diff options
author | Pieter Wuille <pieter@wuille.net> | 2021-10-28 13:46:52 -0400 |
---|---|---|
committer | Pieter Wuille <pieter@wuille.net> | 2021-11-12 12:04:20 -0500 |
commit | 2478c6730a81dda3c56cb99087caf6abe49c85f5 (patch) | |
tree | 62daa10ff38014d4c9abd855c01de843248d3b79 /src/key.h | |
parent | c9dd5c8d6e59e27af98e99d2844d6ead8eec3162 (diff) | |
download | bitcoin-2478c6730a81dda3c56cb99087caf6abe49c85f5.tar.xz |
Make signing follow BIP340 exactly w.r.t. aux randomness
libsecp256k1's secp256k1_schnorrsig_sign only follows BIP340 exactly
if an aux_rand32 argument is passed. When no randomness is used
(as is the case in the current codebase here), there is no impact
on security between not providing aux_rand32 at all, or providing
an empty one. Yet, for repeatability/testability it is simpler
to always use an all-zero one.
Diffstat (limited to 'src/key.h')
-rw-r--r-- | src/key.h | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -130,7 +130,7 @@ public: /** * Create a BIP-340 Schnorr signature, for the xonly-pubkey corresponding to *this, - * optionally tweaked by *merkle_root. Additional nonce entropy can be provided through + * optionally tweaked by *merkle_root. Additional nonce entropy is provided through * aux. * * merkle_root is used to optionally perform tweaking of the private key, as specified @@ -143,7 +143,7 @@ public: * (this is used for key path spending, with specific * Merkle root of the script tree). */ - bool SignSchnorr(const uint256& hash, Span<unsigned char> sig, const uint256* merkle_root = nullptr, const uint256* aux = nullptr) const; + bool SignSchnorr(const uint256& hash, Span<unsigned char> sig, const uint256* merkle_root, const uint256& aux) const; //! Derive BIP32 child key. bool Derive(CKey& keyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode& cc) const; |