Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ECDSA adaptor signature implementation #292

Closed
GeneFerneau opened this issue Apr 7, 2021 · 6 comments
Closed

ECDSA adaptor signature implementation #292

GeneFerneau opened this issue Apr 7, 2021 · 6 comments

Comments

@GeneFerneau
Copy link

I've recently implemented the ECDSA adaptor signature scheme from Generalized Bitcoin-Compatible Channels.

The library solely depends on rust-secp256k1, and I made some changes to expose some necessary functions. In your contributing guide, it suggests making all crypto contributions upstream to the C libsecp256k1 library. Would the changes I've made to rust-secp256k1 (geneferneau/rust-secp256k1@2e6e833) be welcome as a PR here, or should I upstream by re-implementing ECDSA adaptor signatures in libsecp256k1?

My next steps are to implement Schnorr adaptor signatures, so same questions there.

Thanks for any feedback.
@real-or-random
Copy link
Collaborator

real-or-random commented Apr 8, 2021
edited
Loading

I assume you're not aware of BlockstreamResearch/secp256k1-zkp#117 ?

(libsecp256k1-zkp is a fork of libsecp256k1 that adds some features that probably would not be accepted into libsecp256k1 at this point because they may not relevant enough to the Bitcoin ecosystem, or it's simply too early to have them in libsecp256k1.)

@GeneFerneau
Copy link
Author

GeneFerneau commented Apr 8, 2021
edited
Loading

I assume you're not aware of BlockstreamResearch/secp256k1-zkp#117 ?

No, definitely was not 🤦

I did a search for ECDSA adaptor signature implementations before I got started, but didn't find that impl.

At least now I thoroughly understand how ECDSA adaptor signatures work...

Thanks for the link.

Their impl doesn't appear to contain a proof for Y = y*g specified in the work by Aumayr et al. In that work, they specify it is required for the scheme to be secure under the Universal Composability framework. What's a good way to bring that to their attention / start a discussion?

@GeneFerneau GeneFerneau reopened this Apr 8, 2021
@real-or-random
Copy link
Collaborator

Their impl doesn't appear to contain a proof for Y = y*g specified in the work by Aumayr et al. In that work, they specify it is required for the scheme to be secure under the Universal Composability framework. What's a good way to bring that to their attention / start a discussion?

That's an interesting point.

Just reply in the PR there. It was merged just earlier this week.

@GeneFerneau
Copy link
Author

Just reply in the PR there. It was merged just earlier this week.

Ok, will do.

@heygauri
Copy link

heygauri commented May 8, 2024

Hello, I was searching for the implementation of Schnorr adaptor signatures and came across this conversation. Can I ask where I can find it? I checked https://github.com/BlockstreamResearch but didn't find any clues. I would be glad if anyone could help me with this. I find this conversation relevant, so I'm posting here.

@real-or-random
Copy link
Collaborator

Schnorr adaptor signatures

See this issue: BlockstreamResearch/secp256k1-zkp#191 Spoiler: There is no implementation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@real-or-random @heygauri @GeneFerneau