rbsecp256k1 5.1.1 → 6.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3f0c0d659103f52aa0a9762d464bfacd9a656d90dfd38815b7b954c863aa5bb2
-  data.tar.gz: 7e74a91710993a87a4a931be6091e16af32960e91ebe67a731ffb0ee498593ba
+  metadata.gz: fbd0a847d061c266d044174528f14b1351484f58a703e7ec76719122689ae6d4
+  data.tar.gz: c7bbdaf0dc9bdaf24dd5de7c40d95c16f08b72d466216af6789e523ee14bba8b
 SHA512:
-  metadata.gz: 69cdae2b446230a9908aa0b799b4c36d09bf5486c118468a43be4ffa128f304e7cf608bab222bebb8acdbb1bf7848619dd2a55e583ce07b14a851d3657cc0d6b
-  data.tar.gz: 52b48f20f66ac1635358e924fcc9a1c47bf53962610ecbaca099611d69c42d994f4c8c886a172ed1e3402c241be86e6977edd9b674960b1f5acedc30c5d8326a
+  metadata.gz: cf695d750f38e4d27de61caa0e1ec8d9160925d7c10cc556691c7335478137f71f7f49901d50ade3c9e2c917779b38a3d4ee49ca931a8691cc99e7a751fd8243
+  data.tar.gz: 7b5a75562a90c3e845a0b42477873562991d19ca610b89aef95581e0f7dc010f123e8ed4055225978cb2ad4b6667e184d18915114f69cfdaabb993bfcf4b06a7

data/README.md

@@ -2,12 +2,16 @@
 
 [![Spec](https://github.com/etscrivner/rbsecp256k1/actions/workflows/spec.yml/badge.svg?branch=master)](https://github.com/etscrivner/rbsecp256k1/actions/workflows/spec.yml) [![Gem Version](https://badge.fury.io/rb/rbsecp256k1.svg)](https://badge.fury.io/rb/rbsecp256k1) [![Maintainability](https://api.codeclimate.com/v1/badges/d4b6e27bfa00030ca412/maintainability)](https://codeclimate.com/github/etscrivner/rbsecp256k1/maintainability)
 
-Native extension gem for secp256k1 ECDSA. Wraps [libsecp256k1](https://github.com/bitcoin-core/secp256k1). In
-rbsecp256k1 3.0.0 and later libsecp256k1 is bundled with the gem.
+Native extension gem for secp256k1 ECDSA and Schnorr signatures. Wraps [libsecp256k1](https://github.com/bitcoin-core/secp256k1) without the need for FFI.
 
 * [Documentation](https://github.com/etscrivner/rbsecp256k1/blob/master/documentation/index.md)
 * [Examples](https://github.com/etscrivner/rbsecp256k1/blob/master/examples/README.md)
 
+### Features
+
+* Native extension gem wrapping [libsecp256k1](https://github.com/bitcoin-core/secp256k1), no FFI.
+* Schnorr signature support.
+
 ### Why wrap libsecp256k1?
 
 [libsecp256k1](https://github.com/bitcoin-core/secp256k1) is an extremely optimized implementation of public key derivation,
@@ -100,38 +104,6 @@ To test with recovery functionality disabled run:
 make test WITH_RECOVERY=0
 ```
 
-To test with ECDH functionality disabled run:
-
-```
-make test WITH_ECDH=0
-```
-
-To test with both disabled run:
-
-```
-make test WITH_RECOVERY=0 WITH_ECDH=0
-```
-
-Testing for memory leaks with valgrind:
-
-```
-make memcheck
-```
-
-### Building Gem
-
-```
-make gem
-```
-
-### Installing Gem Locally
-
-To install the gem locally and verify builds you can run:
-
-```
-make install
-```
-
 ### Uninstall Gem Locally
 
 You can similarly uninstall the local gem by running the following:

data/documentation/context.md

@@ -35,16 +35,16 @@ Instance Methods
 
 #### ecdh(point, scalar)
 
-**Requires:** libsecp256k1 was built with the experimental ECDH module.
-
 Takes a `point` ([PublicKey](public_key.md)) and a `scalar` ([PrivateKey](private_key.md)) and returns a new
 [SharedSecret](shared_secret.md) containing the 32-byte shared secret. Raises a `Secp256k1::Error` if
 the `scalar` is invalid (zero or causes an overflow).
 
 #### generate_key_pair
 
-Generates and returns a new [KeyPair](key_pair.md) using a cryptographically
-secure random number generator (CSRNG) provided by OpenSSL.
+Generates and returns a new [KeyPair](key_pair.md) using Ruby's built-in
+`SecureRandom` cryptographically secure random number generator. This method
+simply invokes `key_pair_from_private_key` with the value from
+`SecureRandom.random_bytes`.
 
 #### key_pair_from_private_key(private_key_data)
 
@@ -73,6 +73,23 @@ Signs the data represented by the SHA-256 hash `hash32` using `private_key` and
 new [RecoverableSignature](recoverable_signature.md). The `private_key` is expected to be a [PrivateKey](private_key.md) and
 `data` can be either a binary string or text.
 
+#### sign_schnorr(keypair, message)
+
+Same as `sign_schnorr_custom(keypair, message, auxrand)` but generates
+`auxrand` for you using `SecureRandom`. This should almost always be the method
+used for Schnorr signing.
+
+#### sign_schnorr_custom(keypair, message, auxrand)
+
+Sign the given 32-byte binary string `message` using the given `keypair`. It is
+recommend that `message` be generated using `tagged_sha256`. `auxrand` should
+be 32-bytes of fresh randomness, but can optionally be `nil` if generating
+randomness is expensive.
+
+#### tagged_sha256(tag, message)
+
+Computes the tagged hash as defined in [BIP-340](https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki). Returns the 32-byte binary string tagged hash.
+
 #### verify(signature, public_key, hash32)
 
 Verifies the given `signature` ([Signature](signature.md)) was signed by

data/documentation/index.md

@@ -11,10 +11,12 @@ Classes and Modules
 | [Secp256k1](secp256k1.md)  | [Context](context.md)                            | [Util](util.md)
 |                            | [KeyPair](key_pair.md)                           |
 |                            | [PublicKey](public_key.md)                       |
+|                            | [XOnlyPublicKey](xonly_public_key.md)            |
 |                            | [PrivateKey](private_key.md)                     |
 |                            | [SharedSecret](shared_secret.md)                 |
 |                            | [Signature](signature.md)                        |
 |                            | [RecoverableSignature](recoverable_signature.md) |
+|                            | [SchnorrSignature](schnorr_signature.md)         |
 
 Glossary
 --------
@@ -28,6 +30,8 @@ efficient.
 **[PublicKey](public_key.md)** is a Secp256k1 public key. It can come in either
 compressed or uncompressed format.
 
+**[XOnlyPublicKey](xonly_public_key.md)** is a Secp256k1 x-only public key.
+
 **[PrivateKey](private_key.md)** is a 64-byte Secp256k1 private key.
 
 **[SharedSecret](shared_secret.md)** A 32-byte shared secret computed from a
@@ -39,6 +43,8 @@ of a piece of data.
 **[RecoverableSignature](recoverable_signature.md)** is a recoverable ECDSA signature of the SHA-256 message
 hash of a piece of data.
 
+**[SchnorrSignature](schnorr_signature.md)** is a Schnorr signature of a 32-byte message.
+
 Examples
 --------
 
@@ -59,7 +65,7 @@ This example shows how to generate a new public-private key pair:
 ```ruby
 context = Secp256k1::Context.create
 key_pair = context.generate_key_pair
-# => #<Secp256k1::KeyPair:0x0000559b0bc876b0 @public_key=#<Secp256k1::PublicKey:0x0000559b0bc876d8>, @private_key=#<Secp256k1::PrivateKey:0x0000559b0bc87700 @data="\r\xA7\xB3<\x92\xCDw\xC1\xDB\xEB[BB;=\x80\xB83\xA8]\x06\xD9\x90\xF8v\xFFi\xF0/\x1E\x96\xF9">>
+# => #<Secp256k1::KeyPair:0x0000559b0bc876b0>
 ```
 
 ### 3. Getting compressed and uncompressed public key representations
@@ -162,11 +168,11 @@ context = Secp256k1::Context.create
 
 #1. Load private key alone
 private_key = Secp256k1::PrivateKey.from_data("I\nX\x85\xAEz}\n\x9B\xA4\\\x81)\xD4\x9Aq\xFDH\t\xBE\x8EP\xC5.\xC6\x1F7-\x86\xA0\xCB\xF9")
-# => #<Secp256k1::PrivateKey:0x00005647df1bcd30 @data="I\nX\x85\xAEz}\n\x9B\xA4\\\x81)\xD4\x9Aq\xFDH\t\xBE\x8EP\xC5.\xC6\x1F7-\x86\xA0\xCB\xF9">
+# => #<Secp256k1::PrivateKey:0x00005647df1bcd30>
 
 # 2. Load key pair from private key data
 key_pair = context.key_pair_from_private_key("I\nX\x85\xAEz}\n\x9B\xA4\\\x81)\xD4\x9Aq\xFDH\t\xBE\x8EP\xC5.\xC6\x1F7-\x86\xA0\xCB\xF9")
-# => #<Secp256k1::KeyPair:0x0000559b0bbf9a90 @public_key=#<Secp256k1::PublicKey:0x0000559b0bbf9ab8>, @private_key=#<Secp256k1::PrivateKey:0x0000559b0bbf9ae0 @data="I\nX\x85\xAEz}\n\x9B\xA4\\\x81)Ԛq\xFDH\t\xBE\x8EP\xC5.\xC6\u001F7-\x86\xA0\xCB\xF9">>
+# => #<Secp256k1::KeyPair:0x0000559b0bbf9a90>
 ```
 
 ### 7. Loading a public key from binary data
@@ -197,6 +203,59 @@ signature = Secp256k1::Signature.from_compact("<\xC6\x7F/\x921l\x89Z\xFBs\x89p\x
 # => #<Secp256k1::Signature:0x0000559b0bdcaa68>
 ```
 
+Schnorr Signature Examples
+--------------------------
+
+### 1. Checking for the Schnorr module
+
+To check if you have compiled the schnorr signature module into your local
+libsecp256k1 run the following:
+
+```ruby
+Secp256k1.have_schnorr?
+# => true
+```
+
+### 2. Calculate the tagged SHA-256 hash of data
+
+You can produce the tagged SHA-256 hash recommended for use with Schnorr
+signatures as follows:
+
+```ruby
+context = Secp256k1::Context.create
+
+context.tagged_sha256('my_test_tag', 'data')
+=> "0\x85|\xC8h\x9A\x8C^\x0FoD\xDF\xD0,\x1C\x1EV}\xE8\xA8<\xC5\xA5vI\x9E`=\x9B\xC4\xA8\xAE"
+```
+
+### 3. Sign and verify a message using Schnorr signatures
+
+```ruby
+context = Secp256k1::Context.create
+key_pair = context.generate_key_pair
+message = context.tagged_sha256('my_test_tag', 'data')
+
+schnorr_sig = context.sign_schnorr(key_pair, message)
+=> #<Secp256k1::SchnorrSignature:0x00007f4de11e5768>
+
+schnorr_sig.verify(message, key_pair.xonly_public_key)
+=> true
+
+schnorr_sig.serialized
+=> "\x16\xEF\x04\xB0JP\xE9\x90\xC2\xB1\xE6-l\xDB\x1D\xAE\xAAc\xBF@9s\x02\xC2\xD5[\xFB\x19Q\xFAI^Hj\xD1)\xBE\xEA\xA5!a\xAD\xBEO\xCE7\x9Em\x13;\xE8R\x8A\x81$\nv\xF4\xD3\xB25\xA9\xF9\xC0"
+```
+
+### 4. Load a Schnorr signature from binary serialized version
+
+```ruby
+context = Secp256k1::Context.create
+
+schnorr_sig_raw = "\x16\xEF\x04\xB0JP\xE9\x90\xC2\xB1\xE6-l\xDB\x1D\xAE\xAAc\xBF@9s\x02\xC2\xD5[\xFB\x19Q\xFAI^Hj\xD1)\xBE\xEA\xA5!a\xAD\xBEO\xCE7\x9Em\x13;\xE8R\x8A\x81$\nv\xF4\xD3\xB25\xA9\xF9\xC0"
+
+Secp256k1::SchnorrSignature.from_data(schnorr_sig_raw)
+=> #<Secp256k1::SchnorrSignature:0x00007f4de1225818>
+```
+
 Recoverable Signature Examples
 ------------------------------
 
@@ -215,7 +274,7 @@ Secp256k1.have_recovery?
 You can sign data producing a recoverable signature as follows:
 
 ```ruby
-require 'digest'
+yrequire 'digest'
 
 hash = Digest::SHA256.digest('test message')
 context = Secp256k1::Context.create

data/documentation/key_pair.md

@@ -5,13 +5,6 @@ Secp256k1::KeyPair
 
 Secp256k1::KeyPair represents a public-private Secp256k1 key pair.
 
-Initializers
-------------
-
-#### new(public_key, private_key)
-
-Initializes a new key pair with `public_key` (type: [PublicKey](public_key.md)) and `private_key` (type: [PrivateKey](private_key.md)).
-
 Instance Methods
 ----------------
 
@@ -19,6 +12,10 @@ Instance Methods
 
 Returns the [PublicKey](public_key.md) part of this key pair.
 
+#### xonly_public_key
+
+Returns the [XOnlyPublicKey](xonly_public_key.md).
+
 #### private_key
 
 Returns the [PrivateKey](private_key.md) part of this key pair.

data/documentation/public_key.md

@@ -27,6 +27,10 @@ Returns the binary compressed representation of this public key.
 
 Returns the binary uncompressed representation of this public key.
 
+### to_xonly
+
+Returns the `XOnlyPublicKey` equivalent of this key.
+
 #### ==(other)
 
 Return `true` if this public key matches `other`.

data/documentation/schnorr_signature.md

@@ -0,0 +1,30 @@
+[Index](index.md)
+
+Secp256k1::SchnorrSignature
+===========================
+
+Secp256k1::SchnorrSignature represents an Schnorr signature signing a 32-byte message.
+
+Class Methods
+-------------
+
+#### from_data(schnorr_sig_data)
+
+Loads a new Schnorr signature from the given 64-byte binary
+`schnorr_sig_data`. Does not perform any validation on the loaded data.
+
+Instance Methods
+----------------
+
+#### serialized
+
+Returns the 64-byte binary `String` of the serialized Schnorr signature.
+
+#### verify(msg, xonly_pubkey)
+
+Returns `true` if the schnorr signature is a valid signing of `msg` with the
+private key for `xonly_pubkey`, `false` otherwise.
+
+#### ==(other)
+
+Returns `true` if this signature matches `other`.

data/documentation/secp256k1.md

@@ -17,3 +17,8 @@ otherwise.
 
 Returns `true` if the EC Diffie-Hellman module was built with libsecp256k1,
 `false` otherwise.
+
+#### have_schnorr?
+
+Returns `true` if the Schnorr signature module was built with libsecp256k1,
+`false` otherwise.

data/documentation/shared_secret.md

@@ -3,8 +3,6 @@
 Secp256k1::SharedSecret
 =======================
 
-**Requires:** libsecp256k1 was build with ECDH module.
-
 Secp256k1::SharedSecret represents a 32-byte shared secret computed from a
 public key (point) and private key (scalar).
 

data/documentation/xonly_public_key.md

@@ -0,0 +1,29 @@
+[Index](index.md)
+
+Secp256k1::XOnlyPublicKey
+=========================
+
+Secp256k1::XOnlyPublicKey represents an x-only public key version of a public key.
+
+See: [KeyPair](key_pair.md)
+
+Class Methods
+-------------
+
+#### from_data(xonly_public_key_serialized)
+
+Parses the 32-byte serialized binary `xonly_public_key_serialized` and creates
+and returns a new x-only public key from it. Raises a
+`Secp256k1::DeserializationError` if the given x-only public key data is
+invalid.
+
+Instance Methods
+----------------
+
+#### serialized
+
+Serializes the `XOnlyPublicKey` into a 32-byte binary `String`.
+
+#### ==(other)
+
+Return `true` if this x-only public key matches `other`.

data/ext/rbsecp256k1/extconf.rb

@@ -4,32 +4,28 @@ require 'mini_portile2'
 require 'mkmf'
 require 'zip'
 
+# Enable the recovery module by default
+WITH_RECOVERY = ENV.fetch('WITH_RECOVERY', '1') == '1'
+
 # Recipe for downloading and building libsecp256k1 as part of installation
 class Secp256k1Recipe < MiniPortile
-  # Hard-coded URL for libsecp256k1 zipfile (HEAD of master as of 24-11-2021)
-  LIBSECP256K1_ZIP_URL = 'https://github.com/bitcoin-core/secp256k1/archive/fecf436d5327717801da84beb3066f5a9b80ea8e.zip'
+  # Hard-coded URL for libsecp256k1 zipfile (Official release v0.2.0)
+  LIBSECP256K1_ZIP_URL = 'https://github.com/bitcoin-core/secp256k1/archive/refs/tags/v0.2.0.zip'
 
   # Expected SHA-256 of the zipfile above (computed using sha256sum)
-  LIBSECP256K1_SHA256 = '188c6252ab9e829da02c962fe59a329f798c615577ac128ae1f0697126ebb2fc'
-
-  WITH_RECOVERY = ENV.fetch('WITH_RECOVERY', '1') == '1'
-  WITH_ECDH = ENV.fetch('WITH_ECDH', '1') == '1'
+  LIBSECP256K1_SHA256 = '6ece280c0e6ea9d861051077c28a25b7f48800c43a4098a800b7d3b0c124e406'
 
   def initialize
-    super('libsecp256k1', '0.0.0')
+    super('libsecp256k1', '0.2.0')
     @tarball = File.join(Dir.pwd, "/ports/archives/libsecp256k1.zip")
     @files = ["file://#{@tarball}"]
     self.configure_options += [
-      "--disable-benchmark",
-      "--disable-exhaustive-tests",
-      "--disable-tests",
-      "--disable-debug",
-      "--enable-experimental",
       "--with-pic=yes"
     ]
 
+    # ECDH is enabled by default in release v0.2.0, but recovery still needs to
+    # be enabled manually.
     configure_options << "--enable-module-recovery" if WITH_RECOVERY
-    configure_options << "--enable-module-ecdh" if WITH_ECDH
   end
 
   def configure
@@ -106,11 +102,20 @@ else
   have_library("gmp")
 end
 
+# Sanity check for the basic library
+have_header('secp256k1.h')
+
 # Check if we have the libsecp256k1 recoverable signature header.
-have_header('secp256k1_recovery.h')
+have_header('secp256k1_recovery.h') if WITH_RECOVERY
 
 # Check if we have EC Diffie-Hellman functionality
 have_header('secp256k1_ecdh.h')
 
+# Check if we have Schnorr signatures
+have_header('secp256k1_schnorrsig.h')
+
+# Check if we have extra keys module
+have_header('secp256k1_extrakeys.h')
+
 # See: https://guides.rubygems.org/gems-with-extensions/
 create_makefile('rbsecp256k1/rbsecp256k1')