This PR makes some changes to make the k256-based implementation equivalent to the above arkworks implementation.
I implemented a pt_to_64_bytes() function which encodes a secp256k1 point as 64 bytes. This is less than ideal (as SEC1 encoding, which k256 provides, outputs fewer bytes), but until SEC1 encoding is implemented for secp256k1 in arkworks, it will do.
The input to the sha512 is now a concatenated byte array of the relevant values. Previously, hasher.update() was invoked once per value.
The input to Secp256k1::hash_from_bytes() is now a concatenated byte array of the message and the public key (encoded as 64 bytes - see above). Previously, it was an array of two byte arrays.
The main program outputs each value in the signature. The arkworks reference implementation contains tests which checks against said values (given the same hardcoded secret key and r).
I've implemented the signature scheme in arkworks: https://github.com/geometryresearch/deterministic_nullifier_sigs
This PR makes some changes to make the k256-based implementation equivalent to the above arkworks implementation.
pt_to_64_bytes()function which encodes a secp256k1 point as 64 bytes. This is less than ideal (as SEC1 encoding, which k256 provides, outputs fewer bytes), but until SEC1 encoding is implemented for secp256k1 in arkworks, it will do.hasher.update()was invoked once per value.Secp256k1::hash_from_bytes()is now a concatenated byte array of the message and the public key (encoded as 64 bytes - see above). Previously, it was an array of two byte arrays.r).