Make MuSig keys tweakable

Author: MatthewLM

coinlib/bin/build_wasm.dart

@@ -80,6 +80,7 @@ RUN ${WASI_SDK_PATH}/bin/wasm-ld \
   --export secp256k1_ecdh \
   --export secp256k1_ec_pubkey_sort \
   --export secp256k1_musig_pubkey_agg \
+  --export secp256k1_musig_pubkey_xonly_tweak_add \
   # The secp256k1 library file
   build/lib/libsecp256k1.a \
   # Need to include libc for wasi here as it isn't done for us

coinlib/lib/src/coinlib_base.dart

@@ -20,6 +20,8 @@ export 'package:coinlib/src/encode/base58.dart';
 export 'package:coinlib/src/encode/bech32.dart';
 export 'package:coinlib/src/encode/wif.dart';
 
+export 'package:coinlib/src/musig/keys.dart';
+
 export 'package:coinlib/src/scripts/codes.dart';
 export 'package:coinlib/src/scripts/operations.dart';
 export 'package:coinlib/src/scripts/program.dart';
@@ -64,7 +66,6 @@ export 'package:coinlib/src/tx/sighash/witness_signature_hasher.dart';
 
 export 'package:coinlib/src/address.dart';
 export 'package:coinlib/src/coin_unit.dart';
-export 'package:coinlib/src/musig.dart';
 export 'package:coinlib/src/network.dart';
 
 Future<void> loadCoinlib() => secp256k1.load();

coinlib/lib/src/common/bytes.dart

@@ -10,6 +10,9 @@ Uint8List checkBytes(Uint8List bytes, int length, { String name = "Bytes" }) {
   return bytes;
 }
 
+Uint8List checkScalar(Uint8List scalar)
+  => checkBytes(scalar, 32, name: "Scalar");
+
 /// Throws an [ArgumentError] if the [bytes] are not of the required [length]
 /// and returns a copy of the [bytes].
 Uint8List copyCheckBytes(

coinlib/lib/src/crypto/ec_private_key.dart

@@ -41,7 +41,7 @@ class ECPrivateKey {
   /// created (practically impossible for random 32-bit scalars), then null will
   /// be returned.
   ECPrivateKey? tweak(Uint8List scalar) {
-    checkBytes(scalar, 32, name: "Scalar");
+    checkScalar(scalar);
     final newScalar = secp256k1.privKeyTweak(_data, scalar);
     return newScalar == null ? null : ECPrivateKey(newScalar, compressed: compressed);
   }

coinlib/lib/src/crypto/ec_public_key.dart

@@ -37,7 +37,7 @@ class ECPublicKey {
   /// the instance a new key cannot be created (practically impossible for
   /// random 32-bit scalars), then null will be returned.
   ECPublicKey? tweak(Uint8List scalar) {
-    checkBytes(scalar, 32, name: "Scalar");
+    checkScalar(scalar);
     final newKey = secp256k1.pubKeyTweak(_data, scalar, compressed);
     return newKey == null ? null : ECPublicKey(newKey);
   }

coinlib/lib/src/musig.dart coinlib/lib/src/musig/keys.dartcoinlib/lib/src/musig.dart renamed to coinlib/lib/src/musig/keys.dart

@@ -1,3 +1,5 @@
+import 'dart:typed_data';
+import 'package:coinlib/src/common/bytes.dart';
 import 'package:coinlib/src/crypto/ec_private_key.dart';
 import 'package:coinlib/src/crypto/ec_public_key.dart';
 import 'package:coinlib/src/secp256k1/secp256k1.dart';
@@ -12,7 +14,9 @@ class MuSigPublicKeys {
 
   late final MuSigCache _aggCache;
 
-  MuSigPublicKeys(this.pubKeys) {
+  MuSigPublicKeys._(this.pubKeys, this.aggregate, this._aggCache);
+
+  factory MuSigPublicKeys(Set<ECPublicKey> pubKeys) {
 
     if (pubKeys.isEmpty) {
       throw ArgumentError.value(pubKeys, "pubKeys", "should not be empty");
@@ -21,11 +25,20 @@ class MuSigPublicKeys {
     final (bytes, cache) = secp256k1.muSigAgggregate(
       pubKeys.map((pk) => pk.data).toList(),
     );
-    aggregate = ECPublicKey.fromXOnly(bytes);
-    _aggCache = cache;
+
+    return MuSigPublicKeys._(pubKeys, ECPublicKey.fromXOnly(bytes), cache);
 
   }
 
+  /// Tweaks as an x-only aggregate public key
+  MuSigPublicKeys tweak(Uint8List scalar) {
+    checkScalar(scalar);
+    final (keyBytes, cache) = secp256k1.muSigTweakXOnly(
+      _aggCache, scalar,
+    );
+    return MuSigPublicKeys._(pubKeys, ECPublicKey(keyBytes).xonly, cache);
+  }
+
 }
 
 /// The private MuSig2 information for a participant
@@ -34,7 +47,13 @@ class MuSigPrivate {
   final ECPrivateKey privateKey;
   final MuSigPublicKeys public;
 
+  MuSigPrivate._(this.privateKey, this.public);
+
   MuSigPrivate(this.privateKey, Set<ECPublicKey> otherKeys)
     : public = MuSigPublicKeys({ privateKey.pubkey, ...otherKeys });
 
+  MuSigPrivate tweak(Uint8List scalar) => MuSigPrivate._(
+    privateKey, public.tweak(scalar),
+  );
+
 }

coinlib/lib/src/secp256k1/heap_wasm.dart

@@ -97,7 +97,14 @@ class HeapFactory {
   }
 
   /// Allocate data for a miscellaneous object with [size] bytes.
-  HeapWasm alloc(int size) => HeapWasm._(_malloc(size), _free);
+  /// If [copyFrom] is specified, data shall be copied from this pointer.
+  HeapWasm alloc(int size, { int? copyFrom }) {
+    final heap = HeapWasm._(_malloc(size), _free);
+    if (copyFrom != null) {
+      _memory.setRange(heap.ptr, heap.ptr + size, _memory, copyFrom);
+    }
+    return heap;
+  }
 
   /// Allocates an integer on the heap.
   HeapIntWasm integer() => HeapIntWasm._withMemory(

coinlib/lib/src/secp256k1/secp256k1.wasm.g.dart

@@ -104,6 +104,9 @@ abstract class Secp256k1Base<
   late int Function(
     CtxPtr, XPubKeyPtr, MuSigAggCachePtr, PubKeyPtrPtr, int,
   ) extMuSigPubkeyAgg;
+  late int Function(
+    CtxPtr, PubKeyPtr, MuSigAggCachePtr, UCharPtr,
+  ) extMuSigPubkeyXOnlyTweakAdd;
 
   // Heap arrays
 
@@ -557,6 +560,32 @@ abstract class Secp256k1Base<
 
   }
 
+  /// Tweaks the aggregate MuSig key returning the new aggregate key and cache.
+  /// The new cache is a new object. The previous cache is not valid for the
+  /// tweaked key
+  (Uint8List, MuSigCacheGeneric<MuSigAggCachePtr>) muSigTweakXOnly(
+    MuSigCacheGeneric<MuSigAggCachePtr> cache,
+    Uint8List scalar,
+  ) {
+    _requireLoad();
+
+    scalarArray.load(scalar);
+
+    // Copy cache to avoid side-effects
+    final newCache = copyMuSigCache(cache._cache.ptr);
+
+    if (
+      extMuSigPubkeyXOnlyTweakAdd(
+        ctxPtr, pubKey.ptr, newCache.ptr, scalarArray.ptr,
+      ) != 1
+    ) {
+      throw Secp256k1Exception("Couldn't apply tweak to MuSig key");
+    }
+
+    return (_serializePubKeyFromPtr(true), MuSigCacheGeneric(newCache));
+
+  }
+
   /// Specialised sub-classes should override to allocate a [size] number of
   /// secp256k1_pubkey and then alloate and set an array of pointers on the heap
   /// to them.
@@ -566,4 +595,9 @@ abstract class Secp256k1Base<
   /// secp256k1_musig_keyagg_cache on the heap.
   Heap<MuSigAggCachePtr> allocMuSigCache();
 
+  /// Specialised sub-classes should override to allocate an
+  /// secp256k1_musig_keyagg_cache on the heap and then copy the [copyFrom]
+  /// struct into it.
+  Heap<MuSigAggCachePtr> copyMuSigCache(MuSigAggCachePtr copyFrom);
+
 }

coinlib/lib/src/secp256k1/secp256k1_base.dart

@@ -38,9 +38,10 @@ String _libraryPath() {
 
 DynamicLibrary _openLibrary() => DynamicLibrary.open(_libraryPath());
 
-typedef MuSigCache = MuSigCacheGeneric<Pointer<secp256k1_musig_keyagg_cache>>;
-
 typedef PubKeyPtr = Pointer<secp256k1_pubkey>;
+typedef MuSigAggCachePtr = Pointer<secp256k1_musig_keyagg_cache>;
+
+typedef MuSigCache = MuSigCacheGeneric<MuSigAggCachePtr>;
 
 /// Specialises Secp256k1Base to use the FFI
 class Secp256k1 extends Secp256k1Base<
@@ -53,7 +54,7 @@ class Secp256k1 extends Secp256k1Base<
   Pointer<secp256k1_keypair>,
   Pointer<secp256k1_xonly_pubkey>,
   Pointer<Int>,
-  Pointer<secp256k1_musig_keyagg_cache>,
+  MuSigAggCachePtr,
   Pointer<PubKeyPtr>,
   Pointer<Never>
 > {
@@ -94,6 +95,7 @@ class Secp256k1 extends Secp256k1Base<
     extEcdh = _lib.secp256k1_ecdh;
     extEcPubkeySort = _lib.secp256k1_ec_pubkey_sort;
     extMuSigPubkeyAgg = _lib.secp256k1_musig_pubkey_agg;
+    extMuSigPubkeyXOnlyTweakAdd = _lib.secp256k1_musig_pubkey_xonly_tweak_add;
 
     // Set heap arrays
     key32Array = HeapBytesFfi(Secp256k1Base.privkeySize);
@@ -135,7 +137,13 @@ class Secp256k1 extends Secp256k1Base<
     => HeapPointerArrayFfi(malloc(size), size, () => malloc());
 
   @override
-  Heap<Pointer<secp256k1_musig_keyagg_cache>> allocMuSigCache()
-    => HeapFfi(malloc());
+  Heap<MuSigAggCachePtr> allocMuSigCache() => HeapFfi(malloc());
+
+  @override
+  Heap<MuSigAggCachePtr> copyMuSigCache(MuSigAggCachePtr copyFrom) {
+    final newCache = HeapFfi<secp256k1_musig_keyagg_cache>(malloc());
+    newCache.ptr.ref = copyFrom.ref;
+    return newCache;
+  }
 
 }