diff --git a/pkg/crypto/ec/musig2/bench_test.go b/pkg/crypto/ec/musig2/bench_test.go index 6c968ec..732e53d 100644 --- a/pkg/crypto/ec/musig2/bench_test.go +++ b/pkg/crypto/ec/musig2/bench_test.go @@ -6,10 +6,11 @@ package musig2 import ( "fmt" + "testing" + "orly.dev/pkg/crypto/ec" "orly.dev/pkg/crypto/ec/schnorr" "orly.dev/pkg/encoders/hex" - "testing" ) var ( @@ -190,7 +191,7 @@ func BenchmarkCombineSigs(b *testing.B) { } var msg [32]byte copy(msg[:], testMsg[:]) - var finalNonce *btcec.btcec + var finalNonce *btcec.PublicKey for i := range signers { signer := signers[i] partialSig, err := Sign( @@ -246,7 +247,7 @@ func BenchmarkAggregateNonces(b *testing.B) { } } -var testKey *btcec.btcec +var testKey *btcec.PublicKey // BenchmarkAggregateKeys benchmarks how long it takes to aggregate public // keys. diff --git a/pkg/crypto/ec/musig2/context.go b/pkg/crypto/ec/musig2/context.go index 6aede64..6c9162f 100644 --- a/pkg/crypto/ec/musig2/context.go +++ b/pkg/crypto/ec/musig2/context.go @@ -4,6 +4,7 @@ package musig2 import ( "fmt" + "orly.dev/pkg/crypto/ec" "orly.dev/pkg/crypto/ec/schnorr" "orly.dev/pkg/utils/chk" @@ -63,7 +64,7 @@ type Context struct { // signingKey is the key we'll use for signing. signingKey *btcec.SecretKey // pubKey is our even-y coordinate public key. - pubKey *btcec.btcec + pubKey *btcec.PublicKey // combinedKey is the aggregated public key. combinedKey *AggregateKey // uniqueKeyIndex is the index of the second unique key in the keySet. @@ -103,7 +104,7 @@ type contextOptions struct { // h_tapTweak(internalKey) as there is no true script root. bip86Tweak bool // keySet is the complete set of signers for this context. - keySet []*btcec.btcec + keySet []*btcec.PublicKey // numSigners is the total number of signers that will eventually be a // part of the context. numSigners int diff --git a/pkg/crypto/ec/musig2/data/key_agg_vectors.json b/pkg/crypto/ec/musig2/data/key_agg_vectors.json index b2e623d..46f4733 100644 --- a/pkg/crypto/ec/musig2/data/key_agg_vectors.json +++ b/pkg/crypto/ec/musig2/data/key_agg_vectors.json @@ -1,88 +1,127 @@ { - "pubkeys": [ - "02F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", - "03DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", - "023590A94E768F8E1815C2F24B4D80A8E3149316C3518CE7B7AD338368D038CA66", - "020000000000000000000000000000000000000000000000000000000000000005", - "02FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC30", - "04F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", - "03935F972DA013F80AE011890FA89B67A27B7BE6CCB24D3274D18B2D4067F261A9" - ], - "tweaks": [ - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", - "252E4BD67410A76CDF933D30EAA1608214037F1B105A013ECCD3C5C184A6110B" - ], - "valid_test_cases": [ - { - "key_indices": [0, 1, 2], - "expected": "90539EEDE565F5D054F32CC0C220126889ED1E5D193BAF15AEF344FE59D4610C" - }, - { - "key_indices": [2, 1, 0], - "expected": "6204DE8B083426DC6EAF9502D27024D53FC826BF7D2012148A0575435DF54B2B" - }, - { - "key_indices": [0, 0, 0], - "expected": "B436E3BAD62B8CD409969A224731C193D051162D8C5AE8B109306127DA3AA935" - }, - { - "key_indices": [0, 0, 1, 1], - "expected": "69BC22BFA5D106306E48A20679DE1D7389386124D07571D0D872686028C26A3E" - } - ], - "error_test_cases": [ - { - "key_indices": [0, 3], - "tweak_indices": [], - "is_xonly": [], - "error": { - "type": "invalid_contribution", - "signer": 1, - "contrib": "pubkey" - }, - "comment": "Invalid public key" - }, - { - "key_indices": [0, 4], - "tweak_indices": [], - "is_xonly": [], - "error": { - "type": "invalid_contribution", - "signer": 1, - "contrib": "pubkey" - }, - "comment": "Public key exceeds field size" - }, - { - "key_indices": [5, 0], - "tweak_indices": [], - "is_xonly": [], - "error": { - "type": "invalid_contribution", - "signer": 0, - "contrib": "pubkey" - }, - "comment": "First byte of public key is not 2 or 3" - }, - { - "key_indices": [0, 1], - "tweak_indices": [0], - "is_xonly": [true], - "error": { - "type": "value", - "message": "The tweak must be less than n." - }, - "comment": "Tweak is out of range" - }, - { - "key_indices": [6], - "tweak_indices": [1], - "is_xonly": [false], - "error": { - "type": "value", - "message": "The result of tweaking cannot be infinity." - }, - "comment": "Intermediate tweaking result is point at infinity" - } - ] + "pubkeys": [ + "02F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", + "03DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", + "023590A94E768F8E1815C2F24B4D80A8E3149316C3518CE7B7AD338368D038CA66", + "020000000000000000000000000000000000000000000000000000000000000005", + "02FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC30", + "04F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", + "03935F972DA013F80AE011890FA89B67A27B7BE6CCB24D3274D18B2D4067F261A9" + ], + "tweaks": [ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", + "252E4BD67410A76CDF933D30EAA1608214037F1B105A013ECCD3C5C184A6110B" + ], + "valid_test_cases": [ + { + "key_indices": [ + 0, + 1, + 2 + ], + "expected": "90539EEDE565F5D054F32CC0C220126889ED1E5D193BAF15AEF344FE59D4610C" + }, + { + "key_indices": [ + 2, + 1, + 0 + ], + "expected": "6204DE8B083426DC6EAF9502D27024D53FC826BF7D2012148A0575435DF54B2B" + }, + { + "key_indices": [ + 0, + 0, + 0 + ], + "expected": "B436E3BAD62B8CD409969A224731C193D051162D8C5AE8B109306127DA3AA935" + }, + { + "key_indices": [ + 0, + 0, + 1, + 1 + ], + "expected": "69BC22BFA5D106306E48A20679DE1D7389386124D07571D0D872686028C26A3E" + } + ], + "error_test_cases": [ + { + "key_indices": [ + 0, + 3 + ], + "tweak_indices": [], + "is_xonly": [], + "error": { + "type": "invalid_contribution", + "signer": 1, + "contrib": "pubkey" + }, + "comment": "Invalid public key" + }, + { + "key_indices": [ + 0, + 4 + ], + "tweak_indices": [], + "is_xonly": [], + "error": { + "type": "invalid_contribution", + "signer": 1, + "contrib": "pubkey" + }, + "comment": "Public key exceeds field size" + }, + { + "key_indices": [ + 5, + 0 + ], + "tweak_indices": [], + "is_xonly": [], + "error": { + "type": "invalid_contribution", + "signer": 0, + "contrib": "pubkey" + }, + "comment": "First byte of public key is not 2 or 3" + }, + { + "key_indices": [ + 0, + 1 + ], + "tweak_indices": [ + 0 + ], + "is_xonly": [ + true + ], + "error": { + "type": "value", + "message": "The tweak must be less than n." + }, + "comment": "Tweak is out of range" + }, + { + "key_indices": [ + 6 + ], + "tweak_indices": [ + 1 + ], + "is_xonly": [ + false + ], + "error": { + "type": "value", + "message": "The result of tweaking cannot be infinity." + }, + "comment": "Intermediate tweaking result is point at infinity" + } + ] } diff --git a/pkg/crypto/ec/musig2/data/key_sort_vectors.json b/pkg/crypto/ec/musig2/data/key_sort_vectors.json index 022f341..471c67e 100644 --- a/pkg/crypto/ec/musig2/data/key_sort_vectors.json +++ b/pkg/crypto/ec/musig2/data/key_sort_vectors.json @@ -1,16 +1,16 @@ { - "pubkeys": [ - "02DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8", - "02F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", - "03DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", - "023590A94E768F8E1815C2F24B4D80A8E3149316C3518CE7B7AD338368D038CA66", - "02DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8" - ], - "sorted_pubkeys": [ - "023590A94E768F8E1815C2F24B4D80A8E3149316C3518CE7B7AD338368D038CA66", - "02DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8", - "02DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8", - "02F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", - "03DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659" - ] + "pubkeys": [ + "02DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8", + "02F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", + "03DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", + "023590A94E768F8E1815C2F24B4D80A8E3149316C3518CE7B7AD338368D038CA66", + "02DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8" + ], + "sorted_pubkeys": [ + "023590A94E768F8E1815C2F24B4D80A8E3149316C3518CE7B7AD338368D038CA66", + "02DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8", + "02DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8", + "02F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", + "03DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659" + ] } diff --git a/pkg/crypto/ec/musig2/data/nonce_agg_vectors.json b/pkg/crypto/ec/musig2/data/nonce_agg_vectors.json index 597246d..115c045 100644 --- a/pkg/crypto/ec/musig2/data/nonce_agg_vectors.json +++ b/pkg/crypto/ec/musig2/data/nonce_agg_vectors.json @@ -1,54 +1,69 @@ { - "pnonces": [ - "020151C80F435648DF67A22B749CD798CE54E0321D034B92B709B567D60A42E66603BA47FBC1834437B3212E89A84D8425E7BF12E0245D98262268EBDCB385D50641", - "03FF406FFD8ADB9CD29877E4985014F66A59F6CD01C0E88CAA8E5F3166B1F676A60248C264CDD57D3C24D79990B0F865674EB62A0F9018277A95011B41BFC193B833", - "020151C80F435648DF67A22B749CD798CE54E0321D034B92B709B567D60A42E6660279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", - "03FF406FFD8ADB9CD29877E4985014F66A59F6CD01C0E88CAA8E5F3166B1F676A60379BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", - "04FF406FFD8ADB9CD29877E4985014F66A59F6CD01C0E88CAA8E5F3166B1F676A60248C264CDD57D3C24D79990B0F865674EB62A0F9018277A95011B41BFC193B833", - "03FF406FFD8ADB9CD29877E4985014F66A59F6CD01C0E88CAA8E5F3166B1F676A60248C264CDD57D3C24D79990B0F865674EB62A0F9018277A95011B41BFC193B831", - "03FF406FFD8ADB9CD29877E4985014F66A59F6CD01C0E88CAA8E5F3166B1F676A602FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC30" - ], - "valid_test_cases": [ - { - "pnonce_indices": [0, 1], - "expected": "035FE1873B4F2967F52FEA4A06AD5A8ECCBE9D0FD73068012C894E2E87CCB5804B024725377345BDE0E9C33AF3C43C0A29A9249F2F2956FA8CFEB55C8573D0262DC8" - }, - { - "pnonce_indices": [2, 3], - "expected": "035FE1873B4F2967F52FEA4A06AD5A8ECCBE9D0FD73068012C894E2E87CCB5804B000000000000000000000000000000000000000000000000000000000000000000", - "comment": "Sum of second points encoded in the nonces is point at infinity which is serialized as 33 zero bytes" - } - ], - "error_test_cases": [ - { - "pnonce_indices": [0, 4], - "error": { - "type": "invalid_contribution", - "signer": 1, - "contrib": "pubnonce" - }, - "comment": "Public nonce from signer 1 is invalid due wrong tag, 0x04, in the first half", - "btcec_err": "invalid public key: unsupported format: 4" - }, - { - "pnonce_indices": [5, 1], - "error": { - "type": "invalid_contribution", - "signer": 0, - "contrib": "pubnonce" - }, - "comment": "Public nonce from signer 0 is invalid because the second half does not correspond to an X coordinate", - "btcec_err": "invalid public key: x coordinate 48c264cdd57d3c24d79990b0f865674eb62a0f9018277a95011b41bfc193b831 is not on the secp256k1 curve" - }, - { - "pnonce_indices": [6, 1], - "error": { - "type": "invalid_contribution", - "signer": 0, - "contrib": "pubnonce" - }, - "comment": "Public nonce from signer 0 is invalid because second half exceeds field size", - "btcec_err": "invalid public key: x >= field prime" - } - ] + "pnonces": [ + "020151C80F435648DF67A22B749CD798CE54E0321D034B92B709B567D60A42E66603BA47FBC1834437B3212E89A84D8425E7BF12E0245D98262268EBDCB385D50641", + "03FF406FFD8ADB9CD29877E4985014F66A59F6CD01C0E88CAA8E5F3166B1F676A60248C264CDD57D3C24D79990B0F865674EB62A0F9018277A95011B41BFC193B833", + "020151C80F435648DF67A22B749CD798CE54E0321D034B92B709B567D60A42E6660279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", + "03FF406FFD8ADB9CD29877E4985014F66A59F6CD01C0E88CAA8E5F3166B1F676A60379BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", + "04FF406FFD8ADB9CD29877E4985014F66A59F6CD01C0E88CAA8E5F3166B1F676A60248C264CDD57D3C24D79990B0F865674EB62A0F9018277A95011B41BFC193B833", + "03FF406FFD8ADB9CD29877E4985014F66A59F6CD01C0E88CAA8E5F3166B1F676A60248C264CDD57D3C24D79990B0F865674EB62A0F9018277A95011B41BFC193B831", + "03FF406FFD8ADB9CD29877E4985014F66A59F6CD01C0E88CAA8E5F3166B1F676A602FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC30" + ], + "valid_test_cases": [ + { + "pnonce_indices": [ + 0, + 1 + ], + "expected": "035FE1873B4F2967F52FEA4A06AD5A8ECCBE9D0FD73068012C894E2E87CCB5804B024725377345BDE0E9C33AF3C43C0A29A9249F2F2956FA8CFEB55C8573D0262DC8" + }, + { + "pnonce_indices": [ + 2, + 3 + ], + "expected": "035FE1873B4F2967F52FEA4A06AD5A8ECCBE9D0FD73068012C894E2E87CCB5804B000000000000000000000000000000000000000000000000000000000000000000", + "comment": "Sum of second points encoded in the nonces is point at infinity which is serialized as 33 zero bytes" + } + ], + "error_test_cases": [ + { + "pnonce_indices": [ + 0, + 4 + ], + "error": { + "type": "invalid_contribution", + "signer": 1, + "contrib": "pubnonce" + }, + "comment": "Public nonce from signer 1 is invalid due wrong tag, 0x04, in the first half", + "btcec_err": "invalid public key: unsupported format: 4" + }, + { + "pnonce_indices": [ + 5, + 1 + ], + "error": { + "type": "invalid_contribution", + "signer": 0, + "contrib": "pubnonce" + }, + "comment": "Public nonce from signer 0 is invalid because the second half does not correspond to an X coordinate", + "btcec_err": "invalid public key: x coordinate 48c264cdd57d3c24d79990b0f865674eb62a0f9018277a95011b41bfc193b831 is not on the secp256k1 curve" + }, + { + "pnonce_indices": [ + 6, + 1 + ], + "error": { + "type": "invalid_contribution", + "signer": 0, + "contrib": "pubnonce" + }, + "comment": "Public nonce from signer 0 is invalid because second half exceeds field size", + "btcec_err": "invalid public key: x >= field prime" + } + ] } diff --git a/pkg/crypto/ec/musig2/data/nonce_gen_vectors.json b/pkg/crypto/ec/musig2/data/nonce_gen_vectors.json index 4502349..9f6fbb2 100644 --- a/pkg/crypto/ec/musig2/data/nonce_gen_vectors.json +++ b/pkg/crypto/ec/musig2/data/nonce_gen_vectors.json @@ -1,40 +1,40 @@ { - "test_cases": [ - { - "rand_": "0000000000000000000000000000000000000000000000000000000000000000", - "sk": "0202020202020202020202020202020202020202020202020202020202020202", - "pk": "024D4B6CD1361032CA9BD2AEB9D900AA4D45D9EAD80AC9423374C451A7254D0766", - "aggpk": "0707070707070707070707070707070707070707070707070707070707070707", - "msg": "0101010101010101010101010101010101010101010101010101010101010101", - "extra_in": "0808080808080808080808080808080808080808080808080808080808080808", - "expected": "227243DCB40EF2A13A981DB188FA433717B506BDFA14B1AE47D5DC027C9C3B9EF2370B2AD206E724243215137C86365699361126991E6FEC816845F837BDDAC3024D4B6CD1361032CA9BD2AEB9D900AA4D45D9EAD80AC9423374C451A7254D0766" - }, - { - "rand_": "0000000000000000000000000000000000000000000000000000000000000000", - "sk": "0202020202020202020202020202020202020202020202020202020202020202", - "pk": "024D4B6CD1361032CA9BD2AEB9D900AA4D45D9EAD80AC9423374C451A7254D0766", - "aggpk": "0707070707070707070707070707070707070707070707070707070707070707", - "msg": "", - "extra_in": "0808080808080808080808080808080808080808080808080808080808080808", - "expected": "CD0F47FE471D6788FF3243F47345EA0A179AEF69476BE8348322EF39C2723318870C2065AFB52DEDF02BF4FDBF6D2F442E608692F50C2374C08FFFE57042A61C024D4B6CD1361032CA9BD2AEB9D900AA4D45D9EAD80AC9423374C451A7254D0766" - }, - { - "rand_": "0000000000000000000000000000000000000000000000000000000000000000", - "sk": "0202020202020202020202020202020202020202020202020202020202020202", - "pk": "024D4B6CD1361032CA9BD2AEB9D900AA4D45D9EAD80AC9423374C451A7254D0766", - "aggpk": "0707070707070707070707070707070707070707070707070707070707070707", - "msg": "2626262626262626262626262626262626262626262626262626262626262626262626262626", - "extra_in": "0808080808080808080808080808080808080808080808080808080808080808", - "expected": "011F8BC60EF061DEEF4D72A0A87200D9994B3F0CD9867910085C38D5366E3E6B9FF03BC0124E56B24069E91EC3F162378983F194E8BD0ED89BE3059649EAE262024D4B6CD1361032CA9BD2AEB9D900AA4D45D9EAD80AC9423374C451A7254D0766" - }, - { - "rand_": "0000000000000000000000000000000000000000000000000000000000000000", - "sk": null, - "pk": "02F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", - "aggpk": null, - "msg": null, - "extra_in": null, - "expected": "890E83616A3BC4640AB9B6374F21C81FF89CDDDBAFAA7475AE2A102A92E3EDB29FD7E874E23342813A60D9646948242646B7951CA046B4B36D7D6078506D3C9402F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9" - } - ] + "test_cases": [ + { + "rand_": "0000000000000000000000000000000000000000000000000000000000000000", + "sk": "0202020202020202020202020202020202020202020202020202020202020202", + "pk": "024D4B6CD1361032CA9BD2AEB9D900AA4D45D9EAD80AC9423374C451A7254D0766", + "aggpk": "0707070707070707070707070707070707070707070707070707070707070707", + "msg": "0101010101010101010101010101010101010101010101010101010101010101", + "extra_in": "0808080808080808080808080808080808080808080808080808080808080808", + "expected": "227243DCB40EF2A13A981DB188FA433717B506BDFA14B1AE47D5DC027C9C3B9EF2370B2AD206E724243215137C86365699361126991E6FEC816845F837BDDAC3024D4B6CD1361032CA9BD2AEB9D900AA4D45D9EAD80AC9423374C451A7254D0766" + }, + { + "rand_": "0000000000000000000000000000000000000000000000000000000000000000", + "sk": "0202020202020202020202020202020202020202020202020202020202020202", + "pk": "024D4B6CD1361032CA9BD2AEB9D900AA4D45D9EAD80AC9423374C451A7254D0766", + "aggpk": "0707070707070707070707070707070707070707070707070707070707070707", + "msg": "", + "extra_in": "0808080808080808080808080808080808080808080808080808080808080808", + "expected": "CD0F47FE471D6788FF3243F47345EA0A179AEF69476BE8348322EF39C2723318870C2065AFB52DEDF02BF4FDBF6D2F442E608692F50C2374C08FFFE57042A61C024D4B6CD1361032CA9BD2AEB9D900AA4D45D9EAD80AC9423374C451A7254D0766" + }, + { + "rand_": "0000000000000000000000000000000000000000000000000000000000000000", + "sk": "0202020202020202020202020202020202020202020202020202020202020202", + "pk": "024D4B6CD1361032CA9BD2AEB9D900AA4D45D9EAD80AC9423374C451A7254D0766", + "aggpk": "0707070707070707070707070707070707070707070707070707070707070707", + "msg": "2626262626262626262626262626262626262626262626262626262626262626262626262626", + "extra_in": "0808080808080808080808080808080808080808080808080808080808080808", + "expected": "011F8BC60EF061DEEF4D72A0A87200D9994B3F0CD9867910085C38D5366E3E6B9FF03BC0124E56B24069E91EC3F162378983F194E8BD0ED89BE3059649EAE262024D4B6CD1361032CA9BD2AEB9D900AA4D45D9EAD80AC9423374C451A7254D0766" + }, + { + "rand_": "0000000000000000000000000000000000000000000000000000000000000000", + "sk": null, + "pk": "02F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", + "aggpk": null, + "msg": null, + "extra_in": null, + "expected": "890E83616A3BC4640AB9B6374F21C81FF89CDDDBAFAA7475AE2A102A92E3EDB29FD7E874E23342813A60D9646948242646B7951CA046B4B36D7D6078506D3C9402F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9" + } + ] } \ No newline at end of file diff --git a/pkg/crypto/ec/musig2/data/sig_agg_vectors.json b/pkg/crypto/ec/musig2/data/sig_agg_vectors.json index afe9eaf..1370503 100644 --- a/pkg/crypto/ec/musig2/data/sig_agg_vectors.json +++ b/pkg/crypto/ec/musig2/data/sig_agg_vectors.json @@ -1,151 +1,151 @@ { - "pubkeys": [ - "03935F972DA013F80AE011890FA89B67A27B7BE6CCB24D3274D18B2D4067F261A9", - "02D2DC6F5DF7C56ACF38C7FA0AE7A759AE30E19B37359DFDE015872324C7EF6E05", - "03C7FB101D97FF930ACD0C6760852EF64E69083DE0B06AC6335724754BB4B0522C", - "02352433B21E7E05D3B452B81CAE566E06D2E003ECE16D1074AABA4289E0E3D581" - ], - "pnonces": [ - "036E5EE6E28824029FEA3E8A9DDD2C8483F5AF98F7177C3AF3CB6F47CAF8D94AE902DBA67E4A1F3680826172DA15AFB1A8CA85C7C5CC88900905C8DC8C328511B53E", - "03E4F798DA48A76EEC1C9CC5AB7A880FFBA201A5F064E627EC9CB0031D1D58FC5103E06180315C5A522B7EC7C08B69DCD721C313C940819296D0A7AB8E8795AC1F00", - "02C0068FD25523A31578B8077F24F78F5BD5F2422AFF47C1FADA0F36B3CEB6C7D202098A55D1736AA5FCC21CF0729CCE852575C06C081125144763C2C4C4A05C09B6", - "031F5C87DCFBFCF330DEE4311D85E8F1DEA01D87A6F1C14CDFC7E4F1D8C441CFA40277BF176E9F747C34F81B0D9F072B1B404A86F402C2D86CF9EA9E9C69876EA3B9", - "023F7042046E0397822C4144A17F8B63D78748696A46C3B9F0A901D296EC3406C302022B0B464292CF9751D699F10980AC764E6F671EFCA15069BBE62B0D1C62522A", - "02D97DDA5988461DF58C5897444F116A7C74E5711BF77A9446E27806563F3B6C47020CBAD9C363A7737F99FA06B6BE093CEAFF5397316C5AC46915C43767AE867C00" - ], - "tweaks": [ - "B511DA492182A91B0FFB9A98020D55F260AE86D7ECBD0399C7383D59A5F2AF7C", - "A815FE049EE3C5AAB66310477FBC8BCCCAC2F3395F59F921C364ACD78A2F48DC", - "75448A87274B056468B977BE06EB1E9F657577B7320B0A3376EA51FD420D18A8" - ], - "psigs": [ - "B15D2CD3C3D22B04DAE438CE653F6B4ECF042F42CFDED7C41B64AAF9B4AF53FB", - "6193D6AC61B354E9105BBDC8937A3454A6D705B6D57322A5A472A02CE99FCB64", - "9A87D3B79EC67228CB97878B76049B15DBD05B8158D17B5B9114D3C226887505", - "66F82EA90923689B855D36C6B7E032FB9970301481B99E01CDB4D6AC7C347A15", - "4F5AEE41510848A6447DCD1BBC78457EF69024944C87F40250D3EF2C25D33EFE", - "DDEF427BBB847CC027BEFF4EDB01038148917832253EBC355FC33F4A8E2FCCE4", - "97B890A26C981DA8102D3BC294159D171D72810FDF7C6A691DEF02F0F7AF3FDC", - "53FA9E08BA5243CBCB0D797C5EE83BC6728E539EB76C2D0BF0F971EE4E909971", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141" - ], - "msg": "599C67EA410D005B9DA90817CF03ED3B1C868E4DA4EDF00A5880B0082C237869", - "valid_test_cases": [ - { - "aggnonce": "0341432722C5CD0268D829C702CF0D1CBCE57033EED201FD335191385227C3210C03D377F2D258B64AADC0E16F26462323D701D286046A2EA93365656AFD9875982B", - "nonce_indices": [ - 0, - 1 - ], - "key_indices": [ - 0, - 1 - ], - "tweak_indices": [], - "is_xonly": [], - "psig_indices": [ - 0, - 1 - ], - "expected": "041DA22223CE65C92C9A0D6C2CAC828AAF1EEE56304FEC371DDF91EBB2B9EF0912F1038025857FEDEB3FF696F8B99FA4BB2C5812F6095A2E0004EC99CE18DE1E" - }, - { - "aggnonce": "0224AFD36C902084058B51B5D36676BBA4DC97C775873768E58822F87FE437D792028CB15929099EEE2F5DAE404CD39357591BA32E9AF4E162B8D3E7CB5EFE31CB20", - "nonce_indices": [ - 0, - 2 - ], - "key_indices": [ - 0, - 2 - ], - "tweak_indices": [], - "is_xonly": [], - "psig_indices": [ - 2, - 3 - ], - "expected": "1069B67EC3D2F3C7C08291ACCB17A9C9B8F2819A52EB5DF8726E17E7D6B52E9F01800260A7E9DAC450F4BE522DE4CE12BA91AEAF2B4279219EF74BE1D286ADD9" - }, - { - "aggnonce": "0208C5C438C710F4F96A61E9FF3C37758814B8C3AE12BFEA0ED2C87FF6954FF186020B1816EA104B4FCA2D304D733E0E19CEAD51303FF6420BFD222335CAA402916D", - "nonce_indices": [ - 0, - 3 - ], - "key_indices": [ - 0, - 2 - ], - "tweak_indices": [ - 0 - ], - "is_xonly": [ - false - ], - "psig_indices": [ - 4, - 5 - ], - "expected": "5C558E1DCADE86DA0B2F02626A512E30A22CF5255CAEA7EE32C38E9A71A0E9148BA6C0E6EC7683B64220F0298696F1B878CD47B107B81F7188812D593971E0CC" - }, - { - "aggnonce": "02B5AD07AFCD99B6D92CB433FBD2A28FDEB98EAE2EB09B6014EF0F8197CD58403302E8616910F9293CF692C49F351DB86B25E352901F0E237BAFDA11F1C1CEF29FFD", - "nonce_indices": [ - 0, - 4 - ], - "key_indices": [ - 0, - 3 - ], - "tweak_indices": [ - 0, - 1, - 2 - ], - "is_xonly": [ - true, - false, - true - ], - "psig_indices": [ - 6, - 7 - ], - "expected": "839B08820B681DBA8DAF4CC7B104E8F2638F9388F8D7A555DC17B6E6971D7426CE07BF6AB01F1DB50E4E33719295F4094572B79868E440FB3DEFD3FAC1DB589E" - } - ], - "error_test_cases": [ - { - "aggnonce": "02B5AD07AFCD99B6D92CB433FBD2A28FDEB98EAE2EB09B6014EF0F8197CD58403302E8616910F9293CF692C49F351DB86B25E352901F0E237BAFDA11F1C1CEF29FFD", - "nonce_indices": [ - 0, - 4 - ], - "key_indices": [ - 0, - 3 - ], - "tweak_indices": [ - 0, - 1, - 2 - ], - "is_xonly": [ - true, - false, - true - ], - "psig_indices": [ - 7, - 8 - ], - "error": { - "type": "invalid_contribution", - "signer": 1 - }, - "comment": "Partial signature is invalid because it exceeds group size" - } - ] + "pubkeys": [ + "03935F972DA013F80AE011890FA89B67A27B7BE6CCB24D3274D18B2D4067F261A9", + "02D2DC6F5DF7C56ACF38C7FA0AE7A759AE30E19B37359DFDE015872324C7EF6E05", + "03C7FB101D97FF930ACD0C6760852EF64E69083DE0B06AC6335724754BB4B0522C", + "02352433B21E7E05D3B452B81CAE566E06D2E003ECE16D1074AABA4289E0E3D581" + ], + "pnonces": [ + "036E5EE6E28824029FEA3E8A9DDD2C8483F5AF98F7177C3AF3CB6F47CAF8D94AE902DBA67E4A1F3680826172DA15AFB1A8CA85C7C5CC88900905C8DC8C328511B53E", + "03E4F798DA48A76EEC1C9CC5AB7A880FFBA201A5F064E627EC9CB0031D1D58FC5103E06180315C5A522B7EC7C08B69DCD721C313C940819296D0A7AB8E8795AC1F00", + "02C0068FD25523A31578B8077F24F78F5BD5F2422AFF47C1FADA0F36B3CEB6C7D202098A55D1736AA5FCC21CF0729CCE852575C06C081125144763C2C4C4A05C09B6", + "031F5C87DCFBFCF330DEE4311D85E8F1DEA01D87A6F1C14CDFC7E4F1D8C441CFA40277BF176E9F747C34F81B0D9F072B1B404A86F402C2D86CF9EA9E9C69876EA3B9", + "023F7042046E0397822C4144A17F8B63D78748696A46C3B9F0A901D296EC3406C302022B0B464292CF9751D699F10980AC764E6F671EFCA15069BBE62B0D1C62522A", + "02D97DDA5988461DF58C5897444F116A7C74E5711BF77A9446E27806563F3B6C47020CBAD9C363A7737F99FA06B6BE093CEAFF5397316C5AC46915C43767AE867C00" + ], + "tweaks": [ + "B511DA492182A91B0FFB9A98020D55F260AE86D7ECBD0399C7383D59A5F2AF7C", + "A815FE049EE3C5AAB66310477FBC8BCCCAC2F3395F59F921C364ACD78A2F48DC", + "75448A87274B056468B977BE06EB1E9F657577B7320B0A3376EA51FD420D18A8" + ], + "psigs": [ + "B15D2CD3C3D22B04DAE438CE653F6B4ECF042F42CFDED7C41B64AAF9B4AF53FB", + "6193D6AC61B354E9105BBDC8937A3454A6D705B6D57322A5A472A02CE99FCB64", + "9A87D3B79EC67228CB97878B76049B15DBD05B8158D17B5B9114D3C226887505", + "66F82EA90923689B855D36C6B7E032FB9970301481B99E01CDB4D6AC7C347A15", + "4F5AEE41510848A6447DCD1BBC78457EF69024944C87F40250D3EF2C25D33EFE", + "DDEF427BBB847CC027BEFF4EDB01038148917832253EBC355FC33F4A8E2FCCE4", + "97B890A26C981DA8102D3BC294159D171D72810FDF7C6A691DEF02F0F7AF3FDC", + "53FA9E08BA5243CBCB0D797C5EE83BC6728E539EB76C2D0BF0F971EE4E909971", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141" + ], + "msg": "599C67EA410D005B9DA90817CF03ED3B1C868E4DA4EDF00A5880B0082C237869", + "valid_test_cases": [ + { + "aggnonce": "0341432722C5CD0268D829C702CF0D1CBCE57033EED201FD335191385227C3210C03D377F2D258B64AADC0E16F26462323D701D286046A2EA93365656AFD9875982B", + "nonce_indices": [ + 0, + 1 + ], + "key_indices": [ + 0, + 1 + ], + "tweak_indices": [], + "is_xonly": [], + "psig_indices": [ + 0, + 1 + ], + "expected": "041DA22223CE65C92C9A0D6C2CAC828AAF1EEE56304FEC371DDF91EBB2B9EF0912F1038025857FEDEB3FF696F8B99FA4BB2C5812F6095A2E0004EC99CE18DE1E" + }, + { + "aggnonce": "0224AFD36C902084058B51B5D36676BBA4DC97C775873768E58822F87FE437D792028CB15929099EEE2F5DAE404CD39357591BA32E9AF4E162B8D3E7CB5EFE31CB20", + "nonce_indices": [ + 0, + 2 + ], + "key_indices": [ + 0, + 2 + ], + "tweak_indices": [], + "is_xonly": [], + "psig_indices": [ + 2, + 3 + ], + "expected": "1069B67EC3D2F3C7C08291ACCB17A9C9B8F2819A52EB5DF8726E17E7D6B52E9F01800260A7E9DAC450F4BE522DE4CE12BA91AEAF2B4279219EF74BE1D286ADD9" + }, + { + "aggnonce": "0208C5C438C710F4F96A61E9FF3C37758814B8C3AE12BFEA0ED2C87FF6954FF186020B1816EA104B4FCA2D304D733E0E19CEAD51303FF6420BFD222335CAA402916D", + "nonce_indices": [ + 0, + 3 + ], + "key_indices": [ + 0, + 2 + ], + "tweak_indices": [ + 0 + ], + "is_xonly": [ + false + ], + "psig_indices": [ + 4, + 5 + ], + "expected": "5C558E1DCADE86DA0B2F02626A512E30A22CF5255CAEA7EE32C38E9A71A0E9148BA6C0E6EC7683B64220F0298696F1B878CD47B107B81F7188812D593971E0CC" + }, + { + "aggnonce": "02B5AD07AFCD99B6D92CB433FBD2A28FDEB98EAE2EB09B6014EF0F8197CD58403302E8616910F9293CF692C49F351DB86B25E352901F0E237BAFDA11F1C1CEF29FFD", + "nonce_indices": [ + 0, + 4 + ], + "key_indices": [ + 0, + 3 + ], + "tweak_indices": [ + 0, + 1, + 2 + ], + "is_xonly": [ + true, + false, + true + ], + "psig_indices": [ + 6, + 7 + ], + "expected": "839B08820B681DBA8DAF4CC7B104E8F2638F9388F8D7A555DC17B6E6971D7426CE07BF6AB01F1DB50E4E33719295F4094572B79868E440FB3DEFD3FAC1DB589E" + } + ], + "error_test_cases": [ + { + "aggnonce": "02B5AD07AFCD99B6D92CB433FBD2A28FDEB98EAE2EB09B6014EF0F8197CD58403302E8616910F9293CF692C49F351DB86B25E352901F0E237BAFDA11F1C1CEF29FFD", + "nonce_indices": [ + 0, + 4 + ], + "key_indices": [ + 0, + 3 + ], + "tweak_indices": [ + 0, + 1, + 2 + ], + "is_xonly": [ + true, + false, + true + ], + "psig_indices": [ + 7, + 8 + ], + "error": { + "type": "invalid_contribution", + "signer": 1 + }, + "comment": "Partial signature is invalid because it exceeds group size" + } + ] } \ No newline at end of file diff --git a/pkg/crypto/ec/musig2/data/sign_verify_vectors.json b/pkg/crypto/ec/musig2/data/sign_verify_vectors.json index 3245371..c26c4aa 100644 --- a/pkg/crypto/ec/musig2/data/sign_verify_vectors.json +++ b/pkg/crypto/ec/musig2/data/sign_verify_vectors.json @@ -1,194 +1,287 @@ { - "sk": "7FB9E0E687ADA1EEBF7ECFE2F21E73EBDB51A7D450948DFE8D76D7F2D1007671", - "pubkeys": [ - "03935F972DA013F80AE011890FA89B67A27B7BE6CCB24D3274D18B2D4067F261A9", - "02F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", - "02DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA661", - "020000000000000000000000000000000000000000000000000000000000000007" - ], - "secnonces": [ - "508B81A611F100A6B2B6B29656590898AF488BCF2E1F55CF22E5CFB84421FE61FA27FD49B1D50085B481285E1CA205D55C82CC1B31FF5CD54A489829355901F703935F972DA013F80AE011890FA89B67A27B7BE6CCB24D3274D18B2D4067F261A9", - "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003935F972DA013F80AE011890FA89B67A27B7BE6CCB24D3274D18B2D4067F261A9" - ], - "pnonces": [ - "0337C87821AFD50A8644D820A8F3E02E499C931865C2360FB43D0A0D20DAFE07EA0287BF891D2A6DEAEBADC909352AA9405D1428C15F4B75F04DAE642A95C2548480", - "0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F817980279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", - "032DE2662628C90B03F5E720284EB52FF7D71F4284F627B68A853D78C78E1FFE9303E4C5524E83FFE1493B9077CF1CA6BEB2090C93D930321071AD40B2F44E599046", - "0237C87821AFD50A8644D820A8F3E02E499C931865C2360FB43D0A0D20DAFE07EA0387BF891D2A6DEAEBADC909352AA9405D1428C15F4B75F04DAE642A95C2548480", - "020000000000000000000000000000000000000000000000000000000000000009" - ], - "aggnonces": [ - "028465FCF0BBDBCF443AABCCE533D42B4B5A10966AC09A49655E8C42DAAB8FCD61037496A3CC86926D452CAFCFD55D25972CA1675D549310DE296BFF42F72EEEA8C9", - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", - "048465FCF0BBDBCF443AABCCE533D42B4B5A10966AC09A49655E8C42DAAB8FCD61037496A3CC86926D452CAFCFD55D25972CA1675D549310DE296BFF42F72EEEA8C9", - "028465FCF0BBDBCF443AABCCE533D42B4B5A10966AC09A49655E8C42DAAB8FCD61020000000000000000000000000000000000000000000000000000000000000009", - "028465FCF0BBDBCF443AABCCE533D42B4B5A10966AC09A49655E8C42DAAB8FCD6102FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC30" - ], - "msgs": [ - "F95466D086770E689964664219266FE5ED215C92AE20BAB5C9D79ADDDDF3C0CF", - "", - "2626262626262626262626262626262626262626262626262626262626262626262626262626" - ], - "valid_test_cases": [ - { - "key_indices": [0, 1, 2], - "nonce_indices": [0, 1, 2], - "aggnonce_index": 0, - "msg_index": 0, - "signer_index": 0, - "expected": "012ABBCB52B3016AC03AD82395A1A415C48B93DEF78718E62A7A90052FE224FB" - }, - { - "key_indices": [1, 0, 2], - "nonce_indices": [1, 0, 2], - "aggnonce_index": 0, - "msg_index": 0, - "signer_index": 1, - "expected": "9FF2F7AAA856150CC8819254218D3ADEEB0535269051897724F9DB3789513A52" - }, - { - "key_indices": [1, 2, 0], - "nonce_indices": [1, 2, 0], - "aggnonce_index": 0, - "msg_index": 0, - "signer_index": 2, - "expected": "FA23C359F6FAC4E7796BB93BC9F0532A95468C539BA20FF86D7C76ED92227900" - }, - { - "key_indices": [0, 1], - "nonce_indices": [0, 3], - "aggnonce_index": 1, - "msg_index": 0, - "signer_index": 0, - "expected": "AE386064B26105404798F75DE2EB9AF5EDA5387B064B83D049CB7C5E08879531", - "comment": "Both halves of aggregate nonce correspond to point at infinity" - } - ], - "sign_error_test_cases": [ - { - "key_indices": [1, 2], - "aggnonce_index": 0, - "msg_index": 0, - "secnonce_index": 0, - "error": { - "type": "value", - "message": "The signer's pubkey must be included in the list of pubkeys." - }, - "comment": "The signers pubkey is not in the list of pubkeys" - }, - { - "key_indices": [1, 0, 3], - "aggnonce_index": 0, - "msg_index": 0, - "secnonce_index": 0, - "error": { - "type": "invalid_contribution", - "signer": 2, - "contrib": "pubkey" - }, - "comment": "Signer 2 provided an invalid public key" - }, - { - "key_indices": [1, 2, 0], - "aggnonce_index": 2, - "msg_index": 0, - "secnonce_index": 0, - "error": { - "type": "invalid_contribution", - "signer": null, - "contrib": "aggnonce" - }, - "comment": "Aggregate nonce is invalid due wrong tag, 0x04, in the first half" - }, - { - "key_indices": [1, 2, 0], - "aggnonce_index": 3, - "msg_index": 0, - "secnonce_index": 0, - "error": { - "type": "invalid_contribution", - "signer": null, - "contrib": "aggnonce" - }, - "comment": "Aggregate nonce is invalid because the second half does not correspond to an X coordinate" - }, - { - "key_indices": [1, 2, 0], - "aggnonce_index": 4, - "msg_index": 0, - "secnonce_index": 0, - "error": { - "type": "invalid_contribution", - "signer": null, - "contrib": "aggnonce" - }, - "comment": "Aggregate nonce is invalid because second half exceeds field size" - }, - { - "key_indices": [0, 1, 2], - "aggnonce_index": 0, - "msg_index": 0, - "signer_index": 0, - "secnonce_index": 1, - "error": { - "type": "value", - "message": "first secnonce value is out of range." - }, - "comment": "Secnonce is invalid which may indicate nonce reuse" - } - ], - "verify_fail_test_cases": [ - { - "sig": "97AC833ADCB1AFA42EBF9E0725616F3C9A0D5B614F6FE283CEAAA37A8FFAF406", - "key_indices": [0, 1, 2], - "nonce_indices": [0, 1, 2], - "msg_index": 0, - "signer_index": 0, - "comment": "Wrong signature (which is equal to the negation of valid signature)" - }, - { - "sig": "68537CC5234E505BD14061F8DA9E90C220A181855FD8BDB7F127BB12403B4D3B", - "key_indices": [0, 1, 2], - "nonce_indices": [0, 1, 2], - "msg_index": 0, - "signer_index": 1, - "comment": "Wrong signer" - }, - { - "sig": "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", - "key_indices": [0, 1, 2], - "nonce_indices": [0, 1, 2], - "msg_index": 0, - "signer_index": 0, - "comment": "Signature exceeds group size" - } - ], - "verify_error_test_cases": [ - { - "sig": "68537CC5234E505BD14061F8DA9E90C220A181855FD8BDB7F127BB12403B4D3B", - "key_indices": [0, 1, 2], - "nonce_indices": [4, 1, 2], - "msg_index": 0, - "signer_index": 0, - "error": { - "type": "invalid_contribution", - "signer": 0, - "contrib": "pubnonce" - }, - "comment": "Invalid pubnonce" - }, - { - "sig": "68537CC5234E505BD14061F8DA9E90C220A181855FD8BDB7F127BB12403B4D3B", - "key_indices": [3, 1, 2], - "nonce_indices": [0, 1, 2], - "msg_index": 0, - "signer_index": 0, - "error": { - "type": "invalid_contribution", - "signer": 0, - "contrib": "pubkey" - }, - "comment": "Invalid pubkey" - } - ] + "sk": "7FB9E0E687ADA1EEBF7ECFE2F21E73EBDB51A7D450948DFE8D76D7F2D1007671", + "pubkeys": [ + "03935F972DA013F80AE011890FA89B67A27B7BE6CCB24D3274D18B2D4067F261A9", + "02F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", + "02DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA661", + "020000000000000000000000000000000000000000000000000000000000000007" + ], + "secnonces": [ + "508B81A611F100A6B2B6B29656590898AF488BCF2E1F55CF22E5CFB84421FE61FA27FD49B1D50085B481285E1CA205D55C82CC1B31FF5CD54A489829355901F703935F972DA013F80AE011890FA89B67A27B7BE6CCB24D3274D18B2D4067F261A9", + "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003935F972DA013F80AE011890FA89B67A27B7BE6CCB24D3274D18B2D4067F261A9" + ], + "pnonces": [ + "0337C87821AFD50A8644D820A8F3E02E499C931865C2360FB43D0A0D20DAFE07EA0287BF891D2A6DEAEBADC909352AA9405D1428C15F4B75F04DAE642A95C2548480", + "0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F817980279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", + "032DE2662628C90B03F5E720284EB52FF7D71F4284F627B68A853D78C78E1FFE9303E4C5524E83FFE1493B9077CF1CA6BEB2090C93D930321071AD40B2F44E599046", + "0237C87821AFD50A8644D820A8F3E02E499C931865C2360FB43D0A0D20DAFE07EA0387BF891D2A6DEAEBADC909352AA9405D1428C15F4B75F04DAE642A95C2548480", + "020000000000000000000000000000000000000000000000000000000000000009" + ], + "aggnonces": [ + "028465FCF0BBDBCF443AABCCE533D42B4B5A10966AC09A49655E8C42DAAB8FCD61037496A3CC86926D452CAFCFD55D25972CA1675D549310DE296BFF42F72EEEA8C9", + "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "048465FCF0BBDBCF443AABCCE533D42B4B5A10966AC09A49655E8C42DAAB8FCD61037496A3CC86926D452CAFCFD55D25972CA1675D549310DE296BFF42F72EEEA8C9", + "028465FCF0BBDBCF443AABCCE533D42B4B5A10966AC09A49655E8C42DAAB8FCD61020000000000000000000000000000000000000000000000000000000000000009", + "028465FCF0BBDBCF443AABCCE533D42B4B5A10966AC09A49655E8C42DAAB8FCD6102FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC30" + ], + "msgs": [ + "F95466D086770E689964664219266FE5ED215C92AE20BAB5C9D79ADDDDF3C0CF", + "", + "2626262626262626262626262626262626262626262626262626262626262626262626262626" + ], + "valid_test_cases": [ + { + "key_indices": [ + 0, + 1, + 2 + ], + "nonce_indices": [ + 0, + 1, + 2 + ], + "aggnonce_index": 0, + "msg_index": 0, + "signer_index": 0, + "expected": "012ABBCB52B3016AC03AD82395A1A415C48B93DEF78718E62A7A90052FE224FB" + }, + { + "key_indices": [ + 1, + 0, + 2 + ], + "nonce_indices": [ + 1, + 0, + 2 + ], + "aggnonce_index": 0, + "msg_index": 0, + "signer_index": 1, + "expected": "9FF2F7AAA856150CC8819254218D3ADEEB0535269051897724F9DB3789513A52" + }, + { + "key_indices": [ + 1, + 2, + 0 + ], + "nonce_indices": [ + 1, + 2, + 0 + ], + "aggnonce_index": 0, + "msg_index": 0, + "signer_index": 2, + "expected": "FA23C359F6FAC4E7796BB93BC9F0532A95468C539BA20FF86D7C76ED92227900" + }, + { + "key_indices": [ + 0, + 1 + ], + "nonce_indices": [ + 0, + 3 + ], + "aggnonce_index": 1, + "msg_index": 0, + "signer_index": 0, + "expected": "AE386064B26105404798F75DE2EB9AF5EDA5387B064B83D049CB7C5E08879531", + "comment": "Both halves of aggregate nonce correspond to point at infinity" + } + ], + "sign_error_test_cases": [ + { + "key_indices": [ + 1, + 2 + ], + "aggnonce_index": 0, + "msg_index": 0, + "secnonce_index": 0, + "error": { + "type": "value", + "message": "The signer's pubkey must be included in the list of pubkeys." + }, + "comment": "The signers pubkey is not in the list of pubkeys" + }, + { + "key_indices": [ + 1, + 0, + 3 + ], + "aggnonce_index": 0, + "msg_index": 0, + "secnonce_index": 0, + "error": { + "type": "invalid_contribution", + "signer": 2, + "contrib": "pubkey" + }, + "comment": "Signer 2 provided an invalid public key" + }, + { + "key_indices": [ + 1, + 2, + 0 + ], + "aggnonce_index": 2, + "msg_index": 0, + "secnonce_index": 0, + "error": { + "type": "invalid_contribution", + "signer": null, + "contrib": "aggnonce" + }, + "comment": "Aggregate nonce is invalid due wrong tag, 0x04, in the first half" + }, + { + "key_indices": [ + 1, + 2, + 0 + ], + "aggnonce_index": 3, + "msg_index": 0, + "secnonce_index": 0, + "error": { + "type": "invalid_contribution", + "signer": null, + "contrib": "aggnonce" + }, + "comment": "Aggregate nonce is invalid because the second half does not correspond to an X coordinate" + }, + { + "key_indices": [ + 1, + 2, + 0 + ], + "aggnonce_index": 4, + "msg_index": 0, + "secnonce_index": 0, + "error": { + "type": "invalid_contribution", + "signer": null, + "contrib": "aggnonce" + }, + "comment": "Aggregate nonce is invalid because second half exceeds field size" + }, + { + "key_indices": [ + 0, + 1, + 2 + ], + "aggnonce_index": 0, + "msg_index": 0, + "signer_index": 0, + "secnonce_index": 1, + "error": { + "type": "value", + "message": "first secnonce value is out of range." + }, + "comment": "Secnonce is invalid which may indicate nonce reuse" + } + ], + "verify_fail_test_cases": [ + { + "sig": "97AC833ADCB1AFA42EBF9E0725616F3C9A0D5B614F6FE283CEAAA37A8FFAF406", + "key_indices": [ + 0, + 1, + 2 + ], + "nonce_indices": [ + 0, + 1, + 2 + ], + "msg_index": 0, + "signer_index": 0, + "comment": "Wrong signature (which is equal to the negation of valid signature)" + }, + { + "sig": "68537CC5234E505BD14061F8DA9E90C220A181855FD8BDB7F127BB12403B4D3B", + "key_indices": [ + 0, + 1, + 2 + ], + "nonce_indices": [ + 0, + 1, + 2 + ], + "msg_index": 0, + "signer_index": 1, + "comment": "Wrong signer" + }, + { + "sig": "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", + "key_indices": [ + 0, + 1, + 2 + ], + "nonce_indices": [ + 0, + 1, + 2 + ], + "msg_index": 0, + "signer_index": 0, + "comment": "Signature exceeds group size" + } + ], + "verify_error_test_cases": [ + { + "sig": "68537CC5234E505BD14061F8DA9E90C220A181855FD8BDB7F127BB12403B4D3B", + "key_indices": [ + 0, + 1, + 2 + ], + "nonce_indices": [ + 4, + 1, + 2 + ], + "msg_index": 0, + "signer_index": 0, + "error": { + "type": "invalid_contribution", + "signer": 0, + "contrib": "pubnonce" + }, + "comment": "Invalid pubnonce" + }, + { + "sig": "68537CC5234E505BD14061F8DA9E90C220A181855FD8BDB7F127BB12403B4D3B", + "key_indices": [ + 3, + 1, + 2 + ], + "nonce_indices": [ + 0, + 1, + 2 + ], + "msg_index": 0, + "signer_index": 0, + "error": { + "type": "invalid_contribution", + "signer": 0, + "contrib": "pubkey" + }, + "comment": "Invalid pubkey" + } + ] } diff --git a/pkg/crypto/ec/musig2/data/tweak_vectors.json b/pkg/crypto/ec/musig2/data/tweak_vectors.json index d0a7cfe..20f3403 100644 --- a/pkg/crypto/ec/musig2/data/tweak_vectors.json +++ b/pkg/crypto/ec/musig2/data/tweak_vectors.json @@ -1,84 +1,170 @@ { - "sk": "7FB9E0E687ADA1EEBF7ECFE2F21E73EBDB51A7D450948DFE8D76D7F2D1007671", - "pubkeys": [ - "03935F972DA013F80AE011890FA89B67A27B7BE6CCB24D3274D18B2D4067F261A9", - "02F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", - "02DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659" - ], - "secnonce": "508B81A611F100A6B2B6B29656590898AF488BCF2E1F55CF22E5CFB84421FE61FA27FD49B1D50085B481285E1CA205D55C82CC1B31FF5CD54A489829355901F703935F972DA013F80AE011890FA89B67A27B7BE6CCB24D3274D18B2D4067F261A9", - "pnonces": [ - "0337C87821AFD50A8644D820A8F3E02E499C931865C2360FB43D0A0D20DAFE07EA0287BF891D2A6DEAEBADC909352AA9405D1428C15F4B75F04DAE642A95C2548480", - "0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F817980279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", - "032DE2662628C90B03F5E720284EB52FF7D71F4284F627B68A853D78C78E1FFE9303E4C5524E83FFE1493B9077CF1CA6BEB2090C93D930321071AD40B2F44E599046" - ], - "aggnonce": "028465FCF0BBDBCF443AABCCE533D42B4B5A10966AC09A49655E8C42DAAB8FCD61037496A3CC86926D452CAFCFD55D25972CA1675D549310DE296BFF42F72EEEA8C9", - "tweaks": [ - "E8F791FF9225A2AF0102AFFF4A9A723D9612A682A25EBE79802B263CDFCD83BB", - "AE2EA797CC0FE72AC5B97B97F3C6957D7E4199A167A58EB08BCAFFDA70AC0455", - "F52ECBC565B3D8BEA2DFD5B75A4F457E54369809322E4120831626F290FA87E0", - "1969AD73CC177FA0B4FCED6DF1F7BF9907E665FDE9BA196A74FED0A3CF5AEF9D", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141" - ], - "msg": "F95466D086770E689964664219266FE5ED215C92AE20BAB5C9D79ADDDDF3C0CF", - "valid_test_cases": [ - { - "key_indices": [1, 2, 0], - "nonce_indices": [1, 2, 0], - "tweak_indices": [0], - "is_xonly": [true], - "signer_index": 2, - "expected": "E28A5C66E61E178C2BA19DB77B6CF9F7E2F0F56C17918CD13135E60CC848FE91", - "comment": "A single x-only tweak" - }, - { - "key_indices": [1, 2, 0], - "nonce_indices": [1, 2, 0], - "tweak_indices": [0], - "is_xonly": [false], - "signer_index": 2, - "expected": "38B0767798252F21BF5702C48028B095428320F73A4B14DB1E25DE58543D2D2D", - "comment": "A single plain tweak" - }, - { - "key_indices": [1, 2, 0], - "nonce_indices": [1, 2, 0], - "tweak_indices": [0, 1], - "is_xonly": [false, true], - "signer_index": 2, - "expected": "408A0A21C4A0F5DACAF9646AD6EB6FECD7F7A11F03ED1F48DFFF2185BC2C2408", - "comment": "A plain tweak followed by an x-only tweak" - }, - { - "key_indices": [1, 2, 0], - "nonce_indices": [1, 2, 0], - "tweak_indices": [0, 1, 2, 3], - "is_xonly": [false, false, true, true], - "signer_index": 2, - "expected": "45ABD206E61E3DF2EC9E264A6FEC8292141A633C28586388235541F9ADE75435", - "comment": "Four tweaks: plain, plain, x-only, x-only." - }, - { - "key_indices": [1, 2, 0], - "nonce_indices": [1, 2, 0], - "tweak_indices": [0, 1, 2, 3], - "is_xonly": [true, false, true, false], - "signer_index": 2, - "expected": "B255FDCAC27B40C7CE7848E2D3B7BF5EA0ED756DA81565AC804CCCA3E1D5D239", - "comment": "Four tweaks: x-only, plain, x-only, plain. If an implementation prohibits applying plain tweaks after x-only tweaks, it can skip this test vector or return an error." - } - ], - "error_test_cases": [ - { - "key_indices": [1, 2, 0], - "nonce_indices": [1, 2, 0], - "tweak_indices": [4], - "is_xonly": [false], - "signer_index": 2, - "error": { - "type": "value", - "message": "The tweak must be less than n." - }, - "comment": "Tweak is invalid because it exceeds group size" - } - ] + "sk": "7FB9E0E687ADA1EEBF7ECFE2F21E73EBDB51A7D450948DFE8D76D7F2D1007671", + "pubkeys": [ + "03935F972DA013F80AE011890FA89B67A27B7BE6CCB24D3274D18B2D4067F261A9", + "02F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", + "02DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659" + ], + "secnonce": "508B81A611F100A6B2B6B29656590898AF488BCF2E1F55CF22E5CFB84421FE61FA27FD49B1D50085B481285E1CA205D55C82CC1B31FF5CD54A489829355901F703935F972DA013F80AE011890FA89B67A27B7BE6CCB24D3274D18B2D4067F261A9", + "pnonces": [ + "0337C87821AFD50A8644D820A8F3E02E499C931865C2360FB43D0A0D20DAFE07EA0287BF891D2A6DEAEBADC909352AA9405D1428C15F4B75F04DAE642A95C2548480", + "0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F817980279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", + "032DE2662628C90B03F5E720284EB52FF7D71F4284F627B68A853D78C78E1FFE9303E4C5524E83FFE1493B9077CF1CA6BEB2090C93D930321071AD40B2F44E599046" + ], + "aggnonce": "028465FCF0BBDBCF443AABCCE533D42B4B5A10966AC09A49655E8C42DAAB8FCD61037496A3CC86926D452CAFCFD55D25972CA1675D549310DE296BFF42F72EEEA8C9", + "tweaks": [ + "E8F791FF9225A2AF0102AFFF4A9A723D9612A682A25EBE79802B263CDFCD83BB", + "AE2EA797CC0FE72AC5B97B97F3C6957D7E4199A167A58EB08BCAFFDA70AC0455", + "F52ECBC565B3D8BEA2DFD5B75A4F457E54369809322E4120831626F290FA87E0", + "1969AD73CC177FA0B4FCED6DF1F7BF9907E665FDE9BA196A74FED0A3CF5AEF9D", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141" + ], + "msg": "F95466D086770E689964664219266FE5ED215C92AE20BAB5C9D79ADDDDF3C0CF", + "valid_test_cases": [ + { + "key_indices": [ + 1, + 2, + 0 + ], + "nonce_indices": [ + 1, + 2, + 0 + ], + "tweak_indices": [ + 0 + ], + "is_xonly": [ + true + ], + "signer_index": 2, + "expected": "E28A5C66E61E178C2BA19DB77B6CF9F7E2F0F56C17918CD13135E60CC848FE91", + "comment": "A single x-only tweak" + }, + { + "key_indices": [ + 1, + 2, + 0 + ], + "nonce_indices": [ + 1, + 2, + 0 + ], + "tweak_indices": [ + 0 + ], + "is_xonly": [ + false + ], + "signer_index": 2, + "expected": "38B0767798252F21BF5702C48028B095428320F73A4B14DB1E25DE58543D2D2D", + "comment": "A single plain tweak" + }, + { + "key_indices": [ + 1, + 2, + 0 + ], + "nonce_indices": [ + 1, + 2, + 0 + ], + "tweak_indices": [ + 0, + 1 + ], + "is_xonly": [ + false, + true + ], + "signer_index": 2, + "expected": "408A0A21C4A0F5DACAF9646AD6EB6FECD7F7A11F03ED1F48DFFF2185BC2C2408", + "comment": "A plain tweak followed by an x-only tweak" + }, + { + "key_indices": [ + 1, + 2, + 0 + ], + "nonce_indices": [ + 1, + 2, + 0 + ], + "tweak_indices": [ + 0, + 1, + 2, + 3 + ], + "is_xonly": [ + false, + false, + true, + true + ], + "signer_index": 2, + "expected": "45ABD206E61E3DF2EC9E264A6FEC8292141A633C28586388235541F9ADE75435", + "comment": "Four tweaks: plain, plain, x-only, x-only." + }, + { + "key_indices": [ + 1, + 2, + 0 + ], + "nonce_indices": [ + 1, + 2, + 0 + ], + "tweak_indices": [ + 0, + 1, + 2, + 3 + ], + "is_xonly": [ + true, + false, + true, + false + ], + "signer_index": 2, + "expected": "B255FDCAC27B40C7CE7848E2D3B7BF5EA0ED756DA81565AC804CCCA3E1D5D239", + "comment": "Four tweaks: x-only, plain, x-only, plain. If an implementation prohibits applying plain tweaks after x-only tweaks, it can skip this test vector or return an error." + } + ], + "error_test_cases": [ + { + "key_indices": [ + 1, + 2, + 0 + ], + "nonce_indices": [ + 1, + 2, + 0 + ], + "tweak_indices": [ + 4 + ], + "is_xonly": [ + false + ], + "signer_index": 2, + "error": { + "type": "value", + "message": "The tweak must be less than n." + }, + "comment": "Tweak is invalid because it exceeds group size" + } + ] } diff --git a/pkg/crypto/ec/musig2/keys.go b/pkg/crypto/ec/musig2/keys.go index aedcbad..967216b 100644 --- a/pkg/crypto/ec/musig2/keys.go +++ b/pkg/crypto/ec/musig2/keys.go @@ -5,11 +5,12 @@ package musig2 import ( "bytes" "fmt" + "sort" + "orly.dev/pkg/crypto/ec" "orly.dev/pkg/crypto/ec/chainhash" "orly.dev/pkg/crypto/ec/schnorr" "orly.dev/pkg/crypto/ec/secp256k1" - "sort" ) var ( @@ -224,7 +225,7 @@ func defaultKeyAggOptions() *keyAggOption { return &keyAggOption{} } // point has an even y coordinate. // // TODO(roasbeef): double check, can just check the y coord even not jacobian? -func hasEvenY(pJ btcec.btcec) bool { +func hasEvenY(pJ btcec.JacobianPoint) bool { pJ.ToAffine() p := btcec.NewPublicKey(&pJ.X, &pJ.Y) keyBytes := p.SerializeCompressed() @@ -237,7 +238,7 @@ func hasEvenY(pJ btcec.btcec) bool { // by the parity factor. The xOnly bool specifies if this is to be an x-only // tweak or not. func tweakKey( - keyJ btcec.btcec, parityAcc btcec.ModNScalar, + keyJ btcec.JacobianPoint, parityAcc btcec.ModNScalar, tweak [32]byte, tweakAcc btcec.ModNScalar, xOnly bool, diff --git a/pkg/crypto/ec/musig2/keys_test.go b/pkg/crypto/ec/musig2/keys_test.go index e202836..bc82e3f 100644 --- a/pkg/crypto/ec/musig2/keys_test.go +++ b/pkg/crypto/ec/musig2/keys_test.go @@ -5,15 +5,16 @@ package musig2 import ( "encoding/json" "fmt" - "orly.dev/pkg/crypto/ec" - "orly.dev/pkg/crypto/ec/schnorr" - "orly.dev/pkg/crypto/ec/secp256k1" - "orly.dev/pkg/encoders/hex" "os" "path" "strings" "testing" + "orly.dev/pkg/crypto/ec" + "orly.dev/pkg/crypto/ec/schnorr" + "orly.dev/pkg/crypto/ec/secp256k1" + "orly.dev/pkg/encoders/hex" + "github.com/stretchr/testify/require" ) @@ -39,9 +40,9 @@ func TestMusig2KeySort(t *testing.T) { require.NoError(t, err) var testCase keySortTestVector require.NoError(t, json.Unmarshal(testVectorBytes, &testCase)) - keys := make([]*btcec.btcec, len(testCase.PubKeys)) + keys := make([]*btcec.PublicKey, len(testCase.PubKeys)) for i, keyStr := range testCase.PubKeys { - pubKey, err := btcec.btcec.ParsePubKey(mustParseHex(keyStr)) + pubKey, err := btcec.ParsePubKey(mustParseHex(keyStr)) require.NoError(t, err) keys[i] = pubKey } diff --git a/pkg/crypto/ec/musig2/musig2_test.go b/pkg/crypto/ec/musig2/musig2_test.go index 91c827b..7c391bf 100644 --- a/pkg/crypto/ec/musig2/musig2_test.go +++ b/pkg/crypto/ec/musig2/musig2_test.go @@ -5,11 +5,12 @@ package musig2 import ( "errors" "fmt" + "sync" + "testing" + "orly.dev/pkg/crypto/ec" "orly.dev/pkg/crypto/sha256" "orly.dev/pkg/encoders/hex" - "sync" - "testing" ) const ( @@ -26,14 +27,14 @@ func mustParseHex(str string) []byte { type signer struct { privKey *btcec.SecretKey - pubKey *btcec.btcec + pubKey *btcec.PublicKey nonces *Nonces partialSig *PartialSignature } type signerSet []signer -func (s signerSet) keys() []*btcec.btcec { +func (s signerSet) keys() []*btcec.PublicKey { keys := make([]*btcec.PublicKey, len(s)) for i := 0; i < len(s); i++ { keys[i] = s[i].pubKey diff --git a/pkg/crypto/ec/musig2/nonces.go b/pkg/crypto/ec/musig2/nonces.go index 151ae67..761d8bd 100644 --- a/pkg/crypto/ec/musig2/nonces.go +++ b/pkg/crypto/ec/musig2/nonces.go @@ -8,6 +8,7 @@ import ( "encoding/binary" "errors" "io" + "orly.dev/pkg/crypto/ec" "orly.dev/pkg/crypto/ec/chainhash" "orly.dev/pkg/crypto/ec/schnorr" @@ -59,8 +60,8 @@ func secNonceToPubNonce(secNonce [SecNonceSize]byte) [PubNonceSize]byte { var k1Mod, k2Mod btcec.ModNScalar k1Mod.SetByteSlice(secNonce[:btcec.SecKeyBytesLen]) k2Mod.SetByteSlice(secNonce[btcec.SecKeyBytesLen:]) - var r1, r2 btcec.btcec - btcec.btcec.ScalarBaseMultNonConst(&k1Mod, &r1) + var r1, r2 btcec.JacobianPoint + btcec.ScalarBaseMultNonConst(&k1Mod, &r1) btcec.ScalarBaseMultNonConst(&k2Mod, &r2) // Next, we'll convert the key in jacobian format to a normal public // key expressed in affine coordinates. diff --git a/pkg/crypto/ec/musig2/nonces_test.go b/pkg/crypto/ec/musig2/nonces_test.go index 6eabbbf..57314f5 100644 --- a/pkg/crypto/ec/musig2/nonces_test.go +++ b/pkg/crypto/ec/musig2/nonces_test.go @@ -6,11 +6,12 @@ import ( "bytes" "encoding/json" "fmt" - "orly.dev/pkg/encoders/hex" "os" "path" "testing" + "orly.dev/pkg/encoders/hex" + "github.com/stretchr/testify/require" ) diff --git a/pkg/crypto/ec/musig2/sign.go b/pkg/crypto/ec/musig2/sign.go index a9b2380..282bbdc 100644 --- a/pkg/crypto/ec/musig2/sign.go +++ b/pkg/crypto/ec/musig2/sign.go @@ -6,6 +6,7 @@ import ( "bytes" "fmt" "io" + "orly.dev/pkg/crypto/ec" "orly.dev/pkg/crypto/ec/chainhash" "orly.dev/pkg/crypto/ec/schnorr" @@ -53,7 +54,7 @@ var ( ) // infinityPoint is the jacobian representation of the point at infinity. -var infinityPoint btcec.btcec +var infinityPoint btcec.JacobianPoint // PartialSignature reprints a partial (s-only) musig2 multi-signature. This // isn't a valid schnorr signature by itself, as it needs to be aggregated @@ -205,7 +206,7 @@ func computeSigningNonce( combinedNonce [PubNonceSize]byte, combinedKey *btcec.PublicKey, msg [32]byte, ) ( - *btcec.btcec, *btcec.ModNScalar, error, + *btcec.JacobianPoint, *btcec.ModNScalar, error, ) { // Next we'll compute the value b, that blinds our second public diff --git a/pkg/crypto/ec/musig2/sign_test.go b/pkg/crypto/ec/musig2/sign_test.go index 39771c2..96007b7 100644 --- a/pkg/crypto/ec/musig2/sign_test.go +++ b/pkg/crypto/ec/musig2/sign_test.go @@ -6,14 +6,15 @@ import ( "bytes" "encoding/json" "fmt" - "orly.dev/pkg/crypto/ec" - "orly.dev/pkg/crypto/ec/secp256k1" - "orly.dev/pkg/encoders/hex" "os" "path" "strings" "testing" + "orly.dev/pkg/crypto/ec" + "orly.dev/pkg/crypto/ec/secp256k1" + "orly.dev/pkg/encoders/hex" + "github.com/stretchr/testify/require" ) @@ -80,7 +81,7 @@ func TestMusig2SignVerify(t *testing.T) { require.NoError(t, err) var testCases signVerifyTestVectors require.NoError(t, json.Unmarshal(testVectorBytes, &testCases)) - privKey, _ := btcec.btcec.SecKeyFromBytes(mustParseHex(testCases.SecKey)) + privKey, _ := btcec.SecKeyFromBytes(mustParseHex(testCases.SecKey)) for i, testCase := range testCases.ValidCases { testCase := testCase testName := fmt.Sprintf("valid_case_%v", i) @@ -312,7 +313,7 @@ func TestMusig2SignCombine(t *testing.T) { combinedNonce, combinedKey.FinalKey, msg, ) finalNonceJ.ToAffine() - finalNonce := btcec.btcec.NewPublicKey( + finalNonce := btcec.NewPublicKey( &finalNonceJ.X, &finalNonceJ.Y, ) combinedSig := CombineSigs( diff --git a/pkg/crypto/ec/schnorr/bench_test.go b/pkg/crypto/ec/schnorr/bench_test.go index 636819b..75e9fd0 100644 --- a/pkg/crypto/ec/schnorr/bench_test.go +++ b/pkg/crypto/ec/schnorr/bench_test.go @@ -48,7 +48,7 @@ func hexToModNScalar(s string) *btcec.ModNScalar { // if there is an error. This is only provided for the hard-coded constants, so // errors in the source code can be detected. It will only (and must only) be // called with hard-coded values. -func hexToFieldVal(s string) *btcec.btcec { +func hexToFieldVal(s string) *btcec.PublicKey { b, err := hex.Dec(s) if err != nil { panic("invalid hex in source file: " + s) diff --git a/pkg/crypto/ec/schnorr/signature_test.go b/pkg/crypto/ec/schnorr/signature_test.go index 36dba0e..3a5f6cd 100644 --- a/pkg/crypto/ec/schnorr/signature_test.go +++ b/pkg/crypto/ec/schnorr/signature_test.go @@ -207,7 +207,7 @@ func TestSchnorrSign(t *testing.T) { continue } d := decodeHex(test.secretKey) - privKey, _ := btcec.btcec.SecKeyFromBytes(d) + privKey, _ := btcec.PublicKey.SecKeyFromBytes(d) var auxBytes [32]byte aux := decodeHex(test.auxRand) copy(auxBytes[:], aux)