WIP: Add aggsig example code #505

1. 
   jonasnick commented at 7:37 pm on January 29, 2018: contributor

   Based on #461 + some things I suggested for that PR.

   I think it’d be a good idea to have some example code to show how to use the aggsig module. For example, the seed of the nonce RNG could be misused and it’s not all that intuitive how a scratch space is used. This PR addresses this by adding an aggsig.c file into an examples/ directory and building it as example_aggsig (it’s also run as part of make check).

   Since #461 does not allow for multi party signing at the moment, aggsig.c demonstrates single user signing and verification for now.

2. aggregate signatures: add module, implement single-user signing 5fa7589f75
3. jonasnick force-pushed on Jan 29, 2018
4. Add aggsig state machine tests 8d2643f15a
5. Remove n_sigs argument from aggsig API c5edd377cc
6. Allow choosing number of signatures in bench_aggsig d48cf5144e
7. Stress that seed in aggsig_context_create must be secret 9859357d15
8. Add function to compute optimal scratch space for aggsig_verify 5fab073de4
9. in examples/aggsig.c:42 in fa7dba6311 outdated

   37+    assert(ret);
   38+    fclose(frand);
   39+    return 1;
   40+}
   41+
   42+/* Sign a message hash with the given key pairs and and store the result in sig */
   

   ---

   ---

   

   kallewoof commented at 5:57 pm on March 7, 2018:

   and and
10. in examples/aggsig.c:83 in fa7dba6311 outdated

    78+    secp256k1_aggsig_context_destroy(aggctx);
    79+    return 1;
    80+}
    81+
    82+/* Verify an aggregated signature of n_pubkeys pubkeys over msghash */
    83+int verify(const secp256k1_context* ctx, const unsigned char *sig, const unsigned char *msghash, const secp256k1_pubkey *pubkeys, size_t n_pubkeys) {
    

    ---

    ---

    

    kallewoof commented at 6:00 pm on March 7, 2018:

    You use N_PUBKEYS in other functions but here you add a size_t n_pubkeys. Particular reason or just ended up that way? (You only call this with N_PUBKEYS as argument I think.)
11. in examples/aggsig.c:95 in fa7dba6311 outdated

    90+     * the scratch space must fit at least one public key. */
    91+    if (scratch_size > 9000) {
    92+        scratch_size = 9000;
    93+    }
    94+    scratch = secp256k1_scratch_space_create(ctx, 0, scratch_size);
    95+    if(scratch == NULL) {
    

    ---

    ---

    

    kallewoof commented at 6:01 pm on March 7, 2018:

    Nit: You’re mixing if() and if () style, and the same for for() and for (). Personally prefer the latter, but probably shouldn’t mix.

    ---

    

    jonasnick commented at 11:42 pm on March 12, 2018:

    good catch, thanks!
12. in examples/aggsig.c:111 in fa7dba6311 outdated

    106+int main(void) {
    107+    secp256k1_context* ctx;
    108+    int i;
    109+    unsigned char seckeys[N_PUBKEYS][32];
    110+    secp256k1_pubkey pubkeys[N_PUBKEYS];
    111+    unsigned char msghash[32] = "this_should_actually_be_msg_hash";
    

    ---

    ---

    

    kallewoof commented at 6:03 pm on March 7, 2018:

    This will actually overbuffer, writing a \0 into the 33rd byte of msghash. Surprised compilers don’t warn about that.

    ---

    

    jonasnick commented at 11:42 pm on March 12, 2018:

    Hm, http://port70.net/~nsz/c/c89/c89-draft.html#3.5.6 says terminating null characters are only added “if there is room”.

    ---

    

    kallewoof commented at 0:46 am on March 13, 2018:

    That would explain the lack of compiler warnings! First thing I ever heard of such an arbitrary rule. C can be freaky.
13. kallewoof approved
14. 
    kallewoof commented at 6:04 pm on March 7, 2018: member

    Tested ACK
15. jonasnick force-pushed on Mar 12, 2018
16. Add aggsig example code c5a4486d7f
17. 
    jonasnick commented at 3:13 pm on July 30, 2019: contributor

    Closing as this will be probably superseded by MuSig
18. jonasnick closed this on Jul 30, 2019

    ---

Contributors
jonasnick kallewoof