-
Notifications
You must be signed in to change notification settings - Fork 270
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Musig2 module #716
base: master
Are you sure you want to change the base?
Add Musig2 module #716
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome!!! I would wait until the upstream PR merges (and releases) before merging this but I'm looking forward to it. I gave it a quick look anyway.
// - Key agg cache is valid | ||
// - extra input is 32 bytes | ||
// This can only happen when the session id is all zeros | ||
Err(MusigNonceGenError::ZeroSession) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO this should be just panic
. It can only happen if someone passes wrong value to dangerous ID creation function.
447a94c
to
e730b8b
Compare
a91d293
to
8bbd0d2
Compare
This is a 10 thousand line diff, is something commited that shouldn't be? |
It updates the vendored library to bring in the upstream MuSig PR. |
Yes. For now, only the last three commits matter for review purposes. |
Cool, thanks. To clarify this is going to wait till upstream merges before being considered for merge, right? What sort of review are you chasing? |
@tcharding I will definitely not ack this until it's upstream is released. However I appreciate the experiment/demo. |
0a2361b
to
86e2b28
Compare
Yes, the idea is to wait for the upstream PR to be merged. |
impl MusigSecNonce { | ||
pub fn new() -> Self { | ||
MusigSecNonce([0; MUSIG_SECNONCE_LEN]) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this highly misleading? If it's all-zeros it's not a nonce and thus broken. Where would one need it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as here: #716 (comment)
secp256k1-sys/src/lib.rs
Outdated
MusigSecNonce([0; MUSIG_SECNONCE_LEN]) | ||
} | ||
|
||
/// Don't use this. Refer to the documentation of wrapper APIs in the crate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The documentation of these methods is intended for the higher-level API implementors not for for end consumers so it should rather properly describe what's going on here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. Thanks.
impl_raw_debug!(MusigPubNonce); | ||
|
||
impl MusigPubNonce { | ||
pub fn new() -> Self { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks also broken.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as here: #716 (comment)
fn default() -> Self { | ||
Self::new() | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks to me that none of these Default
s should exist. People should just use arrays or MaybeUninit<T>
to represent the uninitialized state.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you suggesting something like this ?
let key_agg_cache = MaybeUninit::<ffi::MusigKeyAggCache>::uninit();
let mut key_agg_cache = key_agg_cache.assume_init();
This will cause UB (without MaybeUninit::write
).
The reason for pub fn new()
is that the internal array is private (ex: pub struct MusigKeyAggCache([c_uchar; MUSIG_KEYAGG_LEN]);
), which is consistent with the other structs in the code.
|
||
#[repr(C)] | ||
#[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)] | ||
pub struct MusigPartialSignature([c_uchar; MUSIG_PART_SIG_LEN]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FTR these struct declarations looked wrong but are indeed correct based on the current API.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think they should be changed?
src/musig.rs
Outdated
#[derive(Debug, Clone, Copy, Eq, PartialEq, PartialOrd, Ord, Hash)] | ||
pub enum ParseError { | ||
/// Length mismatch | ||
ArgLenMismatch { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We usually name these InvalidLength
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. Thanks.
86e2b28
to
071ac15
Compare
Upstream was released yesterday |
Can you rebase and format each commit with the nightly formatter? That should fix CI. |
071ac15
to
7f76102
Compare
Yes, done. Thanks. |
Patch 1 can be removed now, right? Then your shellcheck CI fail should disappear. |
7f76102
to
6e2d803
Compare
@tcharding Thanks. But due to the difference in the upstream codebase, |
06ab8d0 Update codebase to version 0.6 (jlest01) Pull request description: This PR updates the `secp256k1-sys` codebase to version v0.6. I'm not sure if there are more steps involved, but these commits work fine in #716. ACKs for top commit: apoelstra: ACK 06ab8d0; successfully ran local tests; thanks for iterating! Tree-SHA512: 9b17a977d000821b7044f3f1f1b7d1e3209197be270b1e6a577c9245e30f09c6d6c532c85ffae5df503bc2ce80ea0c79983bbe7f838d77efac79f022132409c2
This PR adds a
musig
module based on bitcoin-core/secp256k1#1479.The structure is based on @sanket1729's BlockstreamResearch/rust-secp256k1-zkp#48, but I removed the code related to adaptor signatures.
There is an example file in
examples/musig.rs
and can be run withcargo run --example musig --features "rand std"
.The
ffi
functions were added tosecp256k1-sys/src/lib.rs
and the API level functions to the newsrc/musig.rs
file.