fixup! btcec/schnorr/musig2: update to musig 1.0.0

btcsuite · Oct 7, 2022 · bbb3b2c · bbb3b2c
1 parent 60f5e69
commit bbb3b2c
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 7 deletions.
diff --git a/btcec/schnorr/musig2/keys.go b/btcec/schnorr/musig2/keys.go
@@ -40,8 +40,8 @@ type sortableKeys []*btcec.PublicKey
 // with index j.
 func (s sortableKeys) Less(i, j int) bool {
 	// TODO(roasbeef): more efficient way to compare...
-	keyIBytes := s[i].SerializeCompressed()
-	keyJBytes := s[j].SerializeCompressed()
+	keyIBytes := schnorr.SerializePubKey(s[i])
+	keyJBytes := schnorr.SerializePubKey(s[j])
 
 	return bytes.Compare(keyIBytes, keyJBytes) == -1
 }
@@ -80,7 +80,7 @@ func keyHashFingerprint(keys []*btcec.PublicKey, sort bool) []byte {
 
 	// We'll create a single buffer and slice into that so the bytes buffer
 	// doesn't continually need to grow the underlying buffer.
-	keyAggBuf := make([]byte, 32*len(keys))
+	keyAggBuf := make([]byte, 33*len(keys))
 	keyBytes := bytes.NewBuffer(keyAggBuf[0:0])
 	for _, key := range keys {
 		keyBytes.Write(key.SerializeCompressed())

diff --git a/btcec/schnorr/musig2/sign.go b/btcec/schnorr/musig2/sign.go
@@ -4,9 +4,11 @@ package musig2
 
 import (
 	"bytes"
+	"encoding/hex"
 	"fmt"
 	"io"
 
+	"github.com/davecgh/go-spew/spew"
 	secp "github.com/decred/dcrd/dcrec/secp256k1/v4"
 
 	"github.com/btcsuite/btcd/btcec/v2"
@@ -313,8 +315,10 @@ func Sign(secNonce [SecNonceSize]byte, privKey *btcec.PrivateKey,
 
 	// Before we sign below, we'll multiply by our various parity factors
 	// to ensure that the signing key is properly negated (if necessary):
-	//  * d = gv⋅gaccv⋅d'
+	//  * d = g⋅gacc⋅d'
 	privKeyScalar.Mul(parityCombinedKey).Mul(parityAcc)
+	fmt.Println("sign key: ", hex.EncodeToString(pubKey.SerializeCompressed()))
+	fmt.Println("final parity sign: ", spew.Sdump(parityCombinedKey))
 
 	// Next we'll create the challenge hash that commits to the combined
 	// nonce, combined public key and also the message:
@@ -329,9 +333,12 @@ func Sign(secNonce [SecNonceSize]byte, privKey *btcec.PrivateKey,
 	var e btcec.ModNScalar
 	e.SetByteSlice(challengeBytes[:])
 
+	fmt.Println("e sign: ", spew.Sdump(e))
+
 	// Next, we'll compute a, our aggregation coefficient for the key that
 	// we're signing with.
 	a := aggregationCoefficient(pubKeys, pubKey, keysHash, uniqueKeyIndex)
+	fmt.Println("a sign: ", spew.Sdump(a))
 
 	// With mu constructed, we can finally generate our partial signature
 	// as: s = (k1_1 + b*k_2 + e*a*d) mod n.
@@ -364,6 +371,7 @@ func (p *PartialSignature) Verify(pubNonce [PubNonceSize]byte,
 	signingKey *btcec.PublicKey, msg [32]byte, signOpts ...SignOption) bool {
 
 	pubKey := signingKey.SerializeCompressed()
+	fmt.Println("key verify: ", hex.EncodeToString(pubKey))
 
 	return verifyPartialSig(
 		p, pubNonce, combinedNonce, keySet, pubKey, msg, signOpts...,
@@ -510,22 +518,26 @@ func verifyPartialSig(partialSig *PartialSignature, pubNonce [PubNonceSize]byte,
 		return err
 	}
 
+	fmt.Println("e verify: ", spew.Sdump(e))
+
 	// Next, we'll compute a, our aggregation coefficient for the key that
 	// we're signing with.
 	a := aggregationCoefficient(keySet, signingKey, keysHash, uniqueKeyIndex)
+	fmt.Println("a verify: ", spew.Sdump(a))
 
 	// If the combined key has an odd y coordinate, then we'll negate
 	// parity factor for the signing key.
-	paritySignKey := new(btcec.ModNScalar).SetInt(1)
+	parityCombinedKey := new(btcec.ModNScalar).SetInt(1)
 	combinedKeyBytes := combinedKey.FinalKey.SerializeCompressed()
 	if combinedKeyBytes[0] == secp.PubKeyFormatCompressedOdd {
-		paritySignKey.Negate()
+		parityCombinedKey.Negate()
 	}
 
 	// Next, we'll construct the final parity factor by multiplying the
 	// sign key parity factor with the accumulated parity factor for all
 	// the keys.
-	finalParityFactor := paritySignKey.Mul(parityAcc)
+	finalParityFactor := parityCombinedKey.Mul(parityAcc)
+	fmt.Println("final parity verify: ", spew.Sdump(finalParityFactor))
 
 	var signKeyJ btcec.JacobianPoint
 	signingKey.AsJacobian(&signKeyJ)
@@ -536,6 +548,9 @@ func verifyPartialSig(partialSig *PartialSignature, pubNonce [PubNonceSize]byte,
 	btcec.ScalarMultNonConst(e.Mul(a).Mul(finalParityFactor), &signKeyJ, &rP)
 	btcec.AddNonConst(&rP, &pubNonceJ, &rP)
 
+	fmt.Println("sg: ", spew.Sdump(sG))
+	fmt.Println("rt: ", spew.Sdump(rP))
+
 	sG.ToAffine()
 	rP.ToAffine()