musig: Require generated secnonce for partial sig #35422

pull nervana21 wants to merge 2 commits into bitcoin:master from nervana21:reject-partial-signing changing 4 files +47 −12
  1. nervana21 commented at 9:16 PM on May 30, 2026: contributor

    Per BIP327, a secnonce consisting of only zero bytes is invalid for Sign and will cause it to fail.

    Previously, MuSig2SecNonce::IsValid() only reported whether secure memory was allocated for the secnonce, not whether CreateMuSig2Nonce had succeeded in creating the secnonce.

    This patch tracks successful secnonce generation, rejects CreateMuSig2PartialSig when generation has not succeeded, renames the query method to HasNonce, and adds a regression test.

    Test plan

    /build/bin/test_bitcoin --run_test=bip328_tests/secnonce_lifecycle

  2. musig: Require generated secnonce for partial sig
    IsValid() reported allocated secure memory, which is true for every
default-constructed object. Record successful CreateMuSig2Nonce in
m_has_nonce, clear it in Invalidate(), and have IsValid() report that
flag. Return nullopt from CreateMuSig2PartialSig when generation has
not yet succeeded.

Add a bip328 unit test for the generate-sign-invalidate lifecycle.
    a7d1085dbc
  3. musig: Rename MuSig2SecNonce IsValid to HasNonce
    IsValid() on keys and pubkeys typically checks that the key material is
well-formed. HasNonce() reports whether CreateMuSig2Nonce has succeeded.
    d5d708093a
  4. DrahtBot commented at 9:16 PM on May 30, 2026: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--006a51241073e994b41acfe9ec718e94-->

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/35422.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process. A summary of reviews will appear here.

    <!--5faf32d7da4f0f540f40219e4f7537a3-->

  5. nervana21 commented at 9:17 PM on May 30, 2026: contributor

    cc @real-or-random @jonasnick

  6. achow101 commented at 9:30 PM on May 30, 2026: member

    It shouldn't be possible to hit any error with this as the nonce is not stored if nonce generation fails.

    Instead of a bool that needs to track state, the unique ptr can be created in CreateMuSig2Nonce and set after the successful nonce generation.

Contributors
nervana21DrahtBotachow101
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-31 17:50 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me