Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bip-schnorr (BTC) vs schnorr-legacy (BCH) #36

Closed
pinheadmz opened this issue Dec 12, 2019 · 5 comments
Closed

bip-schnorr (BTC) vs schnorr-legacy (BCH) #36

pinheadmz opened this issue Dec 12, 2019 · 5 comments

Comments

@pinheadmz
Copy link
Member

@chjj
Just wondering if / how we plan on integrating both Schnorr types into bcrypto. Will BTC bip-schnorr be maintained on a separate branch so we can pull in the latest secp256k1? Or will we try to merge the old and new libraries somehow?

Let me know if there's anything I can do, or look into - I'm working on Schnorr/Taproot integration in bcoin, the JS implementation for bip-schnorr is available but I'm wondering about the long term...
@chjj
Copy link
Member

chjj commented Dec 13, 2019
edited

BCH schnorr is supported as schnorr-legacy:

I pulled in the latest secp256k1 used on bitcoin for the last release (though it obviously doesn't include the new schnorr yet). There shouldn't be any conflicts with the legacy schnorr. It will remain as an "extension" to the ecdsa api.

The new bip schnorr will have its own API, looking something like this (not exposed yet): https://github.com/bcoin-org/bcrypto/blob/master/lib/js/schnorr.js

@pinheadmz
Copy link
Member Author

Yeah I've been using the JS for bip-schnorr this week.

If you're interested, sipa has a Taproot branch with a compatible secp:

sipa/bitcoin@11a286c

parent commit with merge details:

sipa/bitcoin@d5cd9db

Almost all those commits came from master branch of https://github.com/bitcoin-core/secp256k1

The top 13 or so 32-byte-schnorr-y commits were pulled from Jonas' working branch:

https://github.com/jonasnick/secp256k1/commits/schnorrsig-backup38

@chjj
Copy link
Member

chjj commented Dec 14, 2019

Yeah, I've looked at Jonas' PR on the secp25k1 repo, but even if that gets merged, I don't think we should pull it in until it's actually running on bitcoin. I think that should maybe be our policy around libsecp256k1 (not to merge any updates until they're live on bitcoin mainnet). Normally I'm okay with adding an extra custom module, but the new bip-schnorr requires a lot of changes to the code besides just one module.

For the last secp256k1 tree I merged in, I made it a point to make sure it was actually live on mainnet. I pulled in the exact same commit as well.

On the topic of maintaining consensus, one thing we do differ with bitcoin on is compile time options. For the last release, I decided to build libsecp256k1 with libgmp and endomorphism enabled. This speeds up performance by a lot, but we are technically running different code than bitcoin core. The performance benefits are very attractive though.

Open
@braydonf braydonf mentioned this issue Feb 29, 2020
Merged
@pinheadmz
Copy link
Member Author

pinheadmz commented Mar 2, 2020
edited

I'm confused again by recent updates:

https://github.com/bcoin-org/bcrypto/blob/master/src/secp256k1/include/secp256k1_schnorrleg.h

This looks like 32-byte x-only bip340 pubkeys but I was thinking "legacy" referred to the bitcoin cash, 33-byte pubkey scheme.

@chjj
Copy link
Member

chjj commented Mar 2, 2020

That's still the legacy bip schnorr. BIP-340 is exposed as require('bcrypto/lib/schnorr') using libtorsion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chjj @pinheadmz