The two _concrete_ changes between version 0.4.0 (where we are before
this commit), and version 0.7.0 are:
1. Variable length messages are now allowed, this comes with a new 8
byte prefix for the messages.
* Our implementation was already using a `[]byte` for the
message/hash, so no extra API changes are needed here.
2. The serialization for a blank message and a normal message (for
nonce gen) is now distinct. A single byte is added (either 0 or 1)
to indicate if a message was passed into nonce generation.
In this commit, we enable early nonce generation, allowing callers to
obtain generated nonces before the total set of signers is actually
known. This type of nonce generation is useful for contexts like LN
funding when we want to minimize the round trips and send nonces before
we know the pubkey of the other party.
In this commit, we update the nonce generation to support optional
parameters defined in the latest BIP draft. These parameters are
optional, but if specified my mitigate the effect of weak randomness
when generating the nonce.
Given the protocol doesn't require signers to prove how they generate
their nonces, this update is mainly to ensure strict spec compliance,
and is effectively optional.
In this commit, we introduce an easier to use API for musig2 signing in
the Session and Context structs.
The Context struct represents a particular musig2 signing context which
is defined by the set of signers. The struct can be serialized to disk
as it contains no volatile information. A given context can be kept for
each signer in the final set.
The Session struct represents an ephemeral musig2 signing session. It
handles nonce generation, key aggregation, nonce combination, signature
combination, and final sig verification all in one API. The API also
protects against nonce generation by not exposing nonces to the end user
and also attempting to catch nonce re-use (assuming no process forking)
across sessions.
In this commit, we build on the prior two commits by adding the ability
to generate partial musig2 signatures, validate them individually, and
finally combine them into a single signature.
Much of the logic here is unoptimized, and will be optimized in a later
commit. In addition, we also want to eventually have a nicer API to
support the book keeping necessary during multi signing.
In this commit, we add the ability to generate the secret+public nonces,
as well as combine a series of nonces into a single combined nonce
(which is used when doing multi signing).
