Add Schnorrsig half aggregation#130
Closed
jonasnick wants to merge 1 commit intoBlockstreamResearch:masterfrom
Closed
Add Schnorrsig half aggregation#130jonasnick wants to merge 1 commit intoBlockstreamResearch:masterfrom
jonasnick wants to merge 1 commit intoBlockstreamResearch:masterfrom
Conversation
Contributor
Author
|
This doesn't allow aggregating aggregate sigs. Would be nice if it could. |
rustyrussell
reviewed
Jul 5, 2023
Contributor
rustyrussell
left a comment
rustyrussell
left a comment
There was a problem hiding this comment.
Rough review since I was reading it anyway. Obv as PR states, needs more work!
| ARG_CHECK(msg32 != NULL); | ||
| ARG_CHECK(pubkey != NULL); | ||
|
|
||
| if (*aggsig_size < 32*(1 + n_sigs)) { |
Contributor
There was a problem hiding this comment.
Overflow protection needed here, AFAICT. You probably want to divide aggsig_size, check it's > 0, then sub 1 and compare with n_sigs.
Comment on lines
+112
to
+116
| size_t* aggsig_size, | ||
| unsigned char **sig64, | ||
| unsigned char **msg32, | ||
| secp256k1_xonly_pubkey *pubkey, | ||
| uint32_t n_sigs |
Contributor
There was a problem hiding this comment.
I know C is sloppy with this, but const unsigned char **sig64 would be nice. And msg32.
Also, n_sigs here and n_msgs below?
Contributor
There was a problem hiding this comment.
And sig64 adn msg32 are arrays of ptrys, pubkey is a direct array of objects. That's a bit weird? Also, please pubkeys to give the poor user a hint?
| const secp256k1_context* ctx, | ||
| unsigned char **msg32, | ||
| uint32_t n_msgs, | ||
| secp256k1_xonly_pubkey *pubkey, |
Comment on lines
+299
to
+300
| /* TODO: fix endianness issue */ | ||
| secp256k1_sha256_write(&hash, (unsigned char *)&i, sizeof(i)); |
| ARG_CHECK(aggsig != NULL); | ||
|
|
||
| secp256k1_gej_set_infinity(&rhs); | ||
| if (aggsig_size != 32*(1 + n_msgs)) { |
| secp256k1_sha256_initialize(&hash); | ||
| secp256k1_sha256_write(&hash, midhash, sizeof(midhash)); | ||
| /* TODO: fix endianness issue */ | ||
| secp256k1_sha256_write(&hash, (unsigned char *)&i, sizeof(i)); |
Contributor
Author
|
We should make this PR compliant with the draft spec (which was written after this PR was opened). |
Contributor
Author
|
Closing in favor of #261 |
real-or-random
added a commit
that referenced
this pull request
Mar 5, 2024
3a9b1d4 New Experimental Module: Incremental Half-Aggregation for Schnorr Signatures (Benedikt) Pull request description: Revisited PR #130 by jonasnick. I am happy to hear your thoughts. **Summary of changes compared to #130:** - Address comments from rustyrussell - Use tagged hash - Compute hashes with common prefix by copying midstate - Allow Incremental Aggregation and make code consistent with the [draft spec](https://github.com/BlockstreamResearch/cross-input-aggregation/blob/master/half-aggregation.mediawiki) ACKs for top commit: real-or-random: ACK 3a9b1d4 Tree-SHA512: 27239033f8b28ecf87ea310b3dd5a19dbbe6fd07495db71ef7017f8f444ec25a12897087d1bea0a2e9c3df77d7f17c38b183d7fe768858da2180f26624add4aa
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Result of a recorded pair-programming session with @real-or-random to demonstrate how to write libsecp(-zkp) code. Therefore the code is still in a very early stage.