Dash Core  0.12.2.1
P2P Digital Currency
main_impl.h File Reference

Go to the source code of this file.

Functions

static void secp256k1_schnorr_msghash_sha256 (unsigned char *h32, const unsigned char *r32, const unsigned char *msg32)
 
int secp256k1_schnorr_sign (const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *noncedata)
 
int secp256k1_schnorr_verify (const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msg32, const secp256k1_pubkey *pubkey)
 
int secp256k1_schnorr_recover (const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *sig64, const unsigned char *msg32)
 
int secp256k1_schnorr_generate_nonce_pair (const secp256k1_context *ctx, secp256k1_pubkey *pubnonce, unsigned char *privnonce32, const unsigned char *sec32, const unsigned char *msg32, secp256k1_nonce_function noncefp, const void *noncedata)
 
int secp256k1_schnorr_partial_sign (const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const unsigned char *sec32, const secp256k1_pubkey *pubnonce_others, const unsigned char *secnonce32)
 
int secp256k1_schnorr_partial_combine (const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *const *sig64sin, size_t n)
 

Variables

static const unsigned char secp256k1_schnorr_algo16 [17] = "Schnorr+SHA256 "
 

Function Documentation

◆ secp256k1_schnorr_generate_nonce_pair()

int secp256k1_schnorr_generate_nonce_pair ( const secp256k1_context ctx,
secp256k1_pubkey pubnonce,
unsigned char *  privnonce32,
const unsigned char *  msg32,
const unsigned char *  sec32,
secp256k1_nonce_function  noncefp,
const void *  noncedata 
)

Generate a nonce pair deterministically for use with secp256k1_schnorr_partial_sign. Returns: 1: valid nonce pair was generated. 0: otherwise (nonce generation function failed) Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) Out: pubnonce: public side of the nonce (cannot be NULL) privnonce32: private side of the nonce (32 byte) (cannot be NULL) In: msg32: the 32-byte message hash assumed to be signed (cannot be NULL) sec32: the 32-byte private key (cannot be NULL) noncefp: pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used noncedata: pointer to arbitrary data used by the nonce generation function (can be NULL)

Do not use the output as a private/public key pair for signing/validation.

Definition at line 91 of file main_impl.h.

Referenced by test_schnorr_threshold().

◆ secp256k1_schnorr_msghash_sha256()

static void secp256k1_schnorr_msghash_sha256 ( unsigned char *  h32,
const unsigned char *  r32,
const unsigned char *  msg32 
)
static

◆ secp256k1_schnorr_partial_combine()

int secp256k1_schnorr_partial_combine ( const secp256k1_context ctx,
unsigned char *  sig64,
const unsigned char *const *  sig64sin,
size_t  n 
)

Combine multiple Schnorr partial signatures. Returns: 1: the passed signatures were successfully combined. 0: the resulting signature is not valid (chance of 1 in 2^256) -1: some inputs were invalid, or the signatures were not created using the same set of nonces Args: ctx: pointer to a context object Out: sig64: pointer to a 64-byte array to place the combined signature (cannot be NULL) In: sig64sin: pointer to an array of n pointers to 64-byte input signatures n: the number of signatures to combine (at least 1)

Definition at line 157 of file main_impl.h.

Referenced by test_schnorr_threshold().

◆ secp256k1_schnorr_partial_sign()

int secp256k1_schnorr_partial_sign ( const secp256k1_context ctx,
unsigned char *  sig64,
const unsigned char *  msg32,
const unsigned char *  sec32,
const secp256k1_pubkey pubnonce_others,
const unsigned char *  secnonce32 
)

Produce a partial Schnorr signature, which can be combined using secp256k1_schnorr_partial_combine, to end up with a full signature that is verifiable using secp256k1_schnorr_verify. Returns: 1: signature created successfully. 0: no valid signature exists with this combination of keys, nonces and message (chance around 1 in 2^128) -1: invalid private key, nonce, or public nonces. Args: ctx: pointer to context object, initialized for signing (cannot be NULL) Out: sig64: pointer to 64-byte array to put partial signature in In: msg32: pointer to 32-byte message to sign sec32: pointer to 32-byte private key pubnonce_others: pointer to pubkey containing the sum of the other's nonces (see secp256k1_ec_pubkey_combine) secnonce32: pointer to 32-byte array containing our nonce

The intended procedure for creating a multiparty signature is:

  • Each signer S[i] with private key x[i] and public key Q[i] runs secp256k1_schnorr_generate_nonce_pair to produce a pair (k[i],R[i]) of private/public nonces.
  • All signers communicate their public nonces to each other (revealing your private nonce can lead to discovery of your private key, so it should be considered secret).
  • All signers combine all the public nonces they received (excluding their own) using secp256k1_ec_pubkey_combine to obtain an Rall[i] = sum(R[0..i-1,i+1..n]).
  • All signers produce a partial signature using secp256k1_schnorr_partial_sign, passing in their own private key x[i], their own private nonce k[i], and the sum of the others' public nonces Rall[i].
  • All signers communicate their partial signatures to each other.
  • Someone combines all partial signatures using secp256k1_schnorr_partial_combine, to obtain a full signature.
  • The resulting signature is validatable using secp256k1_schnorr_verify, with public key equal to the result of secp256k1_ec_pubkey_combine of the signers' public keys (sum(Q[0..n])).

    Note that secp256k1_schnorr_partial_combine and secp256k1_ec_pubkey_combine function take their arguments in any order, and it is possible to pre-combine several inputs already with one call, and add more inputs later by calling the function again (they are commutative and associative).

Definition at line 133 of file main_impl.h.

Referenced by test_schnorr_threshold().

◆ secp256k1_schnorr_recover()

int secp256k1_schnorr_recover ( const secp256k1_context ctx,
secp256k1_pubkey pubkey,
const unsigned char *  sig64,
const unsigned char *  msg32 
)

Recover an EC public key from a Schnorr signature created using secp256k1_schnorr_sign. Returns: 1: public key successfully recovered (which guarantees a correct signature). 0: otherwise. Args: ctx: pointer to a context object, initialized for verification (cannot be NULL) Out: pubkey: pointer to a pubkey to set to the recovered public key (cannot be NULL). In: sig64: signature as 64 byte array (cannot be NULL) msg32: the 32-byte message hash assumed to be signed (cannot be NULL)

Definition at line 73 of file main_impl.h.

Referenced by test_schnorr_end_to_end().

◆ secp256k1_schnorr_sign()

int secp256k1_schnorr_sign ( const secp256k1_context ctx,
unsigned char *  sig64,
const unsigned char *  msg32,
const unsigned char *  seckey,
secp256k1_nonce_function  noncefp,
const void *  ndata 
)

Create a signature using a custom EC-Schnorr-SHA256 construction. It produces non-malleable 64-byte signatures which support public key recovery batch validation, and multiparty signing. Returns: 1: signature created 0: the nonce generation function failed, or the private key was invalid. Args: ctx: pointer to a context object, initialized for signing (cannot be NULL) Out: sig64: pointer to a 64-byte array where the signature will be placed (cannot be NULL) In: msg32: the 32-byte message hash being signed (cannot be NULL) seckey: pointer to a 32-byte secret key (cannot be NULL) noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used ndata: pointer to arbitrary data used by the nonce generation function (can be NULL)

Definition at line 23 of file main_impl.h.

Referenced by benchmark_schnorr_init(), and test_schnorr_end_to_end().

◆ secp256k1_schnorr_verify()

int secp256k1_schnorr_verify ( const secp256k1_context ctx,
const unsigned char *  sig64,
const unsigned char *  msg32,
const secp256k1_pubkey pubkey 
)

Verify a signature created by secp256k1_schnorr_sign. Returns: 1: correct signature 0: incorrect signature Args: ctx: a secp256k1 context object, initialized for verification. In: sig64: the 64-byte signature being verified (cannot be NULL) msg32: the 32-byte message hash being verified (cannot be NULL) pubkey: the public key to verify with (cannot be NULL)

Definition at line 61 of file main_impl.h.

Referenced by benchmark_schnorr_verify(), test_schnorr_end_to_end(), and test_schnorr_threshold().

Variable Documentation

◆ secp256k1_schnorr_algo16

const unsigned char secp256k1_schnorr_algo16[17] = "Schnorr+SHA256 "
static

Definition at line 21 of file main_impl.h.

Referenced by secp256k1_schnorr_generate_nonce_pair(), and secp256k1_schnorr_sign().