-
Notifications
You must be signed in to change notification settings - Fork 270
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signing/verifying BIP340 Schnorr when the message is not 32 bytes #702
Comments
We actually talked about it on IRC today, |
I think we may just have to eat the breakage -- we want to discourage people to directly use We are also planning to drop the |
Please confirm if my understanding is correct. Schnorr signature needs |
Basically yes. as a previous version of the BIP only supported pre-hashing |
…f 32 bytes `Message` df98b16 Make schnorr sign/verify accept a message slice (Elichai Turkel) Pull request description: As discussed on #702 and on IRC, BIP340 has evolved from supporting only "pre-hashed" 32 byte messages, to supporting messages of "any length" and as such we should allow the users to pass a message of any length. Note that passing exactly 32 bytes will make the API behave exactly as before (ie it will produce the same signatures). I added all the test vectors from: https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv To make sure the API is correct even for empty messages and shorter/longer ones :) ACKs for top commit: Kixunil: ACK df98b16 apoelstra: ACK df98b16 thanks for all the new test vectors\! Tree-SHA512: bd99ea8e17fcc6fd71ad39a87c7c21761f325006998a61b33b6f2abc9f892f90a4236bd25615cb34dc83214a70dcdd34ce3e7cece7d6f971c3843505356c97c5
Please publish the merged fix soon. |
If I'm understanding the API correctly, it's not currently possible to use this crate to sign or verify BIP340 messages that are not exactly 32 bytes long. Is this correct? If so is there any change of adding such support? It seems
libsecp256k1
already supports this, usingsecp256k1_schnorrsig_sign_custom
, and for verification the plainsecp256k1_schnorrsig_verify
accepts any input length.The text was updated successfully, but these errors were encountered: