musig: turn off multiexponentiation for now

jonasnick · jonasnick · commit ac1e36769dda · 2021-12-17T13:47:43.000Z
Before turning it on we need to have a discussion about our confidence in the
correctness of the multiexponentiation code.
diff --git a/include/secp256k1_musig.h b/include/secp256k1_musig.h
@@ -197,11 +197,13 @@ SECP256K1_API int secp256k1_musig_partial_sig_parse(
  *
  *  Returns: 0 if the arguments are invalid, 1 otherwise
  *  Args:        ctx: pointer to a context object initialized for verification
- *           scratch: scratch space used to compute the aggregate pubkey by
- *                    multiexponentiation. Generally, the larger the scratch
- *                    space, the faster this function. However, the returns of
- *                    providing a larger scratch space are diminishing. If NULL,
- *                    an inefficient algorithm is used.
+ *           scratch: should be NULL because it is not yet implemented. If it
+ *                    was implemented then the scratch space would be used to
+ *                    compute the aggregate pubkey by multiexponentiation.
+ *                    Generally, the larger the scratch space, the faster this
+ *                    function. However, the returns of providing a larger
+ *                    scratch space are diminishing. If NULL, an inefficient
+ *                    algorithm is used.
  *  Out:      agg_pk: the MuSig-aggregated x-only public key. If you do not need it,
  *                    this arg can be NULL.
  *      keyagg_cache: if non-NULL, pointer to a musig_keyagg_cache struct that
diff --git a/src/modules/musig/keyagg_impl.h b/src/modules/musig/keyagg_impl.h
@@ -190,6 +190,7 @@ int secp256k1_musig_pubkey_agg(const secp256k1_context* ctx, secp256k1_scratch_s
     secp256k1_gej pkj;
     secp256k1_ge pkp;
     size_t i;
+    (void) scratch;
 
     VERIFY_CHECK(ctx != NULL);
     if (agg_pk != NULL) {
@@ -216,7 +217,9 @@ int secp256k1_musig_pubkey_agg(const secp256k1_context* ctx, secp256k1_scratch_s
     if (!secp256k1_musig_compute_pk_hash(ctx, ecmult_data.pk_hash, pubkeys, n_pubkeys)) {
         return 0;
     }
-    if (!secp256k1_ecmult_multi_var(&ctx->error_callback, scratch, &pkj, NULL, secp256k1_musig_pubkey_agg_callback, (void *) &ecmult_data, n_pubkeys)) {
+    /* TODO: actually use optimized ecmult_multi algorithms by providing a
+     * scratch space */
+    if (!secp256k1_ecmult_multi_var(&ctx->error_callback, NULL, &pkj, NULL, secp256k1_musig_pubkey_agg_callback, (void *) &ecmult_data, n_pubkeys)) {
         /* In order to reach this line with the current implementation of
          * ecmult_multi_var one would need to provide a callback that can
          * fail. */
