Merge pull request #127 from LLFourn/poly

Remove ScalarPoly and PointPoly
LLFourn · Oct 17, 2022 · b511ab5 · b511ab5
2 parents 830773e + 91e9a58
commit b511ab5
Show file tree

Hide file tree

Showing 13 changed files with 618 additions and 659 deletions.
diff --git a/ecdsa_fun/src/lib.rs b/ecdsa_fun/src/lib.rs
@@ -209,7 +209,6 @@ macro_rules! test_instance {
 mod test {
     use super::*;
     use rand::RngCore;
-    use secp256kfun::TEST_SOUNDNESS;
 
     #[test]
     fn repeated_sign_and_verify() {
@@ -228,7 +227,8 @@ mod test {
     fn low_s() {
         let ecdsa_enforce_low_s = test_instance!().enforce_low_s();
         let ecdsa = test_instance!();
-        for _ in 0..TEST_SOUNDNESS {
+        // TODO: use proptest
+        for _ in 0..20 {
             let mut message = [0u8; 32];
             rand::thread_rng().fill_bytes(&mut message);
             let secret_key = Scalar::random(&mut rand::thread_rng());

diff --git a/ecdsa_fun/tests/against_c_lib.rs b/ecdsa_fun/tests/against_c_lib.rs
@@ -4,10 +4,12 @@ use ecdsa_fun::{
     fun::{
         hex,
         secp256k1::{self, ecdsa, Message, PublicKey, SecretKey},
-        Point, Scalar, TEST_SOUNDNESS,
+        Point, Scalar,
     },
 };
 
+const TEST_SOUNDNESS: usize = 20;
+
 fn rand_32_bytes() -> [u8; 32] {
     use rand::RngCore;
     let mut bytes = [0u8; 32];

diff --git a/schnorr_fun/Cargo.toml b/schnorr_fun/Cargo.toml
@@ -28,6 +28,7 @@ sha2 = "0.10"
 secp256kfun = { path = "../secp256kfun", version = "0.7.1", default-features = false, features = ["alloc", "libsecp_compat", "proptest"] }
 secp256k1 = { version = "0.22", features = ["std", "global-context"]}
 serde_json = "1"
+rand_chacha = { version = "0.3" }
 
 
 [target.'cfg(not(target_arch = "wasm32"))'.dev-dependencies]

diff --git a/schnorr_fun/src/binonce.rs b/schnorr_fun/src/binonce.rs
@@ -5,7 +5,9 @@
 //! Derived binonces should be unique and and must not be reused for signing under any circumstances
 //! as this can leak your secret key.
 use crate::Message;
-use secp256kfun::{derive_nonce, g, marker::*, nonce::NonceGen, Point, Scalar, G};
+use secp256kfun::{
+    derive_nonce, g, marker::*, nonce::NonceGen, rand_core::RngCore, Point, Scalar, G,
+};
 
 /// A nonce (pair of points) that each party must share with the others in the first stage of signing.
 ///
@@ -125,9 +127,11 @@ impl NonceKeyPair {
     ///
     ///   How important the `session_id` is depends on whether you add a `message` and whether you are using randomness in your `nonce_gen`.
     ///   If you are using a deterministic `nonce_gen` it is crucial that this is set to a unique value for each signing session.
-    ///   If your application doesn't naturally provide you with a unique value store a counter.
     ///
-    /// Optionally you may pass in `public_key` and `message` which should be passed in when available.
+    /// Optionally you may pass in:
+    ///
+    /// - `public_key`: The public key we're signing under (if we know it at nonce generation time).
+    /// - `message`: The message we're signing (if we know it at nonce generation time)
     ///
     /// [`MuSig::sign`]: crate::musig::MuSig::sign
     pub fn generate(
@@ -141,7 +145,13 @@ impl NonceKeyPair {
         let msg_len = (message.len() as u64).to_be_bytes();
         let sid_len = (session_id.len() as u64).to_be_bytes();
         let pk_bytes = public_key
-            .map(|p| p.normalize().to_bytes())
+            // NOTE: the `.normalize` here is very important. Even though the public key is already
+            // normalized we want it in particular to be Normal so that it serialzes correctly
+            // regardless of whether you pass in a Normal or EvenY point.
+            .map(|public_key| {
+                let public_key: Point<Normal> = public_key.normalize();
+                public_key.to_bytes()
+            })
             .unwrap_or([0u8; 33]);
         let r1 = derive_nonce!(
             nonce_gen => nonce_gen,
@@ -154,13 +164,12 @@ impl NonceKeyPair {
             public => [ b"r2", pk_bytes, msg_len, message, sid_len, session_id]
         );
 
-        let R1 = g!(r1 * G).normalize();
-        let R2 = g!(r2 * G).normalize();
+        Self::from_secrets([r1, r2])
+    }
 
-        NonceKeyPair {
-            public: Nonce([R1, R2]),
-            secret: [r1, r2],
-        }
+    /// Generate a nonce keypair from an rng
+    pub fn random(rng: &mut impl RngCore) -> Self {
+        Self::from_secrets([Scalar::random(rng), Scalar::random(rng)])
     }
 }