bitcoin-s/docs/crypto/adaptor-signatures.md

id	title
adaptor-signatures	Adaptor Signatures

Bitcoin-S now has support for ECDSA Adaptor Signatures.

There are four relevant functions to adaptor signatures:

• sign (aka encrypt)
  • This function belongs to ECPrivateKey and creates an adaptor signature given a message (ByteVector) and an adaptor point (ECPublicKey).
• verify
  • Verifies an adaptor signature given the signing public key, the message and the adaptor point.
• complete (aka decrypt)
  • This function belongs to ECPrivateKey and computes a valid ECDSA signature given a valid adaptor signature whose adaptor point is this private key's public key.
• extract (aka recover)
  • This function belongs to ECPublicKey and computes the adaptor secret (private key to this public key) given a valid adaptor signature for this adaptor point, and the valid ECDSA signature computed using complete.

The following code shows each function to do with adaptor signature usage:

import org.bitcoins.crypto.ECPrivateKey

val privKey = ECPrivateKey.freshPrivateKey
val pubKey = privKey.publicKey
val adaptorSecret = ECPrivateKey.freshPrivateKey
val adaptorPoint = adaptorSecret.publicKey
val msg = scodec.bits.ByteVector.fromValidHex("010101010101")

// Alice generages an adaptor signature using her private key and the adaptor point
val adaptorSig = privKey.adaptorSign(adaptorPoint, msg)

// Bob verifies this adaptor signature using Alice's public key and the adaptor point
require(pubKey.adaptorVerify(msg, adaptorPoint, adaptorSig))

// Bob computes a valid ECDSA signature using the adaptorSignature, which he knows
val sig = adaptorSecret.completeAdaptorSignature(adaptorSig)

// Anyone can validate this signature
require(pubKey.verify(msg, sig))

// Alice can compute the adaptor secret from the signatures
val secret = adaptorPoint.extractAdaptorSecret(adaptorSig, sig)
require(secret == adaptorSecret)