diff options
| author | Pieter Wuille <pieter@wuille.net> | 2021-10-28 13:46:52 -0400 |
|---|---|---|
| committer | Pieter Wuille <pieter@wuille.net> | 2021-11-12 12:04:20 -0500 |
| commit | 2478c6730a81dda3c56cb99087caf6abe49c85f5 (patch) | |
| tree | 62daa10ff38014d4c9abd855c01de843248d3b79 /src/script | |
| parent | c9dd5c8d6e59e27af98e99d2844d6ead8eec3162 (diff) | |
| download | bitcoin-2478c6730a81dda3c56cb99087caf6abe49c85f5.tar.xz | |
Make signing follow BIP340 exactly w.r.t. aux randomness
libsecp256k1's secp256k1_schnorrsig_sign only follows BIP340 exactly
if an aux_rand32 argument is passed. When no randomness is used
(as is the case in the current codebase here), there is no impact
on security between not providing aux_rand32 at all, or providing
an empty one. Yet, for repeatability/testability it is simpler
to always use an all-zero one.
Diffstat (limited to 'src/script')
| -rw-r--r-- | src/script/sign.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/script/sign.cpp b/src/script/sign.cpp index 4cb2125747..b282f39e6d 100644 --- a/src/script/sign.cpp +++ b/src/script/sign.cpp @@ -81,7 +81,8 @@ bool MutableTransactionSignatureCreator::CreateSchnorrSig(const SigningProvider& uint256 hash; if (!SignatureHashSchnorr(hash, execdata, *txTo, nIn, nHashType, sigversion, *m_txdata, MissingDataBehavior::FAIL)) return false; sig.resize(64); - if (!key.SignSchnorr(hash, sig, merkle_root, nullptr)) return false; + // Use uint256{} as aux_rnd for now. + if (!key.SignSchnorr(hash, sig, merkle_root, {})) return false; if (nHashType) sig.push_back(nHashType); return true; } |