Commit Graph

3 Commits

Author SHA1 Message Date
Conrado Gouvea 908289db90
secp256k1-tr: fix no-std support (#782)
* secp256k1-tr: fix no-std support

* apply recent secp256k1 changes
2024-11-25 15:27:51 +00:00
StackOverflowExcept1on cf6b0c0691
docs: add secp256k1-tr to changelog and book (#776) 2024-11-19 13:20:35 +00:00
conduition c88fadde8e
Add frost-secp256k1-tr crate (BIP340/BIP341) [moved] (#730)
* modify frost-core traits to enable taproot compatibility

This commit contains changes to the frost-core crate which
allow ciphersuites to better customize how signatures are computed.
This will enable taproot support without requiring major changes
to existing frost ciphersuites.

Co-authored by @zebra-lucky and @mimoo

This work sponsored by dlcbtc.com and lightspark.com

* add frost-secp256k1-tr crate and ciphersuite

Co-authored by @zebra-lucky and @mimoo

This work sponsored by dlcbtc.com and lightspark.com

* test coverage for taproot crate

Co-authored by @zebra-lucky and @mimoo

This work sponsored by dlcbtc.com and lightspark.com

* clippy fixes

* tweak DKG output to avoid rogue taproot tweaks

* add interoperability tests

* cleanup taproot implementation to minimize impact in frost_core

* Update PoK test vector to use nonce which generates an even-parity point

Uses r = e99ae2676eab512a3572c7b7655d633642a717250af57a7e0ccd5f9618b69f3f

* BIP341 key package tweaks shouldn't cause key negation

* prune the Context type, instead negate signature.R before verifying

With a couple of small adjustments to the code, we can remove the
need for this extra associated type on the Ciphersuite crate. Accepting
signature with odd-parity nonce values is OK, because BIP340 discard
the nonce parity bit anyway.

* proper TapTweak point-addition operates on even internal key representation

Thanks to @conradoplg for spotting this. The internal key is supposed
to be represented as an even-parity point when adding the TapTweak
point t*G. I added a regression test to ensure the tweaked verifying
key and its parity match the BIP341 spec.

* clippy test fixes

* fix no-std issues and warnings

---------

Co-authored-by: Conrado Gouvea <conradoplg@gmail.com>
2024-11-14 13:50:18 +00:00