Skip to content

Commit 649ea8b

Browse files
apoelstraapoelstra
committed
Merge #855: Fix rerandomization seed usage
99171f8 Don't re-randomize unnecessarily (Tobin C. Harding) 0e0eb60 musig: Use secret bytes from keypair to rerandomize (Tobin C. Harding) Pull request description: Follow up of #844 Fix rerandomization stuff. - Use keypair secret data to rerandomize in musig when doing partial siging. - Remove all the zero seed arrays and use `None` to disable rerandomization when no secret data used. ACKs for top commit: apoelstra: ACK 99171f8; successfully ran local tests Tree-SHA512: 4bc68d9e819b2a0fb94ade67aa29c25c2454f94dcdd623f4fb67f9aa74caac75146bccb8683ed1ed636591d8e1dfb181c76cc16d33b0b57885af9b2b94c8b931
2 parents 0fb6a2a + 99171f8 commit 649ea8b

File tree

4 files changed

+15
-46
lines changed

4 files changed

+15
-46
lines changed

src/ecdsa/mod.rs

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -377,8 +377,6 @@ pub fn sign_low_r(msg: impl Into<Message>, sk: &SecretKey) -> Signature {
377377
#[inline]
378378
pub fn verify(sig: &Signature, msg: impl Into<Message>, pk: &PublicKey) -> Result<(), Error> {
379379
let msg = msg.into();
380-
// We have no seed here but we want rerandomiziation to happen for `rand` users.
381-
let seed = [0_u8; 32];
382380
unsafe {
383381
let res = crate::with_global_context(
384382
|secp: &Secp256k1<crate::AllPreallocated>| {
@@ -389,7 +387,7 @@ pub fn verify(sig: &Signature, msg: impl Into<Message>, pk: &PublicKey) -> Resul
389387
pk.as_c_ptr(),
390388
)
391389
},
392-
Some(&seed),
390+
None,
393391
);
394392
if res == 0 {
395393
Err(Error::IncorrectSignature)

src/key/mod.rs

Lines changed: 6 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -302,8 +302,6 @@ impl PublicKey {
302302
/// Returns an error if the resulting key would be invalid.
303303
#[inline]
304304
pub fn mul_tweak(mut self, other: &Scalar) -> Result<PublicKey, Error> {
305-
// We have no seed here but we want rerandomiziation to happen for `rand` users.
306-
let seed = [0_u8; 32];
307305
unsafe {
308306
let res = crate::with_global_context(
309307
|secp: &Secp256k1<crate::AllPreallocated>| {
@@ -313,7 +311,7 @@ impl PublicKey {
313311
other.as_c_ptr(),
314312
)
315313
},
316-
Some(&seed),
314+
None,
317315
);
318316
if res == 1 {
319317
Ok(self)
@@ -668,8 +666,6 @@ impl Keypair {
668666
// TODO: Add checked implementation
669667
#[inline]
670668
pub fn add_xonly_tweak(mut self, tweak: &Scalar) -> Result<Keypair, Error> {
671-
// We have no seed here but we want rerandomiziation to happen for `rand` users.
672-
let seed = [0_u8; 32];
673669
unsafe {
674670
let err = crate::with_global_context(
675671
|secp: &Secp256k1<crate::AllPreallocated>| {
@@ -679,7 +675,7 @@ impl Keypair {
679675
tweak.as_c_ptr(),
680676
)
681677
},
682-
Some(&seed),
678+
None,
683679
);
684680
if err != 1 {
685681
return Err(Error::InvalidTweak);
@@ -993,8 +989,6 @@ impl XOnlyPublicKey {
993989
/// ```
994990
pub fn add_tweak(mut self, tweak: &Scalar) -> Result<(XOnlyPublicKey, Parity), Error> {
995991
let mut pk_parity = 0;
996-
// We have no seed here but we want rerandomiziation to happen for `rand` users.
997-
let seed = [0_u8; 32];
998992
unsafe {
999993
let mut pubkey = ffi::PublicKey::new();
1000994
let mut err = crate::with_global_context(
@@ -1006,7 +1000,7 @@ impl XOnlyPublicKey {
10061000
tweak.as_c_ptr(),
10071001
)
10081002
},
1009-
Some(&seed),
1003+
None,
10101004
);
10111005
if err != 1 {
10121006
return Err(Error::InvalidTweak);
@@ -1021,7 +1015,7 @@ impl XOnlyPublicKey {
10211015
&pubkey,
10221016
)
10231017
},
1024-
Some(&seed),
1018+
None,
10251019
);
10261020
if err == 0 {
10271021
return Err(Error::InvalidPublicKey);
@@ -1067,8 +1061,6 @@ impl XOnlyPublicKey {
10671061
tweak: Scalar,
10681062
) -> bool {
10691063
let tweaked_ser = tweaked_key.serialize();
1070-
// We have no seed here but we want rerandomiziation to happen for `rand` users.
1071-
let seed = [0_u8; 32];
10721064
unsafe {
10731065
let err = crate::with_global_context(
10741066
|secp: &Secp256k1<crate::AllPreallocated>| {
@@ -1080,7 +1072,7 @@ impl XOnlyPublicKey {
10801072
tweak.as_c_ptr(),
10811073
)
10821074
},
1083-
Some(&seed),
1075+
None,
10841076
);
10851077

10861078
err == 1
@@ -1327,8 +1319,6 @@ impl<'de> serde::Deserialize<'de> for XOnlyPublicKey {
13271319
/// # }
13281320
/// ```
13291321
pub fn sort_pubkeys(pubkeys: &mut [&PublicKey]) {
1330-
// We have no seed here but we want rerandomiziation to happen for `rand` users.
1331-
let seed = [0_u8; 32];
13321322
unsafe {
13331323
// SAFETY: `PublicKey` has repr(transparent) so we can convert to `ffi::PublicKey`
13341324
let pubkeys_ptr = pubkeys.as_mut_c_ptr() as *mut *const ffi::PublicKey;
@@ -1337,7 +1327,7 @@ pub fn sort_pubkeys(pubkeys: &mut [&PublicKey]) {
13371327
|secp: &Secp256k1<crate::AllPreallocated>| {
13381328
ffi::secp256k1_ec_pubkey_sort(secp.ctx.as_ptr(), pubkeys_ptr, pubkeys.len())
13391329
},
1340-
Some(&seed),
1330+
None,
13411331
);
13421332

13431333
if ret == 0 {

src/musig.rs

Lines changed: 7 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -411,9 +411,6 @@ impl KeyAggCache {
411411
let mut key_agg_cache = MaybeUninit::<ffi::MusigKeyAggCache>::uninit();
412412
let mut agg_pk = MaybeUninit::<ffi::XOnlyPublicKey>::uninit();
413413

414-
// We have no seed here but we want rerandomiziation to happen for `rand` users.
415-
let seed = [0_u8; 32];
416-
417414
unsafe {
418415
let pubkeys_ref = core::slice::from_raw_parts(
419416
pubkeys.as_c_ptr() as *const *const ffi::PublicKey,
@@ -430,7 +427,7 @@ impl KeyAggCache {
430427
pubkeys_ref.len(),
431428
)
432429
},
433-
Some(&seed),
430+
None,
434431
);
435432
if ret == 0 {
436433
// Returns 0 only if the keys are malformed that never happens in safe rust type system.
@@ -507,8 +504,6 @@ impl KeyAggCache {
507504
/// # }
508505
/// ```
509506
pub fn pubkey_ec_tweak_add(&mut self, tweak: &Scalar) -> Result<PublicKey, InvalidTweakErr> {
510-
// We have no seed here but we want rerandomiziation to happen for `rand` users.
511-
let seed = [0_u8; 32];
512507
unsafe {
513508
let mut out = PublicKey::from(ffi::PublicKey::new());
514509

@@ -521,7 +516,7 @@ impl KeyAggCache {
521516
tweak.as_c_ptr(),
522517
)
523518
},
524-
Some(&seed),
519+
None,
525520
);
526521
if ret == 0 {
527522
Err(InvalidTweakErr)
@@ -569,8 +564,6 @@ impl KeyAggCache {
569564
/// # }
570565
/// ```
571566
pub fn pubkey_xonly_tweak_add(&mut self, tweak: &Scalar) -> Result<PublicKey, InvalidTweakErr> {
572-
// We have no seed here but we want rerandomiziation to happen for `rand` users.
573-
let seed = [0_u8; 32];
574567
unsafe {
575568
let mut out = PublicKey::from(ffi::PublicKey::new());
576569

@@ -583,7 +576,7 @@ impl KeyAggCache {
583576
tweak.as_c_ptr(),
584577
)
585578
},
586-
Some(&seed),
579+
None,
587580
);
588581
if ret == 0 {
589582
Err(InvalidTweakErr)
@@ -956,9 +949,6 @@ impl AggregatedNonce {
956949

957950
let mut aggnonce = MaybeUninit::<ffi::MusigAggNonce>::uninit();
958951

959-
// We have no seed here but we want rerandomiziation to happen for `rand` users.
960-
let seed = [0_u8; 32];
961-
962952
unsafe {
963953
let pubnonces = core::slice::from_raw_parts(
964954
nonces.as_c_ptr() as *const *const ffi::MusigPubNonce,
@@ -974,7 +964,7 @@ impl AggregatedNonce {
974964
pubnonces.len(),
975965
)
976966
},
977-
Some(&seed),
967+
None,
978968
);
979969
if ret == 0 {
980970
// This can only crash if the individual nonces are invalid which is not possible is rust.
@@ -1124,9 +1114,6 @@ impl Session {
11241114
pub fn new(key_agg_cache: &KeyAggCache, agg_nonce: AggregatedNonce, msg: &[u8; 32]) -> Self {
11251115
let mut session = MaybeUninit::<ffi::MusigSession>::uninit();
11261116

1127-
// We have no seed here but we want rerandomiziation to happen for `rand` users.
1128-
let seed = [0_u8; 32];
1129-
11301117
unsafe {
11311118
let ret = crate::with_global_context(
11321119
|secp: &Secp256k1<crate::AllPreallocated>| {
@@ -1138,7 +1125,7 @@ impl Session {
11381125
key_agg_cache.as_ptr(),
11391126
)
11401127
},
1141-
Some(&seed),
1128+
None,
11421129
);
11431130
if ret == 0 {
11441131
// Only fails on cryptographically unreachable codes or if the args are invalid.
@@ -1179,8 +1166,6 @@ impl Session {
11791166
keypair: &Keypair,
11801167
key_agg_cache: &KeyAggCache,
11811168
) -> PartialSignature {
1182-
// We have no seed here but we want rerandomiziation to happen for `rand` users.
1183-
let seed = [0_u8; 32];
11841169
unsafe {
11851170
let mut partial_sig = MaybeUninit::<ffi::MusigPartialSignature>::uninit();
11861171

@@ -1195,7 +1180,7 @@ impl Session {
11951180
self.as_ptr(),
11961181
)
11971182
},
1198-
Some(&seed),
1183+
Some(&keypair.secret_bytes()),
11991184
);
12001185

12011186
assert_eq!(res, 1);
@@ -1283,8 +1268,6 @@ impl Session {
12831268
pub_nonce: &PublicNonce,
12841269
pub_key: PublicKey,
12851270
) -> bool {
1286-
// We have no seed here but we want rerandomiziation to happen for `rand` users.
1287-
let seed = [0_u8; 32];
12881271
unsafe {
12891272
let ret = crate::with_global_context(
12901273
|secp: &Secp256k1<crate::AllPreallocated>| {
@@ -1297,7 +1280,7 @@ impl Session {
12971280
self.as_ptr(),
12981281
)
12991282
},
1300-
Some(&seed),
1283+
None,
13011284
);
13021285
ret == 1
13031286
}

src/schnorr.rs

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -161,8 +161,6 @@ pub fn sign_with_rng<R: Rng + CryptoRng>(msg: &[u8], keypair: &Keypair, rng: &mu
161161

162162
/// Verifies a schnorr signature.
163163
pub fn verify(sig: &Signature, msg: &[u8], pubkey: &XOnlyPublicKey) -> Result<(), Error> {
164-
// We have no seed here but we want rerandomiziation to happen for `rand` users.
165-
let seed = [0_u8; 32];
166164
unsafe {
167165
let ret = crate::with_global_context(
168166
|secp: &Secp256k1<crate::AllPreallocated>| {
@@ -174,7 +172,7 @@ pub fn verify(sig: &Signature, msg: &[u8], pubkey: &XOnlyPublicKey) -> Result<()
174172
pubkey.as_c_ptr(),
175173
)
176174
},
177-
Some(&seed),
175+
None,
178176
);
179177

180178
if ret == 1 {

0 commit comments

Comments
 (0)