secp256k1rb 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aff0d24f08ccdd2fb1d622ca2cb8655a9e36d3960890710861878e32e55850b3
-  data.tar.gz: 6915105a7e248f5a1ca810e5f0b8af3dea75731a7b65bd111df74a8691f2d907
+  metadata.gz: 11620dd56323837c51b4adaf78b80e683c039b6086af0d501df6890f31c32e07
+  data.tar.gz: 27b5544236685afd32b11dd636d1f78ca626cfb63a120c6da88504238aa0c6b2
 SHA512:
-  metadata.gz: 307ef35d2afa388b1640a2df6438ca19b14cc5d1bf1920f509e2f1768d610d0534f926ad0122122b5ad30da9ab6a9da3f49b17b6d1215fc0bd1e1fc55c42ab71
-  data.tar.gz: a533565583b3af85dbfbb9f259e3c644a4de3ec5a8c52e08b37eb46ff0bdba922e5a14cd3f2588792caa1ae4934881b9563b045c6907dda50571349a97dcef9c
+  metadata.gz: 14177d6aa88872ae15db021b45d492ec59b083ad751d224d852c9f5440fd2a9b51855608a0c0456175aadd09b06d68591122b799fc2a7d08724c4f726c84c980
+  data.tar.gz: '0805a6d29bad9054f581115919365a3e8623adc8d93f64e92d18435f33012056a227ccbb4bd08c5421ec4a3bbc1e85f94d8b116cd47d4c205f51e0efe5306f00'

data/README.md

@@ -1,8 +1,6 @@
 # secp256k1rb
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/secp256k1`. To experiment with that code, run `bin/console` for an interactive prompt.
-
-TODO: Delete this and the text above, and describe your gem
+This is a Ruby binding for Bitcoin Core's [secp256k1 library](https://github.com/bitcoin-core/secp256k1/).
 
 ## Installation
 
@@ -22,22 +20,33 @@ Or install it yourself as:
 
 ## Usage
 
-TODO: Write usage instructions here
+To use this library, you need to specify the path of the secp256k1 shared library in environment variable
+`SECP256K1_LIB_PATH`, e.g: `$ export SECP256K1_LIB_PATH=/var/local/lib/libsecp256k1.so`.
+
+Note: This library also implements the recovery module, so you must have built the secp256k1 library with the
+`--enable-module-recovery` option.
 
-## Development
+By including the Secp256k1 module, you can use the features provided by the `libsepc256k1` library. For example:
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+```ruby
+require 'secp256k1'
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+include Secp256k1
 
-## Contributing
+generate_key_pair
+=> ["e00c2ae99e59b5262be3d507d026081f0e6cf9972ffdd4f2d45a390f7a41b053", "027e0f70b540d627422cf7bb77d86ae1bb6829c80104dd48dc2539e6277ea25624"]
+```
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/secp256k1. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/secp256k1/blob/master/CODE_OF_CONDUCT.md).
+See [here](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1) for available methods.
+In addition, the following modules are also included, so you can use them as they are.
 
-## License
+* [Recover](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1/Recover)
+* [SchnorrSig](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1/SchnorrSig)
+* [EllSwift](https://www.rubydoc.info/gems/secp256k1rb/Secp256k1/EllSwift)
 
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+### Compatibility
 
-## Code of Conduct
+secp256k1 version | secp256k1rb version
+:---:|:---:
+v0.4.0 | v0.1.x
 
-Everyone interacting in the Secp256k1 project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/secp256k1/blob/master/CODE_OF_CONDUCT.md).

data/lib/secp256k1/c.rb

@@ -28,10 +28,32 @@ module Secp256k1
     attach_function(:secp256k1_ecdsa_recoverable_signature_serialize_compact, [:pointer, :pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ecdsa_recover, [:pointer, :pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ecdsa_recoverable_signature_parse_compact, [:pointer, :pointer, :pointer, :int], :int)
+    # for EllSwift module
     attach_function(:secp256k1_ellswift_decode, [:pointer, :pointer, :pointer], :int)
     attach_function(:secp256k1_ellswift_create, [:pointer, :pointer, :pointer, :pointer], :int)
     attach_variable(:secp256k1_ellswift_xdh_hash_function_bip324, :pointer)
     attach_function(:secp256k1_ellswift_xdh, [:pointer, :pointer, :pointer, :pointer, :pointer, :int, :pointer, :pointer], :int)
+    # for ExtraKeys module
+    attach_function(:secp256k1_xonly_pubkey_parse, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_xonly_pubkey_serialize, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_keypair_create, [:pointer, :pointer, :pointer], :int)
+    # for MuSig module
+    attach_function(:secp256k1_musig_pubkey_agg, [:pointer, :pointer, :pointer, :pointer, :size_t], :int)
+    attach_function(:secp256k1_musig_pubkey_get, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_pubkey_ec_tweak_add, [:pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_pubkey_xonly_tweak_add, [:pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_nonce_gen, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_pubnonce_parse, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_pubnonce_serialize, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_aggnonce_serialize, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_aggnonce_parse, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_nonce_agg, [:pointer, :pointer, :pointer, :size_t], :int)
+    attach_function(:secp256k1_musig_nonce_process, [:pointer, :pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_partial_sign, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_partial_sig_serialize, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_partial_sig_parse, [:pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_partial_sig_verify, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int)
+    attach_function(:secp256k1_musig_partial_sig_agg, [:pointer, :pointer, :pointer, :pointer, :size_t], :int)
 
     # Pointer to secp256k1_ellswift_xdh_hash_function_bip324 constant.
     # @return [FFI::Pointer]

data/lib/secp256k1/ellswift.rb

@@ -8,9 +8,8 @@ module Secp256k1
     # @raise [Secp256k1::Error] If decode failed.
     # @raise [ArgumentError] If invalid arguments specified.
     def ellswift_decode(ell_key, compressed: true)
-      raise ArgumentError, "ell_key must be String." unless ell_key.is_a?(String)
+      validate_string!("ell_key", ell_key, ELL_SWIFT_KEY_SIZE)
       ell_key = hex2bin(ell_key)
-      raise ArgumentError, "ell_key must be 64 bytes." unless ell_key.bytesize == 64
       with_context do |context|
         ell64 = FFI::MemoryPointer.new(:uchar, ell_key.bytesize).put_bytes(0, ell_key)
         internal = FFI::MemoryPointer.new(:uchar, 64)
@@ -26,9 +25,8 @@ module Secp256k1
     # @raise [Secp256k1::Error] If failed to create elligattor swhift public key.
     # @raise [ArgumentError] If invalid arguments specified.
     def ellswift_create(private_key)
-      raise ArgumentError, "private_key must be String." unless private_key.is_a?(String)
+      validate_string!("private_key", private_key, 32)
       private_key = hex2bin(private_key)
-      raise ArgumentError, "private_key must be 32 bytes." unless private_key.bytesize == 32
       with_context(flags: CONTEXT_SIGN) do |context|
         ell64 = FFI::MemoryPointer.new(:uchar, 64)
         seckey32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, private_key)
@@ -46,15 +44,12 @@ module Secp256k1
     # @return [String] x coordinate with hex format.
     # @raise [Secp256k1::Error] If secret is invalid or hashfp return 0.
     def ellswift_ecdh_xonly(their_ell_pubkey, our_ell_pubkey, private_key, initiating)
-      raise ArgumentError, "their_ell_pubkey must be String." unless their_ell_pubkey.is_a?(String)
-      raise ArgumentError, "our_ell_pubkey must be String." unless our_ell_pubkey.is_a?(String)
-      raise ArgumentError, "private_key must be String." unless private_key.is_a?(String)
+      validate_string!("their_ell_pubkey", their_ell_pubkey, ELL_SWIFT_KEY_SIZE)
+      validate_string!("our_ell_pubkey", our_ell_pubkey, ELL_SWIFT_KEY_SIZE)
+      validate_string!("private_key", private_key, 32)
       their_ell_pubkey = hex2bin(their_ell_pubkey)
       our_ell_pubkey = hex2bin(our_ell_pubkey)
       private_key = hex2bin(private_key)
-      raise ArgumentError, "their_ell_pubkey must be #{ELL_SWIFT_KEY_SIZE} bytes." unless their_ell_pubkey.bytesize == ELL_SWIFT_KEY_SIZE
-      raise ArgumentError, "our_ell_pubkey must be #{ELL_SWIFT_KEY_SIZE} bytes." unless our_ell_pubkey.bytesize == ELL_SWIFT_KEY_SIZE
-      raise ArgumentError, "private_key must be 32 bytes." unless private_key.bytesize == 32
 
       with_context(flags: CONTEXT_SIGN) do |context|
         output = FFI::MemoryPointer.new(:uchar, 32)

data/lib/secp256k1/musig/key_agg.rb

@@ -0,0 +1,74 @@
+module Secp256k1
+  module MuSig
+
+    # Opaque data structure that caches information about public key aggregation.
+    class KeyAggCache < FFI::Struct
+      layout :data, [:uchar, 197]
+    end
+
+    # Key aggregation context class.
+    class KeyAggContext
+      include Secp256k1
+
+      attr_reader :cache
+
+      # Constructor.
+      # @param [Secp256k1::MuSig::KeyAggCache] key_agg_cache Key aggregation cache.
+      # @raise [ArgumentError] If invalid arguments specified.
+      def initialize(key_agg_cache)
+        raise ArgumentError, "key_agg_cache must be Secp256k1::KeyAggCache." unless key_agg_cache.is_a?(Secp256k1::KeyAggCache)
+        @cache = key_agg_cache
+      end
+
+      # Get aggregate public key.
+      # @return [String] An aggregated public key.
+      def aggregate_public_key
+        with_context do |context|
+          agg_pubkey = FFI::MemoryPointer.new(:uchar, 64)
+          if secp256k1_musig_pubkey_get(context, agg_pubkey, cache.pointer) == 0
+            raise Error, "secp256k1_musig_pubkey_get arguments invalid."
+          end
+          serialize_pubkey(context, agg_pubkey)
+        end
+      end
+
+      # Apply ordinary "EC" tweaking to a public key.
+      # @param [String] tweak Tweak value to tweak the aggregated key.
+      # @param [Boolean] xonly Apply x-only tweaking or not.
+      # @return [String] Tweaked x-only public key with hex format.
+      # @raise [ArgumentError] If invalid arguments specified.
+      # @raise [Secp256k1::Error]
+      def tweak_add(tweak, xonly: false)
+        validate_string!("tweak", tweak, 32)
+        with_context do |context|
+          tweak_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(tweak))
+          pubkey_ptr = FFI::MemoryPointer.new(:uchar, 64)
+          if xonly
+            if secp256k1_musig_pubkey_xonly_tweak_add(context, pubkey_ptr, cache.pointer, tweak_ptr) == 0
+              raise Error, "secp256k1_musig_pubkey_tweak_add arguments invalid."
+            end
+          else
+            if secp256k1_musig_pubkey_ec_tweak_add(context, pubkey_ptr, cache.pointer, tweak_ptr) == 0
+              raise Error, "secp256k1_musig_pubkey_tweak_add arguments invalid."
+            end
+          end
+          serialize_pubkey(context, pubkey_ptr)
+        end
+      end
+
+      # Get KeyAggCache pointer.
+      # @return [FFI::MemoryPointer]
+      def pointer
+        cache.pointer
+      end
+
+      private
+
+      def serialize_pubkey(context, pubkey_ptr)
+        xonly = FFI::MemoryPointer.new(:uchar, 32)
+        secp256k1_xonly_pubkey_serialize(context, xonly, pubkey_ptr)
+        xonly.read_string(32).unpack1('H*')
+      end
+    end
+  end
+end

data/lib/secp256k1/musig/session.rb

@@ -0,0 +1,123 @@
+module Secp256k1
+  module MuSig
+    class Session
+      include Secp256k1
+      attr_reader :session
+      attr_reader :key_agg_ctx
+      attr_reader :agg_nonce
+      attr_reader :msg
+
+      # Create signing session.
+      # @param [Secp256k1::MuSig::KeyAggContext] key_agg_ctx The key aggregation context.
+      # @param [String] agg_nonce An aggregated public nonce.
+      # @param [String] msg The message to be signed.
+      # @raise [ArgumentError] If invalid arguments specified.
+      # @raise [Secp256k1::Error]
+      def initialize(key_agg_ctx, agg_nonce, msg)
+        raise ArgumentError, 'key_agg_ctx must be KeyAggContext.' unless key_agg_ctx.is_a?(KeyAggContext)
+        validate_string!('msg', msg, 32)
+        validate_string!('agg_nonce', agg_nonce, 66)
+        agg_nonce = hex2bin(agg_nonce)
+        msg = hex2bin(msg)
+        with_context do |context|
+          @session = FFI::MemoryPointer.new(:uchar, 133)
+          agg66 = FFI::MemoryPointer.new(:uchar, 66).put_bytes(0, agg_nonce)
+          agg_ptr = FFI::MemoryPointer.new(:uchar, 132)
+          if secp256k1_musig_aggnonce_parse(context, agg_ptr, agg66) == 0
+            raise Error, "secp256k1_musig_aggnonce_parse failed."
+          end
+          msg_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, msg)
+          if secp256k1_musig_nonce_process(context, @session, agg_ptr, msg_ptr, key_agg_ctx.pointer) == 0
+            raise Error, "secp256k1_musig_nonce_process arguments invalid."
+          end
+        end
+        @agg_nonce = agg_nonce.unpack1('H*')
+        @msg = msg.unpack1('H*')
+        @key_agg_ctx = key_agg_ctx
+      end
+
+      # Produces a partial signature for a given key pair and secret nonce.
+      # @param [String] sec_nonce The secret nonce to sign the message.
+      # @param [String] private_key The private key to sign the message.
+      # @return [String] A partial signature.
+      # @raise [ArgumentError] If invalid arguments specified.
+      # @raise [Secp256k1::Error]
+      def partial_sign(sec_nonce, private_key)
+        raise ArgumentError, 'key_agg_ctx must be KeyAggContext.' unless key_agg_ctx.is_a?(KeyAggContext)
+        validate_string!('sec_nonce', sec_nonce, 132)
+        validate_string!('private_key', private_key, 32)
+        with_context do |context|
+          partial_sig = FFI::MemoryPointer.new(:uchar, 36)
+          sec_nonce_ptr = FFI::MemoryPointer.new(:uchar, 132).put_bytes(0, hex2bin(sec_nonce))
+          private_key_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(private_key))
+          key_pair = FFI::MemoryPointer.new(:uchar, 86)
+          if secp256k1_keypair_create(context, key_pair, private_key_ptr) == 0
+            raise Error, "secp256k1_keypair_create invalid private_key."
+          end
+          if secp256k1_musig_partial_sign(
+            context, partial_sig, sec_nonce_ptr, key_pair, key_agg_ctx.cache.pointer, session) == 0
+            raise Error, "secp256k1_musig_partial_sign arguments invalid or sec_nonce has already been used for signing."
+          end
+          out32 = FFI::MemoryPointer.new(:uchar, 32)
+          secp256k1_musig_partial_sig_serialize(context, out32, partial_sig)
+          out32.read_string(32).unpack1('H*')
+        end
+      end
+
+      # Checks that an individual partial signature verifies.
+      # @param [String] partial_sig The partial signature to verify, sent by the signer associated with +pub_nonce+ and +public_key+.
+      # @param [String] pub_nonce The public nonce of the signer in the signing session.
+      # @param [String] public_key The public key of the signer in the signing session.
+      # @return [Boolean] The verification result.
+      # @raise [ArgumentError] If invalid arguments specified.
+      # @raise [Secp256k1::Error]
+      def verify_partial_sig(partial_sig, pub_nonce, public_key)
+        validate_string!('partial_sig', partial_sig, 32)
+        validate_string!('pub_nonce', pub_nonce, 66)
+        validate_string!('public_key', public_key, 33)
+        with_context do |context|
+          sig_ptr = parse_partial_sig(context, partial_sig)
+          public_key = FFI::MemoryPointer.new(:uchar, 33).put_bytes(0, hex2bin(public_key))
+          pubkey_ptr = FFI::MemoryPointer.new(:uchar, 64)
+          raise Error, "pubkey is invalid." unless secp256k1_ec_pubkey_parse(context, pubkey_ptr, public_key, 33) == 1
+          pub_nonce = FFI::MemoryPointer.new(:uchar, 66).put_bytes(0, hex2bin(pub_nonce))
+          nonce_ptr = FFI::MemoryPointer.new(:uchar, 132)
+          if secp256k1_musig_pubnonce_parse(context, nonce_ptr, pub_nonce) == 0
+            raise Error, "secp256k1_musig_pubnonce_parse failed."
+          end
+          secp256k1_musig_partial_sig_verify(context, sig_ptr, nonce_ptr, pubkey_ptr, key_agg_ctx.pointer, session) == 1
+        end
+      end
+
+      # Aggregates partial signatures
+      # @param [Array] partial_sigs Array of partial signatures.
+      # @return [String] An aggregated signature.
+      # @raise [ArgumentError] If invalid arguments specified.
+      # @raise [Secp256k1::Error]
+      def aggregate_partial_sigs(partial_sigs)
+        raise ArgumentError, "partial_sigs must be Array." unless partial_sigs.is_a?(Array)
+        raise ArgumentError, "partial_sigs must not be empty." if partial_sigs.empty?
+        with_context do |context|
+          sigs_ptr = FFI::MemoryPointer.new(:pointer, partial_sigs.length)
+          sigs_ptr.write_array_of_pointer(partial_sigs.map{|partial_sig| parse_partial_sig(context, partial_sig)})
+          sig64 = FFI::MemoryPointer.new(:uchar, 64)
+          if secp256k1_musig_partial_sig_agg(context, sig64, session, sigs_ptr, partial_sigs.length) == 0
+            raise Error, "secp256k1_musig_partial_sig_agg arguments invalid."
+          end
+          sig64.read_string(64).unpack1('H*')
+        end
+      end
+
+      private
+
+      def parse_partial_sig(context, partial_sig)
+        partial_sig = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(partial_sig))
+        sig_ptr = FFI::MemoryPointer.new(:uchar, 36)
+        if secp256k1_musig_partial_sig_parse(context, sig_ptr, partial_sig) == 0
+          raise Error, "secp256k1_musig_partial_sig_parse failed."
+        end
+        sig_ptr
+      end
+    end
+  end
+end

data/lib/secp256k1/musig.rb

@@ -0,0 +1,165 @@
+require_relative 'musig/key_agg'
+require_relative 'musig/session'
+
+module Secp256k1
+
+  # MuSig module
+  # @example
+  #   include Secp256k1
+  #
+  #   # Two signer.
+  #   sk1, pk1 = generate_key_pair
+  #   sk2, pk2 = generate_key_pair
+  #
+  #   # Aggregate public key
+  #   key_agg_ctx = aggregate_pubkey([pk1, pk2])
+  #   agg_pubkey = key_agg_ctx.aggregate_public_key
+  #
+  #   # If you need tweak
+  #   key_agg_ctx.tweak_add('7468697320636f756c64206265206120424950333220747765616b2e2e2e2e00')
+  #   # If you need tweak with xonly
+  #   key_agg_ctx.tweak_add('7468697320636f756c64206265206120546170726f6f7420747765616b2e2e00', xonly: true)
+  #
+  #   agg_pubkey = key_agg_ctx.aggregate_public_key
+  #
+  #   msg = Digest::SHA256.digest('message')
+  #
+  #   # Nonce generation
+  #   session_id1 = generate_musig_session_id
+  #   secnonce1, pubnonce1 = target.generate_musig_nonce(
+  #     session_id1,
+  #     pk1,
+  #     sk: sk1,
+  #     key_agg_ctx: key_agg_ctx,
+  #     msg: msg
+  #   )
+  #
+  #   session_id2 = generate_musig_session_id
+  #   secnonce2, pubnonce2 = target.generate_musig_nonce(
+  #     session_id2,
+  #     pk2,
+  #     sk: sk2,
+  #     key_agg_ctx: key_agg_ctx,
+  #     msg: msg
+  #   )
+  #
+  #   # Aggregate public nonces
+  #   agg_nonce = aggregate_musig_nonce([pubnonce1, pubnonce2])
+  #
+  #   # Generate partial sig
+  #   musig_session = Secp256k1::MuSig::Session.new(key_agg_ctx, agg_nonce, msg)
+  #   partial_sig1 = musig_session.partial_sign(secnonce1, sk1)
+  #   partial_sig2 = musig_session.partial_sign(secnonce2, sk2)
+  #
+  #   # Aggregate signature
+  #   agg_sig = musig_session.aggregate_partial_sigs([partial_sig1, partial_sig2])
+  #
+  #   # Verify schnorr signature
+  #   verify_schnorr(msg, agg_sig, agg_pubkey)
+  module MuSig
+
+    # Aggregate public keys.
+    # @param [Array] pubkeys An array of public keys.
+    # @return [Secp2561k::MuSig::KeyAggContext]
+    # @raise [Secp256k1::Error]
+    def aggregate_pubkey(pubkeys)
+      raise ArgumentError, "pubkeys must be an array." unless pubkeys.is_a?(Array)
+      with_context do |context|
+        pubkeys_ptrs = pubkeys.map do |pubkey|
+          pubkey = hex2bin(pubkey)
+          validate_string!('pubkey', pubkey, 33)
+          input = FFI::MemoryPointer.new(:uchar, 33).put_bytes(0, pubkey)
+          pubkey_ptr = FFI::MemoryPointer.new(:uchar, 64)
+          raise Error, "pubkey is invalid." unless secp256k1_ec_pubkey_parse(context, pubkey_ptr, input, 33) == 1
+          pubkey_ptr
+        end
+        pubkeys_ptr = FFI::MemoryPointer.new(:pointer, pubkeys.length)
+        pubkeys_ptr.write_array_of_pointer(pubkeys_ptrs)
+        agg_pubkey = FFI::MemoryPointer.new(:uchar, 64)
+        cache = Secp256k1::MuSig::KeyAggCache.new
+        if secp256k1_musig_pubkey_agg(context, agg_pubkey, cache.pointer, pubkeys_ptr, pubkeys.length) == 0
+          raise Error, "secp256k1_musig_pubkey_agg argument error."
+        end
+        Secp256k1::MuSig::KeyAggContext.new(cache)
+      end
+    end
+
+    # Generate fresh session id for musig signing session.
+    # @return [String] The session id.
+    def generate_musig_session_id
+      SecureRandom.random_bytes(32).unpack1('H*')
+    end
+
+    # Generate nonce pair.
+    # @param [String] session_id The uniform random identifier for this session.
+    # @param [String] pk The public key for which the partial signature is generated.
+    # @param [String] sk (Optional) The private key for which the partial signature is generated.
+    # @param [Secp256k1::MuSig::KeyAggContext] key_agg_ctx (Optional) The aggregated public key context.
+    # @param [String] msg (Optional) The message to be signed.
+    # @param [String] extra_in (Optional) The auxiliary input.
+    # @return [Array(String)] The array of secret nonce and public nonce with hex format.
+    # @raise [ArgumentError] If invalid arguments specified.
+    # @raise [Secp256k1::Error]
+    def generate_musig_nonce(session_id, pk, sk: nil, key_agg_ctx: nil, msg: nil, extra_in: nil)
+      validate_string!("session_id", session_id, 32)
+      validate_string!("pk", pk, 33)
+      validate_string!("sk", sk, 32) if sk
+      validate_string!("msg", msg, 32) if msg
+      validate_string!("extra_in", extra_in, 32) if extra_in
+
+      if key_agg_ctx
+        raise ArgumentError, "key_agg must be Secp256k1::MuSig::KeyAggContext." unless key_agg_ctx.is_a?(KeyAggContext)
+      end
+
+      with_context do |context|
+        pk_ptr = FFI::MemoryPointer.new(:uchar, 33).put_bytes(0, hex2bin(pk))
+        pubkey = FFI::MemoryPointer.new(:uchar, 64)
+        raise Error, "pk is invalid public key." unless secp256k1_ec_pubkey_parse(context, pubkey, pk_ptr, 33) == 1
+
+        pubnonce = FFI::MemoryPointer.new(:uchar, 132)
+        secnonce = FFI::MemoryPointer.new(:uchar, 132)
+        seckey = sk ? FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(sk)) : nil
+        msg32 = msg ? FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(msg)) : nil
+        extra_input32 = extra_in ? FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(extra_in)) : nil
+        session_secrand32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(session_id))
+
+        raise Error, "arguments is invalid." unless secp256k1_musig_nonce_gen(
+          context, secnonce, pubnonce, session_secrand32, seckey, pubkey, msg32, key_agg_ctx.pointer, extra_input32) == 1
+
+        pub66 = FFI::MemoryPointer.new(:uchar, 66)
+        secp256k1_musig_pubnonce_serialize(context, pub66, pubnonce)
+        [secnonce.read_string(132).unpack1('H*'), pub66.read_string(66).unpack1('H*')]
+      end
+    end
+
+    # Aggregates the nonces of all signers into a single nonce.
+    # @param [Array] pub_nonces An array of public nonces sent by the signers.
+    # @return [String] An aggregated public nonce.
+    # @raise [Secp256k1::Error]
+    # @raise [ArgumentError] If invalid arguments specified.
+    def aggregate_musig_nonce(pub_nonces)
+      raise ArgumentError, "pub_nonces must be Array." unless pub_nonces.is_a?(Array)
+
+      with_context do |context|
+        nonce_ptrs = pub_nonces.map do |pub_nonce|
+          pub_nonce = hex2bin(pub_nonce)
+          validate_string!("pub_nonce", pub_nonce, 66)
+          in66 = FFI::MemoryPointer.new(:uchar, 66).put_bytes(0, pub_nonce)
+          pub_nonce_ptr = FFI::MemoryPointer.new(:uchar, 132)
+          if secp256k1_musig_pubnonce_parse(context, pub_nonce_ptr, in66) == 0
+            raise Error, "secp256k1_musig_pubnonce_parse error."
+          end
+          pub_nonce_ptr
+        end
+        agg_nonce = FFI::MemoryPointer.new(:uchar, 132)
+        pubnonces = FFI::MemoryPointer.new(:pointer, pub_nonces.length)
+        pubnonces.write_array_of_pointer(nonce_ptrs)
+        result = secp256k1_musig_nonce_agg(context, agg_nonce, pubnonces, pub_nonces.length)
+        raise Error, "nonce aggregation failed." if result == 0
+        out66 = FFI::MemoryPointer.new(:uchar, 66)
+        secp256k1_musig_aggnonce_serialize(context, out66, agg_nonce)
+        out66.read_string(66).unpack1("H*")
+      end
+    end
+  end
+end

data/lib/secp256k1/recovery.rb

@@ -1,4 +1,15 @@
 module Secp256k1
+  # Recover module
+  # @example
+  #   include Secp256k1
+  #
+  #   sk, _ = generate_key_pair
+  #   msg = Digest::SHA256.digest('message')
+  #   sig, rec = sign_recoverable(msg, sk)
+  #   full_sig = [rec + 0x1b + 4].pack('C') + [sig].pack('H*')
+  #   compressed = true
+  #   recover_pubkey = target.recover(msg, full_sig, compressed)
+  #
   module Recover
     # Sign data with compact format.
     # @param [String] data The 32-byte message hash being signed.
@@ -7,13 +18,10 @@ module Secp256k1
     # @raise [Secp256k1::Error] If recovery failed.
     # @raise [ArgumentError] If invalid arguments specified.
     def sign_recoverable(data, private_key)
-      raise ArgumentError, "private_key must be String." unless private_key.is_a?(String)
-      raise ArgumentError, "data must by String." unless data.is_a?(String)
+      validate_string!("private_key", private_key, 32)
+      validate_string!("data", data, 32)
       private_key = hex2bin(private_key)
-      raise ArgumentError, "private_key must be 32 bytes." unless private_key.bytesize == 32
       data = hex2bin(data)
-      raise ArgumentError, "data must be 32 bytes." unless data.bytesize == 32
-
       with_context do |context|
         sig = FFI::MemoryPointer.new(:uchar, 65)
         hash =FFI::MemoryPointer.new(:uchar, data.bytesize).put_bytes(0, data)
@@ -39,12 +47,10 @@ module Secp256k1
     # @raise [Secp256k1::Error] If recover failed.
     # @raise [ArgumentError] If invalid arguments specified.
     def recover(data, signature, compressed)
-      raise ArgumentError, "data must be String." unless data.is_a?(String)
-      raise ArgumentError, "signature must be String." unless signature.is_a?(String)
+      validate_string!("data", data, 32)
+      validate_string!("signature", signature, 65)
       signature = hex2bin(signature)
-      raise ArgumentError, "signature must be 65 bytes." unless signature.bytesize == 65
       data = hex2bin(data)
-      raise ArgumentError, "data must be 32 bytes." unless data.bytesize == 32
       rec = (signature[0].ord - 0x1b) & 3
       raise ArgumentError, "rec must be between 0 and 3." if rec < 0 || rec > 3
 

data/lib/secp256k1/schnorrsig.rb

@@ -1,20 +1,29 @@
 module Secp256k1
+  # SchnorrSig module
+  # @example
+  #   include Secp256k1
+  #
+  #   sk, pk = generate_key_pair
+  #
+  #   # sign and verify (Schnorr)
+  #   signature = sign_schnorr(msg, sk)
+  #   verify_schnorr(msg, signature, pk[2..-1]) # public key must be 32 bytes
+  #
   module SchnorrSig
 
     # Sign to data using schnorr.
     # @param [String] data The 32-byte message hash being signed with binary format.
     # @param [String] private_key a private key with hex format using sign.
-    # @param [String] aux_rand a extra entropy.
+    # @param [String] aux_rand The 32-byte extra entropy.
     # @return [String] signature data with binary format. If unsupported algorithm specified, return nil.
     # @raise [ArgumentError] If invalid arguments specified.
     def sign_schnorr(data, private_key, aux_rand = nil)
-      raise ArgumentError, "private_key must be String." unless private_key.is_a?(String)
-      raise ArgumentError, "data must by String." unless data.is_a?(String)
+      validate_string!("data", data, 32)
+      validate_string!("private_key", private_key, 32)
+      validate_string!("aux_rand", aux_rand, 32) if aux_rand
       raise ArgumentError, "aux_rand must be String." if !aux_rand.nil? && !aux_rand.is_a?(String)
       private_key = hex2bin(private_key)
-      raise ArgumentError, "private_key must be 32 bytes." unless private_key.bytesize == 32
       data = hex2bin(data)
-      raise ArgumentError, "data must be 32 bytes." unless data.bytesize == 32
 
       with_context do |context|
         keypair = [create_keypair(private_key)].pack('H*')
@@ -34,11 +43,10 @@ module Secp256k1
     # @return [Boolean] verification result.
     # @raise [ArgumentError] If invalid arguments specified.
     def verify_schnorr(data, signature, pubkey)
-      raise ArgumentError, "sig must be String." unless signature.is_a?(String)
-      raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
-      raise ArgumentError, "data must be String." unless data.is_a?(String)
+      validate_string!("data", data, 32)
+      validate_string!("signature", signature, 64)
+      validate_string!("pubkey", pubkey, 32)
       data = hex2bin(data)
-      raise ArgumentError, "data must be 32 bytes." unless data.bytesize == 32
       pubkey = hex2bin(pubkey)
       signature = hex2bin(signature)
       with_context do |context|

data/lib/secp256k1/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Secp256k1
-  VERSION = "0.1.1"
+  VERSION = "0.2.0"
 end

data/lib/secp256k1.rb

@@ -6,8 +6,23 @@ require_relative 'secp256k1/c'
 require_relative 'secp256k1/recovery'
 require_relative 'secp256k1/ellswift'
 require_relative 'secp256k1/schnorrsig'
+require_relative 'secp256k1/musig'
 
 # Binding for secp256k1 (https://github.com/bitcoin-core/secp256k1/)
+# @example
+#   include Secp256k1
+#
+#   # Generate key pair
+#   sk, pk = generate_key_pair
+#
+#   # Generate public key
+#   pk = generate_pubkey(sk)
+#
+#   # sign and verify (ECDSA)
+#   msg = Digest::SHA256.digest('message')
+#   signature = sign_ecdsa(msg, sk)
+#   verify_ecdsa(msg, signature, pk)
+#
 module Secp256k1
 
   class Error < StandardError; end
@@ -16,6 +31,7 @@ module Secp256k1
   include Recover
   include SchnorrSig
   include EllSwift
+  include MuSig
 
   FLAGS_TYPE_MASK = ((1 << 8) - 1)
   FLAGS_TYPE_CONTEXT = (1 << 0)
@@ -79,34 +95,13 @@ module Secp256k1
   # @return [String] Public key with hex format.
   # @raise [ArgumentError] If invalid arguments specified.
   def generate_pubkey(private_key, compressed: true)
-    raise  ArgumentError, "private_key must be String." unless private_key.is_a?(String)
+    validate_string!("private_key", private_key, 32)
     private_key = hex2bin(private_key)
-    raise ArgumentError, "private_key must by 32 bytes." unless private_key.bytesize == 32
     with_context do |context|
       generate_pubkey_in_context(context, private_key, compressed: compressed)
     end
   end
 
-  # Sign to data.
-  # @param [String] data The 32-byte message hash being signed with binary format.
-  # @param [String] private_key a private key with hex format using sign.
-  # @param [String] extra_entropy a extra entropy with binary format for rfc6979.
-  # @param [Symbol] algo signature algorithm. ecdsa(default) or schnorr.
-  # @return [String] signature data with binary format. If unsupported algorithm specified, return nil.
-  # @raise [ArgumentError] If invalid arguments specified.
-  def sign_data(data, private_key, extra_entropy = nil, algo: :ecdsa)
-
-    case algo
-    when :ecdsa
-      sign_ecdsa(data, private_key, extra_entropy)
-    when :schnorr
-      sign_schnorr(data, private_key, extra_entropy)
-    else
-      raise ArgumentError, "unknown algo: #{algo}"
-    end
-  end
-
-
   # Validate whether this is a valid public key.
   # @param [String] pubkey public key with hex format.
   # @param [Boolean] allow_hybrid whether support hybrid public key.
@@ -131,9 +126,8 @@ module Secp256k1
   # @raise [Secp256k1::Error] If private_key is invalid.
   # @raise [ArgumentError] If invalid arguments specified.
   def create_keypair(private_key)
-    raise ArgumentError, "private_key must be String." unless private_key.is_a?(String)
+    validate_string!("private_key", private_key, 32)
     private_key = hex2bin(private_key)
-    raise ArgumentError, "private_key must be 32 bytes." unless private_key.bytesize == 32
     with_context do |context|
       secret = FFI::MemoryPointer.new(:uchar, private_key.bytesize).put_bytes(0, private_key)
       raise Error, 'private_key is invalid.' unless secp256k1_ec_seckey_verify(context, secret)
@@ -159,17 +153,15 @@ module Secp256k1
   # Sign to data using ecdsa.
   # @param [String] data The 32-byte message hash being signed with binary format.
   # @param [String] private_key a private key with hex format using sign.
-  # @param [String] extra_entropy a extra entropy with binary format for rfc6979.
+  # @param [String] extra_entropy (Optional)An extra entropy with binary format for rfc6979.
   # @return [String] signature data with binary format. If unsupported algorithm specified, return nil.
   # @raise [ArgumentError] If invalid arguments specified.
-  def sign_ecdsa(data, private_key, extra_entropy)
-    raise ArgumentError, "private_key must be String." unless private_key.is_a?(String)
-    raise ArgumentError, "data must by String." unless data.is_a?(String)
-    raise ArgumentError, "extra_entropy must be String." if !extra_entropy.nil? && !extra_entropy.is_a?(String)
+  def sign_ecdsa(data, private_key, extra_entropy = nil)
+    validate_string!("private_key", private_key, 32)
+    validate_string!("data", data, 32)
+    validate_string!("extra_entropy", extra_entropy, 32) if extra_entropy
     private_key = hex2bin(private_key)
-    raise ArgumentError, "private_key must be 32 bytes." unless private_key.bytesize == 32
     data = hex2bin(data)
-    raise ArgumentError, "data must be 32 bytes." unless data.bytesize == 32
 
     with_context do |context|
       secret = FFI::MemoryPointer.new(:uchar, private_key.bytesize).put_bytes(0, private_key)
@@ -205,9 +197,8 @@ module Secp256k1
   def verify_ecdsa(data, signature, pubkey)
     raise ArgumentError, "sig must be String." unless signature.is_a?(String)
     raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
-    raise ArgumentError, "data must be String." unless data.is_a?(String)
+    validate_string!("data", data, 32)
     data = hex2bin(data)
-    raise ArgumentError, "data must be 32 bytes." unless data.bytesize == 32
     pubkey = hex2bin(pubkey)
     signature = hex2bin(signature)
     with_context do |context|
@@ -281,5 +272,10 @@ module Secp256k1
   def hex2bin(str)
     hex_string?(str) ? [str].pack('H*') : str
   end
+
+  def validate_string!(name, target, byte_length)
+    raise ArgumentError, "#{name} must be String." unless target.is_a?(String)
+    raise ArgumentError, "#{name} must be #{byte_length} bytes." unless hex2bin(target).bytesize == byte_length
+  end
 end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: secp256k1rb
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - azuchi
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-11-14 00:00:00.000000000 Z
+date: 2024-12-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -43,6 +43,9 @@ files:
 - lib/secp256k1.rb
 - lib/secp256k1/c.rb
 - lib/secp256k1/ellswift.rb
+- lib/secp256k1/musig.rb
+- lib/secp256k1/musig/key_agg.rb
+- lib/secp256k1/musig/session.rb
 - lib/secp256k1/recovery.rb
 - lib/secp256k1/schnorrsig.rb
 - lib/secp256k1/version.rb