matteo-cristino
commented
11 months ago Zenroom Schnorr signature are performed over BLS (using zenroom.ecp) while the one you linked (and the standard) are over Secp256k1, thus the vector tests will fail. What we are missing to have it aligned with the standard is the possibility to perform operations over Secp256k1 in zenroom.
jaromil
The goal is to make a schnorr signature that aligns with the implementation used in Bitcoin and nostr
The current Schnorr signature implementation uses overloaded arithmetic over ECP using the BLS curve in Zenroom. But most of the implementations out there (bitcoin, nostr..) use the secp256k1 curve, whose arithmetic is only implemented in C. To improve compatibility and efficiency, we need an implementation of schnorr sigs in C: one can follow the code in Lua and translate it.
Verification for the implementation can be done using vectors from Bitcoin BIP34 here https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv