Encode CKey to ElligatorSwift representation

dhruv · dhruv · commit 3fbc703b281d · 2022-10-19T20:56:44.000-07:00
diff --git a/build_msvc/libsecp256k1/libsecp256k1.vcxproj b/build_msvc/libsecp256k1/libsecp256k1.vcxproj
@@ -14,7 +14,7 @@
   </ItemGroup>
   <ItemDefinitionGroup>
     <ClCompile>
-      <PreprocessorDefinitions>ENABLE_MODULE_ECDH;ENABLE_MODULE_RECOVERY;ENABLE_MODULE_EXTRAKEYS;ENABLE_MODULE_SCHNORRSIG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>ENABLE_MODULE_ECDH;ENABLE_MODULE_RECOVERY;ENABLE_MODULE_EXTRAKEYS;ENABLE_MODULE_SCHNORRSIG;ENABLE_MODULE_ELLSWIFT;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <AdditionalIncludeDirectories>..\..\src\secp256k1;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <DisableSpecificWarnings>4146;4244;4267;4334</DisableSpecificWarnings>
     </ClCompile>
diff --git a/configure.ac b/configure.ac
@@ -2016,7 +2016,7 @@ LIBS_TEMP="$LIBS"
 unset LIBS
 LIBS="$LIBS_TEMP"
 
-ac_configure_args="${ac_configure_args} --disable-shared --with-pic --enable-benchmark=no --enable-module-recovery --enable-module-schnorrsig"
+ac_configure_args="${ac_configure_args} --disable-shared --with-pic --enable-benchmark=no --enable-module-recovery --enable-module-schnorrsig --enable-experimental --enable-module-ellswift"
 AC_CONFIG_SUBDIRS([src/secp256k1])
 
 AC_OUTPUT
diff --git a/src/key.cpp b/src/key.cpp
@@ -11,6 +11,7 @@
 #include <random.h>
 
 #include <secp256k1.h>
+#include <secp256k1_ellswift.h>
 #include <secp256k1_extrakeys.h>
 #include <secp256k1_recovery.h>
 #include <secp256k1_schnorrsig.h>
@@ -332,6 +333,17 @@ bool CKey::Derive(CKey& keyChild, ChainCode &ccChild, unsigned int nChild, const
     return ret;
 }
 
+std::optional<EllSwiftPubKey> CKey::EllSwiftEncode() const
+{
+    EllSwiftPubKey encoded_pubkey;
+    if (!secp256k1_ellswift_create(secp256k1_context_sign,
+                                   reinterpret_cast<unsigned char*>(encoded_pubkey.data()),
+                                   keydata.data(), nullptr)) {
+        return {};
+    }
+    return encoded_pubkey;
+}
+
 bool CExtKey::Derive(CExtKey &out, unsigned int _nChild) const {
     if (nDepth == std::numeric_limits<unsigned char>::max()) return false;
     out.nDepth = nDepth + 1;
diff --git a/src/key.h b/src/key.h
@@ -156,6 +156,8 @@ class CKey
 
     //! Load private key and check that public key matches.
     bool Load(const CPrivKey& privkey, const CPubKey& vchPubKey, bool fSkipCheck);
+
+    std::optional<EllSwiftPubKey> EllSwiftEncode() const;
 };
 
 struct CExtKey {
diff --git a/src/pubkey.h b/src/pubkey.h
@@ -12,6 +12,8 @@
 #include <span.h>
 #include <uint256.h>
 
+#include <array>
+#include <cstddef>
 #include <cstring>
 #include <optional>
 #include <vector>
@@ -29,6 +31,9 @@ class CKeyID : public uint160
 
 typedef uint256 ChainCode;
 
+constexpr size_t ELLSWIFT_ENCODED_SIZE = 64;
+using EllSwiftPubKey = std::array<std::byte, ELLSWIFT_ENCODED_SIZE>;
+
 /** An encapsulated public key. */
 class CPubKey
 {
diff --git a/src/test/key_tests.cpp b/src/test/key_tests.cpp
@@ -5,6 +5,9 @@
 #include <key.h>
 
 #include <key_io.h>
+#include <random.h>
+#include <secp256k1.h>
+#include <secp256k1_ellswift.h>
 #include <streams.h>
 #include <test/util/setup_common.h>
 #include <uint256.h>
@@ -344,4 +347,40 @@ BOOST_AUTO_TEST_CASE(bip340_test_vectors)
     }
 }
 
+CPubKey EllSwiftDecode(const EllSwiftPubKey& encoded_pubkey)
+{
+    auto secp256k1_context_verify = GetVerifyContext();
+    assert(secp256k1_context_verify && "secp256k1_context_verify must be initialized to use CPubKey.");
+    assert(encoded_pubkey.size() == ELLSWIFT_ENCODED_SIZE && "Elligator-swift encoded pub keys must be 64 bytes");
+
+    secp256k1_pubkey pubkey;
+    secp256k1_ellswift_decode(secp256k1_context_verify, &pubkey, reinterpret_cast<const unsigned char*>(encoded_pubkey.data()));
+
+    size_t sz = CPubKey::COMPRESSED_SIZE;
+    std::array<uint8_t, CPubKey::COMPRESSED_SIZE> vch_bytes;
+
+    secp256k1_ec_pubkey_serialize(secp256k1_context_verify, vch_bytes.data(), &sz, &pubkey, SECP256K1_EC_COMPRESSED);
+
+    return CPubKey{vch_bytes.begin(), vch_bytes.end()};
+}
+
+BOOST_AUTO_TEST_CASE(key_ellswift)
+{
+    for (const auto& secret : {strSecret1, strSecret2, strSecret1C, strSecret2C}) {
+        CKey key = DecodeSecret(secret);
+        BOOST_CHECK(key.IsValid());
+
+        auto ellswift_encoded_pubkey = key.EllSwiftEncode();
+
+        CPubKey decoded_pubkey = EllSwiftDecode(ellswift_encoded_pubkey.value());
+        if (!key.IsCompressed()) {
+            // The decoding constructor returns a compressed pubkey. If the
+            // original was uncompressed, we must decompress the decoded one
+            // to compare.
+            decoded_pubkey.Decompress();
+        }
+        BOOST_CHECK(key.GetPubKey() == decoded_pubkey);
+    }
+}
+
 BOOST_AUTO_TEST_SUITE_END()
