mirrors/btcd
1
0
Fork 0
mirror of https://github.com/btcsuite/btcd.git synced 2025-01-19 14:45:34 +01:00
Code Issues Projects Releases Wiki Activity

btcec/schnorr/musig2: add pk option to NonceGen

Browse Source 
This commit adds the pk option to NonceGen and makes it mandatory.

Reference: a89f8578e1
This commit is contained in:
sputn1ck 2022-11-01 23:37:16 +01:00
parent 1d767de1c7
commit f6279eabbe
No known key found for this signature in database
GPG Key ID: 671103D881A5F0E4
6 changed files with 161 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
btcec/schnorr/musig2/bench_test.go
View File

@ -52,7 +52,7 @@ func genSigner(t *testing.B) signer {
t.Fatalf("unable to gen key: %v", err) t.Fatalf("unable to gen key: %v", err)
} }
nonces, err := GenNonces() nonces, err := GenNonces(WithPublicKey(pubKey))
if err != nil { if err != nil {
t.Fatalf("unable to gen nonces: %v", err) t.Fatalf("unable to gen nonces: %v", err)
} }
@ -185,7 +185,7 @@ func BenchmarkPartialVerify(b *testing.B) {
for i := 0; i < b.N; i++ { for i := 0; i < b.N; i++ {
ok = sig.Verify( ok = sig.Verify(
signers[0].nonces.PubNonce, combinedNonce, signers[0].nonces.PubNonce, combinedNonce,
keys, pubKey, msg, keys, pubKey, msg, signOpts...,
) )
if !ok { if !ok {
b.Fatalf("generated invalid sig!") b.Fatalf("generated invalid sig!")

2
btcec/schnorr/musig2/context.go
View File

@ -240,6 +240,7 @@ func NewContext(signingKey *btcec.PrivateKey, shouldSort bool,
if opts.earlyNonce { if opts.earlyNonce {
var err error var err error
ctx.sessionNonce, err = GenNonces( ctx.sessionNonce, err = GenNonces(
WithPublicKey(ctx.pubKey),
WithNonceSecretKeyAux(signingKey), WithNonceSecretKeyAux(signingKey),
) )
if err != nil { if err != nil {
@ -483,6 +484,7 @@ func (c *Context) NewSession(options ...SessionOption) (*Session, error) {
// in some auxiliary information to strengthen the nonce // in some auxiliary information to strengthen the nonce
// generated. // generated.
localNonces, err = GenNonces( localNonces, err = GenNonces(
WithPublicKey(c.pubKey),
WithNonceSecretKeyAux(c.signingKey), WithNonceSecretKeyAux(c.signingKey),
WithNonceCombinedKeyAux(c.combinedKey.FinalKey), WithNonceCombinedKeyAux(c.combinedKey.FinalKey),
) )

12
btcec/schnorr/musig2/data/nonce_gen_vectors.json
View File

@ -3,34 +3,38 @@
{ {
"rand_": "0000000000000000000000000000000000000000000000000000000000000000", "rand_": "0000000000000000000000000000000000000000000000000000000000000000",
"sk": "0202020202020202020202020202020202020202020202020202020202020202", "sk": "0202020202020202020202020202020202020202020202020202020202020202",
"pk": "024D4B6CD1361032CA9BD2AEB9D900AA4D45D9EAD80AC9423374C451A7254D0766",
"aggpk": "0707070707070707070707070707070707070707070707070707070707070707", "aggpk": "0707070707070707070707070707070707070707070707070707070707070707",
"msg": "0101010101010101010101010101010101010101010101010101010101010101", "msg": "0101010101010101010101010101010101010101010101010101010101010101",
"extra_in": "0808080808080808080808080808080808080808080808080808080808080808", "extra_in": "0808080808080808080808080808080808080808080808080808080808080808",
"expected": "BC6C683EBBCC39DCB3C29B3D010D2AAA7C86CFB562FC41ED9A460EE061013E75FB4AD2F0B816713269800D018803906D5481E00A940EAB4F4AC49B4A372EB0F4" "expected": "227243DCB40EF2A13A981DB188FA433717B506BDFA14B1AE47D5DC027C9C3B9EF2370B2AD206E724243215137C86365699361126991E6FEC816845F837BDDAC3"
}, },
{ {
"rand_": "0000000000000000000000000000000000000000000000000000000000000000", "rand_": "0000000000000000000000000000000000000000000000000000000000000000",
"sk": "0202020202020202020202020202020202020202020202020202020202020202", "sk": "0202020202020202020202020202020202020202020202020202020202020202",
"pk": "024D4B6CD1361032CA9BD2AEB9D900AA4D45D9EAD80AC9423374C451A7254D0766",
"aggpk": "0707070707070707070707070707070707070707070707070707070707070707", "aggpk": "0707070707070707070707070707070707070707070707070707070707070707",
"msg": "", "msg": "",
"extra_in": "0808080808080808080808080808080808080808080808080808080808080808", "extra_in": "0808080808080808080808080808080808080808080808080808080808080808",
"expected": "AAC4BFD707F4953B4063851D7E4AAD5C59D5D0BFB0E71012788A85698B5ACF8F11834D5051928424BA501C8CD064F3F942F8D4A07D8A2ED79F153E4ABD9EBBE9" "expected": "CD0F47FE471D6788FF3243F47345EA0A179AEF69476BE8348322EF39C2723318870C2065AFB52DEDF02BF4FDBF6D2F442E608692F50C2374C08FFFE57042A61C"
}, },
{ {
"rand_": "0000000000000000000000000000000000000000000000000000000000000000", "rand_": "0000000000000000000000000000000000000000000000000000000000000000",
"sk": "0202020202020202020202020202020202020202020202020202020202020202", "sk": "0202020202020202020202020202020202020202020202020202020202020202",
"pk": "024D4B6CD1361032CA9BD2AEB9D900AA4D45D9EAD80AC9423374C451A7254D0766",
"aggpk": "0707070707070707070707070707070707070707070707070707070707070707", "aggpk": "0707070707070707070707070707070707070707070707070707070707070707",
"msg": "2626262626262626262626262626262626262626262626262626262626262626262626262626", "msg": "2626262626262626262626262626262626262626262626262626262626262626262626262626",
"extra_in": "0808080808080808080808080808080808080808080808080808080808080808", "extra_in": "0808080808080808080808080808080808080808080808080808080808080808",
"expected": "DF54500DD2B503DBA3753C48A9D6B67E6C11EC4325EDD1DC256C7F75D6A85DBECA6D9857A6F3F292FB3B50DBCBF69FADB67B1CDDB0EA6EB693F6455C4C9088E1" "expected": "011F8BC60EF061DEEF4D72A0A87200D9994B3F0CD9867910085C38D5366E3E6B9FF03BC0124E56B24069E91EC3F162378983F194E8BD0ED89BE3059649EAE262"
}, },
{ {
"rand_": "0000000000000000000000000000000000000000000000000000000000000000", "rand_": "0000000000000000000000000000000000000000000000000000000000000000",
"sk": null, "sk": null,
"pk": "02F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9",
"aggpk": null, "aggpk": null,
"msg": null, "msg": null,
"extra_in": null, "extra_in": null,
"expected": "7B3B5A002356471AF0E961DE2549C121BD0D48ABCEEDC6E034BDDF86AD3E0A187ECEE674CEF7364B0BC4BEEFB8B66CAD89F98DE2F8C5A5EAD5D1D1E4BD7D04CD" "expected": "890E83616A3BC4640AB9B6374F21C81FF89CDDDBAFAA7475AE2A102A92E3EDB29FD7E874E23342813A60D9646948242646B7951CA046B4B36D7D6078506D3C94"
} }
] ]
} }

153
btcec/schnorr/musig2/data/sig_agg_vectors.json
View File

@ -6,12 +6,12 @@
"02352433B21E7E05D3B452B81CAE566E06D2E003ECE16D1074AABA4289E0E3D581" "02352433B21E7E05D3B452B81CAE566E06D2E003ECE16D1074AABA4289E0E3D581"
], ],
"pnonces": [ "pnonces": [
"0300A32F8548F59C533F55DB9754E3C0BA3C2544F085649FDCE42B8BD3F244C2CA0384449BED61004E8863452A38534E91875516C3CC543122CE2BE1F31845025588", "036E5EE6E28824029FEA3E8A9DDD2C8483F5AF98F7177C3AF3CB6F47CAF8D94AE902DBA67E4A1F3680826172DA15AFB1A8CA85C7C5CC88900905C8DC8C328511B53E",
"03F66B072A869BC2A57D776D487151D707E82B4F1B885066A589858C1BF3871DB603ED391C9658AB6031A96ACBD5E2D9FEC465EFDC8C0D0B765C9B9F3579D520FB6F", "03E4F798DA48A76EEC1C9CC5AB7A880FFBA201A5F064E627EC9CB0031D1D58FC5103E06180315C5A522B7EC7C08B69DCD721C313C940819296D0A7AB8E8795AC1F00",
"03A5791CA078E278126EF457C25B5C835F7282C0A47BDBF464BA35C3769427D5CD034D40350F8A5590985E38AAEFC3C695DF671C2E5498E2B60C082C546E06ECAF78", "02C0068FD25523A31578B8077F24F78F5BD5F2422AFF47C1FADA0F36B3CEB6C7D202098A55D1736AA5FCC21CF0729CCE852575C06C081125144763C2C4C4A05C09B6",
"020DE6382B8C0550E8174D5263B981224EBCFEF7706588B6936177FEB68E639B8C02BA5F18DDB3487AD087F63CEF7D7818AC8ECA3D6B736113FF36FB25D113F514F6", "031F5C87DCFBFCF330DEE4311D85E8F1DEA01D87A6F1C14CDFC7E4F1D8C441CFA40277BF176E9F747C34F81B0D9F072B1B404A86F402C2D86CF9EA9E9C69876EA3B9",
"031883080513BB69B31367F9A7B5F4E81246C627060A7414B7F137FA8459F261990345445505F158EDCFDF0D4BF26E04E018C143BF76B5D457AE57DF06CA41371DF0", "023F7042046E0397822C4144A17F8B63D78748696A46C3B9F0A901D296EC3406C302022B0B464292CF9751D699F10980AC764E6F671EFCA15069BBE62B0D1C62522A",
"0300028E83123E7FAB1E1F230547CE8B96CC23F13197312972DE72AACBA98EF9870274C2D8566E9E021AA7E2DDDA01B52AE670E0742418F147610528B65ACDB4D0B3" "02D97DDA5988461DF58C5897444F116A7C74E5711BF77A9446E27806563F3B6C47020CBAD9C363A7737F99FA06B6BE093CEAFF5397316C5AC46915C43767AE867C00"
], ],
"tweaks": [ "tweaks": [
"B511DA492182A91B0FFB9A98020D55F260AE86D7ECBD0399C7383D59A5F2AF7C", "B511DA492182A91B0FFB9A98020D55F260AE86D7ECBD0399C7383D59A5F2AF7C",
@ -19,63 +19,128 @@
"75448A87274B056468B977BE06EB1E9F657577B7320B0A3376EA51FD420D18A8" "75448A87274B056468B977BE06EB1E9F657577B7320B0A3376EA51FD420D18A8"
], ],
"psigs": [ "psigs": [
"7918521F42E5727FE2E82D802876E0C8844336FDA1B58C82696A55B0188C8B3D", "B15D2CD3C3D22B04DAE438CE653F6B4ECF042F42CFDED7C41B64AAF9B4AF53FB",
"599044037AE15C4A99FB94F022B48E7AB215BF703954EC0B83D0E06230476001", "6193D6AC61B354E9105BBDC8937A3454A6D705B6D57322A5A472A02CE99FCB64",
"F05BE3CA783AD1FAF68C5059B43F859BFD4EBB0242459DF2C6BF013F4217F7E7", "9A87D3B79EC67228CB97878B76049B15DBD05B8158D17B5B9114D3C226887505",
"BF85B2A751066466C24A5E7FA6C90DBAADAC2DF1F0BB48546AE239E340437CEB", "66F82EA90923689B855D36C6B7E032FB9970301481B99E01CDB4D6AC7C347A15",
"142076B034A7401123EFB07E2317DF819B86B3FFA17180DDD093997D018270D0", "4F5AEE41510848A6447DCD1BBC78457EF69024944C87F40250D3EF2C25D33EFE",
"B7A0C7F5B325B7993925E56B60F53EF8198169F31E1AF7E62BBEF1C5DCD1BA22", "DDEF427BBB847CC027BEFF4EDB01038148917832253EBC355FC33F4A8E2FCCE4",
"C717ECA32C148CE8EB8882CD9656DF9C64929DCAE9AF798E381B1E888DDF0F8F", "97B890A26C981DA8102D3BC294159D171D72810FDF7C6A691DEF02F0F7AF3FDC",
"5988823E78488D8005311E16E5EA67AF70514CB44F5A5CD51FFA262BEEAA21CE", "53FA9E08BA5243CBCB0D797C5EE83BC6728E539EB76C2D0BF0F971EE4E909971",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141"
], ],
"msg": "599C67EA410D005B9DA90817CF03ED3B1C868E4DA4EDF00A5880B0082C237869", "msg": "599C67EA410D005B9DA90817CF03ED3B1C868E4DA4EDF00A5880B0082C237869",
"valid_test_cases": [ "valid_test_cases": [
{ {
"aggnonce": "02BC34CDF6FA1298D7B6A126812FAD0739005BC44E45C21276EEFE41AAF841C86F03F3562AED52243BB99F43D1677DB59F0FEFB961633997F7AC924B78FBD0B0334F", "aggnonce": "0341432722C5CD0268D829C702CF0D1CBCE57033EED201FD335191385227C3210C03D377F2D258B64AADC0E16F26462323D701D286046A2EA93365656AFD9875982B",
"nonce_indices": [0, 1], "nonce_indices": [
"key_indices": [0, 1], 0,
1
],
"key_indices": [
0,
1
],
"tweak_indices": [], "tweak_indices": [],
"is_xonly": [], "is_xonly": [],
"psig_indices": [0, 1], "psig_indices": [
"expected": "CA3C28729659E50F829F55DC5DB1DE88A05D1702B4165B85F95B627FC57733F8D2A89622BDC6CECA7CE3C2704B2B6F433658F66DDB0A788DED3B361248D3EB3E" 0,
1
],
"expected": "041DA22223CE65C92C9A0D6C2CAC828AAF1EEE56304FEC371DDF91EBB2B9EF0912F1038025857FEDEB3FF696F8B99FA4BB2C5812F6095A2E0004EC99CE18DE1E"
}, },
{ {
"aggnonce": "035538518B8043CF4EACD0E701A80657B741C0E6445EC1D6C6177964D22C642971030CFE657EC882F4E08E751B883A78AC1491B30FC86CB57AF2DFF012C2BE6DF1F2", "aggnonce": "0224AFD36C902084058B51B5D36676BBA4DC97C775873768E58822F87FE437D792028CB15929099EEE2F5DAE404CD39357591BA32E9AF4E162B8D3E7CB5EFE31CB20",
"nonce_indices": [0, 2], "nonce_indices": [
"key_indices": [0, 2], 0,
2
],
"key_indices": [
0,
2
],
"tweak_indices": [], "tweak_indices": [],
"is_xonly": [], "is_xonly": [],
"psig_indices": [2, 3], "psig_indices": [
"expected": "3997A11DFF76349532CF25E761365EA1D4F24B62EB23A12A9DAABD5976C3DB9FAFE19671C9413661B8D6AED95B089357F04C0C0D83B8460B71CEDC95B2253391" 2,
3
],
"expected": "1069B67EC3D2F3C7C08291ACCB17A9C9B8F2819A52EB5DF8726E17E7D6B52E9F01800260A7E9DAC450F4BE522DE4CE12BA91AEAF2B4279219EF74BE1D286ADD9"
}, },
{ {
"aggnonce": "024366775E6FFBEBBB954225936BAED71A3884C7933B18225088D19E7AF12D8D5D028D79A520B347B793FFE897A7EB79A4366A3FDCDC652C243FAC3976B3D6DF8AB2", "aggnonce": "0208C5C438C710F4F96A61E9FF3C37758814B8C3AE12BFEA0ED2C87FF6954FF186020B1816EA104B4FCA2D304D733E0E19CEAD51303FF6420BFD222335CAA402916D",
"nonce_indices": [0, 3], "nonce_indices": [
"key_indices": [0, 2], 0,
"tweak_indices": [0], 3
"is_xonly": [false], ],
"psig_indices": [4, 5], "key_indices": [
"expected": "5AF759C2839B7FEE59D31DAB800F82FC21258457773A3B1F69F5228C80CAD4317EA39AD756601030E4D4051B7C9A25AB4DE7CB39BED26E0A03A1B2ED5B747F7F" 0,
2
],
"tweak_indices": [
0
],
"is_xonly": [
false
],
"psig_indices": [
4,
5
],
"expected": "5C558E1DCADE86DA0B2F02626A512E30A22CF5255CAEA7EE32C38E9A71A0E9148BA6C0E6EC7683B64220F0298696F1B878CD47B107B81F7188812D593971E0CC"
}, },
{ {
"aggnonce": "03B25098C6D0B72DC5717314AF26C126609B4776AA468553DD4354EE20B216B227027D242E9203499173A74E286C1F796F2711E171EE937706BBEA2F4DB10C4E6809", "aggnonce": "02B5AD07AFCD99B6D92CB433FBD2A28FDEB98EAE2EB09B6014EF0F8197CD58403302E8616910F9293CF692C49F351DB86B25E352901F0E237BAFDA11F1C1CEF29FFD",
"nonce_indices": [0, 4], "nonce_indices": [
"key_indices": [0, 3], 0,
"tweak_indices": [0, 1, 2], 4
"is_xonly": [true, false, true], ],
"psig_indices": [6, 7], "key_indices": [
"expected": "B495A478F91D6E10BF08A156E46D9E62B4C5399C1AEDDA1A9D306F06AFB8A52F2C078FD6B50DDBC33BFFE583C3C1E3D0D5E52891E190101C70D2278BCA943457" 0,
3
],
"tweak_indices": [
0,
1,
2
],
"is_xonly": [
true,
false,
true
],
"psig_indices": [
6,
7
],
"expected": "839B08820B681DBA8DAF4CC7B104E8F2638F9388F8D7A555DC17B6E6971D7426CE07BF6AB01F1DB50E4E33719295F4094572B79868E440FB3DEFD3FAC1DB589E"
} }
], ],
"error_test_cases": [ "error_test_cases": [
{ {
"aggnonce": "03B25098C6D0B72DC5717314AF26C126609B4776AA468553DD4354EE20B216B227027D242E9203499173A74E286C1F796F2711E171EE937706BBEA2F4DB10C4E6809", "aggnonce": "02B5AD07AFCD99B6D92CB433FBD2A28FDEB98EAE2EB09B6014EF0F8197CD58403302E8616910F9293CF692C49F351DB86B25E352901F0E237BAFDA11F1C1CEF29FFD",
"nonce_indices": [0, 4], "nonce_indices": [
"key_indices": [0, 3], 0,
"tweak_indices": [0, 1, 2], 4
"is_xonly": [true, false, true], ],
"psig_indices": [7, 8], "key_indices": [
0,
3
],
"tweak_indices": [
0,
1,
2
],
"is_xonly": [
true,
false,
true
],
"psig_indices": [
7,
8
],
"error": { "error": {
"type": "invalid_contribution", "type": "invalid_contribution",
"signer": 1 "signer": 1

43
btcec/schnorr/musig2/nonces.go
View File

@ -6,6 +6,7 @@ import (
"bytes" "bytes"
"crypto/rand" "crypto/rand"
"encoding/binary" "encoding/binary"
"errors"
"io" "io"
"github.com/btcsuite/btcd/btcec/v2" "github.com/btcsuite/btcd/btcec/v2"
@ -34,6 +35,10 @@ var (
NonceGenTag = []byte("MuSig/nonce") NonceGenTag = []byte("MuSig/nonce")
byteOrder = binary.BigEndian byteOrder = binary.BigEndian
// ErrPubkeyInvalid is returned when the pubkey of the WithPublicKey
// option is not passed or of invalid length.
ErrPubkeyInvalid = errors.New("nonce generation requires a valid pubkey")
) )
// zeroSecNonce is a secret nonce that's all zeroes. This is used to check that // zeroSecNonce is a secret nonce that's all zeroes. This is used to check that
@ -96,6 +101,10 @@ type nonceGenOpts struct {
// used in place. // used in place.
randReader io.Reader randReader io.Reader
// publicKey is the mandatory public key that will be mixed into the nonce
// generation.
publicKey []byte
// secretKey is an optional argument that's used to further augment the // secretKey is an optional argument that's used to further augment the
// generated nonce by xor'ing it with this secret key. // generated nonce by xor'ing it with this secret key.
secretKey []byte secretKey []byte
@ -142,6 +151,14 @@ func WithCustomRand(r io.Reader) NonceGenOption {
} }
} }
// WithPublicKey is the mandatory public key that will be mixed into the nonce
// generation.
func WithPublicKey(pubKey *btcec.PublicKey) NonceGenOption {
return func(o *nonceGenOpts) {
o.publicKey = pubKey.SerializeCompressed()
}
}
// WithNonceSecretKeyAux allows a caller to optionally specify a secret key // WithNonceSecretKeyAux allows a caller to optionally specify a secret key
// that should be used to augment the randomness used to generate the nonces. // that should be used to augment the randomness used to generate the nonces.
func WithNonceSecretKeyAux(secKey *btcec.PrivateKey) NonceGenOption { func WithNonceSecretKeyAux(secKey *btcec.PrivateKey) NonceGenOption {
@ -186,6 +203,7 @@ func withCustomOptions(customOpts nonceGenOpts) NonceGenOption {
o.combinedKey = customOpts.combinedKey o.combinedKey = customOpts.combinedKey
o.auxInput = customOpts.auxInput o.auxInput = customOpts.auxInput
o.msg = customOpts.msg o.msg = customOpts.msg
o.publicKey = customOpts.publicKey
} }
} }
@ -233,13 +251,13 @@ func writeBytesPrefix(w io.Writer, b []byte, lenWriter lengthWriter) error {
// genNonceAuxBytes writes out the full byte string used to derive a secret // genNonceAuxBytes writes out the full byte string used to derive a secret
// nonce based on some initial randomness as well as the series of optional // nonce based on some initial randomness as well as the series of optional
// fields. The byte string used for derivation is: // fields. The byte string used for derivation is:
// - tagged_hash("MuSig/nonce", rand || len(aggpk) || aggpk || m_prefixed // - tagged_hash("MuSig/nonce", rand || len(pk) || pk ||
// || len(in) || in || i). // len(aggpk) || aggpk || m_prefixed || len(in) || in || i).
// //
// where i is the ith secret nonce being generated and m_prefixed is: // where i is the ith secret nonce being generated and m_prefixed is:
// - bytes(1, 0) if the message is blank // - bytes(1, 0) if the message is blank
// - bytes(1, 1) || bytes(8, len(m)) || m if the message is present. // - bytes(1, 1) || bytes(8, len(m)) || m if the message is present.
func genNonceAuxBytes(rand []byte, i int, func genNonceAuxBytes(rand []byte, pubkey []byte, i int,
opts *nonceGenOpts) (*chainhash.Hash, error) { opts *nonceGenOpts) (*chainhash.Hash, error) {
var w bytes.Buffer var w bytes.Buffer
@ -249,8 +267,14 @@ func genNonceAuxBytes(rand []byte, i int,
return nil, err return nil, err
} }
// Next, we'll write out: len(pk) || pk
err := writeBytesPrefix(&w, pubkey, uint8Writer)
if err != nil {
return nil, err
}
// Next, we'll write out: len(aggpk) || aggpk. // Next, we'll write out: len(aggpk) || aggpk.
err := writeBytesPrefix(&w, opts.combinedKey, uint8Writer) err = writeBytesPrefix(&w, opts.combinedKey, uint8Writer)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -305,6 +329,11 @@ func GenNonces(options ...NonceGenOption) (*Nonces, error) {
opt(opts) opt(opts)
} }
// We require the pubkey option.
if opts.publicKey == nil || len(opts.publicKey) != 33 {
return nil, ErrPubkeyInvalid
}
// First, we'll start out by generating 32 random bytes drawn from our // First, we'll start out by generating 32 random bytes drawn from our
// CSPRNG. // CSPRNG.
var randBytes [32]byte var randBytes [32]byte
@ -322,13 +351,13 @@ func GenNonces(options ...NonceGenOption) (*Nonces, error) {
} }
} }
// Using our randomness and the set of optional params, generate our // Using our randomness, pubkey and the set of optional params, generate our
// two secret nonces: k1 and k2. // two secret nonces: k1 and k2.
k1, err := genNonceAuxBytes(randBytes[:], 0, opts) k1, err := genNonceAuxBytes(randBytes[:], opts.publicKey, 0, opts)
if err != nil { if err != nil {
return nil, err return nil, err
} }
k2, err := genNonceAuxBytes(randBytes[:], 1, opts) k2, err := genNonceAuxBytes(randBytes[:], opts.publicKey, 1, opts)
if err != nil { if err != nil {
return nil, err return nil, err
} }

2
btcec/schnorr/musig2/nonces_test.go
View File

@ -20,6 +20,7 @@ type nonceGenTestCase struct {
AggPk string `json:"aggpk"` AggPk string `json:"aggpk"`
Msg *string `json:"msg"` Msg *string `json:"msg"`
ExtraIn string `json:"extra_in"` ExtraIn string `json:"extra_in"`
Pk string `json:"pk"`
Expected string `json:"expected"` Expected string `json:"expected"`
} }
@ -55,6 +56,7 @@ func TestMusig2NonceGenTestVectors(t *testing.T) {
secretKey: mustParseHex(testCase.Sk), secretKey: mustParseHex(testCase.Sk),
combinedKey: mustParseHex(testCase.AggPk), combinedKey: mustParseHex(testCase.AggPk),
auxInput: mustParseHex(testCase.ExtraIn), auxInput: mustParseHex(testCase.ExtraIn),
publicKey: mustParseHex(testCase.Pk),
} }
if testCase.Msg != nil { if testCase.Msg != nil {
customOpts.msg = mustParseHex(*testCase.Msg) customOpts.msg = mustParseHex(*testCase.Msg)