59158b6eb7 Merge bitcoin-core/secp256k1#1553: cmake: Set top-level target output locations 18f9b967c25 Merge bitcoin-core/secp256k1#1616: examples: do not retry generating seckey randomness in musig 5bab8f6d3c4 examples: make key generation doc consistent e8908221a45 examples: do not retry generating seckey randomness in musig 70b6be1834e extrakeys: improve doc of keypair_create (don't suggest retry) 01b5893389e Merge bitcoin-core/secp256k1#1599: bitcoin#1570 improve examples: remove key generation loop cd4f84f3ba8 Improve examples/documentation: remove key generation loops a88aa935063 Merge bitcoin-core/secp256k1#1603: f can never equal -m 3660fe5e2a9 Merge bitcoin-core/secp256k1#1479: Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 168c92011f5 build: allow enabling the musig module in cmake f411841a46b Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 0be79660f38 util: add constant-time is_zero_array function c8fbdb1b972 group: add ge_to_bytes_ext and ge_from_bytes_ext ef7ff03407f f can never equal -m c232486d84e Revert "cmake: Set `ENVIRONMENT` property for examples on Windows" 26e4a7c2146 cmake: Set top-level target output locations 4c57c7a5a95 Merge bitcoin-core/secp256k1#1554: cmake: Clean up testing code 447334cb06d include: Avoid visibility("default") on Windows 472faaa8ee6 Merge bitcoin-core/secp256k1#1604: doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 292310fbb24 doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 85e224dd97f group: add ge_to_bytes and ge_from_bytes 7c987ec89e6 cmake: Call `enable_testing()` unconditionally 6aa576515ef cmake: Delete `CTest` module git-subtree-dir: src/secp256k1 git-subtree-split: 68b55209f1ba3e6c0417789598f5f75649e9c14c
theStack
added a commit
to theStack/secp256k1
that referenced
this pull request
Oct 25, 2024
Quoting sipa (see bitcoin-core#1479 (comment)): "When performing an EC multiplication A = aG for secret a, the resulting _affine_ coordinates of A are presumed to not leak information about a (ECDLP), but the same is not necessarily true for the Jacobian coordinates that come out of our multiplication algorithm." For the ECDH point multiplication result, the result in Jacobi coordinates should be cleared not only to avoid leaking the scalar, but even more so as it's a representation of the resulting shared secret.
vmta
added a commit
to umkoin/umkoin
that referenced
this pull request
Oct 29, 2024
1464f15c8 Merge bitcoin-core/secp256k1#1625: util: Remove unused (u)int64_t formatting macros 980c08df8 util: Remove unused (u)int64_t formatting macros 9b7c59cbb Merge bitcoin-core/secp256k1#1624: ci: Update macOS image 096e3e23f ci: Update macOS image 68b55209f Merge bitcoin-core/secp256k1#1619: musig: ctimetests: fix _declassify range for generated nonce points f0868a9b3 Merge bitcoin-core/secp256k1#1595: build: 45839th attempt to fix symbol visibility on Windows 1fae76f50 Merge bitcoin-core/secp256k1#1620: Remove unused scratch space from API 8be3839fb Remove unused scratch space from API 57eda3ba3 musig: ctimetests: fix _declassify range for generated nonce points e59158b6e Merge bitcoin-core/secp256k1#1553: cmake: Set top-level target output locations 18f9b967c Merge bitcoin-core/secp256k1#1616: examples: do not retry generating seckey randomness in musig 5bab8f6d3 examples: make key generation doc consistent e8908221a examples: do not retry generating seckey randomness in musig 70b6be183 extrakeys: improve doc of keypair_create (don't suggest retry) 01b589338 Merge bitcoin-core/secp256k1#1599: #1570 improve examples: remove key generation loop cd4f84f3b Improve examples/documentation: remove key generation loops a88aa9350 Merge bitcoin-core/secp256k1#1603: f can never equal -m 3660fe5e2 Merge bitcoin-core/secp256k1#1479: Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 168c92011 build: allow enabling the musig module in cmake f411841a4 Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 0be79660f util: add constant-time is_zero_array function c8fbdb1b9 group: add ge_to_bytes_ext and ge_from_bytes_ext ef7ff0340 f can never equal -m c232486d8 Revert "cmake: Set `ENVIRONMENT` property for examples on Windows" 26e4a7c21 cmake: Set top-level target output locations 4c57c7a5a Merge bitcoin-core/secp256k1#1554: cmake: Clean up testing code 447334cb0 include: Avoid visibility("default") on Windows 472faaa8e Merge bitcoin-core/secp256k1#1604: doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 292310fbb doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 2f2ccc469 Merge bitcoin-core/secp256k1#1600: cmake: Introduce `SECP256K1_APPEND_LDFLAGS` variable 421ed1b46 cmake: Introduce `SECP256K1_APPEND_LDFLAGS` variable 85e224dd9 group: add ge_to_bytes and ge_from_bytes 198885507 Merge bitcoin-core/secp256k1#1586: fix: remove duplicate 'the' from header file comment b30761440 Merge bitcoin-core/secp256k1#1583: ci: Bump GCC_SNAPSHOT_MAJOR to 15 fa67b6752 refactor: Use array initialization for unterminated strings 9b0f37bff fix: remove duplicate 'the' from header file comment e34b47673 ci: Bump GCC_SNAPSHOT_MAJOR to 15 3fdf146ba Merge bitcoin-core/secp256k1#1578: ci: Silent Homebrew's noisy reinstall warnings f8c1b0e0e Merge bitcoin-core/secp256k1#1577: release cleanup: bump version after 0.5.1 7057d3c9a ci: Silent Homebrew's noisy reinstall warnings c3e40d75d release cleanup: bump version after 0.5.1 642c885b6 Merge bitcoin-core/secp256k1#1575: release: prepare for 0.5.1 cdf08c1a2 Merge bitcoin-core/secp256k1#1576: doc: mention `needs-changelog` github label in release process 40d87b8e4 release: prepare for 0.5.1 577022617 changelog: clarify CMake option 759bd4bbc doc: mention `needs-changelog` github label in release process fded437c4 Merge bitcoin-core/secp256k1#1574: Fix compilation when extrakeys module isn't enabled 763d938cf ci: only enable extrakeys module when schnorrsig is enabled af551ab9d tests: do not use functions from extrakeys module 0055b8678 Merge bitcoin-core/secp256k1#1551: Add ellswift usage example ea2d5f0f1 Merge bitcoin-core/secp256k1#1563: doc: Add convention for defaults ca06e58b2 Merge bitcoin-core/secp256k1#1564: build, ci: Adjust the default size of the precomputed table for signing e2af49126 ci: Switch to the new default value of the precomputed table for signing d94a9273f build: Adjust the default size of the precomputed table for signing fcc5d7381 Merge bitcoin-core/secp256k1#1565: cmake: Bump CMake minimum required version up to 3.16 9420eece2 cmake: Bump CMake minimum required version up to 3.16 16685649d doc: Add convention for defaults a5269373f Merge bitcoin-core/secp256k1#1555: Fixed O3 replacement b8fe33332 cmake: Fixed O3 replacement 7c987ec89 cmake: Call `enable_testing()` unconditionally 6aa576515 cmake: Delete `CTest` module 31f84595c Add ellswift usage example fe4fbaa7f examples: fix case typos in secret clearing paragraphs (s/, Or/, or/) 4af241b32 Merge bitcoin-core/secp256k1#1535: build: Replace hardcoded "auto" value with default one f473c959f Merge bitcoin-core/secp256k1#1543: cmake: Do not modify build types when integrating by downstream project d403eea48 Merge bitcoin-core/secp256k1#1546: cmake: Rename `SECP256K1_LATE_CFLAGS` and switch to Bitcoin Core's approach d7ae25ce6 Merge bitcoin-core/secp256k1#1550: fix: typos in secp256k1.c 0e2fadb20 fix: typos in secp256k1.c 69b2192ad Merge bitcoin-core/secp256k1#1545: cmake: Do not set `CTEST_TEST_TARGET_ALIAS` 5dd637f3c Merge bitcoin-core/secp256k1#1548: README: mention ellswift module 7454a5373 README: mention ellswift module 4706be2cd cmake: Reimplement `SECP256K1_APPEND_CFLAGS` using Bitcoin Core approach c2764dbb9 cmake: Rename `SECP256K1_LATE_CFLAGS` to `SECP256K1_APPEND_CFLAGS` f87a3589f cmake: Do not set `CTEST_TEST_TARGET_ALIAS` 158f9e5ea cmake: Do not modify build types when integrating by downstream project 35c0fdc86 Merge bitcoin-core/secp256k1#1529: cmake: Fix cache issue when integrating by downstream project 4392f0f71 Merge bitcoin-core/secp256k1#1533: tests: refactor: tidy up util functions (#1491) bedffd53d Merge bitcoin-core/secp256k1#1488: ci: Add native macOS arm64 job 4b8d5eeac Merge bitcoin-core/secp256k1#1532: cmake: Disable eager MSan in ctime_tests f55703ba4 autotools: Delete unneeded compiler test 396e88588 autotools: Align MSan checking code with CMake's implementation abde59f52 cmake: Report more compiler details in summary 7abf979a4 cmake: Disable `ctime_tests` if build with `-fsanitize=memory` 4d9645bee cmake: Remove "AUTO" value of `SECP256K1_ECMULT_GEN_KB` option a06805ee7 cmake: Remove "AUTO" value of `SECP256K1_ECMULT_WINDOW_SIZE` option 1791f6fce Merge bitcoin-core/secp256k1#1517: autotools: Disable eager MSan in ctime_tests 26b94ee92 autotools: Remove "auto" value of `--with-ecmult-gen-kb` option 122dbaeb3 autotools: Remove "auto" value of `--with-ecmult-window` option e73f6f8fd tests: refactor: drop `secp256k1_` prefix from testrand.h functions 0ee7453a9 tests: refactor: add `testutil_` prefix to testutil.h functions 0c6bc76dc tests: refactor: move `random_` helpers from tests.c to testutil.h 0fef8479b tests: refactor: rename `random_field_element_magnitude` -> `random_fe_magnitude` 59db007f0 tests: refactor: rename `random_group_element_...` -> `random_ge_...` ebfb82ee2 ci: Add job with -fsanitize-memory-param-retval e1bef0961 configure: Move "experimental" warning to bottom 55e5d975d autotools: Disable eager MSan in ctime_tests 06bff6dec Merge bitcoin-core/secp256k1#1528: tests: call `secp256k1_ecmult_multi_var` with a non-`NULL` error callback ec4c002fa cmake: Simplify `PROJECT_IS_TOP_LEVEL` emulation cae9a7ad1 cmake: Do not set emulated PROJECT_IS_TOP_LEVEL as cache variable 4155e62fc Merge bitcoin-core/secp256k1#1526: cmake: Fix `check_arm32_assembly` when using as subproject 9554362b1 tests: call secp256k1_ecmult_multi_var with a non-NULL error callback 9f4c8cd73 cmake: Fix `check_arm32_assembly` when using as subproject 7712a5306 Merge bitcoin-core/secp256k1#1524: check-abi: explicitly provide public headers 7d0bc0870 Merge bitcoin-core/secp256k1#1525: changelog: Correct 0.5.0 release date d45d9b74b changelog: Correct 0.5.0 release date d7f6613db Merge bitcoin-core/secp256k1#1523: release cleanup: bump version after 0.5.0 2f05e2da4 release cleanup: bump version after 0.5.0 e3a885d42 Merge bitcoin-core/secp256k1#1522: release: prepare for 0.5.0 dd695563e check-abi: explicitly provide public headers c0e4ec3fe release: prepare for 0.5.0 bb528cfb0 Merge bitcoin-core/secp256k1#1518: Add secp256k1_pubkey_sort 7d2591ce1 Add secp256k1_pubkey_sort 218f0cc93 ci: Add native macOS arm64 job git-subtree-dir: src/secp256k1 git-subtree-split: 1464f15c812b00de0f3d397b3cfb67d1f91f6967
achow101
added a commit
to achow101/bitcoin
that referenced
this pull request
Nov 1, 2024
a38d879a1a6 Merge bitcoin-core/secp256k1#1628: Name public API structs 7d48f5ed02e Merge bitcoin-core/secp256k1#1581: test, ci: Lower default iteration count to 16 694342fdb71 Name public API structs 0f73caf7c62 test, ci: Lower default iteration count to 16 9a8db52f4e9 Merge bitcoin-core/secp256k1#1582: cmake, test: Add `secp256k1_` prefix to test names 1464f15c812 Merge bitcoin-core/secp256k1#1625: util: Remove unused (u)int64_t formatting macros 980c08df80a util: Remove unused (u)int64_t formatting macros 9b7c59cbb90 Merge bitcoin-core/secp256k1#1624: ci: Update macOS image 096e3e23f63 ci: Update macOS image 68b55209f1b Merge bitcoin-core/secp256k1#1619: musig: ctimetests: fix _declassify range for generated nonce points f0868a9b3d8 Merge bitcoin-core/secp256k1#1595: build: 45839th attempt to fix symbol visibility on Windows 1fae76f50c0 Merge bitcoin-core/secp256k1#1620: Remove unused scratch space from API 8be3839fb2e Remove unused scratch space from API 57eda3ba300 musig: ctimetests: fix _declassify range for generated nonce points 87384f5c0f2 cmake, test: Add `secp256k1_` prefix to test names e59158b6eb7 Merge bitcoin-core/secp256k1#1553: cmake: Set top-level target output locations 18f9b967c25 Merge bitcoin-core/secp256k1#1616: examples: do not retry generating seckey randomness in musig 5bab8f6d3c4 examples: make key generation doc consistent e8908221a45 examples: do not retry generating seckey randomness in musig 70b6be1834e extrakeys: improve doc of keypair_create (don't suggest retry) 01b5893389e Merge bitcoin-core/secp256k1#1599: bitcoin#1570 improve examples: remove key generation loop cd4f84f3ba8 Improve examples/documentation: remove key generation loops a88aa935063 Merge bitcoin-core/secp256k1#1603: f can never equal -m 3660fe5e2a9 Merge bitcoin-core/secp256k1#1479: Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 168c92011f5 build: allow enabling the musig module in cmake f411841a46b Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 0be79660f38 util: add constant-time is_zero_array function c8fbdb1b972 group: add ge_to_bytes_ext and ge_from_bytes_ext ef7ff03407f f can never equal -m c232486d84e Revert "cmake: Set `ENVIRONMENT` property for examples on Windows" 26e4a7c2146 cmake: Set top-level target output locations 4c57c7a5a95 Merge bitcoin-core/secp256k1#1554: cmake: Clean up testing code 447334cb06d include: Avoid visibility("default") on Windows 472faaa8ee6 Merge bitcoin-core/secp256k1#1604: doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 292310fbb24 doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 85e224dd97f group: add ge_to_bytes and ge_from_bytes 7c987ec89e6 cmake: Call `enable_testing()` unconditionally 6aa576515ef cmake: Delete `CTest` module git-subtree-dir: src/secp256k1 git-subtree-split: a38d879a1a6091bbbf504b42f8ca9ae6d76325a0
achow101
added a commit
to achow101/bitcoin
that referenced
this pull request
Nov 4, 2024
0cdc758a563 Merge bitcoin-core/secp256k1#1631: release: prepare for 0.6.0 39d5dfd542a release: prepare for 0.6.0 df2eceb2790 build: add ellswift.md and musig.md to release tarball a306bb7e903 tools: fix check-abi.sh after cmake out locations were changed 145868a84d2 Do not export `secp256k1_musig_nonce_gen_internal` b161bffb8bf Merge bitcoin-core/secp256k1#1579: Clear sensitive memory without getting optimized out (revival of bitcoin#636) a38d879a1a6 Merge bitcoin-core/secp256k1#1628: Name public API structs 7d48f5ed02e Merge bitcoin-core/secp256k1#1581: test, ci: Lower default iteration count to 16 694342fdb71 Name public API structs 0f73caf7c62 test, ci: Lower default iteration count to 16 9a8db52f4e9 Merge bitcoin-core/secp256k1#1582: cmake, test: Add `secp256k1_` prefix to test names 765ef53335a Clear _gej instances after point multiplication to avoid potential leaks 349e6ab916b Introduce separate _clear functions for hash module 99cc9fd6d01 Don't rely on memset to set signed integers to 0 97c57f42ba8 Implement various _clear() functions with secp256k1_memclear() 9bb368d1466 Use secp256k1_memclear() to clear stack memory instead of memset() e3497bbf001 Separate between clearing memory and setting to zero in tests d79a6ccd43a Separate secp256k1_fe_set_int( . , 0 ) from secp256k1_fe_clear() 1c081262227 Add secp256k1_memclear() for clearing secret data 1464f15c812 Merge bitcoin-core/secp256k1#1625: util: Remove unused (u)int64_t formatting macros 980c08df80a util: Remove unused (u)int64_t formatting macros 9b7c59cbb90 Merge bitcoin-core/secp256k1#1624: ci: Update macOS image 096e3e23f63 ci: Update macOS image e7d384488e8 Don't clear secrets in pippenger implementation 68b55209f1b Merge bitcoin-core/secp256k1#1619: musig: ctimetests: fix _declassify range for generated nonce points f0868a9b3d8 Merge bitcoin-core/secp256k1#1595: build: 45839th attempt to fix symbol visibility on Windows 1fae76f50c0 Merge bitcoin-core/secp256k1#1620: Remove unused scratch space from API 8be3839fb2e Remove unused scratch space from API 57eda3ba300 musig: ctimetests: fix _declassify range for generated nonce points 87384f5c0f2 cmake, test: Add `secp256k1_` prefix to test names e59158b6eb7 Merge bitcoin-core/secp256k1#1553: cmake: Set top-level target output locations 18f9b967c25 Merge bitcoin-core/secp256k1#1616: examples: do not retry generating seckey randomness in musig 5bab8f6d3c4 examples: make key generation doc consistent e8908221a45 examples: do not retry generating seckey randomness in musig 70b6be1834e extrakeys: improve doc of keypair_create (don't suggest retry) 01b5893389e Merge bitcoin-core/secp256k1#1599: bitcoin#1570 improve examples: remove key generation loop cd4f84f3ba8 Improve examples/documentation: remove key generation loops a88aa935063 Merge bitcoin-core/secp256k1#1603: f can never equal -m 3660fe5e2a9 Merge bitcoin-core/secp256k1#1479: Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 168c92011f5 build: allow enabling the musig module in cmake f411841a46b Add module "musig" that implements MuSig2 multi-signatures (BIP 327) 0be79660f38 util: add constant-time is_zero_array function c8fbdb1b972 group: add ge_to_bytes_ext and ge_from_bytes_ext ef7ff03407f f can never equal -m c232486d84e Revert "cmake: Set `ENVIRONMENT` property for examples on Windows" 26e4a7c2146 cmake: Set top-level target output locations 4c57c7a5a95 Merge bitcoin-core/secp256k1#1554: cmake: Clean up testing code 447334cb06d include: Avoid visibility("default") on Windows 472faaa8ee6 Merge bitcoin-core/secp256k1#1604: doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 292310fbb24 doc: fix typos in `secp256k1_ecdsa_{recoverable_,}signature` API description 85e224dd97f group: add ge_to_bytes and ge_from_bytes 7c987ec89e6 cmake: Call `enable_testing()` unconditionally 6aa576515ef cmake: Delete `CTest` module git-subtree-dir: src/secp256k1 git-subtree-split: 0cdc758a56360bf58a851fe91085a327ec97685a
10 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
EDIT: based on #1518. Closes #1452. Most of the code is a copy from libsecp256k1-zkp. The API added in this PR is identical with the exception of two modifications:
scratch_spaceargument fromsecp256k1_musig_pubkey_agg. This argument was intended to allow usingecmult_multialgorithms for key aggregation in the future. But at this point it's unclear whether thescratch_spaceobject will remain in its current form (see Rework or get rid of scratch space #1302).adaptorargument ofmusig_nonce_processwas also removed.In contrast to the module in libsecp256k1-zkp, the module is non-experimental. I slightly cleaned up parts of the module, adjusted the code to the new definition of the VERIFY_CHECK macro and applied some simplifications that were possible because the module is now in the upstream repo (
ge_from_bytes,ge_to_bytes). You can follow the changes I made to the libsecp256k1-zkp module at https://github.com/jonasnick/secp256k1-zkp/commits/musig2-upstream/.