Example #1
0
        public bool TryGetNonce(Span <byte> nonce32, ReadOnlySpan <byte> msg32, ReadOnlySpan <byte> key32, ReadOnlySpan <byte> xonly_pk32, ReadOnlySpan <byte> algo16)
        {
            int         i          = 0;
            Span <byte> masked_key = stackalloc byte[32];

            using SHA256 sha = new SHA256();
            if (algo16.Length != 16)
            {
                return(false);
            }

            if (data32.Length == 32)
            {
                sha.InitializeTagged(TAG_BIP0340AUX);
                sha.Write(data32.Span);
                sha.GetHash(masked_key);
                for (i = 0; i < 32; i++)
                {
                    masked_key[i] ^= key32[i];
                }
            }

            // * Tag the hash with algo16 which is important to avoid nonce reuse across
            // * algorithms. If this nonce function is used in BIP-340 signing as defined
            // * in the spec, an optimized tagging implementation is used. */

            if (algo16.SequenceCompareTo(ALGO_BIP340) == 0)
            {
                sha.InitializeTagged(TAG_BIP340);
            }
            else
            {
                int algo16_len = 16;
                /* Remove terminating null bytes */
                while (algo16_len > 0 && algo16[algo16_len - 1] == 0)
                {
                    algo16_len--;
                }
                sha.InitializeTagged(algo16.Slice(0, algo16_len));
            }

            //* Hash (masked-)key||pk||msg using the tagged hash as per the spec */
            if (data32.Length == 32)
            {
                sha.Write(masked_key);
            }
            else
            {
                sha.Write(key32);
            }
            sha.Write(xonly_pk32);
            sha.Write(msg32);
            sha.GetHash(nonce32);
            return(true);
        }
Example #2
0
 internal static void secp256k1_musig_compute_messagehash(Span <byte> msghash, ReadOnlySpan <byte> combined_nonce32, ReadOnlySpan <byte> combined_pk32, ReadOnlySpan <byte> msg)
 {
     using SHA256 sha = new SHA256();
     sha.InitializeTagged(TAG_BIP0340Challenge);
     sha.Write(combined_nonce32.Slice(0, 32));
     sha.Write(combined_pk32.Slice(0, 32));
     sha.Write(msg.Slice(0, 32));
     sha.GetHash(msghash);
 }
Example #3
0
        internal static void secp256k1_schnorrsig_challenge(out Scalar e, ReadOnlySpan <byte> r32, ReadOnlySpan <byte> msg, ReadOnlySpan <byte> pubkey32)
        {
            Span <byte> buff = stackalloc byte[32];

            using SHA256 sha = new SHA256();
            sha.InitializeTagged(TAG_BIP0340Challenge);
            sha.Write(r32.Slice(0, 32));
            sha.Write(pubkey32.Slice(0, 32));
            sha.Write(msg);
            sha.GetHash(buff);
            e = new Scalar(buff);
        }
Example #4
0
        static void secp256k1_musig_compute_pk_hash(Span <byte> pk_hash, ECXOnlyPubKey[] pk)
        {
            using SHA256 sha = new SHA256();
            sha.InitializeTagged("KeyAgg list");
            Span <byte> ser = stackalloc byte[32];

            for (int i = 0; i < pk.Length; i++)
            {
                pk[i].WriteToSpan(ser);
                sha.Write(ser);
            }
            sha.GetHash(pk_hash);
        }
Example #5
0
 internal static void ComputeTapTweak(TaprootInternalPubKey internalKey, uint256?merkleRoot, Span <byte> tweak32)
 {
     using Secp256k1.SHA256 sha = new Secp256k1.SHA256();
     sha.InitializeTagged("TapTweak");
     internalKey.pubkey.WriteToSpan(tweak32);
     sha.Write(tweak32);
     if (merkleRoot is uint256)
     {
         merkleRoot.ToBytes(tweak32);
         sha.Write(tweak32);
     }
     sha.GetHash(tweak32);
 }