Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement sign-to-contract scheme for BIP-340 signatures #154

Open
dr-orlovsky opened this issue Nov 9, 2021 · 8 comments
Open

Implement sign-to-contract scheme for BIP-340 signatures #154

dr-orlovsky opened this issue Nov 9, 2021 · 8 comments

Comments

@dr-orlovsky
Copy link

The library already has an API for sign-to-contract signature tweaks for ECDSA, but not BIP-340 Schnorrs. This issue is to colect a feedback on the best way of its implementation before I will start work on a PR.

@jonasnick
Copy link
Contributor

I have a very old implementation that adds sign-to-contract commitments to the schnorrsig module bitcoin-core/secp256k1#589. Way after this PR was opened, we added the secp256k1_schnorrsig_extraparams struct. One of the motivations for doing this was to allow creating sign-to-contract tweaks in schnorrsig_sign_custom. So I think most of my old PR can be reused after rebasing it, since it contains some useful concepts like ec_commitment, s2c_opening and tests, and also adding the fields unsigned char s2c_data and secp256k1_s2c_opening *s2c_opening to the extraparams.

@dr-orlovsky
Copy link
Author

Excellent, thank you! But how do you think, can we do that in the original library? It will be really preferable for me to have it there.

@jonasnick
Copy link
Contributor

I think it could be reasonably added to upstream libsecp since it doesn't require a separate module.

@dr-orlovsky
Copy link
Author

Thank you. I rebased your commits with fixups on the master in https://github.com/LNP-BP/secp256k1/tree/schnorr-commitments

Now I will integrate these types into existing custom signature type following your way of doing that on this PR

@benma
Copy link
Contributor

benma commented Aug 19, 2022

@dr-orlovsky what is the status of your work? Do you plan on continuing it? I'd be very interested in using this to implement the antiklepto/anti-exfil protocol in the BitBox02 for Schnorr sigs (it's already deployed for ECDSA sigs).

@dr-orlovsky
Copy link
Author

Hi @benma! Yes, I would like to continue, but in the mean time I am out of timing capacity to do that :( Feel free to grab it if you'd like...

@benma
Copy link
Contributor

benma commented Sep 11, 2022

@dr-orlovsky thanks, I'll take this task then

@benma
Copy link
Contributor

benma commented Sep 11, 2022

I opened a draft implementation here: bitcoin-core/secp256k1#1140

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants