Add MuSig2 adaptor sig exercise in example code

instagibbs · instagibbs · commit 427ca952d909 · 2022-04-18T13:42:06.000-04:00
diff --git a/examples/musig.c b/examples/musig.c
@@ -98,6 +98,17 @@ int sign(const secp256k1_context* ctx, struct signer_secrets *signer_secrets, st
     /* The same for all signers */
     secp256k1_musig_session session;
 
+    /* For adapter signature, committing to random scalar */
+    int nonce_parity;
+    unsigned char adaptor_key[32];
+    secp256k1_pubkey adaptor;
+    if (!fill_random(adaptor_key, sizeof(adaptor_key))) {
+        return 0;
+    }
+    if (!secp256k1_ec_pubkey_create(ctx, &adaptor, adaptor_key)) {
+        return 0;
+    }
+
     for (i = 0; i < N_SIGNERS; i++) {
         unsigned char seckey[32];
         unsigned char session_id[32];
@@ -126,7 +137,7 @@ int sign(const secp256k1_context* ctx, struct signer_secrets *signer_secrets, st
         if (!secp256k1_musig_nonce_agg(ctx, &agg_pubnonce, pubnonces, N_SIGNERS)) {
             return 0;
         }
-        if (!secp256k1_musig_nonce_process(ctx, &session, &agg_pubnonce, msg32, cache, NULL)) {
+        if (!secp256k1_musig_nonce_process(ctx, &session, &agg_pubnonce, msg32, cache, &adaptor)) {
             return 0;
         }
         /* partial_sign will clear the secnonce by setting it to 0. That's because
@@ -156,7 +167,18 @@ int sign(const secp256k1_context* ctx, struct signer_secrets *signer_secrets, st
             return 0;
         }
     }
-    return secp256k1_musig_partial_sig_agg(ctx, sig64, &session, partial_sigs, N_SIGNERS);
+
+    /* Since we are doing adaptor sig, complete pre-signature */
+    if (!secp256k1_musig_nonce_parity(ctx, &nonce_parity, &session)) {
+        return 0;
+    }
+    if (!secp256k1_musig_partial_sig_agg(ctx, sig64, &session, partial_sigs, N_SIGNERS)){
+        return 0;
+    }
+    if (!secp256k1_musig_adapt(ctx, sig64, sig64, adaptor_key, nonce_parity)) {
+        return 0;
+    }
+    return 1;
 }
 
  int main(void) {
