You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: src/modules/musig/musig.md
+4-4
Original file line number
Diff line number
Diff line change
@@ -23,7 +23,7 @@ Therefore, users of the musig module must take great care to make sure of the fo
23
23
# Key Aggregation and (Taproot) Tweaking
24
24
25
25
Given a set of public keys, the aggregate public key is computed with `secp256k1_musig_pubkey_agg`.
26
-
A (Taproot) tweak can be added to the resulting public key with `secp256k1_xonly_pubkey_tweak_add`.
26
+
A (Taproot) tweak can be added to the resulting public key with `secp256k1_xonly_pubkey_tweak_add` and an ordinary tweak can be added with `secp256k1_ec_pubkey_tweak_add`.
27
27
28
28
# Signing
29
29
@@ -32,7 +32,7 @@ Essentially, the protocol proceeds in the following steps:
32
32
33
33
1. Generate a keypair with `secp256k1_keypair_create` and obtain the xonly public key with `secp256k1_keypair_xonly_pub`.
34
34
2. Call `secp256k1_musig_pubkey_agg` with the xonly pubkeys of all participants.
35
-
3. Optionally add a (Taproot) tweak with `secp256k1_musig_pubkey_tweak_add`.
35
+
3. Optionally add a (Taproot) tweak with `secp256k1_musig_pubkey_xonly_tweak_add` and an ordinary tweak with `secp256k1_musig_pubkey_ec_tweak_add`.
36
36
4. Generate a pair of secret and public nonce with `secp256k1_musig_nonce_gen` and send the public nonce to the other signers.
37
37
5. Someone (not necessarily the signer) aggregates the public nonce with `secp256k1_musig_nonce_agg` and sends it to the signers.
38
38
6. Process the aggregate nonce with `secp256k1_musig_nonce_process`.
@@ -42,10 +42,10 @@ Essentially, the protocol proceeds in the following steps:
42
42
43
43
The aggregate signature can be verified with `secp256k1_schnorrsig_verify`.
44
44
45
-
Note that steps 1 to 6 can happen before the message to be signed is known to the signers.
45
+
Note that steps 1 to 5 can happen before the message to be signed is known to the signers.
46
46
Therefore, the communication round to exchange nonces can be viewed as a pre-processing step that is run whenever convenient to the signers.
47
47
This disables some of the defense-in-depth measures that may protect against API misuse in some cases.
48
-
Similarly, the API supports an alternative protocol flow where generating the aggregate key (steps 1 to 3) is allowed to happen after exchanging nonces (steps 4 to 6).
48
+
Similarly, the API supports an alternative protocol flow where generating the aggregate key (steps 1 to 3) is allowed to happen after exchanging nonces (steps 4 to 5).
0 commit comments