secp256k1rb 0.1.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aff0d24f08ccdd2fb1d622ca2cb8655a9e36d3960890710861878e32e55850b3
-  data.tar.gz: 6915105a7e248f5a1ca810e5f0b8af3dea75731a7b65bd111df74a8691f2d907
+  metadata.gz: 6a26cd2beaa9525ea8f7a0db0e411dbb3d049ec976214f4651e787f02ed76f83
+  data.tar.gz: 05c9fce673e0f97e48faa60335cb5de37a3be74a12c50f5cfc541621c11526f2
 SHA512:
-  metadata.gz: 307ef35d2afa388b1640a2df6438ca19b14cc5d1bf1920f509e2f1768d610d0534f926ad0122122b5ad30da9ab6a9da3f49b17b6d1215fc0bd1e1fc55c42ab71
-  data.tar.gz: a533565583b3af85dbfbb9f259e3c644a4de3ec5a8c52e08b37eb46ff0bdba922e5a14cd3f2588792caa1ae4934881b9563b045c6907dda50571349a97dcef9c
+  metadata.gz: 71dbb792ccefcf0a852ff5ff96173c2f7c784cff9313489782b03159dd0163860938435d66ec974cccf7fe3755b5bd1ded9bbdf20a77a9d4d41bc2a6b65d63f9
+  data.tar.gz: b5e36b1dae73beb4c7e2420efb792c9185fa08f96acbbd2090b5858fc305b88bd9b8a42197900bf1dfea9d1ff9c4b754d491719a63754e817c1c1854969b3db9

data/.ruby-gemset

@@ -0,0 +1 @@
+secp256k1

data/.ruby-version

@@ -0,0 +1 @@
+ruby-4.0.0

data/CHANGELOG.md

@@ -1,5 +1,19 @@
 ## [Unreleased]
 
+## [0.3.0]
+
+- Support secp256k1 v0.7.1.
+- Add FFI bindings for the full v0.7.1 public C API.
+- Add `Secp256k1::Key` module: EC key arithmetic (`tweak_add_seckey`/`tweak_mul_seckey`/`negate_seckey`, `tweak_add_pubkey`/`tweak_mul_pubkey`/`negate_pubkey`, `combine_pubkeys`), x-only public key operations (`xonly_pubkey_from_pubkey`, `xonly_tweak_add_pubkey`, `xonly_tweak_add_check?`) and key pair accessors (`keypair_to_seckey`/`keypair_to_pubkey`/`keypair_to_xonly_pubkey`).
+  Also adds `compare_pubkey`/`sort_pubkeys`/`compare_xonly_pubkey` and `keypair_xonly_tweak_add`.
+- Add `Secp256k1::ECDH` module: `ecdh`.
+- Add compact ECDSA signature conversion: `ecdsa_signature_to_compact` / `ecdsa_signature_from_compact`.
+- Add `tagged_sha256` (BIP-340 tagged hash).
+- Add `Secp256k1::EllSwift#ellswift_encode`.
+- Add `Secp256k1::Recover#recoverable_signature_to_ecdsa`.
+- Add `Secp256k1::SchnorrSig#sign_schnorr_custom` / `#verify_schnorr_custom` for variable-length messages.
+- Add `Secp256k1::MuSig#generate_musig_nonce_counter` (deterministic counter-based nonce generation).
+
 ## [0.1.0] - 2024-05-07
 
 - Initial release

data/README.md

@@ -1,8 +1,6 @@
 # secp256k1rb
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/secp256k1`. To experiment with that code, run `bin/console` for an interactive prompt.
-
-TODO: Delete this and the text above, and describe your gem
+This is a Ruby binding for Bitcoin Core's [secp256k1 library](https://github.com/bitcoin-core/secp256k1/).
 
 ## Installation
 
@@ -22,22 +20,37 @@ Or install it yourself as:
 
 ## Usage
 
-TODO: Write usage instructions here
+To use this library, you need to specify the path of the secp256k1 shared library in environment variable
+`SECP256K1_LIB_PATH`, e.g: `$ export SECP256K1_LIB_PATH=/var/local/lib/libsecp256k1.so`.
 
-## Development
+Note: This library also implements the recovery module, so you must have built the secp256k1 library with the
+`--enable-module-recovery` option.
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+By including the Secp256k1 module, you can use the features provided by the `libsepc256k1` library. For example:
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+```ruby
+require 'secp256k1'
 
-## Contributing
+include Secp256k1
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/secp256k1. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/secp256k1/blob/master/CODE_OF_CONDUCT.md).
+generate_key_pair
+=> ["e00c2ae99e59b5262be3d507d026081f0e6cf9972ffdd4f2d45a390f7a41b053", "027e0f70b540d627422cf7bb77d86ae1bb6829c80104dd48dc2539e6277ea25624"]
+```
 
-## License
+See [here](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1) for available methods.
+In addition, the following modules are also included, so you can use them as they are.
 
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+* [Key](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1/Key)
+* [ECDH](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1/ECDH)
+* [Recover](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1/Recover)
+* [SchnorrSig](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1/SchnorrSig)
+* [MuSig](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1/MuSig)
+* [EllSwift](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1/EllSwift)
 
-## Code of Conduct
+### Compatibility
 
-Everyone interacting in the Secp256k1 project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/secp256k1/blob/master/CODE_OF_CONDUCT.md).
+secp256k1 version | secp256k1rb version
+:---:|:---:
+v0.4.0 | v0.1.x
+v0.6.0 | v0.2.x
+v0.7.1 | v0.3.x

data/lib/secp256k1/c.rb

@@ -11,16 +11,42 @@ module Secp256k1
     attach_function(:secp256k1_context_create, [:uint], :pointer)
     attach_function(:secp256k1_context_destroy, [:pointer], :void)
     attach_function(:secp256k1_context_randomize, [:pointer, :pointer], :int)
+    attach_function(:secp256k1_context_clone, [:pointer], :pointer)
+    attach_function(:secp256k1_context_set_error_callback, [:pointer, :pointer, :pointer], :void)
+    attach_function(:secp256k1_context_set_illegal_callback, [:pointer, :pointer, :pointer], :void)
+    attach_function(:secp256k1_selftest, [], :void)
+    # Preallocated context management
+    attach_function(:secp256k1_context_preallocated_size, [:uint], :size_t)
+    attach_function(:secp256k1_context_preallocated_create, [:pointer, :uint], :pointer)
+    attach_function(:secp256k1_context_preallocated_clone_size, [:pointer], :size_t)
+    attach_function(:secp256k1_context_preallocated_clone, [:pointer, :pointer], :pointer)
+    attach_function(:secp256k1_context_preallocated_destroy, [:pointer], :void)
     attach_function(:secp256k1_ec_pubkey_create, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ec_seckey_verify, [:pointer, :pointer], :int)
+    # EC key arithmetic (tweak/negate/combine/compare/sort)
+    attach_function(:secp256k1_ec_seckey_negate, [:pointer, :pointer], :int)
+    attach_function(:secp256k1_ec_seckey_tweak_add, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_ec_seckey_tweak_mul, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_ec_pubkey_negate, [:pointer, :pointer], :int)
+    attach_function(:secp256k1_ec_pubkey_tweak_add, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_ec_pubkey_tweak_mul, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_ec_pubkey_combine, [:pointer, :pointer, :pointer, :size_t], :int)
+    attach_function(:secp256k1_ec_pubkey_cmp, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_ec_pubkey_sort, [:pointer, :pointer, :size_t], :int)
+    # Utilities
+    attach_function(:secp256k1_tagged_sha256, [:pointer, :pointer, :pointer, :size_t, :pointer, :size_t], :int)
     attach_function(:secp256k1_ecdsa_sign, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ec_pubkey_serialize, [:pointer, :pointer, :pointer, :pointer, :uint], :int)
     attach_function(:secp256k1_ecdsa_signature_serialize_der, [:pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_ecdsa_signature_serialize_compact, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ec_pubkey_parse, [:pointer, :pointer, :pointer, :size_t], :int)
     attach_function(:secp256k1_ecdsa_signature_parse_der, [:pointer, :pointer, :pointer, :size_t], :int)
+    attach_function(:secp256k1_ecdsa_signature_parse_compact, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ecdsa_signature_normalize, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ecdsa_verify, [:pointer, :pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_schnorrsig_sign32, [:pointer, :pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_schnorrsig_sign, [:pointer, :pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_schnorrsig_sign_custom, [:pointer, :pointer, :pointer, :size_t, :pointer, :pointer], :int)
     attach_function(:secp256k1_schnorrsig_verify, [:pointer, :pointer, :pointer, :size_t, :pointer], :int)
     attach_function(:secp256k1_keypair_create, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_xonly_pubkey_parse, [:pointer, :pointer, :pointer], :int)
@@ -28,15 +54,62 @@ module Secp256k1
     attach_function(:secp256k1_ecdsa_recoverable_signature_serialize_compact, [:pointer, :pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ecdsa_recover, [:pointer, :pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ecdsa_recoverable_signature_parse_compact, [:pointer, :pointer, :pointer, :int], :int)
+    attach_function(:secp256k1_ecdsa_recoverable_signature_convert, [:pointer, :pointer, :pointer], :int)
+    # for ECDH module
+    attach_function(:secp256k1_ecdh, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int)
+    attach_variable(:secp256k1_ecdh_hash_function_sha256, :pointer)
+    attach_variable(:secp256k1_ecdh_hash_function_default, :pointer)
+    # for EllSwift module
     attach_function(:secp256k1_ellswift_decode, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ellswift_create, [:pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_ellswift_encode, [:pointer, :pointer, :pointer, :pointer], :int)
     attach_variable(:secp256k1_ellswift_xdh_hash_function_bip324, :pointer)
     attach_function(:secp256k1_ellswift_xdh, [:pointer, :pointer, :pointer, :pointer, :pointer, :int, :pointer, :pointer], :int)
+    # for ExtraKeys module
+    attach_function(:secp256k1_xonly_pubkey_serialize, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_xonly_pubkey_cmp, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_xonly_pubkey_from_pubkey, [:pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_xonly_pubkey_tweak_add, [:pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_xonly_pubkey_tweak_add_check, [:pointer, :pointer, :int, :pointer, :pointer], :int)
+    attach_function(:secp256k1_keypair_pub, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_keypair_sec, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_keypair_xonly_pub, [:pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_keypair_xonly_tweak_add, [:pointer, :pointer, :pointer], :int)
+    # for MuSig module
+    attach_function(:secp256k1_musig_pubkey_agg, [:pointer, :pointer, :pointer, :pointer, :size_t], :int)
+    attach_function(:secp256k1_musig_pubkey_get, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_pubkey_ec_tweak_add, [:pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_pubkey_xonly_tweak_add, [:pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_nonce_gen, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_nonce_gen_counter, [:pointer, :pointer, :pointer, :uint64, :pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_pubnonce_parse, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_pubnonce_serialize, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_aggnonce_serialize, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_aggnonce_parse, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_nonce_agg, [:pointer, :pointer, :pointer, :size_t], :int)
+    attach_function(:secp256k1_musig_nonce_process, [:pointer, :pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_partial_sign, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_partial_sig_serialize, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_partial_sig_parse, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_partial_sig_verify, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_partial_sig_agg, [:pointer, :pointer, :pointer, :pointer, :size_t], :int)
 
     # Pointer to secp256k1_ellswift_xdh_hash_function_bip324 constant.
     # @return [FFI::Pointer]
     def self.ellswift_xdh_hash_function_bip324
       FFI::Pointer.new(secp256k1_ellswift_xdh_hash_function_bip324)
     end
+
+    # Pointer to secp256k1_ecdh_hash_function_sha256 constant (the default ECDH hash function).
+    # @return [FFI::Pointer]
+    def self.ecdh_hash_function_sha256
+      FFI::Pointer.new(secp256k1_ecdh_hash_function_sha256)
+    end
+
+    # Pointer to secp256k1_ecdh_hash_function_default constant.
+    # @return [FFI::Pointer]
+    def self.ecdh_hash_function_default
+      FFI::Pointer.new(secp256k1_ecdh_hash_function_default)
+    end
   end
 end

data/lib/secp256k1/ecdh.rb

@@ -0,0 +1,37 @@
+module Secp256k1
+  # ECDH module.
+  # @example
+  #   include Secp256k1
+  #
+  #   alice_sk, alice_pk = generate_key_pair
+  #   bob_sk, bob_pk = generate_key_pair
+  #
+  #   # Both parties compute the same shared secret.
+  #   ecdh(bob_pk, alice_sk) == ecdh(alice_pk, bob_sk)
+  #
+  module ECDH
+
+    # Compute an EC Diffie-Hellman shared secret.
+    # @param [String] pubkey the other party's public key with hex format.
+    # @param [String] private_key your private key with hex format.
+    # @param [FFI::Pointer] hash_function (Optional)A pointer to the hash function to use. If omitted, the
+    #   library default(SHA256 of the compressed point) is used. See {Secp256k1::C.ecdh_hash_function_sha256}.
+    # @return [String] 32-byte shared secret with hex format.
+    # @raise [Secp256k1::Error] If the secret was invalid or the public key could not be parsed.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def ecdh(pubkey, private_key, hash_function: nil)
+      raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
+      validate_string!("private_key", private_key, 32)
+      pubkey = hex2bin(pubkey)
+      private_key = hex2bin(private_key)
+      with_context do |context|
+        internal = parse_pubkey_internal(context, pubkey)
+        seckey = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, private_key)
+        output = FFI::MemoryPointer.new(:uchar, 32)
+        hashfp = hash_function || FFI::Pointer::NULL
+        raise Error, 'secp256k1_ecdh failed.' unless secp256k1_ecdh(context, output, internal, seckey, hashfp, nil) == 1
+        output.read_string(32).unpack1('H*')
+      end
+    end
+  end
+end

data/lib/secp256k1/ellswift.rb

@@ -8,9 +8,8 @@ module Secp256k1
     # @raise [Secp256k1::Error] If decode failed.
     # @raise [ArgumentError] If invalid arguments specified.
     def ellswift_decode(ell_key, compressed: true)
-      raise ArgumentError, "ell_key must be String." unless ell_key.is_a?(String)
+      validate_string!("ell_key", ell_key, ELL_SWIFT_KEY_SIZE)
       ell_key = hex2bin(ell_key)
-      raise ArgumentError, "ell_key must be 64 bytes." unless ell_key.bytesize == 64
       with_context do |context|
         ell64 = FFI::MemoryPointer.new(:uchar, ell_key.bytesize).put_bytes(0, ell_key)
         internal = FFI::MemoryPointer.new(:uchar, 64)
@@ -20,15 +19,34 @@ module Secp256k1
       end
     end
 
+    # Encode a public key into an ElligatorSwift public key.
+    # @param [String] pubkey public key with hex format.
+    # @param [String] rnd (Optional)32-byte randomness with binary format. If omitted, random bytes are used.
+    # @return [String] ElligatorSwift public key with hex format(64 bytes).
+    # @raise [Secp256k1::Error] If encoding failed.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def ellswift_encode(pubkey, rnd = nil)
+      raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
+      validate_string!("rnd", rnd, 32) if rnd
+      pubkey = hex2bin(pubkey)
+      rnd = rnd ? hex2bin(rnd) : SecureRandom.random_bytes(32)
+      with_context do |context|
+        internal = parse_pubkey_internal(context, pubkey)
+        ell64 = FFI::MemoryPointer.new(:uchar, 64)
+        rnd32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, rnd)
+        raise Error, 'Failed to encode ElligatorSwift public key.' unless secp256k1_ellswift_encode(context, ell64, internal, rnd32) == 1
+        ell64.read_string(64).unpack1('H*')
+      end
+    end
+
     # Compute an ElligatorSwift public key for a secret key.
     # @param [String] private_key private key with hex format
     # @return [String] ElligatorSwift public key with hex format.
     # @raise [Secp256k1::Error] If failed to create elligattor swhift public key.
     # @raise [ArgumentError] If invalid arguments specified.
     def ellswift_create(private_key)
-      raise ArgumentError, "private_key must be String." unless private_key.is_a?(String)
+      validate_string!("private_key", private_key, 32)
       private_key = hex2bin(private_key)
-      raise ArgumentError, "private_key must be 32 bytes." unless private_key.bytesize == 32
       with_context(flags: CONTEXT_SIGN) do |context|
         ell64 = FFI::MemoryPointer.new(:uchar, 64)
         seckey32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, private_key)
@@ -46,15 +64,12 @@ module Secp256k1
     # @return [String] x coordinate with hex format.
     # @raise [Secp256k1::Error] If secret is invalid or hashfp return 0.
     def ellswift_ecdh_xonly(their_ell_pubkey, our_ell_pubkey, private_key, initiating)
-      raise ArgumentError, "their_ell_pubkey must be String." unless their_ell_pubkey.is_a?(String)
-      raise ArgumentError, "our_ell_pubkey must be String." unless our_ell_pubkey.is_a?(String)
-      raise ArgumentError, "private_key must be String." unless private_key.is_a?(String)
+      validate_string!("their_ell_pubkey", their_ell_pubkey, ELL_SWIFT_KEY_SIZE)
+      validate_string!("our_ell_pubkey", our_ell_pubkey, ELL_SWIFT_KEY_SIZE)
+      validate_string!("private_key", private_key, 32)
       their_ell_pubkey = hex2bin(their_ell_pubkey)
       our_ell_pubkey = hex2bin(our_ell_pubkey)
       private_key = hex2bin(private_key)
-      raise ArgumentError, "their_ell_pubkey must be #{ELL_SWIFT_KEY_SIZE} bytes." unless their_ell_pubkey.bytesize == ELL_SWIFT_KEY_SIZE
-      raise ArgumentError, "our_ell_pubkey must be #{ELL_SWIFT_KEY_SIZE} bytes." unless our_ell_pubkey.bytesize == ELL_SWIFT_KEY_SIZE
-      raise ArgumentError, "private_key must be 32 bytes." unless private_key.bytesize == 32
 
       with_context(flags: CONTEXT_SIGN) do |context|
         output = FFI::MemoryPointer.new(:uchar, 32)

data/lib/secp256k1/key.rb

@@ -0,0 +1,342 @@
+module Secp256k1
+  # Key module provides EC key arithmetic (tweak/negate/combine), x-only public key
+  # operations used by Taproot, and key pair accessors.
+  # @example
+  #   include Secp256k1
+  #
+  #   sk, pk = generate_key_pair
+  #   tweak = SecureRandom.bytes(32)
+  #
+  #   # Tweak a private/public key.
+  #   tweaked_sk = tweak_add_seckey(sk, tweak)
+  #   tweaked_pk = tweak_add_pubkey(pk, tweak)
+  #
+  module Key
+
+    # Negate a private key in place and return the result.
+    # @param [String] private_key a private key with hex format.
+    # @return [String] negated private key with hex format.
+    # @raise [Secp256k1::Error] If the private key is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def negate_seckey(private_key)
+      validate_string!("private_key", private_key, 32)
+      private_key = hex2bin(private_key)
+      with_context do |context|
+        seckey = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, private_key)
+        raise Error, 'secp256k1_ec_seckey_negate failed.' unless secp256k1_ec_seckey_negate(context, seckey) == 1
+        seckey.read_string(32).unpack1('H*')
+      end
+    end
+
+    # Tweak a private key by adding +tweak+ to it.
+    # @param [String] private_key a private key with hex format.
+    # @param [String] tweak a 32-byte tweak with hex format.
+    # @return [String] tweaked private key with hex format.
+    # @raise [Secp256k1::Error] If the arguments are invalid or the result is the zero key.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def tweak_add_seckey(private_key, tweak)
+      tweak_seckey(private_key, tweak, :secp256k1_ec_seckey_tweak_add)
+    end
+
+    # Tweak a private key by multiplying it by +tweak+.
+    # @param [String] private_key a private key with hex format.
+    # @param [String] tweak a 32-byte tweak with hex format.
+    # @return [String] tweaked private key with hex format.
+    # @raise [Secp256k1::Error] If the arguments are invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def tweak_mul_seckey(private_key, tweak)
+      tweak_seckey(private_key, tweak, :secp256k1_ec_seckey_tweak_mul)
+    end
+
+    # Negate a public key.
+    # @param [String] pubkey a public key with hex format.
+    # @param [Boolean] compressed Whether to return a compressed public key.
+    # @return [String] negated public key with hex format.
+    # @raise [Secp256k1::Error] If the public key is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def negate_pubkey(pubkey, compressed: true)
+      raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
+      pubkey = hex2bin(pubkey)
+      with_context do |context|
+        internal = parse_pubkey_internal(context, pubkey)
+        raise Error, 'secp256k1_ec_pubkey_negate failed.' unless secp256k1_ec_pubkey_negate(context, internal) == 1
+        serialize_pubkey_internal(context, internal, compressed)
+      end
+    end
+
+    # Tweak a public key by adding +tweak+ * G to it.
+    # @param [String] pubkey a public key with hex format.
+    # @param [String] tweak a 32-byte tweak with hex format.
+    # @param [Boolean] compressed Whether to return a compressed public key.
+    # @return [String] tweaked public key with hex format.
+    # @raise [Secp256k1::Error] If the arguments are invalid or the result is the point at infinity.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def tweak_add_pubkey(pubkey, tweak, compressed: true)
+      tweak_pubkey(pubkey, tweak, :secp256k1_ec_pubkey_tweak_add, compressed: compressed)
+    end
+
+    # Tweak a public key by multiplying it by +tweak+.
+    # @param [String] pubkey a public key with hex format.
+    # @param [String] tweak a 32-byte tweak with hex format.
+    # @param [Boolean] compressed Whether to return a compressed public key.
+    # @return [String] tweaked public key with hex format.
+    # @raise [Secp256k1::Error] If the arguments are invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def tweak_mul_pubkey(pubkey, tweak, compressed: true)
+      tweak_pubkey(pubkey, tweak, :secp256k1_ec_pubkey_tweak_mul, compressed: compressed)
+    end
+
+    # Add a number of public keys together.
+    # @param [Array<String>] pubkeys an array of public keys with hex format.
+    # @param [Boolean] compressed Whether to return a compressed public key.
+    # @return [String] the sum of the public keys with hex format.
+    # @raise [Secp256k1::Error] If the sum is the point at infinity.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def combine_pubkeys(pubkeys, compressed: true)
+      raise ArgumentError, "pubkeys must be Array." unless pubkeys.is_a?(Array)
+      raise ArgumentError, "pubkeys must not be empty." if pubkeys.empty?
+      with_context do |context|
+        internals = pubkeys.map do |pubkey|
+          raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
+          parse_pubkey_internal(context, hex2bin(pubkey))
+        end
+        ins = FFI::MemoryPointer.new(:pointer, internals.size)
+        ins.write_array_of_pointer(internals)
+        combined = FFI::MemoryPointer.new(:uchar, 64)
+        raise Error, 'secp256k1_ec_pubkey_combine failed.' unless secp256k1_ec_pubkey_combine(context, combined, ins, internals.size) == 1
+        serialize_pubkey_internal(context, combined, compressed)
+      end
+    end
+
+    # Convert a public key into an x-only public key.
+    # @param [String] pubkey a public key with hex format.
+    # @return [Array(String, Integer)] the x-only public key with hex format(32 bytes) and its parity(0 or 1).
+    # @raise [Secp256k1::Error] If the public key is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def xonly_pubkey_from_pubkey(pubkey)
+      raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
+      pubkey = hex2bin(pubkey)
+      with_context do |context|
+        internal = parse_pubkey_internal(context, pubkey)
+        xonly = FFI::MemoryPointer.new(:uchar, 64)
+        parity = FFI::MemoryPointer.new(:int)
+        raise Error, 'secp256k1_xonly_pubkey_from_pubkey failed.' unless secp256k1_xonly_pubkey_from_pubkey(context, xonly, parity, internal) == 1
+        [serialize_xonly_pubkey_internal(context, xonly), parity.read_int]
+      end
+    end
+
+    # Tweak an x-only public key by adding +tweak+ * G to it (used for Taproot output key derivation).
+    # @param [String] xonly_pubkey an x-only public key with hex format(32 bytes).
+    # @param [String] tweak a 32-byte tweak with hex format.
+    # @param [Boolean] compressed Whether to return a compressed public key.
+    # @return [Array(String, Integer)] the tweaked(full) public key with hex format and the parity(0 or 1) of the tweaked key.
+    # @raise [Secp256k1::Error] If the arguments are invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def xonly_tweak_add_pubkey(xonly_pubkey, tweak, compressed: true)
+      validate_string!("xonly_pubkey", xonly_pubkey, X_ONLY_PUBKEY_SIZE)
+      validate_string!("tweak", tweak, 32)
+      xonly_pubkey = hex2bin(xonly_pubkey)
+      tweak = hex2bin(tweak)
+      with_context do |context|
+        xonly = FFI::MemoryPointer.new(:uchar, X_ONLY_PUBKEY_SIZE).put_bytes(0, xonly_pubkey)
+        internal = FFI::MemoryPointer.new(:uchar, 64)
+        raise Error, 'An invalid x-only public key was specified.' unless secp256k1_xonly_pubkey_parse(context, internal, xonly) == 1
+        tweak_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, tweak)
+        output = FFI::MemoryPointer.new(:uchar, 64)
+        raise Error, 'secp256k1_xonly_pubkey_tweak_add failed.' unless secp256k1_xonly_pubkey_tweak_add(context, output, internal, tweak_ptr) == 1
+        _, parity = xonly_pubkey_from_internal(context, output)
+        [serialize_pubkey_internal(context, output, compressed), parity]
+      end
+    end
+
+    # Check that a tweaked x-only public key was computed by tweaking +internal_pubkey+ with +tweak+.
+    # @param [String] tweaked_pubkey32 the tweaked x-only public key with hex format(32 bytes).
+    # @param [Integer] tweaked_pk_parity the parity(0 or 1) of the tweaked public key.
+    # @param [String] internal_pubkey the internal x-only public key with hex format(32 bytes).
+    # @param [String] tweak a 32-byte tweak with hex format.
+    # @return [Boolean] verification result.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def xonly_tweak_add_check?(tweaked_pubkey32, tweaked_pk_parity, internal_pubkey, tweak)
+      validate_string!("tweaked_pubkey32", tweaked_pubkey32, X_ONLY_PUBKEY_SIZE)
+      validate_string!("internal_pubkey", internal_pubkey, X_ONLY_PUBKEY_SIZE)
+      validate_string!("tweak", tweak, 32)
+      raise ArgumentError, "tweaked_pk_parity must be 0 or 1." unless [0, 1].include?(tweaked_pk_parity)
+      tweaked_pubkey32 = hex2bin(tweaked_pubkey32)
+      internal_pubkey = hex2bin(internal_pubkey)
+      tweak = hex2bin(tweak)
+      with_context do |context|
+        internal = FFI::MemoryPointer.new(:uchar, X_ONLY_PUBKEY_SIZE).put_bytes(0, internal_pubkey)
+        internal_xonly = FFI::MemoryPointer.new(:uchar, 64)
+        return false unless secp256k1_xonly_pubkey_parse(context, internal_xonly, internal) == 1
+        tweaked_ptr = FFI::MemoryPointer.new(:uchar, X_ONLY_PUBKEY_SIZE).put_bytes(0, tweaked_pubkey32)
+        tweak_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, tweak)
+        secp256k1_xonly_pubkey_tweak_add_check(context, tweaked_ptr, tweaked_pk_parity, internal_xonly, tweak_ptr) == 1
+      end
+    end
+
+    # Get the public key from a key pair.
+    # @param [String] keypair a key pair with hex format(96 bytes), created by {#create_keypair}.
+    # @param [Boolean] compressed Whether to return a compressed public key.
+    # @return [String] public key with hex format.
+    # @raise [Secp256k1::Error] If the key pair is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def keypair_to_pubkey(keypair, compressed: true)
+      validate_string!("keypair", keypair, 96)
+      keypair = hex2bin(keypair)
+      with_context do |context|
+        keypair_ptr = FFI::MemoryPointer.new(:uchar, 96).put_bytes(0, keypair)
+        internal = FFI::MemoryPointer.new(:uchar, 64)
+        raise Error, 'secp256k1_keypair_pub failed.' unless secp256k1_keypair_pub(context, internal, keypair_ptr) == 1
+        serialize_pubkey_internal(context, internal, compressed)
+      end
+    end
+
+    # Get the private key from a key pair.
+    # @param [String] keypair a key pair with hex format(96 bytes), created by {#create_keypair}.
+    # @return [String] private key with hex format.
+    # @raise [Secp256k1::Error] If the key pair is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def keypair_to_seckey(keypair)
+      validate_string!("keypair", keypair, 96)
+      keypair = hex2bin(keypair)
+      with_context do |context|
+        keypair_ptr = FFI::MemoryPointer.new(:uchar, 96).put_bytes(0, keypair)
+        seckey = FFI::MemoryPointer.new(:uchar, 32)
+        raise Error, 'secp256k1_keypair_sec failed.' unless secp256k1_keypair_sec(context, seckey, keypair_ptr) == 1
+        seckey.read_string(32).unpack1('H*')
+      end
+    end
+
+    # Get the x-only public key from a key pair.
+    # @param [String] keypair a key pair with hex format(96 bytes), created by {#create_keypair}.
+    # @return [Array(String, Integer)] the x-only public key with hex format(32 bytes) and its parity(0 or 1).
+    # @raise [Secp256k1::Error] If the key pair is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def keypair_to_xonly_pubkey(keypair)
+      validate_string!("keypair", keypair, 96)
+      keypair = hex2bin(keypair)
+      with_context do |context|
+        keypair_ptr = FFI::MemoryPointer.new(:uchar, 96).put_bytes(0, keypair)
+        xonly = FFI::MemoryPointer.new(:uchar, 64)
+        parity = FFI::MemoryPointer.new(:int)
+        raise Error, 'secp256k1_keypair_xonly_pub failed.' unless secp256k1_keypair_xonly_pub(context, xonly, parity, keypair_ptr) == 1
+        [serialize_xonly_pubkey_internal(context, xonly), parity.read_int]
+      end
+    end
+
+    # Compare two public keys using lexicographic(of compressed serialization) order.
+    # @param [String] pubkey1 a public key with hex format.
+    # @param [String] pubkey2 a public key with hex format.
+    # @return [Integer] negative if pubkey1 < pubkey2, 0 if equal, positive if pubkey1 > pubkey2.
+    # @raise [Secp256k1::Error] If a public key is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def compare_pubkey(pubkey1, pubkey2)
+      raise ArgumentError, "pubkey1 must be String." unless pubkey1.is_a?(String)
+      raise ArgumentError, "pubkey2 must be String." unless pubkey2.is_a?(String)
+      with_context do |context|
+        a = parse_pubkey_internal(context, hex2bin(pubkey1))
+        b = parse_pubkey_internal(context, hex2bin(pubkey2))
+        secp256k1_ec_pubkey_cmp(context, a, b)
+      end
+    end
+
+    # Sort public keys using lexicographic(of compressed serialization) order.
+    # @param [Array<String>] pubkeys an array of public keys with hex format.
+    # @param [Boolean] compressed Whether to return compressed public keys.
+    # @return [Array<String>] the sorted public keys with hex format.
+    # @raise [Secp256k1::Error] If a public key is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def sort_pubkeys(pubkeys, compressed: true)
+      raise ArgumentError, "pubkeys must be Array." unless pubkeys.is_a?(Array)
+      raise ArgumentError, "pubkeys must not be empty." if pubkeys.empty?
+      with_context do |context|
+        internals = pubkeys.map do |pubkey|
+          raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
+          parse_pubkey_internal(context, hex2bin(pubkey))
+        end
+        arr = FFI::MemoryPointer.new(:pointer, internals.size)
+        arr.write_array_of_pointer(internals)
+        raise Error, 'secp256k1_ec_pubkey_sort failed.' unless secp256k1_ec_pubkey_sort(context, arr, internals.size) == 1
+        arr.read_array_of_pointer(internals.size).map { |ptr| serialize_pubkey_internal(context, ptr, compressed) }
+      end
+    end
+
+    # Compare two x-only public keys using lexicographic order.
+    # @param [String] pubkey1 an x-only public key with hex format(32 bytes).
+    # @param [String] pubkey2 an x-only public key with hex format(32 bytes).
+    # @return [Integer] negative if pubkey1 < pubkey2, 0 if equal, positive if pubkey1 > pubkey2.
+    # @raise [Secp256k1::Error] If a public key is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def compare_xonly_pubkey(pubkey1, pubkey2)
+      validate_string!("pubkey1", pubkey1, X_ONLY_PUBKEY_SIZE)
+      validate_string!("pubkey2", pubkey2, X_ONLY_PUBKEY_SIZE)
+      with_context do |context|
+        a = parse_xonly_pubkey_internal(context, hex2bin(pubkey1))
+        b = parse_xonly_pubkey_internal(context, hex2bin(pubkey2))
+        secp256k1_xonly_pubkey_cmp(context, a, b)
+      end
+    end
+
+    # Tweak a key pair by adding +tweak+ to the key pair's x-only context.
+    # @param [String] keypair a key pair with hex format(96 bytes), created by {#create_keypair}.
+    # @param [String] tweak a 32-byte tweak with hex format.
+    # @return [String] the tweaked key pair with hex format(96 bytes).
+    # @raise [Secp256k1::Error] If the arguments are invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def keypair_xonly_tweak_add(keypair, tweak)
+      validate_string!("keypair", keypair, 96)
+      validate_string!("tweak", tweak, 32)
+      keypair = hex2bin(keypair)
+      tweak = hex2bin(tweak)
+      with_context do |context|
+        keypair_ptr = FFI::MemoryPointer.new(:uchar, 96).put_bytes(0, keypair)
+        tweak_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, tweak)
+        raise Error, 'secp256k1_keypair_xonly_tweak_add failed.' unless secp256k1_keypair_xonly_tweak_add(context, keypair_ptr, tweak_ptr) == 1
+        keypair_ptr.read_string(96).unpack1('H*')
+      end
+    end
+
+    private
+
+    def parse_xonly_pubkey_internal(context, xonly_pubkey)
+      xonly = FFI::MemoryPointer.new(:uchar, X_ONLY_PUBKEY_SIZE).put_bytes(0, xonly_pubkey)
+      internal = FFI::MemoryPointer.new(:uchar, 64)
+      raise Error, 'An invalid x-only public key was specified.' unless secp256k1_xonly_pubkey_parse(context, internal, xonly) == 1
+      internal
+    end
+
+    def tweak_seckey(private_key, tweak, func)
+      validate_string!("private_key", private_key, 32)
+      validate_string!("tweak", tweak, 32)
+      private_key = hex2bin(private_key)
+      tweak = hex2bin(tweak)
+      with_context do |context|
+        seckey = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, private_key)
+        tweak_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, tweak)
+        raise Error, "#{func} failed." unless send(func, context, seckey, tweak_ptr) == 1
+        seckey.read_string(32).unpack1('H*')
+      end
+    end
+
+    def tweak_pubkey(pubkey, tweak, func, compressed: true)
+      raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
+      validate_string!("tweak", tweak, 32)
+      pubkey = hex2bin(pubkey)
+      tweak = hex2bin(tweak)
+      with_context do |context|
+        internal = parse_pubkey_internal(context, pubkey)
+        tweak_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, tweak)
+        raise Error, "#{func} failed." unless send(func, context, internal, tweak_ptr) == 1
+        serialize_pubkey_internal(context, internal, compressed)
+      end
+    end
+
+    # Get x-only pubkey and parity from an internal(64 bytes) full pubkey pointer.
+    def xonly_pubkey_from_internal(context, internal_pubkey)
+      xonly = FFI::MemoryPointer.new(:uchar, 64)
+      parity = FFI::MemoryPointer.new(:int)
+      raise Error, 'secp256k1_xonly_pubkey_from_pubkey failed.' unless secp256k1_xonly_pubkey_from_pubkey(context, xonly, parity, internal_pubkey) == 1
+      [serialize_xonly_pubkey_internal(context, xonly), parity.read_int]
+    end
+  end
+end