musig: Reject empty pubkey list in GetMuSig2KeyAggCache #35316

pull nervana21 wants to merge 1 commits into bitcoin:master from nervana21:reject-empty-pubkey-list changing 2 files +10 −0
  1. nervana21 commented at 3:33 PM on May 18, 2026: contributor

    Per BIP327, MuSig2 key aggregation is defined for u public keys where 0 < u < 2^32.

    Previously, the code did not handle u == 0.

    This patch updates the code to reject an empty pubkey list and adds a regression test.

  2. musig: Reject empty pubkey list in GetMuSig2KeyAggCache 8ce84321ce
  3. DrahtBot commented at 3:33 PM on May 18, 2026: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--006a51241073e994b41acfe9ec718e94-->

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/35316.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK rkrux, achow101
    Concept ACK real-or-random

    If your review is incorrectly listed, please copy-paste <code>&lt;!--meta-tag:bot-skip--&gt;</code> into the comment that the bot should ignore.

    <!--5faf32d7da4f0f540f40219e4f7537a3-->

  4. fanquake commented at 12:35 PM on May 20, 2026: member

    cc @jonasnick @real-or-random

  5. in src/musig.cpp:39 in 8ce84321ce
    real-or-random commented at 1:20 PM on May 20, 2026:

    Yes, this secp256k1_musig_pubkey_agg call will crash when the last argument is 0.

  6. real-or-random commented at 1:21 PM on May 20, 2026: contributor

    Concept ACK

    edit: Okay, I'm not sure if returning false in the cache is the proper thing to do because I don't know about the callers of GetMuSig2KeyAggCache. But I can say that we shouldn't call secp256k1_musig_pubkey_agg with a 0 as the last argument. Aggregating zero keys is not very meaningful and we shouldn't let the user do this.

  7. rkrux approved
  8. rkrux commented at 12:14 PM on May 21, 2026: contributor

    lgtm ACK 8ce84321ceaf16c0ee3418d30011c357fdc46deb

    Most of the transitive callers of GetMuSig2KeyAggCache function already have related checks in place such as the ones called in the creation of nonce, partial sig, and aggregate sig. So adding this check should not be fixing any burning issue, but adding it is also not harmful and makes the implementation BIP compliant (even more).

  9. DrahtBot requested review from real-or-random on May 21, 2026
  10. achow101 commented at 5:47 PM on May 21, 2026: member

    ACK 8ce84321ceaf16c0ee3418d30011c357fdc46deb

  11. achow101 merged this on May 21, 2026
  12. achow101 closed this on May 21, 2026
  13. nervana21 deleted the branch on May 21, 2026
  14. fanquake commented at 9:46 AM on May 22, 2026: member

    Backported this is 31.x in #35331.

  15. fanquake referenced this in commit d61687a2ac on May 22, 2026
Contributors
nervana21DrahtBotfanquakereal-or-randomrkruxachow101


real-or-random

Linked (view graph)
#35331 [31.x] Backports
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-22 22:51 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me