secp256k1rb 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 11620dd56323837c51b4adaf78b80e683c039b6086af0d501df6890f31c32e07
-  data.tar.gz: 27b5544236685afd32b11dd636d1f78ca626cfb63a120c6da88504238aa0c6b2
+  metadata.gz: 6a26cd2beaa9525ea8f7a0db0e411dbb3d049ec976214f4651e787f02ed76f83
+  data.tar.gz: 05c9fce673e0f97e48faa60335cb5de37a3be74a12c50f5cfc541621c11526f2
 SHA512:
-  metadata.gz: 14177d6aa88872ae15db021b45d492ec59b083ad751d224d852c9f5440fd2a9b51855608a0c0456175aadd09b06d68591122b799fc2a7d08724c4f726c84c980
-  data.tar.gz: '0805a6d29bad9054f581115919365a3e8623adc8d93f64e92d18435f33012056a227ccbb4bd08c5421ec4a3bbc1e85f94d8b116cd47d4c205f51e0efe5306f00'
+  metadata.gz: 71dbb792ccefcf0a852ff5ff96173c2f7c784cff9313489782b03159dd0163860938435d66ec974cccf7fe3755b5bd1ded9bbdf20a77a9d4d41bc2a6b65d63f9
+  data.tar.gz: b5e36b1dae73beb4c7e2420efb792c9185fa08f96acbbd2090b5858fc305b88bd9b8a42197900bf1dfea9d1ff9c4b754d491719a63754e817c1c1854969b3db9

data/.ruby-gemset

@@ -0,0 +1 @@
+secp256k1

data/.ruby-version

@@ -0,0 +1 @@
+ruby-4.0.0

data/CHANGELOG.md

@@ -1,5 +1,19 @@
 ## [Unreleased]
 
+## [0.3.0]
+
+- Support secp256k1 v0.7.1.
+- Add FFI bindings for the full v0.7.1 public C API.
+- Add `Secp256k1::Key` module: EC key arithmetic (`tweak_add_seckey`/`tweak_mul_seckey`/`negate_seckey`, `tweak_add_pubkey`/`tweak_mul_pubkey`/`negate_pubkey`, `combine_pubkeys`), x-only public key operations (`xonly_pubkey_from_pubkey`, `xonly_tweak_add_pubkey`, `xonly_tweak_add_check?`) and key pair accessors (`keypair_to_seckey`/`keypair_to_pubkey`/`keypair_to_xonly_pubkey`).
+  Also adds `compare_pubkey`/`sort_pubkeys`/`compare_xonly_pubkey` and `keypair_xonly_tweak_add`.
+- Add `Secp256k1::ECDH` module: `ecdh`.
+- Add compact ECDSA signature conversion: `ecdsa_signature_to_compact` / `ecdsa_signature_from_compact`.
+- Add `tagged_sha256` (BIP-340 tagged hash).
+- Add `Secp256k1::EllSwift#ellswift_encode`.
+- Add `Secp256k1::Recover#recoverable_signature_to_ecdsa`.
+- Add `Secp256k1::SchnorrSig#sign_schnorr_custom` / `#verify_schnorr_custom` for variable-length messages.
+- Add `Secp256k1::MuSig#generate_musig_nonce_counter` (deterministic counter-based nonce generation).
+
 ## [0.1.0] - 2024-05-07
 
 - Initial release

data/README.md

@@ -40,8 +40,11 @@ generate_key_pair
 See [here](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1) for available methods.
 In addition, the following modules are also included, so you can use them as they are.
 
+* [Key](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1/Key)
+* [ECDH](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1/ECDH)
 * [Recover](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1/Recover)
 * [SchnorrSig](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1/SchnorrSig)
+* [MuSig](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1/MuSig)
 * [EllSwift](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1/EllSwift)
 
 ### Compatibility
@@ -49,4 +52,5 @@ In addition, the following modules are also included, so you can use them as the
 secp256k1 version | secp256k1rb version
 :---:|:---:
 v0.4.0 | v0.1.x
-
+v0.6.0 | v0.2.x
+v0.7.1 | v0.3.x

data/lib/secp256k1/c.rb

@@ -11,16 +11,42 @@ module Secp256k1
     attach_function(:secp256k1_context_create, [:uint], :pointer)
     attach_function(:secp256k1_context_destroy, [:pointer], :void)
     attach_function(:secp256k1_context_randomize, [:pointer, :pointer], :int)
+    attach_function(:secp256k1_context_clone, [:pointer], :pointer)
+    attach_function(:secp256k1_context_set_error_callback, [:pointer, :pointer, :pointer], :void)
+    attach_function(:secp256k1_context_set_illegal_callback, [:pointer, :pointer, :pointer], :void)
+    attach_function(:secp256k1_selftest, [], :void)
+    # Preallocated context management
+    attach_function(:secp256k1_context_preallocated_size, [:uint], :size_t)
+    attach_function(:secp256k1_context_preallocated_create, [:pointer, :uint], :pointer)
+    attach_function(:secp256k1_context_preallocated_clone_size, [:pointer], :size_t)
+    attach_function(:secp256k1_context_preallocated_clone, [:pointer, :pointer], :pointer)
+    attach_function(:secp256k1_context_preallocated_destroy, [:pointer], :void)
     attach_function(:secp256k1_ec_pubkey_create, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ec_seckey_verify, [:pointer, :pointer], :int)
+    # EC key arithmetic (tweak/negate/combine/compare/sort)
+    attach_function(:secp256k1_ec_seckey_negate, [:pointer, :pointer], :int)
+    attach_function(:secp256k1_ec_seckey_tweak_add, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_ec_seckey_tweak_mul, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_ec_pubkey_negate, [:pointer, :pointer], :int)
+    attach_function(:secp256k1_ec_pubkey_tweak_add, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_ec_pubkey_tweak_mul, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_ec_pubkey_combine, [:pointer, :pointer, :pointer, :size_t], :int)
+    attach_function(:secp256k1_ec_pubkey_cmp, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_ec_pubkey_sort, [:pointer, :pointer, :size_t], :int)
+    # Utilities
+    attach_function(:secp256k1_tagged_sha256, [:pointer, :pointer, :pointer, :size_t, :pointer, :size_t], :int)
     attach_function(:secp256k1_ecdsa_sign, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ec_pubkey_serialize, [:pointer, :pointer, :pointer, :pointer, :uint], :int)
     attach_function(:secp256k1_ecdsa_signature_serialize_der, [:pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_ecdsa_signature_serialize_compact, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ec_pubkey_parse, [:pointer, :pointer, :pointer, :size_t], :int)
     attach_function(:secp256k1_ecdsa_signature_parse_der, [:pointer, :pointer, :pointer, :size_t], :int)
+    attach_function(:secp256k1_ecdsa_signature_parse_compact, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ecdsa_signature_normalize, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ecdsa_verify, [:pointer, :pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_schnorrsig_sign32, [:pointer, :pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_schnorrsig_sign, [:pointer, :pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_schnorrsig_sign_custom, [:pointer, :pointer, :pointer, :size_t, :pointer, :pointer], :int)
     attach_function(:secp256k1_schnorrsig_verify, [:pointer, :pointer, :pointer, :size_t, :pointer], :int)
     attach_function(:secp256k1_keypair_create, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_xonly_pubkey_parse, [:pointer, :pointer, :pointer], :int)
@@ -28,21 +54,34 @@ module Secp256k1
     attach_function(:secp256k1_ecdsa_recoverable_signature_serialize_compact, [:pointer, :pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ecdsa_recover, [:pointer, :pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ecdsa_recoverable_signature_parse_compact, [:pointer, :pointer, :pointer, :int], :int)
+    attach_function(:secp256k1_ecdsa_recoverable_signature_convert, [:pointer, :pointer, :pointer], :int)
+    # for ECDH module
+    attach_function(:secp256k1_ecdh, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int)
+    attach_variable(:secp256k1_ecdh_hash_function_sha256, :pointer)
+    attach_variable(:secp256k1_ecdh_hash_function_default, :pointer)
     # for EllSwift module
     attach_function(:secp256k1_ellswift_decode, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ellswift_create, [:pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_ellswift_encode, [:pointer, :pointer, :pointer, :pointer], :int)
     attach_variable(:secp256k1_ellswift_xdh_hash_function_bip324, :pointer)
     attach_function(:secp256k1_ellswift_xdh, [:pointer, :pointer, :pointer, :pointer, :pointer, :int, :pointer, :pointer], :int)
     # for ExtraKeys module
-    attach_function(:secp256k1_xonly_pubkey_parse, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_xonly_pubkey_serialize, [:pointer, :pointer, :pointer], :int)
-    attach_function(:secp256k1_keypair_create, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_xonly_pubkey_cmp, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_xonly_pubkey_from_pubkey, [:pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_xonly_pubkey_tweak_add, [:pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_xonly_pubkey_tweak_add_check, [:pointer, :pointer, :int, :pointer, :pointer], :int)
+    attach_function(:secp256k1_keypair_pub, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_keypair_sec, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_keypair_xonly_pub, [:pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_keypair_xonly_tweak_add, [:pointer, :pointer, :pointer], :int)
     # for MuSig module
     attach_function(:secp256k1_musig_pubkey_agg, [:pointer, :pointer, :pointer, :pointer, :size_t], :int)
     attach_function(:secp256k1_musig_pubkey_get, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_musig_pubkey_ec_tweak_add, [:pointer, :pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_musig_pubkey_xonly_tweak_add, [:pointer, :pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_musig_nonce_gen, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_nonce_gen_counter, [:pointer, :pointer, :pointer, :uint64, :pointer, :pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_musig_pubnonce_parse, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_musig_pubnonce_serialize, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_musig_aggnonce_serialize, [:pointer, :pointer, :pointer], :int)
@@ -60,5 +99,17 @@ module Secp256k1
     def self.ellswift_xdh_hash_function_bip324
       FFI::Pointer.new(secp256k1_ellswift_xdh_hash_function_bip324)
     end
+
+    # Pointer to secp256k1_ecdh_hash_function_sha256 constant (the default ECDH hash function).
+    # @return [FFI::Pointer]
+    def self.ecdh_hash_function_sha256
+      FFI::Pointer.new(secp256k1_ecdh_hash_function_sha256)
+    end
+
+    # Pointer to secp256k1_ecdh_hash_function_default constant.
+    # @return [FFI::Pointer]
+    def self.ecdh_hash_function_default
+      FFI::Pointer.new(secp256k1_ecdh_hash_function_default)
+    end
   end
 end

data/lib/secp256k1/ecdh.rb

@@ -0,0 +1,37 @@
+module Secp256k1
+  # ECDH module.
+  # @example
+  #   include Secp256k1
+  #
+  #   alice_sk, alice_pk = generate_key_pair
+  #   bob_sk, bob_pk = generate_key_pair
+  #
+  #   # Both parties compute the same shared secret.
+  #   ecdh(bob_pk, alice_sk) == ecdh(alice_pk, bob_sk)
+  #
+  module ECDH
+
+    # Compute an EC Diffie-Hellman shared secret.
+    # @param [String] pubkey the other party's public key with hex format.
+    # @param [String] private_key your private key with hex format.
+    # @param [FFI::Pointer] hash_function (Optional)A pointer to the hash function to use. If omitted, the
+    #   library default(SHA256 of the compressed point) is used. See {Secp256k1::C.ecdh_hash_function_sha256}.
+    # @return [String] 32-byte shared secret with hex format.
+    # @raise [Secp256k1::Error] If the secret was invalid or the public key could not be parsed.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def ecdh(pubkey, private_key, hash_function: nil)
+      raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
+      validate_string!("private_key", private_key, 32)
+      pubkey = hex2bin(pubkey)
+      private_key = hex2bin(private_key)
+      with_context do |context|
+        internal = parse_pubkey_internal(context, pubkey)
+        seckey = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, private_key)
+        output = FFI::MemoryPointer.new(:uchar, 32)
+        hashfp = hash_function || FFI::Pointer::NULL
+        raise Error, 'secp256k1_ecdh failed.' unless secp256k1_ecdh(context, output, internal, seckey, hashfp, nil) == 1
+        output.read_string(32).unpack1('H*')
+      end
+    end
+  end
+end

data/lib/secp256k1/ellswift.rb

@@ -19,6 +19,26 @@ module Secp256k1
       end
     end
 
+    # Encode a public key into an ElligatorSwift public key.
+    # @param [String] pubkey public key with hex format.
+    # @param [String] rnd (Optional)32-byte randomness with binary format. If omitted, random bytes are used.
+    # @return [String] ElligatorSwift public key with hex format(64 bytes).
+    # @raise [Secp256k1::Error] If encoding failed.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def ellswift_encode(pubkey, rnd = nil)
+      raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
+      validate_string!("rnd", rnd, 32) if rnd
+      pubkey = hex2bin(pubkey)
+      rnd = rnd ? hex2bin(rnd) : SecureRandom.random_bytes(32)
+      with_context do |context|
+        internal = parse_pubkey_internal(context, pubkey)
+        ell64 = FFI::MemoryPointer.new(:uchar, 64)
+        rnd32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, rnd)
+        raise Error, 'Failed to encode ElligatorSwift public key.' unless secp256k1_ellswift_encode(context, ell64, internal, rnd32) == 1
+        ell64.read_string(64).unpack1('H*')
+      end
+    end
+
     # Compute an ElligatorSwift public key for a secret key.
     # @param [String] private_key private key with hex format
     # @return [String] ElligatorSwift public key with hex format.

data/lib/secp256k1/key.rb

@@ -0,0 +1,342 @@
+module Secp256k1
+  # Key module provides EC key arithmetic (tweak/negate/combine), x-only public key
+  # operations used by Taproot, and key pair accessors.
+  # @example
+  #   include Secp256k1
+  #
+  #   sk, pk = generate_key_pair
+  #   tweak = SecureRandom.bytes(32)
+  #
+  #   # Tweak a private/public key.
+  #   tweaked_sk = tweak_add_seckey(sk, tweak)
+  #   tweaked_pk = tweak_add_pubkey(pk, tweak)
+  #
+  module Key
+
+    # Negate a private key in place and return the result.
+    # @param [String] private_key a private key with hex format.
+    # @return [String] negated private key with hex format.
+    # @raise [Secp256k1::Error] If the private key is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def negate_seckey(private_key)
+      validate_string!("private_key", private_key, 32)
+      private_key = hex2bin(private_key)
+      with_context do |context|
+        seckey = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, private_key)
+        raise Error, 'secp256k1_ec_seckey_negate failed.' unless secp256k1_ec_seckey_negate(context, seckey) == 1
+        seckey.read_string(32).unpack1('H*')
+      end
+    end
+
+    # Tweak a private key by adding +tweak+ to it.
+    # @param [String] private_key a private key with hex format.
+    # @param [String] tweak a 32-byte tweak with hex format.
+    # @return [String] tweaked private key with hex format.
+    # @raise [Secp256k1::Error] If the arguments are invalid or the result is the zero key.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def tweak_add_seckey(private_key, tweak)
+      tweak_seckey(private_key, tweak, :secp256k1_ec_seckey_tweak_add)
+    end
+
+    # Tweak a private key by multiplying it by +tweak+.
+    # @param [String] private_key a private key with hex format.
+    # @param [String] tweak a 32-byte tweak with hex format.
+    # @return [String] tweaked private key with hex format.
+    # @raise [Secp256k1::Error] If the arguments are invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def tweak_mul_seckey(private_key, tweak)
+      tweak_seckey(private_key, tweak, :secp256k1_ec_seckey_tweak_mul)
+    end
+
+    # Negate a public key.
+    # @param [String] pubkey a public key with hex format.
+    # @param [Boolean] compressed Whether to return a compressed public key.
+    # @return [String] negated public key with hex format.
+    # @raise [Secp256k1::Error] If the public key is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def negate_pubkey(pubkey, compressed: true)
+      raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
+      pubkey = hex2bin(pubkey)
+      with_context do |context|
+        internal = parse_pubkey_internal(context, pubkey)
+        raise Error, 'secp256k1_ec_pubkey_negate failed.' unless secp256k1_ec_pubkey_negate(context, internal) == 1
+        serialize_pubkey_internal(context, internal, compressed)
+      end
+    end
+
+    # Tweak a public key by adding +tweak+ * G to it.
+    # @param [String] pubkey a public key with hex format.
+    # @param [String] tweak a 32-byte tweak with hex format.
+    # @param [Boolean] compressed Whether to return a compressed public key.
+    # @return [String] tweaked public key with hex format.
+    # @raise [Secp256k1::Error] If the arguments are invalid or the result is the point at infinity.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def tweak_add_pubkey(pubkey, tweak, compressed: true)
+      tweak_pubkey(pubkey, tweak, :secp256k1_ec_pubkey_tweak_add, compressed: compressed)
+    end
+
+    # Tweak a public key by multiplying it by +tweak+.
+    # @param [String] pubkey a public key with hex format.
+    # @param [String] tweak a 32-byte tweak with hex format.
+    # @param [Boolean] compressed Whether to return a compressed public key.
+    # @return [String] tweaked public key with hex format.
+    # @raise [Secp256k1::Error] If the arguments are invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def tweak_mul_pubkey(pubkey, tweak, compressed: true)
+      tweak_pubkey(pubkey, tweak, :secp256k1_ec_pubkey_tweak_mul, compressed: compressed)
+    end
+
+    # Add a number of public keys together.
+    # @param [Array<String>] pubkeys an array of public keys with hex format.
+    # @param [Boolean] compressed Whether to return a compressed public key.
+    # @return [String] the sum of the public keys with hex format.
+    # @raise [Secp256k1::Error] If the sum is the point at infinity.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def combine_pubkeys(pubkeys, compressed: true)
+      raise ArgumentError, "pubkeys must be Array." unless pubkeys.is_a?(Array)
+      raise ArgumentError, "pubkeys must not be empty." if pubkeys.empty?
+      with_context do |context|
+        internals = pubkeys.map do |pubkey|
+          raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
+          parse_pubkey_internal(context, hex2bin(pubkey))
+        end
+        ins = FFI::MemoryPointer.new(:pointer, internals.size)
+        ins.write_array_of_pointer(internals)
+        combined = FFI::MemoryPointer.new(:uchar, 64)
+        raise Error, 'secp256k1_ec_pubkey_combine failed.' unless secp256k1_ec_pubkey_combine(context, combined, ins, internals.size) == 1
+        serialize_pubkey_internal(context, combined, compressed)
+      end
+    end
+
+    # Convert a public key into an x-only public key.
+    # @param [String] pubkey a public key with hex format.
+    # @return [Array(String, Integer)] the x-only public key with hex format(32 bytes) and its parity(0 or 1).
+    # @raise [Secp256k1::Error] If the public key is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def xonly_pubkey_from_pubkey(pubkey)
+      raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
+      pubkey = hex2bin(pubkey)
+      with_context do |context|
+        internal = parse_pubkey_internal(context, pubkey)
+        xonly = FFI::MemoryPointer.new(:uchar, 64)
+        parity = FFI::MemoryPointer.new(:int)
+        raise Error, 'secp256k1_xonly_pubkey_from_pubkey failed.' unless secp256k1_xonly_pubkey_from_pubkey(context, xonly, parity, internal) == 1
+        [serialize_xonly_pubkey_internal(context, xonly), parity.read_int]
+      end
+    end
+
+    # Tweak an x-only public key by adding +tweak+ * G to it (used for Taproot output key derivation).
+    # @param [String] xonly_pubkey an x-only public key with hex format(32 bytes).
+    # @param [String] tweak a 32-byte tweak with hex format.
+    # @param [Boolean] compressed Whether to return a compressed public key.
+    # @return [Array(String, Integer)] the tweaked(full) public key with hex format and the parity(0 or 1) of the tweaked key.
+    # @raise [Secp256k1::Error] If the arguments are invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def xonly_tweak_add_pubkey(xonly_pubkey, tweak, compressed: true)
+      validate_string!("xonly_pubkey", xonly_pubkey, X_ONLY_PUBKEY_SIZE)
+      validate_string!("tweak", tweak, 32)
+      xonly_pubkey = hex2bin(xonly_pubkey)
+      tweak = hex2bin(tweak)
+      with_context do |context|
+        xonly = FFI::MemoryPointer.new(:uchar, X_ONLY_PUBKEY_SIZE).put_bytes(0, xonly_pubkey)
+        internal = FFI::MemoryPointer.new(:uchar, 64)
+        raise Error, 'An invalid x-only public key was specified.' unless secp256k1_xonly_pubkey_parse(context, internal, xonly) == 1
+        tweak_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, tweak)
+        output = FFI::MemoryPointer.new(:uchar, 64)
+        raise Error, 'secp256k1_xonly_pubkey_tweak_add failed.' unless secp256k1_xonly_pubkey_tweak_add(context, output, internal, tweak_ptr) == 1
+        _, parity = xonly_pubkey_from_internal(context, output)
+        [serialize_pubkey_internal(context, output, compressed), parity]
+      end
+    end
+
+    # Check that a tweaked x-only public key was computed by tweaking +internal_pubkey+ with +tweak+.
+    # @param [String] tweaked_pubkey32 the tweaked x-only public key with hex format(32 bytes).
+    # @param [Integer] tweaked_pk_parity the parity(0 or 1) of the tweaked public key.
+    # @param [String] internal_pubkey the internal x-only public key with hex format(32 bytes).
+    # @param [String] tweak a 32-byte tweak with hex format.
+    # @return [Boolean] verification result.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def xonly_tweak_add_check?(tweaked_pubkey32, tweaked_pk_parity, internal_pubkey, tweak)
+      validate_string!("tweaked_pubkey32", tweaked_pubkey32, X_ONLY_PUBKEY_SIZE)
+      validate_string!("internal_pubkey", internal_pubkey, X_ONLY_PUBKEY_SIZE)
+      validate_string!("tweak", tweak, 32)
+      raise ArgumentError, "tweaked_pk_parity must be 0 or 1." unless [0, 1].include?(tweaked_pk_parity)
+      tweaked_pubkey32 = hex2bin(tweaked_pubkey32)
+      internal_pubkey = hex2bin(internal_pubkey)
+      tweak = hex2bin(tweak)
+      with_context do |context|
+        internal = FFI::MemoryPointer.new(:uchar, X_ONLY_PUBKEY_SIZE).put_bytes(0, internal_pubkey)
+        internal_xonly = FFI::MemoryPointer.new(:uchar, 64)
+        return false unless secp256k1_xonly_pubkey_parse(context, internal_xonly, internal) == 1
+        tweaked_ptr = FFI::MemoryPointer.new(:uchar, X_ONLY_PUBKEY_SIZE).put_bytes(0, tweaked_pubkey32)
+        tweak_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, tweak)
+        secp256k1_xonly_pubkey_tweak_add_check(context, tweaked_ptr, tweaked_pk_parity, internal_xonly, tweak_ptr) == 1
+      end
+    end
+
+    # Get the public key from a key pair.
+    # @param [String] keypair a key pair with hex format(96 bytes), created by {#create_keypair}.
+    # @param [Boolean] compressed Whether to return a compressed public key.
+    # @return [String] public key with hex format.
+    # @raise [Secp256k1::Error] If the key pair is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def keypair_to_pubkey(keypair, compressed: true)
+      validate_string!("keypair", keypair, 96)
+      keypair = hex2bin(keypair)
+      with_context do |context|
+        keypair_ptr = FFI::MemoryPointer.new(:uchar, 96).put_bytes(0, keypair)
+        internal = FFI::MemoryPointer.new(:uchar, 64)
+        raise Error, 'secp256k1_keypair_pub failed.' unless secp256k1_keypair_pub(context, internal, keypair_ptr) == 1
+        serialize_pubkey_internal(context, internal, compressed)
+      end
+    end
+
+    # Get the private key from a key pair.
+    # @param [String] keypair a key pair with hex format(96 bytes), created by {#create_keypair}.
+    # @return [String] private key with hex format.
+    # @raise [Secp256k1::Error] If the key pair is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def keypair_to_seckey(keypair)
+      validate_string!("keypair", keypair, 96)
+      keypair = hex2bin(keypair)
+      with_context do |context|
+        keypair_ptr = FFI::MemoryPointer.new(:uchar, 96).put_bytes(0, keypair)
+        seckey = FFI::MemoryPointer.new(:uchar, 32)
+        raise Error, 'secp256k1_keypair_sec failed.' unless secp256k1_keypair_sec(context, seckey, keypair_ptr) == 1
+        seckey.read_string(32).unpack1('H*')
+      end
+    end
+
+    # Get the x-only public key from a key pair.
+    # @param [String] keypair a key pair with hex format(96 bytes), created by {#create_keypair}.
+    # @return [Array(String, Integer)] the x-only public key with hex format(32 bytes) and its parity(0 or 1).
+    # @raise [Secp256k1::Error] If the key pair is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def keypair_to_xonly_pubkey(keypair)
+      validate_string!("keypair", keypair, 96)
+      keypair = hex2bin(keypair)
+      with_context do |context|
+        keypair_ptr = FFI::MemoryPointer.new(:uchar, 96).put_bytes(0, keypair)
+        xonly = FFI::MemoryPointer.new(:uchar, 64)
+        parity = FFI::MemoryPointer.new(:int)
+        raise Error, 'secp256k1_keypair_xonly_pub failed.' unless secp256k1_keypair_xonly_pub(context, xonly, parity, keypair_ptr) == 1
+        [serialize_xonly_pubkey_internal(context, xonly), parity.read_int]
+      end
+    end
+
+    # Compare two public keys using lexicographic(of compressed serialization) order.
+    # @param [String] pubkey1 a public key with hex format.
+    # @param [String] pubkey2 a public key with hex format.
+    # @return [Integer] negative if pubkey1 < pubkey2, 0 if equal, positive if pubkey1 > pubkey2.
+    # @raise [Secp256k1::Error] If a public key is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def compare_pubkey(pubkey1, pubkey2)
+      raise ArgumentError, "pubkey1 must be String." unless pubkey1.is_a?(String)
+      raise ArgumentError, "pubkey2 must be String." unless pubkey2.is_a?(String)
+      with_context do |context|
+        a = parse_pubkey_internal(context, hex2bin(pubkey1))
+        b = parse_pubkey_internal(context, hex2bin(pubkey2))
+        secp256k1_ec_pubkey_cmp(context, a, b)
+      end
+    end
+
+    # Sort public keys using lexicographic(of compressed serialization) order.
+    # @param [Array<String>] pubkeys an array of public keys with hex format.
+    # @param [Boolean] compressed Whether to return compressed public keys.
+    # @return [Array<String>] the sorted public keys with hex format.
+    # @raise [Secp256k1::Error] If a public key is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def sort_pubkeys(pubkeys, compressed: true)
+      raise ArgumentError, "pubkeys must be Array." unless pubkeys.is_a?(Array)
+      raise ArgumentError, "pubkeys must not be empty." if pubkeys.empty?
+      with_context do |context|
+        internals = pubkeys.map do |pubkey|
+          raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
+          parse_pubkey_internal(context, hex2bin(pubkey))
+        end
+        arr = FFI::MemoryPointer.new(:pointer, internals.size)
+        arr.write_array_of_pointer(internals)
+        raise Error, 'secp256k1_ec_pubkey_sort failed.' unless secp256k1_ec_pubkey_sort(context, arr, internals.size) == 1
+        arr.read_array_of_pointer(internals.size).map { |ptr| serialize_pubkey_internal(context, ptr, compressed) }
+      end
+    end
+
+    # Compare two x-only public keys using lexicographic order.
+    # @param [String] pubkey1 an x-only public key with hex format(32 bytes).
+    # @param [String] pubkey2 an x-only public key with hex format(32 bytes).
+    # @return [Integer] negative if pubkey1 < pubkey2, 0 if equal, positive if pubkey1 > pubkey2.
+    # @raise [Secp256k1::Error] If a public key is invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def compare_xonly_pubkey(pubkey1, pubkey2)
+      validate_string!("pubkey1", pubkey1, X_ONLY_PUBKEY_SIZE)
+      validate_string!("pubkey2", pubkey2, X_ONLY_PUBKEY_SIZE)
+      with_context do |context|
+        a = parse_xonly_pubkey_internal(context, hex2bin(pubkey1))
+        b = parse_xonly_pubkey_internal(context, hex2bin(pubkey2))
+        secp256k1_xonly_pubkey_cmp(context, a, b)
+      end
+    end
+
+    # Tweak a key pair by adding +tweak+ to the key pair's x-only context.
+    # @param [String] keypair a key pair with hex format(96 bytes), created by {#create_keypair}.
+    # @param [String] tweak a 32-byte tweak with hex format.
+    # @return [String] the tweaked key pair with hex format(96 bytes).
+    # @raise [Secp256k1::Error] If the arguments are invalid.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def keypair_xonly_tweak_add(keypair, tweak)
+      validate_string!("keypair", keypair, 96)
+      validate_string!("tweak", tweak, 32)
+      keypair = hex2bin(keypair)
+      tweak = hex2bin(tweak)
+      with_context do |context|
+        keypair_ptr = FFI::MemoryPointer.new(:uchar, 96).put_bytes(0, keypair)
+        tweak_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, tweak)
+        raise Error, 'secp256k1_keypair_xonly_tweak_add failed.' unless secp256k1_keypair_xonly_tweak_add(context, keypair_ptr, tweak_ptr) == 1
+        keypair_ptr.read_string(96).unpack1('H*')
+      end
+    end
+
+    private
+
+    def parse_xonly_pubkey_internal(context, xonly_pubkey)
+      xonly = FFI::MemoryPointer.new(:uchar, X_ONLY_PUBKEY_SIZE).put_bytes(0, xonly_pubkey)
+      internal = FFI::MemoryPointer.new(:uchar, 64)
+      raise Error, 'An invalid x-only public key was specified.' unless secp256k1_xonly_pubkey_parse(context, internal, xonly) == 1
+      internal
+    end
+
+    def tweak_seckey(private_key, tweak, func)
+      validate_string!("private_key", private_key, 32)
+      validate_string!("tweak", tweak, 32)
+      private_key = hex2bin(private_key)
+      tweak = hex2bin(tweak)
+      with_context do |context|
+        seckey = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, private_key)
+        tweak_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, tweak)
+        raise Error, "#{func} failed." unless send(func, context, seckey, tweak_ptr) == 1
+        seckey.read_string(32).unpack1('H*')
+      end
+    end
+
+    def tweak_pubkey(pubkey, tweak, func, compressed: true)
+      raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
+      validate_string!("tweak", tweak, 32)
+      pubkey = hex2bin(pubkey)
+      tweak = hex2bin(tweak)
+      with_context do |context|
+        internal = parse_pubkey_internal(context, pubkey)
+        tweak_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, tweak)
+        raise Error, "#{func} failed." unless send(func, context, internal, tweak_ptr) == 1
+        serialize_pubkey_internal(context, internal, compressed)
+      end
+    end
+
+    # Get x-only pubkey and parity from an internal(64 bytes) full pubkey pointer.
+    def xonly_pubkey_from_internal(context, internal_pubkey)
+      xonly = FFI::MemoryPointer.new(:uchar, 64)
+      parity = FFI::MemoryPointer.new(:int)
+      raise Error, 'secp256k1_xonly_pubkey_from_pubkey failed.' unless secp256k1_xonly_pubkey_from_pubkey(context, xonly, parity, internal_pubkey) == 1
+      [serialize_xonly_pubkey_internal(context, xonly), parity.read_int]
+    end
+  end
+end

data/lib/secp256k1/musig.rb

@@ -132,6 +132,44 @@ module Secp256k1
       end
     end
 
+    # Generate a nonce pair deterministically using a non-repeating counter instead of session randomness.
+    # The caller must ensure that +counter+ never repeats for the same key pair.
+    # @param [Integer] counter A non-repeating counter(uint64).
+    # @param [String] private_key The private key for which the partial signature is generated, with hex format.
+    # @param [Secp256k1::MuSig::KeyAggContext] key_agg_ctx (Optional) The aggregated public key context.
+    # @param [String] msg (Optional) The message to be signed.
+    # @param [String] extra_in (Optional) The auxiliary input.
+    # @return [Array(String)] The array of secret nonce and public nonce with hex format.
+    # @raise [ArgumentError] If invalid arguments specified.
+    # @raise [Secp256k1::Error]
+    def generate_musig_nonce_counter(counter, private_key, key_agg_ctx: nil, msg: nil, extra_in: nil)
+      raise ArgumentError, "counter must be Integer." unless counter.is_a?(Integer)
+      raise ArgumentError, "counter must be between 0 and 2**64-1." if counter < 0 || counter > (2**64 - 1)
+      validate_string!("private_key", private_key, 32)
+      validate_string!("msg", msg, 32) if msg
+      validate_string!("extra_in", extra_in, 32) if extra_in
+      if key_agg_ctx
+        raise ArgumentError, "key_agg_ctx must be Secp256k1::MuSig::KeyAggContext." unless key_agg_ctx.is_a?(KeyAggContext)
+      end
+
+      with_context do |context|
+        keypair = [create_keypair(private_key)].pack('H*')
+        keypair_ptr = FFI::MemoryPointer.new(:uchar, 96).put_bytes(0, keypair)
+        pubnonce = FFI::MemoryPointer.new(:uchar, 132)
+        secnonce = FFI::MemoryPointer.new(:uchar, 132)
+        msg32 = msg ? FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(msg)) : nil
+        extra_input32 = extra_in ? FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(extra_in)) : nil
+        cache_ptr = key_agg_ctx ? key_agg_ctx.pointer : nil
+
+        raise Error, "arguments is invalid." unless secp256k1_musig_nonce_gen_counter(
+          context, secnonce, pubnonce, counter, keypair_ptr, msg32, cache_ptr, extra_input32) == 1
+
+        pub66 = FFI::MemoryPointer.new(:uchar, 66)
+        secp256k1_musig_pubnonce_serialize(context, pub66, pubnonce)
+        [secnonce.read_string(132).unpack1('H*'), pub66.read_string(66).unpack1('H*')]
+      end
+    end
+
     # Aggregates the nonces of all signers into a single nonce.
     # @param [Array] pub_nonces An array of public nonces sent by the signers.
     # @return [String] An aggregated public nonce.

data/lib/secp256k1/recovery.rb

@@ -68,5 +68,28 @@ module Secp256k1
         serialize_pubkey_internal(context, pubkey.read_string(64), compressed)
       end
     end
+
+    # Convert a recoverable signature into a normal DER-encoded ECDSA signature.
+    # @param [String] signature The recoverable signature with binary format(65 bytes), as accepted by {#recover}.
+    # @return [String] DER-encoded signature with binary format.
+    # @raise [Secp256k1::Error] If conversion failed.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def recoverable_signature_to_ecdsa(signature)
+      validate_string!("signature", signature, 65)
+      signature = hex2bin(signature)
+      rec = (signature[0].ord - 0x1b) & 3
+      raise ArgumentError, "rec must be between 0 and 3." if rec < 0 || rec > 3
+      with_context do |context|
+        recoverable = FFI::MemoryPointer.new(:uchar, 65)
+        input = FFI::MemoryPointer.new(:uchar, 64).put_bytes(0, signature[1..-1])
+        raise Error, 'secp256k1_ecdsa_recoverable_signature_parse_compact failed.' unless secp256k1_ecdsa_recoverable_signature_parse_compact(context, recoverable, input, rec) == 1
+        internal_signature = FFI::MemoryPointer.new(:uchar, 64)
+        raise Error, 'secp256k1_ecdsa_recoverable_signature_convert failed.' unless secp256k1_ecdsa_recoverable_signature_convert(context, internal_signature, recoverable) == 1
+        output = FFI::MemoryPointer.new(:uchar, 72)
+        output_len = FFI::MemoryPointer.new(:uint64).put_uint64(0, 72)
+        raise Error, 'secp256k1_ecdsa_signature_serialize_der failed.' unless secp256k1_ecdsa_signature_serialize_der(context, output, output_len, internal_signature) == 1
+        output.read_string(output_len.read_uint64)
+      end
+    end
   end
 end

data/lib/secp256k1/schnorrsig.rb

@@ -36,7 +36,44 @@ module Secp256k1
       end
     end
 
-    # Verify ecdsa signature.
+    # Magic bytes for secp256k1_schnorrsig_extraparams.
+    SCHNORRSIG_EXTRAPARAMS_MAGIC = [0xda, 0x6f, 0xb3, 0x8c].pack('C*').freeze
+
+    # Sign to a variable-length message using schnorr (BIP340 sign with custom parameters).
+    # @param [String] data The message being signed with binary format. Unlike {#sign_schnorr}, the length is arbitrary.
+    # @param [String] private_key a private key with hex format using sign.
+    # @param [String] aux_rand (Optional)The 32-byte extra entropy.
+    # @return [String] signature data with binary format(64 bytes).
+    # @raise [Secp256k1::Error] If signing failed.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def sign_schnorr_custom(data, private_key, aux_rand = nil)
+      raise ArgumentError, "data must be String." unless data.is_a?(String)
+      validate_string!("private_key", private_key, 32)
+      validate_string!("aux_rand", aux_rand, 32) if aux_rand
+      private_key = hex2bin(private_key)
+      data = hex2bin(data)
+      aux_rand = hex2bin(aux_rand) if aux_rand
+
+      with_context do |context|
+        keypair = [create_keypair(private_key)].pack('H*')
+        keypair = FFI::MemoryPointer.new(:uchar, 96).put_bytes(0, keypair)
+        signature = FFI::MemoryPointer.new(:uchar, 64)
+        msg = FFI::MemoryPointer.new(:uchar, [data.bytesize, 1].max).put_bytes(0, data)
+
+        # Build secp256k1_schnorrsig_extraparams: magic[4], noncefp(NULL=default BIP340), ndata(aux_rand or NULL).
+        ptr_size = FFI::Pointer.size
+        extraparams = FFI::MemoryPointer.new(:uchar, ptr_size * 3)
+        extraparams.put_bytes(0, SCHNORRSIG_EXTRAPARAMS_MAGIC)
+        extraparams.put_pointer(ptr_size, FFI::Pointer::NULL)
+        ndata = aux_rand ? FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, aux_rand) : FFI::Pointer::NULL
+        extraparams.put_pointer(ptr_size * 2, ndata)
+
+        raise Error, 'Failed to generate schnorr signature.' unless secp256k1_schnorrsig_sign_custom(context, signature, msg, data.bytesize, keypair, extraparams) == 1
+        signature.read_string(64)
+      end
+    end
+
+    # Verify schnorr signature.
     # @param [String] data The 32-byte message hash assumed to be signed.
     # @param [String] signature signature data with binary format
     # @param [String] pubkey a public key with hex format using verify.
@@ -44,6 +81,23 @@ module Secp256k1
     # @raise [ArgumentError] If invalid arguments specified.
     def verify_schnorr(data, signature, pubkey)
       validate_string!("data", data, 32)
+      verify_schnorr_internal(data, signature, pubkey)
+    end
+
+    # Verify a schnorr signature over a variable-length message (counterpart of {#sign_schnorr_custom}).
+    # @param [String] data The message assumed to be signed. The length is arbitrary.
+    # @param [String] signature signature data with binary format(64 bytes).
+    # @param [String] pubkey an x-only public key with hex format(32 bytes) using verify.
+    # @return [Boolean] verification result.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def verify_schnorr_custom(data, signature, pubkey)
+      raise ArgumentError, "data must be String." unless data.is_a?(String)
+      verify_schnorr_internal(data, signature, pubkey)
+    end
+
+    private
+
+    def verify_schnorr_internal(data, signature, pubkey)
       validate_string!("signature", signature, 64)
       validate_string!("pubkey", pubkey, 32)
       data = hex2bin(data)
@@ -54,8 +108,8 @@ module Secp256k1
         pubkey = [full_pubkey_from_xonly_pubkey(pubkey)].pack('H*')
         xonly_pubkey = FFI::MemoryPointer.new(:uchar, pubkey.bytesize).put_bytes(0, pubkey)
         signature = FFI::MemoryPointer.new(:uchar, signature.bytesize).put_bytes(0, signature)
-        msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, data)
-        result = secp256k1_schnorrsig_verify(context, signature, msg32, 32, xonly_pubkey)
+        msg = FFI::MemoryPointer.new(:uchar, [data.bytesize, 1].max).put_bytes(0, data)
+        result = secp256k1_schnorrsig_verify(context, signature, msg, data.bytesize, xonly_pubkey)
         result == 1
       end
     end

data/lib/secp256k1/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Secp256k1
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

data/lib/secp256k1.rb

@@ -3,6 +3,8 @@
 require 'securerandom'
 require_relative "secp256k1/version"
 require_relative 'secp256k1/c'
+require_relative 'secp256k1/key'
+require_relative 'secp256k1/ecdh'
 require_relative 'secp256k1/recovery'
 require_relative 'secp256k1/ellswift'
 require_relative 'secp256k1/schnorrsig'
@@ -28,6 +30,8 @@ module Secp256k1
   class Error < StandardError; end
 
   include C
+  include Key
+  include ECDH
   include Recover
   include SchnorrSig
   include EllSwift
@@ -223,6 +227,64 @@ module Secp256k1
     end
   end
 
+  # Convert a DER-encoded ECDSA signature into compact(64 bytes) format.
+  # @param [String] signature DER-encoded signature with binary format.
+  # @return [String] compact signature(64 bytes) with binary format.
+  # @raise [Secp256k1::Error] If the signature could not be parsed.
+  # @raise [ArgumentError] If invalid arguments specified.
+  def ecdsa_signature_to_compact(signature)
+    raise ArgumentError, "signature must be String." unless signature.is_a?(String)
+    signature = hex2bin(signature)
+    with_context do |context|
+      sig_ptr = FFI::MemoryPointer.new(:uchar, signature.bytesize).put_bytes(0, signature)
+      internal_signature = FFI::MemoryPointer.new(:uchar, 64)
+      raise Error, 'secp256k1_ecdsa_signature_parse_der failed.' unless secp256k1_ecdsa_signature_parse_der(context, internal_signature, sig_ptr, signature.bytesize) == 1
+      output = FFI::MemoryPointer.new(:uchar, 64)
+      secp256k1_ecdsa_signature_serialize_compact(context, output, internal_signature)
+      output.read_string(64)
+    end
+  end
+
+  # Convert a compact(64 bytes) ECDSA signature into DER-encoded format.
+  # @param [String] signature compact signature(64 bytes) with binary format.
+  # @return [String] DER-encoded signature with binary format.
+  # @raise [Secp256k1::Error] If the signature could not be parsed.
+  # @raise [ArgumentError] If invalid arguments specified.
+  def ecdsa_signature_from_compact(signature)
+    validate_string!("signature", signature, 64)
+    signature = hex2bin(signature)
+    with_context do |context|
+      sig_ptr = FFI::MemoryPointer.new(:uchar, 64).put_bytes(0, signature)
+      internal_signature = FFI::MemoryPointer.new(:uchar, 64)
+      raise Error, 'secp256k1_ecdsa_signature_parse_compact failed.' unless secp256k1_ecdsa_signature_parse_compact(context, internal_signature, sig_ptr) == 1
+      output = FFI::MemoryPointer.new(:uchar, 72)
+      output_len = FFI::MemoryPointer.new(:uint64).put_uint64(0, 72)
+      raise Error, 'secp256k1_ecdsa_signature_serialize_der failed.' unless secp256k1_ecdsa_signature_serialize_der(context, output, output_len, internal_signature) == 1
+      output.read_string(output_len.read_uint64)
+    end
+  end
+
+  # Compute a tagged hash as defined in BIP-340: SHA256(SHA256(tag) || SHA256(tag) || msg).
+  # @param [String] tag the tag with binary format.
+  # @param [String] msg the message with binary format.
+  # @return [String] 32-byte tagged hash with hex format.
+  # @raise [Secp256k1::Error] If the hash could not be computed.
+  # @raise [ArgumentError] If invalid arguments specified.
+  def tagged_sha256(tag, msg)
+    raise ArgumentError, "tag must be String." unless tag.is_a?(String)
+    raise ArgumentError, "msg must be String." unless msg.is_a?(String)
+    tag = hex2bin(tag)
+    msg = hex2bin(msg)
+    with_context do |context|
+      hash32 = FFI::MemoryPointer.new(:uchar, 32)
+      # The library requires non-NULL pointers even for zero-length input, so allocate at least 1 byte.
+      tag_ptr = FFI::MemoryPointer.new(:uchar, [tag.bytesize, 1].max).put_bytes(0, tag)
+      msg_ptr = FFI::MemoryPointer.new(:uchar, [msg.bytesize, 1].max).put_bytes(0, msg)
+      raise Error, 'secp256k1_tagged_sha256 failed.' unless secp256k1_tagged_sha256(context, hash32, tag_ptr, tag.bytesize, msg_ptr, msg.bytesize) == 1
+      hash32.read_string(32).unpack1('H*')
+    end
+  end
+
   private
 
   # Calculate full public key(64 bytes) from public key(32 bytes).
@@ -239,6 +301,28 @@ module Secp256k1
     end
   end
 
+  # Parse a serialized public key into an internal 64-byte pubkey pointer.
+  # @param [FFI::Pointer] context secp256k1 context.
+  # @param [String] pubkey serialized public key with binary format.
+  # @return [FFI::Pointer] internal pubkey pointer(64 bytes).
+  # @raise [Secp256k1::Error] If the public key is invalid.
+  def parse_pubkey_internal(context, pubkey)
+    pubkey_ptr = FFI::MemoryPointer.new(:uchar, pubkey.bytesize).put_bytes(0, pubkey)
+    internal_pubkey = FFI::MemoryPointer.new(:uchar, 64)
+    raise Error, 'An invalid public key was specified.' unless secp256k1_ec_pubkey_parse(context, internal_pubkey, pubkey_ptr, pubkey.bytesize) == 1
+    internal_pubkey
+  end
+
+  # Serialize an internal x-only public key pointer(64 bytes) to 32-byte hex.
+  # @param [FFI::Pointer] context secp256k1 context.
+  # @param [FFI::Pointer] xonly_input internal x-only pubkey pointer(64 bytes).
+  # @return [String] x-only public key with hex format(32 bytes).
+  def serialize_xonly_pubkey_internal(context, xonly_input)
+    output = FFI::MemoryPointer.new(:uchar, X_ONLY_PUBKEY_SIZE)
+    secp256k1_xonly_pubkey_serialize(context, output, xonly_input)
+    output.read_string(X_ONLY_PUBKEY_SIZE).unpack1('H*')
+  end
+
   def generate_pubkey_in_context(context, private_key, compressed: true)
     internal_pubkey = FFI::MemoryPointer.new(:uchar, 64)
     priv_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(private_key))

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: secp256k1rb
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - azuchi
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-12-07 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -32,6 +31,8 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".rspec"
+- ".ruby-gemset"
+- ".ruby-version"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
@@ -42,7 +43,9 @@ files:
 - bin/setup
 - lib/secp256k1.rb
 - lib/secp256k1/c.rb
+- lib/secp256k1/ecdh.rb
 - lib/secp256k1/ellswift.rb
+- lib/secp256k1/key.rb
 - lib/secp256k1/musig.rb
 - lib/secp256k1/musig/key_agg.rb
 - lib/secp256k1/musig/session.rb
@@ -58,7 +61,6 @@ metadata:
   homepage_uri: https://github.com/azuchi/secp256k1rb
   source_code_uri: https://github.com/azuchi/secp256k1rb
   changelog_uri: https://github.com/azuchi/secp256k1rb
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -73,8 +75,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
-signing_key:
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Ruby binding for libsecp256k1.
 test_files: []