NUT-29: Fix batch minting signature message separator#375
Open
a1denvalu3 wants to merge 2 commits into
Open
Conversation
robwoodgate
approved these changes
May 22, 2026
Contributor
There was a problem hiding this comment.
Length as a separator may be better as it precludes use of the separator and assures injectivity - eg:
msg = b"Cashu_MintQuoteSig_v1" // DST
‖ len32(quote_id) ‖ quote_id // quote_id = UTF-8 bytes
‖ for each output i (in request order):
len32(amount_i) ‖ amount_i // amount_i = canonical minimal big-endian
‖ len32(B_i) ‖ B_i // B_i = 33-byte secp / 48-byte BLS compressed point
might be safer?
Contributor
|
As an addition, we should do the same for NUT-20 message aggregation due to the variable B_ lengths between SECP and BLS. |
This was referenced May 22, 2026
This comment was marked as outdated.
This comment was marked as outdated.
robwoodgate
added a commit
to cashubtc/cashu-ts
that referenced
this pull request
May 26, 2026
Revert NUT-20 to its retro-compatible message; NUT-29 batch minting now uses its own domain-separated, length-framed message committing to each output's amount and point (cashubtc/nuts#375).
robwoodgate
added a commit
to cashubtc/cashu-ts
that referenced
this pull request
May 26, 2026
Revert NUT-20 to its retro-compatible message; NUT-29 batch minting now uses its own domain-separated, length-framed message committing to each output's amount and point (cashubtc/nuts#375).
This was referenced May 26, 2026
…7 quote ids Replace the legacy `quote || B_0 || ... || B_(n-1)` mint-quote signature message with a domain-separated, length-framed, amount-committing `msg_to_sign`. This is a breaking change: mints no longer accept the legacy message. The message does not commit the keyset `id`, so a wallet can re-target a rotated keyset without a new signature. - NUT-04: quote ids MUST be a UUIDv7. - NUT-20: define the hardened `msg_to_sign` (replaces the concatenation). - NUT-29: each locked quote is signed independently per NUT-20 over the consolidated outputs; mixed-method batches are rejected. - tests/20-test.md: hardened-message test vector.
a1denvalu3
force-pushed
the
fix-nut-29-batch-minting
branch
from
1225c9b to
91abdbb
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
msg_to_signfor NUT-29 batch minting to include proper colon separators between the quote ID and the blinded messages (e.g.quote_id:B_0:B_1).tests/29-tests.mdto reflect the new msg_to_sign and signature validation rule.