doc.go raw

   1  // Package schnorr provides BIP-340 Schnorr signature operations on secp256k1.
   2  //
   3  // This package is a domain-focused wrapper around the core p256k1 primitives,
   4  // providing a clean API for Schnorr signature creation and verification.
   5  //
   6  // # Bounded Context: Digital Signatures (Schnorr/BIP-340)
   7  //
   8  // BIP-340 Schnorr signatures offer several advantages over ECDSA:
   9  //   - Simpler, more elegant mathematical structure
  10  //   - Native support for signature aggregation (future)
  11  //   - Faster batch verification
  12  //   - Smaller signatures with x-only public keys
  13  //
  14  // # Value Objects
  15  //
  16  //   - Signature: A 64-byte Schnorr signature (r || s)
  17  //   - XOnlyPubkey: A 32-byte x-only public key
  18  //   - KeyPair: A secret/public key pair
  19  //
  20  // # Domain Services
  21  //
  22  //   - Sign: Create a signature
  23  //   - Verify: Verify a single signature
  24  //   - VerifyBatch: Verify multiple signatures efficiently
  25  //
  26  // # Usage
  27  //
  28  //	import "next.orly.dev/pkg/p256k1/schnorr"
  29  //
  30  //	// Create a key pair
  31  //	keypair, err := schnorr.NewKeyPair(privateKey)
  32  //	if err != nil {
  33  //	    // handle error
  34  //	}
  35  //
  36  //	// Sign a message
  37  //	sig, err := schnorr.Sign(message32, keypair, auxRand)
  38  //	if err != nil {
  39  //	    // handle error
  40  //	}
  41  //
  42  //	// Verify the signature
  43  //	xonlyPub := keypair.XOnlyPubkey()
  44  //	valid := schnorr.Verify(sig, message32, xonlyPub)
  45  //
  46  // # Thread Safety
  47  //
  48  // All functions in this package are safe for concurrent use.
  49  //
  50  // # Security Notes
  51  //
  52  //   - Uses BIP-340 compliant nonce generation
  53  //   - X-only public keys (32 bytes) implicitly have even Y coordinate
  54  //   - Auxiliary randomness (auxRand) provides additional security against side-channel attacks
  55  package schnorr
  56