highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-06-04 04:02:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

crypto: add NUMS_H const

Browse Source
This commit is contained in:
josibake 2024-02-13 17:41:59 +01:00
parent 2cedb42a92
commit b946f8a4c5
No known key found for this signature in database
GPG Key ID: 8ADCB558C4F33D65
4 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/pubkey.cpp
View File

@ -13,6 +13,7 @@
#include <secp256k1_schnorrsig.h> #include <secp256k1_schnorrsig.h>
#include <span.h> #include <span.h>
#include <uint256.h> #include <uint256.h>
#include <util/strencodings.h>
#include <algorithm> #include <algorithm>
#include <cassert> #include <cassert>
@ -181,6 +182,17 @@ int ecdsa_signature_parse_der_lax(secp256k1_ecdsa_signature* sig, const unsigned
return 1; return 1;
} }
/** Nothing Up My Sleeve (NUMS) point
*
* NUMS_H is a point with an unknown discrete logarithm, constructed by taking the sha256 of 'g'
* (uncompressed encoding), which happens to be a point on the curve.
*
* For an example script for calculating H, refer to the unit tests in
* ./test/functional/test_framework/crypto/secp256k1.py
*/
static const std::vector<unsigned char> NUMS_H_DATA{ParseHex("50929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0")};
const XOnlyPubKey XOnlyPubKey::NUMS_H{NUMS_H_DATA};
XOnlyPubKey::XOnlyPubKey(Span<const unsigned char> bytes) XOnlyPubKey::XOnlyPubKey(Span<const unsigned char> bytes)
{ {
assert(bytes.size() == 32); assert(bytes.size() == 32);

5
src/pubkey.h
View File

@ -233,6 +233,11 @@ private:
uint256 m_keydata; uint256 m_keydata;
public: public:
/** Nothing Up My Sleeve point H
* Used as an internal key for provably disabling the key path spend
* see BIP341 for more details */
static const XOnlyPubKey NUMS_H;
/** Construct an empty x-only pubkey. */ /** Construct an empty x-only pubkey. */
XOnlyPubKey() = default; XOnlyPubKey() = default;

1
test/functional/feature_framework_unit_tests.py
View File

@ -25,6 +25,7 @@ TEST_FRAMEWORK_MODULES = [
"crypto.muhash", "crypto.muhash",
"crypto.poly1305", "crypto.poly1305",
"crypto.ripemd160", "crypto.ripemd160",
"crypto.secp256k1",
"script", "script",
"segwit_addr", "segwit_addr",
"wallet_util", "wallet_util",

8
test/functional/test_framework/crypto/secp256k1.py
View File

@ -15,6 +15,8 @@ Exports:
* G: the secp256k1 generator point * G: the secp256k1 generator point
""" """
import unittest
from hashlib import sha256
class FE: class FE:
"""Objects of this class represent elements of the field GF(2**256 - 2**32 - 977). """Objects of this class represent elements of the field GF(2**256 - 2**32 - 977).
@ -344,3 +346,9 @@ class FastGEMul:
# Precomputed table with multiples of G for fast multiplication # Precomputed table with multiples of G for fast multiplication
FAST_G = FastGEMul(G) FAST_G = FastGEMul(G)
class TestFrameworkSecp256k1(unittest.TestCase):
def test_H(self):
H = sha256(G.to_bytes_uncompressed()).digest()
assert GE.lift_x(FE.from_bytes(H)) is not None
self.assertEqual(H.hex(), "50929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0")