highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2026-01-18 22:35:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make signing follow BIP340 exactly w.r.t. aux randomness

Browse Source 
libsecp256k1's secp256k1_schnorrsig_sign only follows BIP340 exactly
if an aux_rand32 argument is passed. When no randomness is used
(as is the case in the current codebase here), there is no impact
on security between not providing aux_rand32 at all, or providing
an empty one. Yet, for repeatability/testability it is simpler
to always use an all-zero one.
This commit is contained in:
Pieter Wuille
2021-10-28 13:46:52 -04:00
parent c9dd5c8d6e
commit 2478c6730a
4 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/script/sign.cpp
View File

@@ -81,7 +81,8 @@ bool MutableTransactionSignatureCreator::CreateSchnorrSig(const SigningProvider&
uint256 hash;
if (!SignatureHashSchnorr(hash, execdata, *txTo, nIn, nHashType, sigversion, *m_txdata, MissingDataBehavior::FAIL)) return false;
sig.resize(64);
if (!key.SignSchnorr(hash, sig, merkle_root, nullptr)) return false;
// Use uint256{} as aux_rnd for now.
if (!key.SignSchnorr(hash, sig, merkle_root, {})) return false;
if (nHashType) sig.push_back(nHashType);
return true;
}