Encode/Decode CPubKey from to/from elligator-swift representation

Author: dhruv

build_msvc/libsecp256k1/libsecp256k1.vcxproj

@@ -14,7 +14,7 @@
   </ItemGroup>
   <ItemDefinitionGroup>
     <ClCompile>
-      <PreprocessorDefinitions>ENABLE_MODULE_ECDH;ENABLE_MODULE_RECOVERY;ENABLE_MODULE_EXTRAKEYS;ENABLE_MODULE_SCHNORRSIG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>ENABLE_MODULE_ECDH;ENABLE_MODULE_RECOVERY;ENABLE_MODULE_EXTRAKEYS;ENABLE_MODULE_SCHNORRSIG;ENABLE_MODULE_ELLSWIFT;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <AdditionalIncludeDirectories>..\..\src\secp256k1;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <DisableSpecificWarnings>4146;4244;4267;4334</DisableSpecificWarnings>
     </ClCompile>

configure.ac

@@ -1997,7 +1997,7 @@ LIBS_TEMP="$LIBS"
 unset LIBS
 LIBS="$LIBS_TEMP"
 
-ac_configure_args="${ac_configure_args} --disable-shared --with-pic --enable-benchmark=no --enable-module-recovery --enable-module-schnorrsig"
+ac_configure_args="${ac_configure_args} --disable-shared --with-pic --enable-benchmark=no --enable-module-recovery --enable-module-schnorrsig --enable-experimental --enable-module-ellswift"
 AC_CONFIG_SUBDIRS([src/secp256k1])
 
 AC_OUTPUT

src/pubkey.cpp

@@ -7,6 +7,7 @@
 
 #include <hash.h>
 #include <secp256k1.h>
+#include <secp256k1_ellswift.h>
 #include <secp256k1_extrakeys.h>
 #include <secp256k1_recovery.h>
 #include <secp256k1_schnorrsig.h>
@@ -334,6 +335,21 @@ bool CPubKey::Derive(CPubKey& pubkeyChild, ChainCode &ccChild, unsigned int nChi
     return true;
 }
 
+std::optional<EllSwiftPubKey> CPubKey::EllSwiftEncode(const std::array<uint8_t, 32>& rnd32) const
+{
+    assert(secp256k1_context_verify && "secp256k1_context_verify must be initialized to use CPubKey.");
+
+    secp256k1_pubkey pubkey;
+
+    if (!secp256k1_ec_pubkey_parse(secp256k1_context_verify, &pubkey, vch, size())) {
+        return {};
+    }
+
+    EllSwiftPubKey encoded_pubkey;
+    secp256k1_ellswift_encode(secp256k1_context_verify, encoded_pubkey.data(), &pubkey, rnd32.data());
+    return encoded_pubkey;
+}
+
 void CExtPubKey::Encode(unsigned char code[BIP32_EXTKEY_SIZE]) const {
     code[0] = nDepth;
     memcpy(code+1, vchFingerprint, 4);

src/pubkey.h

@@ -12,6 +12,7 @@
 #include <span.h>
 #include <uint256.h>
 
+#include <array>
 #include <cstring>
 #include <optional>
 #include <vector>
@@ -29,6 +30,9 @@ class CKeyID : public uint160
 
 typedef uint256 ChainCode;
 
+constexpr size_t ELLSWIFT_ENCODED_SIZE = 64;
+using EllSwiftPubKey = std::array<uint8_t, ELLSWIFT_ENCODED_SIZE>;
+
 /** An encapsulated public key. */
 class CPubKey
 {
@@ -108,6 +112,7 @@ class CPubKey
         Set(_vch.begin(), _vch.end());
     }
 
+
     //! Simple read-only vector-like interface to the pubkey data.
     unsigned int size() const { return GetLen(vch[0]); }
     const unsigned char* data() const { return vch; }
@@ -219,6 +224,8 @@ class CPubKey
 
     //! Derive BIP32 child pubkey.
     bool Derive(CPubKey& pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const;
+
+    std::optional<EllSwiftPubKey> EllSwiftEncode(const std::array<uint8_t, 32>& rnd32) const;
 };
 
 class XOnlyPubKey

src/test/key_tests.cpp

@@ -5,6 +5,9 @@
 #include <key.h>
 
 #include <key_io.h>
+#include <random.h>
+#include <secp256k1.h>
+#include <secp256k1_ellswift.h>
 #include <streams.h>
 #include <test/util/setup_common.h>
 #include <uint256.h>
@@ -344,4 +347,43 @@ BOOST_AUTO_TEST_CASE(bip340_test_vectors)
     }
 }
 
+CPubKey EllSwiftDecode(const EllSwiftPubKey& encoded_pubkey)
+{
+    auto secp256k1_context_verify = GetVerifyContext();
+    assert(secp256k1_context_verify && "secp256k1_context_verify must be initialized to use CPubKey.");
+    assert(encoded_pubkey.size() == ELLSWIFT_ENCODED_SIZE && "Elligator-swift encoded pub keys must be 64 bytes");
+
+    secp256k1_pubkey pubkey;
+    secp256k1_ellswift_decode(secp256k1_context_verify, &pubkey, encoded_pubkey.data());
+
+    size_t sz = CPubKey::COMPRESSED_SIZE;
+    std::array<uint8_t, CPubKey::COMPRESSED_SIZE> vch_bytes;
+
+    secp256k1_ec_pubkey_serialize(secp256k1_context_verify, vch_bytes.data(), &sz, &pubkey, SECP256K1_EC_COMPRESSED);
+
+    return CPubKey{vch_bytes.begin(), vch_bytes.end()};
+}
+
+BOOST_AUTO_TEST_CASE(key_ellswift)
+{
+    for (auto secret : {strSecret1, strSecret2, strSecret1C, strSecret2C}) {
+        CKey key = DecodeSecret(secret);
+        BOOST_CHECK(key.IsValid());
+
+        std::array<uint8_t, 32> rnd32;
+        GetRandBytes(rnd32);
+        auto original_pubkey = key.GetPubKey();
+        auto ellswift_encoded_pubkey = original_pubkey.EllSwiftEncode(rnd32);
+
+        CPubKey decoded_pubkey = EllSwiftDecode(ellswift_encoded_pubkey.value());
+        if (!key.IsCompressed()) {
+            // The decoding constructor returns a compressed pubkey. If the
+            // original was uncompressed, we must decompress the decoded one
+            // to compare.
+            decoded_pubkey.Decompress();
+        }
+        BOOST_CHECK(original_pubkey == decoded_pubkey);
+    }
+}
+
 BOOST_AUTO_TEST_SUITE_END()