[Research]: Can we verify Schnorr signatures in Clarity?

[netrome]

Completing the issue description and arriving at a conclusion is the deliverable of this issue.

Research - Can we verify Schnorr signatures in Clarity?

This ticket holds the research relating to if we can verify Schnorr signatures in Clarity smart contracts.

1. Summary

We are currently not aware of any Clarity library providing any secp256k1 curve primitives or Schnorr signatures.

2. Context & Relevance

Verifying Schnorr signatures in Clarity would allow us to create contract calls which the signers can only make as a single unit, which is needed for the deposit and withdrawal flows.

3. Research

3.1 Proposed Research Conclusions

After searching and asking around I have not been able to find any library or contract which allows us to do secp256k1 curve math or verify Schnorr signatures in Clarity contracts. The only known secp256k1 operations in Clarity are the built-in functions for ECDSA signature verification (secp256k1-verify and secp256k1-recover).

To move forward with the sBTC design there are a few possible paths forward:

1. Design sBTC v1 optimistically, where signers provide signatures for their operations but contracts are not able to verify these signatures.
2. Use voting mechanisms whenever signer consensus is needed in Clarity contract calls.
3. Implement our own secp256k1 Clarity library.
4. Push for adding Schnorr signature verification as a Clarity built-in function alongside secp256k1-verify.

3.2 External Resources

Clarity built-in functions https://docs.stacks.co/clarity/functions

3.3 Areas of Ambiguity

Closing Checklist

• The takeaway from this issue is clearly documented in the description of this ticket.
• Everyone necessary has reviewed the resolution and agrees with the takeaways.
• This ticket has or links all the information necessary to familiarize a contributor with the topic and how it was resolved.

[hstove]

The answer to "can we verify Schnoor via any default functions" is almost definitely "no", as the built-in function only verifies ECDSA. Here is the Clarity Rust code that calls into that function.

[netrome]

The answer to "can we verify Schnoor via any default functions" is almost definitely "no", as the built-in function only verifies ECDSA. Here is the Clarity Rust code that calls into that function.

Yeah just I saw that too. I'm wondering if there are any Clarity libraries which allow us to do this, or expose lower level curve point operations that we could build upon. I'm not aware of any though.

[netrome]

I've updated the ticket concluding that this is currently not possible.

[hstove]

Yeah, unfortunately I'm not aware of any libraries. Is it even possible to build a schnoor verification library with only 128 uints? (I truly have no idea)

[netrome]

Yeah, unfortunately I'm not aware of any libraries. Is it even possible to build a schnoor verification library with only 128 uints? (I truly have no idea)

Well, no and yes. You'd have to implement our own uint 256 first. So the lack of a 256 uint library (that we know if) is a further indication that this does not exist.

[AshtonStephens]

We need a new design ticket on "how do we aggregate votes in clarity"?

[jferrant]

I know this is done. but just want to put this link here for posterity stacks-network/stacks-core#4002