Discrepancy in signSchnorr output when using zero-filled Buffer versus no Buffer

[landabaso]

I'm currently unsure about which version of libsecp256k1 is ultimately being used by tiny-secp256k1. Due to my limited knowledge of Rust and WebAssembly, I haven't been able to determine it myself.

I've noticed that signSchnorr is producing different results depending on whether auxRand is passed or not: specifically, signSchnorr(h, d, Buffer.alloc(32, 0x00)) and signSchnorr(h, d) do not yield the same output.

To replicate my findings, you can run the test:

git clone https://github.com/landabaso/sign_schnorr_test.git
cd sign_schnorr_test
npm install
npm run test

My suspicion is that tiny-secp256k1 might be using a version of libsecp256k1 prior to this commit, which could be the cause of this discrepancy.

You can find additional context in this related issue: https://github.com/paulmillr/noble-curves/issues/61

I'm willing to submit a PR to tiny-secp256k1 that sets auxRand to Buffer.alloc(32, 0x00) when it's not provided. However, I'd like to get confirmation on this issue first.

[junderw]

Yes, you are correct. We are currently using an older version of libsecp256k1.

I would do it as a bump to the libsecp256k1 library instead of just bodging in a specific edge case for one feature.

If you need the all-0x00 signature. Pass all-0x00 Buffer to it. Nothing is broken.

[junderw]

Pushed as v2.2.3

[landabaso]

Thanks!