Merge commit 'f5e2c8da41864b47145398995a53e8c7c1d238e8' as 'python/secp256k1proto'

Author: theStack

python/secp256k1proto/.gitignore

@@ -0,0 +1,10 @@
+# Python-generated files
+__pycache__/
+*.py[oc]
+build/
+dist/
+wheels/
+*.egg-info
+
+# Virtual environments
+.venv

python/secp256k1proto/.python-version

@@ -0,0 +1 @@
+3.11

python/secp256k1proto/README.md

@@ -0,0 +1,14 @@
+[project]
+name = "secp256k1proto"
+version = "0.1.0"
+description = "Add your description here"
+readme = "README.md"
+authors = [
+    { name = "Sebastian Falbesoner", email = "[email protected]" }
+]
+requires-python = ">=3.11"
+dependencies = []
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"

python/secp256k1proto/pyproject.toml

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2009-2024 The Bitcoin Core developers
+Copyright (c) 2009-2024 Bitcoin Developers
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

python/secp256k1proto/src/secp256k1proto/COPYING

@@ -0,0 +1,73 @@
+# The following functions are based on the BIP 340 reference implementation:
+# https://github.com/bitcoin/bips/blob/master/bip-0340/reference.py
+
+from .secp256k1 import FE, GE, G
+from .util import int_from_bytes, bytes_from_int, xor_bytes, tagged_hash
+
+
+def pubkey_gen(seckey: bytes) -> bytes:
+    d0 = int_from_bytes(seckey)
+    if not (1 <= d0 <= GE.ORDER - 1):
+        raise ValueError("The secret key must be an integer in the range 1..n-1.")
+    P = d0 * G
+    assert not P.infinity
+    return P.to_bytes_xonly()
+
+
+def schnorr_sign(
+    msg: bytes, seckey: bytes, aux_rand: bytes, tag_prefix: str = "BIP0340"
+) -> bytes:
+    d0 = int_from_bytes(seckey)
+    if not (1 <= d0 <= GE.ORDER - 1):
+        raise ValueError("The secret key must be an integer in the range 1..n-1.")
+    if len(aux_rand) != 32:
+        raise ValueError("aux_rand must be 32 bytes instead of %i." % len(aux_rand))
+    P = d0 * G
+    assert not P.infinity
+    d = d0 if P.has_even_y() else GE.ORDER - d0
+    t = xor_bytes(bytes_from_int(d), tagged_hash(tag_prefix + "/aux", aux_rand))
+    k0 = (
+        int_from_bytes(tagged_hash(tag_prefix + "/nonce", t + P.to_bytes_xonly() + msg))
+        % GE.ORDER
+    )
+    if k0 == 0:
+        raise RuntimeError("Failure. This happens only with negligible probability.")
+    R = k0 * G
+    assert not R.infinity
+    k = k0 if R.has_even_y() else GE.ORDER - k0
+    e = (
+        int_from_bytes(
+            tagged_hash(
+                tag_prefix + "/challenge", R.to_bytes_xonly() + P.to_bytes_xonly() + msg
+            )
+        )
+        % GE.ORDER
+    )
+    sig = R.to_bytes_xonly() + bytes_from_int((k + e * d) % GE.ORDER)
+    assert schnorr_verify(msg, P.to_bytes_xonly(), sig, tag_prefix=tag_prefix)
+    return sig
+
+
+def schnorr_verify(
+    msg: bytes, pubkey: bytes, sig: bytes, tag_prefix: str = "BIP0340"
+) -> bool:
+    if len(pubkey) != 32:
+        raise ValueError("The public key must be a 32-byte array.")
+    if len(sig) != 64:
+        raise ValueError("The signature must be a 64-byte array.")
+    try:
+        P = GE.from_bytes_xonly(pubkey)
+    except ValueError:
+        return False
+    r = int_from_bytes(sig[0:32])
+    s = int_from_bytes(sig[32:64])
+    if (r >= FE.SIZE) or (s >= GE.ORDER):
+        return False
+    e = (
+        int_from_bytes(tagged_hash(tag_prefix + "/challenge", sig[0:32] + pubkey + msg))
+        % GE.ORDER
+    )
+    R = s * G - e * P
+    if R.infinity or (not R.has_even_y()) or (R.x != r):
+        return False
+    return True

python/secp256k1proto/src/secp256k1proto/__init__.py

@@ -0,0 +1,16 @@
+import hashlib
+
+from .secp256k1 import GE, Scalar
+
+
+def ecdh_compressed_in_raw_out(seckey: bytes, pubkey: bytes) -> GE:
+    """TODO"""
+    shared_secret = Scalar.from_bytes(seckey) * GE.from_bytes_compressed(pubkey)
+    assert not shared_secret.infinity  # prime-order group
+    return shared_secret
+
+
+def ecdh_libsecp256k1(seckey: bytes, pubkey: bytes) -> bytes:
+    """TODO"""
+    shared_secret = ecdh_compressed_in_raw_out(seckey, pubkey)
+    return hashlib.sha256(shared_secret.to_bytes_compressed()).digest()

python/secp256k1proto/src/secp256k1proto/bip340.py

@@ -0,0 +1,15 @@
+from .secp256k1 import GE, G
+from .util import int_from_bytes
+
+# The following function is based on the BIP 327 reference implementation
+# https://github.com/bitcoin/bips/blob/master/bip-0327/reference.py
+
+
+# Return the plain public key corresponding to a given secret key
+def pubkey_gen_plain(seckey: bytes) -> bytes:
+    d0 = int_from_bytes(seckey)
+    if not (1 <= d0 <= GE.ORDER - 1):
+        raise ValueError("The secret key must be an integer in the range 1..n-1.")
+    P = d0 * G
+    assert not P.infinity
+    return P.to_bytes_compressed()