crypto: use k256 to implement adaptor sig #43
Conversation
| schnorr_fun = "0.10" | ||
| secp256kfun = { version = "0.10", default-features = false, features = ["libsecp_compat"] } | ||
| k256 = { version = "0.13.1", default-features = false, features = ["schnorr"]} | ||
| anybuf = { version = "0.5.0" } |
There was a problem hiding this comment.
:-( It's better with the other indendation IMO.
There was a problem hiding this comment.
Hmm it seems that Cursor enforces to align = in that way. Any ideas how to fix it?
| codegen-units = 1 | ||
| debug = false | ||
| debug-assertions = false | ||
| lto = true | ||
| panic = 'abort' | ||
| rpath = false | ||
| opt-level = 3 | ||
| overflow-checks = true | ||
| incremental = false |
packages/btcstaking/src/asig.rs
Outdated
| fn bytes_to_point(bytes: &[u8]) -> Result<ProjectivePoint, String> { | ||
| let is_y_odd = bytes[0] == 0x03; |
There was a problem hiding this comment.
This is considering only compressed points. It would be better to support both, compressed and uncompressed formats.
packages/btcstaking/src/asig.rs
Outdated
| // Adapted from https://github.com/RustCrypto/elliptic-curves/blob/520f67d26be1773bd600d05796cc26d797dd7182/k256/src/schnorr.rs#L181-L187 | ||
| fn tagged_hash(tag: &[u8]) -> Sha256 { | ||
| let tag_hash = Sha256::digest(tag); | ||
| let mut digest = Sha256::new(); | ||
| // The hash is in sha256d, so we need to hash twice | ||
| digest.update(tag_hash); | ||
| digest.update(tag_hash); | ||
| digest | ||
| } |
There was a problem hiding this comment.
Isn't this function already there in another file / module?
packages/btcstaking/src/asig.rs
Outdated
| #[allow(non_snake_case)] | ||
| fn bytes_to_point(bytes: &[u8]) -> Result<ProjectivePoint, String> { | ||
| let is_y_odd = bytes[0] == 0x03; |
There was a problem hiding this comment.
Same here, isn't this duplicated somewhere? it would be nice to have a sig_utils module or similar to put these there and avoid duplication.
There was a problem hiding this comment.
Good point. Exported tagged_hash in eots and let btcstaking module use that. Re bytes_to_point this function makes a lot of assumptions (e.g., bytes are from a compressed point) and is only used for serialising pubkey in staking tx scripts. I would suggest keeping it private here. Wdyt?
There was a problem hiding this comment.
OK with me. At some point it would be nice to remove those assumptions, that is, have a conversion that works for all kinds of point formats. Tried to do that at some point, to no avail.
Resolves #13
This PR replaces the usage of
schnorr_funandsecp256kfunwithk256(which is native in CosmWasm) for implementing the adaptor signature verification. This gets rid ofschnorr_funandsecp256kfunwhich can bloat the contract size.This PR also runs
cargo fix-lintto lint the entire project.