schnorr

package
v2.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 1, 2022 License: ISC Imports: 5 Imported by: 328

Documentation

Index

Constants

View Source
const (
	PubKeyBytesLen = 32
)

These constants define the lengths of serialized public keys.

View Source
const (
	// SignatureSize is the size of an encoded Schnorr signature.
	SignatureSize = 64
)

Variables

This section is empty.

Functions

func ParsePubKey

func ParsePubKey(pubKeyStr []byte) (*btcec.PublicKey, error)

ParsePubKey parses a public key for a koblitz curve from a bytestring into a btcec.Publickey, verifying that it is valid. It only supports public keys in the BIP-340 32-byte format.

func SerializePubKey

func SerializePubKey(pub *btcec.PublicKey) []byte

SerializePubKey serializes a public key as specified by BIP 340. Public keys in this format are 32 bytes in length, and are assumed to have an even y coordinate.

Types

type Error

type Error = ecdsa_schnorr.Error

Error identifies an error related to a schnorr signature. It has full support for errors.Is and errors.As, so the caller can ascertain the specific reason for the error by checking the underlying error.

type ErrorKind

type ErrorKind = ecdsa_schnorr.ErrorKind

ErrorKind identifies a kind of error. It has full support for errors.Is and errors.As, so the caller can directly check against an error kind when determining the reason for an error.

type SignOption

type SignOption func(*signOptions)

SignOption is a functional option arguemnt that allows callers to modify the way we generate BIP-340 schnorr signatues.

func CustomNonce

func CustomNonce(auxData [32]byte) SignOption

CustomNonce allows users to pass in a custom set of auxData that's used as input randomness to generate the nonce used during signing. Users may want to specify this custom value when using multi-signatures schemes such as Mu-Sig2. If this option isn't set, then rfc6979 will be used to generate the nonce material.

func FastSign

func FastSign() SignOption

FastSign forces signing to skip the extra verification step at the end. Peformance sensitive applications may opt to use this option to speed up the signing operation.

type Signature

type Signature struct {
	// contains filtered or unexported fields
}

Signature is a type representing a Schnorr signature.

func NewSignature

func NewSignature(r *btcec.FieldVal, s *btcec.ModNScalar) *Signature

NewSignature instantiates a new signature given some r and s values.

func ParseSignature

func ParseSignature(sig []byte) (*Signature, error)

ParseSignature parses a signature according to the BIP-340 specification and enforces the following additional restrictions specific to secp256k1:

- The r component must be in the valid range for secp256k1 field elements - The s component must be in the valid range for secp256k1 scalars

func Sign

func Sign(privKey *btcec.PrivateKey, hash []byte,
	signOpts ...SignOption) (*Signature, error)

Sign generates an BIP-340 signature over the secp256k1 curve for the provided hash (which should be the result of hashing a larger message) using the given private key. The produced signature is deterministic (same message and same key yield the same signature) and canonical.

Note that the current signing implementation has a few remaining variable time aspects which make use of the private key and the generated nonce, which can expose the signer to constant time attacks. As a result, this function should not be used in situations where there is the possibility of someone having EM field/cache/etc access.

func (Signature) IsEqual

func (sig Signature) IsEqual(otherSig *Signature) bool

IsEqual compares this Signature instance to the one passed, returning true if both Signatures are equivalent. A signature is equivalent to another, if they both have the same scalar value for R and S.

func (Signature) Serialize

func (sig Signature) Serialize() []byte

Serialize returns the Schnorr signature in the more strict format.

The signatures are encoded as

sig[0:32]  x coordinate of the point R, encoded as a big-endian uint256
sig[32:64] s, encoded also as big-endian uint256

func (*Signature) Verify

func (sig *Signature) Verify(hash []byte, pubKey *btcec.PublicKey) bool

Verify returns whether or not the signature is valid for the provided hash and secp256k1 public key.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL