multi: move GenChallengeNUMS

To avoid a circular package dependency between the address and proof
package, we move the GenChallengeNUMS function into the assets package.
That function is the only reference the proof package has to the address
package, so the move removes that dependency.

Author: guggero

address/address.go

@@ -14,7 +14,6 @@ import (
 	"github.com/btcsuite/btcd/chaincfg/chainhash"
 	"github.com/btcsuite/btcd/txscript"
 	"github.com/btcsuite/btcd/wire"
-	"github.com/decred/dcrd/dcrec/secp256k1/v4"
 	"github.com/lightninglabs/taproot-assets/asset"
 	"github.com/lightninglabs/taproot-assets/commitment"
 	"github.com/lightninglabs/taproot-assets/fn"
@@ -537,48 +536,3 @@ func DecodeAddress(addr string, net *ChainParams) (*Tap, error) {
 
 	return &a, nil
 }
-
-// GenChallengeNUMS generates a variant of the NUMS script key that is modified
-// by the provided challenge.
-//
-//	The resulting scriptkey is:
-//	res := NUMS + challenge*G
-func GenChallengeNUMS(challengeBytesOpt fn.Option[[32]byte]) asset.ScriptKey {
-	var (
-		nums, g, res btcec.JacobianPoint
-		challenge    secp256k1.ModNScalar
-	)
-
-	if challengeBytesOpt.IsNone() {
-		return asset.NUMSScriptKey
-	}
-
-	var challengeBytes [32]byte
-
-	challengeBytesOpt.WhenSome(func(b [32]byte) {
-		challengeBytes = b
-	})
-
-	// Convert the NUMS key to a Jacobian point.
-	asset.NUMSPubKey.AsJacobian(&nums)
-
-	// Multiply G by 1 to get G as a Jacobian point.
-	secp256k1.ScalarBaseMultNonConst(
-		new(secp256k1.ModNScalar).SetInt(1), &g,
-	)
-
-	// Convert the challenge to a scalar.
-	challenge.SetByteSlice(challengeBytes[:])
-
-	// Calculate res = challenge * G.
-	secp256k1.ScalarMultNonConst(&challenge, &g, &res)
-
-	// Calculate res = nums + res.
-	secp256k1.AddNonConst(&nums, &res, &res)
-
-	res.ToAffine()
-
-	resultPubKey := btcec.NewPublicKey(&res.X, &res.Y)
-
-	return asset.NewScriptKey(resultPubKey)
-}

address/address_test.go

@@ -10,7 +10,6 @@ import (
 	"github.com/btcsuite/btcd/chaincfg"
 	"github.com/btcsuite/btcd/txscript"
 	"github.com/btcsuite/btcd/wire"
-	"github.com/decred/dcrd/dcrec/secp256k1/v4"
 	"github.com/lightninglabs/taproot-assets/asset"
 	"github.com/lightninglabs/taproot-assets/commitment"
 	"github.com/lightninglabs/taproot-assets/fn"
@@ -502,64 +501,6 @@ func TestBIPTestVectors(t *testing.T) {
 	}
 }
 
-// TestGenChallengeNUMS tests the generation of NUMS challenges.
-func TestGenChallengeNUMS(t *testing.T) {
-	t.Parallel()
-
-	gx, gy := secp256k1.Params().Gx, secp256k1.Params().Gy
-
-	// addG is a helper function that adds G to the given public key.
-	addG := func(p *btcec.PublicKey) *btcec.PublicKey {
-		x, y := secp256k1.S256().Add(p.X(), p.Y(), gx, gy)
-		var xFieldVal, yFieldVal secp256k1.FieldVal
-		xFieldVal.SetByteSlice(x.Bytes())
-		yFieldVal.SetByteSlice(y.Bytes())
-		return btcec.NewPublicKey(&xFieldVal, &yFieldVal)
-	}
-
-	testCases := []struct {
-		name        string
-		challenge   fn.Option[[32]byte]
-		expectedKey asset.ScriptKey
-	}{
-		{
-			name:        "no challenge",
-			challenge:   fn.None[[32]byte](),
-			expectedKey: asset.NUMSScriptKey,
-		},
-		{
-			name: "challenge is scalar 1",
-			challenge: fn.Some([32]byte{
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
-			}),
-			expectedKey: asset.NewScriptKey(addG(asset.NUMSPubKey)),
-		},
-		{
-			name: "challenge is scalar 2",
-			challenge: fn.Some([32]byte{
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
-			}),
-			expectedKey: asset.NewScriptKey(
-				addG(addG(asset.NUMSPubKey)),
-			),
-		},
-	}
-
-	for _, tc := range testCases {
-		result := GenChallengeNUMS(tc.challenge)
-		require.Equal(
-			t, tc.expectedKey.PubKey.SerializeCompressed(),
-			result.PubKey.SerializeCompressed(),
-		)
-	}
-}
-
 // runBIPTestVector runs the tests in a single BIP test vector file.
 func runBIPTestVector(t *testing.T, testVectors *TestVectors) {
 	for _, validCase := range testVectors.ValidTestCases {

asset/witness.go

@@ -1,6 +1,10 @@
 package asset
 
-import "github.com/btcsuite/btcd/btcec/v2"
+import (
+	"github.com/btcsuite/btcd/btcec/v2"
+	"github.com/decred/dcrd/dcrec/secp256k1/v4"
+	"github.com/lightninglabs/taproot-assets/fn"
+)
 
 // IsSplitCommitWitness returns true if the witness is a split-commitment
 // witness.
@@ -34,3 +38,48 @@ func IsBurnKey(scriptKey *btcec.PublicKey, witness Witness) bool {
 
 	return scriptKey.IsEqual(DeriveBurnKey(prevID))
 }
+
+// GenChallengeNUMS generates a variant of the NUMS script key that is modified
+// by the provided challenge.
+//
+//	The resulting scriptkey is:
+//	res := NUMS + challenge*G
+func GenChallengeNUMS(challengeBytesOpt fn.Option[[32]byte]) ScriptKey {
+	var (
+		nums, g, res btcec.JacobianPoint
+		challenge    secp256k1.ModNScalar
+	)
+
+	if challengeBytesOpt.IsNone() {
+		return NUMSScriptKey
+	}
+
+	var challengeBytes [32]byte
+
+	challengeBytesOpt.WhenSome(func(b [32]byte) {
+		challengeBytes = b
+	})
+
+	// Convert the NUMS key to a Jacobian point.
+	NUMSPubKey.AsJacobian(&nums)
+
+	// Multiply G by 1 to get G as a Jacobian point.
+	secp256k1.ScalarBaseMultNonConst(
+		new(secp256k1.ModNScalar).SetInt(1), &g,
+	)
+
+	// Convert the challenge to a scalar.
+	challenge.SetByteSlice(challengeBytes[:])
+
+	// Calculate res = challenge * G.
+	secp256k1.ScalarMultNonConst(&challenge, &g, &res)
+
+	// Calculate res = nums + res.
+	secp256k1.AddNonConst(&nums, &res, &res)
+
+	res.ToAffine()
+
+	resultPubKey := btcec.NewPublicKey(&res.X, &res.Y)
+
+	return NewScriptKey(resultPubKey)
+}

asset/witness_test.go

@@ -0,0 +1,66 @@
+package asset
+
+import (
+	"testing"
+
+	"github.com/btcsuite/btcd/btcec/v2"
+	"github.com/decred/dcrd/dcrec/secp256k1/v4"
+	"github.com/lightninglabs/taproot-assets/fn"
+	"github.com/stretchr/testify/require"
+)
+
+// TestGenChallengeNUMS tests the generation of NUMS challenges.
+func TestGenChallengeNUMS(t *testing.T) {
+	t.Parallel()
+
+	gx, gy := secp256k1.Params().Gx, secp256k1.Params().Gy
+
+	// addG is a helper function that adds G to the given public key.
+	addG := func(p *btcec.PublicKey) *btcec.PublicKey {
+		x, y := secp256k1.S256().Add(p.X(), p.Y(), gx, gy)
+		var xFieldVal, yFieldVal secp256k1.FieldVal
+		xFieldVal.SetByteSlice(x.Bytes())
+		yFieldVal.SetByteSlice(y.Bytes())
+		return btcec.NewPublicKey(&xFieldVal, &yFieldVal)
+	}
+
+	testCases := []struct {
+		name        string
+		challenge   fn.Option[[32]byte]
+		expectedKey ScriptKey
+	}{
+		{
+			name:        "no challenge",
+			challenge:   fn.None[[32]byte](),
+			expectedKey: NUMSScriptKey,
+		},
+		{
+			name: "challenge is scalar 1",
+			challenge: fn.Some([32]byte{
+				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+			}),
+			expectedKey: NewScriptKey(addG(NUMSPubKey)),
+		},
+		{
+			name: "challenge is scalar 2",
+			challenge: fn.Some([32]byte{
+				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+			}),
+			expectedKey: NewScriptKey(addG(addG(NUMSPubKey))),
+		},
+	}
+
+	for _, tc := range testCases {
+		result := GenChallengeNUMS(tc.challenge)
+		require.Equal(
+			t, tc.expectedKey.PubKey.SerializeCompressed(),
+			result.PubKey.SerializeCompressed(),
+		)
+	}
+}

proof/verifier.go

@@ -13,7 +13,6 @@ import (
 	"github.com/btcsuite/btcd/txscript"
 	"github.com/btcsuite/btcd/wire"
 	"github.com/davecgh/go-spew/spew"
-	"github.com/lightninglabs/taproot-assets/address"
 	"github.com/lightninglabs/taproot-assets/asset"
 	"github.com/lightninglabs/taproot-assets/commitment"
 	"github.com/lightninglabs/taproot-assets/fn"
@@ -385,7 +384,7 @@ func CreateOwnershipProofAsset(ownedAsset *asset.Asset,
 	// This is handled by CopySpendTemplate.
 	outputAsset := ownedAsset.CopySpendTemplate()
 
-	outputAsset.ScriptKey = address.GenChallengeNUMS(challengeBytes)
+	outputAsset.ScriptKey = asset.GenChallengeNUMS(challengeBytes)
 	outputAsset.PrevWitnesses = []asset.Witness{{
 		PrevID: &prevId,
 	}}