public bool TryGetNonce(Span <byte> nonce32, ReadOnlySpan <byte> msg32, ReadOnlySpan <byte> key32, ReadOnlySpan <byte> xonly_pk32, ReadOnlySpan <byte> algo16) { int i = 0; Span <byte> masked_key = stackalloc byte[32]; using SHA256 sha = new SHA256(); if (algo16.Length != 16) { return(false); } if (data32.Length == 32) { sha.InitializeTagged(TAG_BIP0340AUX); sha.Write(data32.Span); sha.GetHash(masked_key); for (i = 0; i < 32; i++) { masked_key[i] ^= key32[i]; } } // * Tag the hash with algo16 which is important to avoid nonce reuse across // * algorithms. If this nonce function is used in BIP-340 signing as defined // * in the spec, an optimized tagging implementation is used. */ if (algo16.SequenceCompareTo(ALGO_BIP340) == 0) { sha.InitializeTagged(TAG_BIP340); } else { int algo16_len = 16; /* Remove terminating null bytes */ while (algo16_len > 0 && algo16[algo16_len - 1] == 0) { algo16_len--; } sha.InitializeTagged(algo16.Slice(0, algo16_len)); } //* Hash (masked-)key||pk||msg using the tagged hash as per the spec */ if (data32.Length == 32) { sha.Write(masked_key); } else { sha.Write(key32); } sha.Write(xonly_pk32); sha.Write(msg32); sha.GetHash(nonce32); return(true); }
internal static void secp256k1_musig_compute_messagehash(Span <byte> msghash, ReadOnlySpan <byte> combined_nonce32, ReadOnlySpan <byte> combined_pk32, ReadOnlySpan <byte> msg) { using SHA256 sha = new SHA256(); sha.InitializeTagged(TAG_BIP0340Challenge); sha.Write(combined_nonce32.Slice(0, 32)); sha.Write(combined_pk32.Slice(0, 32)); sha.Write(msg.Slice(0, 32)); sha.GetHash(msghash); }
internal static void secp256k1_schnorrsig_challenge(out Scalar e, ReadOnlySpan <byte> r32, ReadOnlySpan <byte> msg, ReadOnlySpan <byte> pubkey32) { Span <byte> buff = stackalloc byte[32]; using SHA256 sha = new SHA256(); sha.InitializeTagged(TAG_BIP0340Challenge); sha.Write(r32.Slice(0, 32)); sha.Write(pubkey32.Slice(0, 32)); sha.Write(msg); sha.GetHash(buff); e = new Scalar(buff); }
static void secp256k1_musig_compute_pk_hash(Span <byte> pk_hash, ECXOnlyPubKey[] pk) { using SHA256 sha = new SHA256(); sha.InitializeTagged("KeyAgg list"); Span <byte> ser = stackalloc byte[32]; for (int i = 0; i < pk.Length; i++) { pk[i].WriteToSpan(ser); sha.Write(ser); } sha.GetHash(pk_hash); }
internal static void ComputeTapTweak(TaprootInternalPubKey internalKey, uint256?merkleRoot, Span <byte> tweak32) { using Secp256k1.SHA256 sha = new Secp256k1.SHA256(); sha.InitializeTagged("TapTweak"); internalKey.pubkey.WriteToSpan(tweak32); sha.Write(tweak32); if (merkleRoot is uint256) { merkleRoot.ToBytes(tweak32); sha.Write(tweak32); } sha.GetHash(tweak32); }