Closed wydengyre closed 1 year ago
A follow up to https://github.com/btcsuite/btcd/issues/2017
A similar problem still exists in the performance of Schnorr signatures: the challenge hash e should not fail if, when, interpreted as a scalar, it is above the curve order. Instead, it should just be interpreted as modulo that order.
e
The relevant code is here: https://github.com/btcsuite/btcd/blob/0bed86b3f02b7314498165cda05decbd0e0f13f4/btcec/schnorr/signature.go#L89
The relevant section of BIP 340 is here: https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki#default-signing
No test vector for this, as producing such a signature is astronomically unlikely. The branch in the code is confusing and unnecessary, though.
A follow up to https://github.com/btcsuite/btcd/issues/2017
A similar problem still exists in the performance of Schnorr signatures: the challenge hash
e
should not fail if, when, interpreted as a scalar, it is above the curve order. Instead, it should just be interpreted as modulo that order.The relevant code is here: https://github.com/btcsuite/btcd/blob/0bed86b3f02b7314498165cda05decbd0e0f13f4/btcec/schnorr/signature.go#L89
The relevant section of BIP 340 is here: https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki#default-signing
No test vector for this, as producing such a signature is astronomically unlikely. The branch in the code is confusing and unnecessary, though.