Fix rerandomization seed usage #855
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In `Session::partial_sign` rerandomize using the secret bytes from the keypair.
Turns out I didn't (and maybe still don't) understand why we do re-randomization. I looked online and came up with > * The purpose of context structures is to cache large precomputed data tables > * that are expensive to construct, and also to maintain the randomization data > * for blinding. So we only re-randomize after signing? Or from what I gleaned from Andrew's comments on the original PR, only in functions that contain secret data (which I _think_ implies signing). All instances remove the seed and use `None` to disable re-randomization.
|
Looks great! Arguably in the signing methods we should xor in the message, and in But I'm kinda tired of thinking about this, and the marginal benefit is really small, so let's go with this for now. |
Merged
chain-forgexcr45
added a commit
to chain-forgexcr45/rust-secp256k1
that referenced
this pull request
Sep 28, 2025
99171f82a9b7c590e63cb7b9472a0f0cf553b9a2 Don't re-randomize unnecessarily (Tobin C. Harding)
0e0eb60fc06bffcb764f01dee7c3aea7177ac294 musig: Use secret bytes from keypair to rerandomize (Tobin C. Harding)
Pull request description:
Follow up of #844
Fix rerandomization stuff.
- Use keypair secret data to rerandomize in musig when doing partial siging.
- Remove all the zero seed arrays and use `None` to disable rerandomization when no secret data used.
ACKs for top commit:
apoelstra:
ACK 99171f82a9b7c590e63cb7b9472a0f0cf553b9a2; successfully ran local tests
Tree-SHA512: 4bc68d9e819b2a0fb94ade67aa29c25c2454f94dcdd623f4fb67f9aa74caac75146bccb8683ed1ed636591d8e1dfb181c76cc16d33b0b57885af9b2b94c8b931
william2332-limf
added a commit
to william2332-limf/rust-secp256k1
that referenced
this pull request
Oct 2, 2025
99171f82a9b7c590e63cb7b9472a0f0cf553b9a2 Don't re-randomize unnecessarily (Tobin C. Harding)
0e0eb60fc06bffcb764f01dee7c3aea7177ac294 musig: Use secret bytes from keypair to rerandomize (Tobin C. Harding)
Pull request description:
Follow up of #844
Fix rerandomization stuff.
- Use keypair secret data to rerandomize in musig when doing partial siging.
- Remove all the zero seed arrays and use `None` to disable rerandomization when no secret data used.
ACKs for top commit:
apoelstra:
ACK 99171f82a9b7c590e63cb7b9472a0f0cf553b9a2; successfully ran local tests
Tree-SHA512: 4bc68d9e819b2a0fb94ade67aa29c25c2454f94dcdd623f4fb67f9aa74caac75146bccb8683ed1ed636591d8e1dfb181c76cc16d33b0b57885af9b2b94c8b931
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Follow up of #844
Fix rerandomization stuff.
Noneto disable rerandomization when no secret data used.