From ac1e36769dda3964f7294319ecb06fb5c414938d Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Fri, 17 Dec 2021 13:41:47 +0000 Subject: [PATCH] musig: turn off multiexponentiation for now Before turning it on we need to have a discussion about our confidence in the correctness of the multiexponentiation code. --- include/secp256k1_musig.h | 12 +++++++----- src/modules/musig/keyagg_impl.h | 5 ++++- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/include/secp256k1_musig.h b/include/secp256k1_musig.h index 79c6dc48a..17ddf7d20 100644 --- a/include/secp256k1_musig.h +++ b/include/secp256k1_musig.h @@ -197,11 +197,13 @@ SECP256K1_API int secp256k1_musig_partial_sig_parse( * * Returns: 0 if the arguments are invalid, 1 otherwise * Args: ctx: pointer to a context object initialized for verification - * scratch: scratch space used to compute the aggregate pubkey by - * multiexponentiation. Generally, the larger the scratch - * space, the faster this function. However, the returns of - * providing a larger scratch space are diminishing. If NULL, - * an inefficient algorithm is used. + * scratch: should be NULL because it is not yet implemented. If it + * was implemented then the scratch space would be used to + * compute the aggregate pubkey by multiexponentiation. + * Generally, the larger the scratch space, the faster this + * function. However, the returns of providing a larger + * scratch space are diminishing. If NULL, an inefficient + * algorithm is used. * Out: agg_pk: the MuSig-aggregated x-only public key. If you do not need it, * this arg can be NULL. * keyagg_cache: if non-NULL, pointer to a musig_keyagg_cache struct that diff --git a/src/modules/musig/keyagg_impl.h b/src/modules/musig/keyagg_impl.h index 9a747f4dc..5299edca8 100644 --- a/src/modules/musig/keyagg_impl.h +++ b/src/modules/musig/keyagg_impl.h @@ -190,6 +190,7 @@ int secp256k1_musig_pubkey_agg(const secp256k1_context* ctx, secp256k1_scratch_s secp256k1_gej pkj; secp256k1_ge pkp; size_t i; + (void) scratch; VERIFY_CHECK(ctx != NULL); if (agg_pk != NULL) { @@ -216,7 +217,9 @@ int secp256k1_musig_pubkey_agg(const secp256k1_context* ctx, secp256k1_scratch_s if (!secp256k1_musig_compute_pk_hash(ctx, ecmult_data.pk_hash, pubkeys, n_pubkeys)) { return 0; } - if (!secp256k1_ecmult_multi_var(&ctx->error_callback, scratch, &pkj, NULL, secp256k1_musig_pubkey_agg_callback, (void *) &ecmult_data, n_pubkeys)) { + /* TODO: actually use optimized ecmult_multi algorithms by providing a + * scratch space */ + if (!secp256k1_ecmult_multi_var(&ctx->error_callback, NULL, &pkj, NULL, secp256k1_musig_pubkey_agg_callback, (void *) &ecmult_data, n_pubkeys)) { /* In order to reach this line with the current implementation of * ecmult_multi_var one would need to provide a callback that can * fail. */