Skip to content

Commit

Permalink
Add ECDSA adaptor signature APIs
Browse files Browse the repository at this point in the history
This commit adds the ECDSA adaptor signature APIs:

- Encrypted Signing

  Creates an adaptor signature, which includes a proof to verify the adaptor
  signature.

- Encryption Verification

  Verifies that the adaptor decryption key can be extracted from the adaptor
  signature and the completed ECDSA signature.

- Decrypt Signature

  Derives an ECDSA signature from an adaptor signature and an adaptor decryption
  key.

- Key Recovery

  Extracts the adaptor decryption key from the complete signature and the adaptor
  signature.
  • Loading branch information
jesseposner committed Jan 28, 2021
1 parent 4a470f0 commit 944eea7
Show file tree
Hide file tree
Showing 2 changed files with 382 additions and 0 deletions.
98 changes: 98 additions & 0 deletions include/secp256k1_ecdsa_adaptor.h
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,104 @@ typedef int (*secp256k1_nonce_function_hardened_ecdsa_adaptor)(
*/
SECP256K1_API extern const secp256k1_nonce_function_hardened_ecdsa_adaptor secp256k1_nonce_function_ecdsa_adaptor;

/** Encrypted Signing
*
* Creates an adaptor signature, which includes a proof to verify the adaptor
* signature.
*
* Returns: 1 on success, 0 on failure
* Args: ctx: a secp256k1 context object, initialized for signing
* (cannot be NULL)
* Out: adaptor_sig162: pointer to 162 byte to store the returned signature
* (cannot be NULL)
* In: seckey32: pointer to 32 byte secret key that will be used for
* signing (cannot be NULL)
* enckey: pointer to the encryption public key (cannot be NULL)
* msg32: pointer to the 32-byte message to sign (cannot be NULL)
* noncefp: pointer to a nonce generation function. If NULL,
* secp256k1_nonce_function_ecdsa_adaptor is used
* ndata: pointer to arbitrary data used by the nonce generation
* function (can be NULL). If it is non-NULL and
* secp256k1_nonce_function_ecdsa_adaptor is used, then
* ndata must be a pointer to 32-byte auxiliary randomness
* as per BIP-340.
*/
SECP256K1_API int secp256k1_ecdsa_adaptor_encrypt(
const secp256k1_context* ctx,
unsigned char *adaptor_sig162,
unsigned char *seckey32,
const secp256k1_pubkey *enckey,
const unsigned char *msg32,
secp256k1_nonce_function_hardened_ecdsa_adaptor noncefp,
void *ndata
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5);

/** Encryption Verification
*
* Verifies that the adaptor decryption key can be extracted from the adaptor signature
* and the completed ECDSA signature.
*
* Returns: 1 on success, 0 on failure
* Args: ctx: a secp256k1 context object, initialized for verification
* (cannot be NULL)
* In: adaptor_sig162: pointer to 162-byte signature to verify (cannot be NULL)
* pubkey: pointer to the public key corresponding to the secret key
* used for signing (cannot be NULL)
* msg32: pointer to the 32-byte message (cannot be NULL)
* enckey: pointer to the adaptor encryption public key (cannot be NULL)
*/
SECP256K1_API int secp256k1_ecdsa_adaptor_sig_verify(
const secp256k1_context* ctx,
const unsigned char *adaptor_sig162,
const secp256k1_pubkey *pubkey,
const unsigned char *msg32,
const secp256k1_pubkey *enckey
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5);

/** Decrypt Signature
*
* Derives an ECDSA signature from an adaptor signature and an adaptor decryption key.
*
* Returns: 1 on success, 0 on failure
* Args: ctx: a secp256k1 context object (cannot be NULL)
* Out: sig: pointer to the ECDSA signature to create (cannot
* be NULL)
* In: deckey32: pointer to 32-byte decryption secret key for the adaptor
* encryption public key (cannot be NULL)
* adaptor_sig162: pointer to 162-byte byte adaptor sig (cannot be NULL)
*/
SECP256K1_API int secp256k1_ecdsa_adaptor_decrypt(
const secp256k1_context* ctx,
secp256k1_ecdsa_signature *sig,
const unsigned char *deckey32,
const unsigned char *adaptor_sig162
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);

/** Decryption Key Recovery
*
* Extracts the adaptor decryption key from the complete signature and the adaptor
* signature.
*
* Returns: 1 on success, 0 on failure
* Args: ctx: a secp256k1 context object, initialized for signing
* (cannot be NULL)
* Out: deckey32: pointer to 32-byte adaptor decryption key for the adaptor
* encryption public key (cannot be NULL)
* In: sig: pointer to ECDSA signature to recover the adaptor decryption
* key from (cannot be NULL)
* adaptor_sig: pointer to adaptor signature to recover the adaptor
* decryption key from (cannot be NULL)
* enckey: pointer to the adaptor encryption public key
* (cannot be NULL)
*/
SECP256K1_API int secp256k1_ecdsa_adaptor_recover(
const secp256k1_context* ctx,
unsigned char *deckey32,
const secp256k1_ecdsa_signature *sig,
const unsigned char *adaptor_sig162,
const secp256k1_pubkey *enckey
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5);

#ifdef __cplusplus
}
#endif
Expand Down
Loading

0 comments on commit 944eea7

Please sign in to comment.