tweaking seckey vs. tweaking keypair and their impact on seckey #1021

scgbckbone commented at 9:06 PM on November 30, 2021: none

keypair = keypair_create(seckey)
tweaked_keypair = keypair_xonly_tweak_add(keypair, tweak)
tweaked_seckey = ec_seckey_tweak_add(seckey, tweak)
# seckeys tweaked by different methods do NOT equal
tweaked_seckey != keypair_sec(tweaked_keypair)  # --> True (they do NOT equal)
# seckey from keypair is however changed after tweaking
seckey != keypair_sec(tweaked_keypair)  # --> True (do NOT equal)

Why tweaking keypair does NOT tweak seckey same as tweaking seckey via ec_seckey_tweak_add ? Also what does it do with seckey as it is changed (last line of pseudo code).

documentation comment for secp256k1_keypair_xonly_tweak_add: Tweak a keypair by adding tweak32 to the secret key and updating the public key accordingly.

sipa commented at 9:08 PM on November 30, 2021: contributor

The difference isn't due to a difference between seckeys and keypairs as such, but due to the fact that the seckey tweaking functions are x-only compatible, and the individual sec/pubkey tweak functions are not. When tweaking x-only keys, the implicit negations are handled when odd Y coordinates are reached.

scgbckbone commented at 9:37 PM on November 30, 2021: none

got it - thanks

scgbckbone closed this on Nov 30, 2021

scgbckbone commented at 10:02 PM on November 30, 2021: none

This how to get correct tweaked seckey from both methods:

keypair = keypair_create(seckey)
xonly_pub, pk_parity = keypair_xonly_pub(keypair)
tweaked_keypair = keypair_xonly_tweak_add(keypair, tweak)
if pk_parity == 0:
    tweaked_seckey = ec_seckey_tweak_add(seckey, valid_tweak)
else:
    tweaked_seckey = ec_seckey_tweak_add(ec_seckey_negate(seckey), valid_tweak)
tweaked_seckey == keypair_sec(tweaked_keypair)  # --> True (they DO equal)