antiklepto / anti-exfil protocol for Schnorr sigs

BlockstreamResearch / secp256k1-zkp

A fork of libsecp256k1 with support for advanced and experimental features such as Confidential Assets and MuSig2

MIT License

364 stars 207 forks source link

antiklepto / anti-exfil protocol for Schnorr sigs #172

Open benma opened 2 years ago

benma commented 2 years ago

https://github.com/ElementsProject/secp256k1-zkp/blob/725d895fc54cf82da1c2a9c69048656405da556d/include/secp256k1_ecdsa_s2c.h#L100

Is anyone working on implementing this protocol for Schnorr signatures? Since Taproot is now active, it would be great to have this available to implement in hardware wallets.

@jonasnick @apoelstra

jonasnick commented 2 years ago

All I know is that @dr-orlovsky opened issue #154 for adding sign-to-contract and opened PR https://github.com/bitcoin-core/secp256k1/pull/1018 with an implementaion.

real-or-random commented 2 years ago

What about https://github.com/bitcoin-core/secp256k1/pull/590 ?

dr-orlovsky commented 2 years ago

Yes, I had a plan to work on that, but it could take more time than I originally expected - got really overflow by all the problems during the last months since the war began.

Still pan to work on it one the load will decrease - but if there will be anyone willing to work on it now - I will not object.

benma commented 1 year ago

https://github.com/ElementsProject/secp256k1-zkp/issues/154 is a prerequisite for antiklepto - I will work on it.

benma commented 1 year ago

I opened a draft implementation here: https://github.com/bitcoin-core/secp256k1/pull/1140