github.com/ethereumproject/go-ethereum@v5.5.2+incompatible/crypto/secp256k1/libsecp256k1/include/secp256k1_schnorr.h (about) 1 #ifndef _SECP256K1_SCHNORR_ 2 # define _SECP256K1_SCHNORR_ 3 4 # include "secp256k1.h" 5 6 # ifdef __cplusplus 7 extern "C" { 8 # endif 9 10 /** Create a signature using a custom EC-Schnorr-SHA256 construction. It 11 * produces non-malleable 64-byte signatures which support public key recovery 12 * batch validation, and multiparty signing. 13 * Returns: 1: signature created 14 * 0: the nonce generation function failed, or the private key was 15 * invalid. 16 * Args: ctx: pointer to a context object, initialized for signing 17 * (cannot be NULL) 18 * Out: sig64: pointer to a 64-byte array where the signature will be 19 * placed (cannot be NULL) 20 * In: msg32: the 32-byte message hash being signed (cannot be NULL) 21 * seckey: pointer to a 32-byte secret key (cannot be NULL) 22 * noncefp:pointer to a nonce generation function. If NULL, 23 * secp256k1_nonce_function_default is used 24 * ndata: pointer to arbitrary data used by the nonce generation 25 * function (can be NULL) 26 */ 27 SECP256K1_API int secp256k1_schnorr_sign( 28 const secp256k1_context* ctx, 29 unsigned char *sig64, 30 const unsigned char *msg32, 31 const unsigned char *seckey, 32 secp256k1_nonce_function noncefp, 33 const void *ndata 34 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); 35 36 /** Verify a signature created by secp256k1_schnorr_sign. 37 * Returns: 1: correct signature 38 * 0: incorrect signature 39 * Args: ctx: a secp256k1 context object, initialized for verification. 40 * In: sig64: the 64-byte signature being verified (cannot be NULL) 41 * msg32: the 32-byte message hash being verified (cannot be NULL) 42 * pubkey: the public key to verify with (cannot be NULL) 43 */ 44 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_verify( 45 const secp256k1_context* ctx, 46 const unsigned char *sig64, 47 const unsigned char *msg32, 48 const secp256k1_pubkey *pubkey 49 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); 50 51 /** Recover an EC public key from a Schnorr signature created using 52 * secp256k1_schnorr_sign. 53 * Returns: 1: public key successfully recovered (which guarantees a correct 54 * signature). 55 * 0: otherwise. 56 * Args: ctx: pointer to a context object, initialized for 57 * verification (cannot be NULL) 58 * Out: pubkey: pointer to a pubkey to set to the recovered public key 59 * (cannot be NULL). 60 * In: sig64: signature as 64 byte array (cannot be NULL) 61 * msg32: the 32-byte message hash assumed to be signed (cannot 62 * be NULL) 63 */ 64 SECP256K1_API int secp256k1_schnorr_recover( 65 const secp256k1_context* ctx, 66 secp256k1_pubkey *pubkey, 67 const unsigned char *sig64, 68 const unsigned char *msg32 69 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); 70 71 /** Generate a nonce pair deterministically for use with 72 * secp256k1_schnorr_partial_sign. 73 * Returns: 1: valid nonce pair was generated. 74 * 0: otherwise (nonce generation function failed) 75 * Args: ctx: pointer to a context object, initialized for signing 76 * (cannot be NULL) 77 * Out: pubnonce: public side of the nonce (cannot be NULL) 78 * privnonce32: private side of the nonce (32 byte) (cannot be NULL) 79 * In: msg32: the 32-byte message hash assumed to be signed (cannot 80 * be NULL) 81 * sec32: the 32-byte private key (cannot be NULL) 82 * noncefp: pointer to a nonce generation function. If NULL, 83 * secp256k1_nonce_function_default is used 84 * noncedata: pointer to arbitrary data used by the nonce generation 85 * function (can be NULL) 86 * 87 * Do not use the output as a private/public key pair for signing/validation. 88 */ 89 SECP256K1_API int secp256k1_schnorr_generate_nonce_pair( 90 const secp256k1_context* ctx, 91 secp256k1_pubkey *pubnonce, 92 unsigned char *privnonce32, 93 const unsigned char *msg32, 94 const unsigned char *sec32, 95 secp256k1_nonce_function noncefp, 96 const void* noncedata 97 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); 98 99 /** Produce a partial Schnorr signature, which can be combined using 100 * secp256k1_schnorr_partial_combine, to end up with a full signature that is 101 * verifiable using secp256k1_schnorr_verify. 102 * Returns: 1: signature created succesfully. 103 * 0: no valid signature exists with this combination of keys, nonces 104 * and message (chance around 1 in 2^128) 105 * -1: invalid private key, nonce, or public nonces. 106 * Args: ctx: pointer to context object, initialized for signing (cannot 107 * be NULL) 108 * Out: sig64: pointer to 64-byte array to put partial signature in 109 * In: msg32: pointer to 32-byte message to sign 110 * sec32: pointer to 32-byte private key 111 * pubnonce_others: pointer to pubkey containing the sum of the other's 112 * nonces (see secp256k1_ec_pubkey_combine) 113 * secnonce32: pointer to 32-byte array containing our nonce 114 * 115 * The intended procedure for creating a multiparty signature is: 116 * - Each signer S[i] with private key x[i] and public key Q[i] runs 117 * secp256k1_schnorr_generate_nonce_pair to produce a pair (k[i],R[i]) of 118 * private/public nonces. 119 * - All signers communicate their public nonces to each other (revealing your 120 * private nonce can lead to discovery of your private key, so it should be 121 * considered secret). 122 * - All signers combine all the public nonces they received (excluding their 123 * own) using secp256k1_ec_pubkey_combine to obtain an 124 * Rall[i] = sum(R[0..i-1,i+1..n]). 125 * - All signers produce a partial signature using 126 * secp256k1_schnorr_partial_sign, passing in their own private key x[i], 127 * their own private nonce k[i], and the sum of the others' public nonces 128 * Rall[i]. 129 * - All signers communicate their partial signatures to each other. 130 * - Someone combines all partial signatures using 131 * secp256k1_schnorr_partial_combine, to obtain a full signature. 132 * - The resulting signature is validatable using secp256k1_schnorr_verify, with 133 * public key equal to the result of secp256k1_ec_pubkey_combine of the 134 * signers' public keys (sum(Q[0..n])). 135 * 136 * Note that secp256k1_schnorr_partial_combine and secp256k1_ec_pubkey_combine 137 * function take their arguments in any order, and it is possible to 138 * pre-combine several inputs already with one call, and add more inputs later 139 * by calling the function again (they are commutative and associative). 140 */ 141 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_partial_sign( 142 const secp256k1_context* ctx, 143 unsigned char *sig64, 144 const unsigned char *msg32, 145 const unsigned char *sec32, 146 const secp256k1_pubkey *pubnonce_others, 147 const unsigned char *secnonce32 148 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6); 149 150 /** Combine multiple Schnorr partial signatures. 151 * Returns: 1: the passed signatures were succesfully combined. 152 * 0: the resulting signature is not valid (chance of 1 in 2^256) 153 * -1: some inputs were invalid, or the signatures were not created 154 * using the same set of nonces 155 * Args: ctx: pointer to a context object 156 * Out: sig64: pointer to a 64-byte array to place the combined signature 157 * (cannot be NULL) 158 * In: sig64sin: pointer to an array of n pointers to 64-byte input 159 * signatures 160 * n: the number of signatures to combine (at least 1) 161 */ 162 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_partial_combine( 163 const secp256k1_context* ctx, 164 unsigned char *sig64, 165 const unsigned char * const * sig64sin, 166 int n 167 ) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); 168 169 # ifdef __cplusplus 170 } 171 # endif 172 173 #endif