modnscalar.mx raw

   1  // Copyright (c) 2013-2021 The btcsuite developers
   2  // Copyright (c) 2015-2021 The Decred developers
   3  
   4  package btcec
   5  
   6  import (
   7  	"smesh.lol/pkg/nostr/ec/secp256k1"
   8  )
   9  
  10  // ModNScalar implements optimized 256-bit constant-time fixed-precision
  11  // arithmetic over the secp256k1 group order. This means all arithmetic is
  12  // performed modulo:
  13  //
  14  //	0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
  15  //
  16  // It only implements the arithmetic needed for elliptic curve operations,
  17  // however, the operations that are not implemented can typically be worked
  18  // around if absolutely needed.  For example, subtraction can be performed by
  19  // adding the negation.
  20  //
  21  // Should it be absolutely necessary, conversion to the standard library
  22  // math/big.Int can be accomplished by using the Bytes method, slicing the
  23  // resulting fixed-size array, and feeding it to big.Int.SetBytes.  However,
  24  // that should typically be avoided when possible as conversion to big.Ints
  25  // requires allocations, is not constant time, and is slower when working modulo
  26  // the group order.
  27  type ModNScalar = secp256k1.ModNScalar
  28  
  29  // NonceRFC6979 generates a nonce deterministically according to RFC 6979 using
  30  // HMAC-SHA256 for the hashing function.  It takes a 32-byte hash as an input
  31  // and returns a 32-byte nonce to be used for deterministic signing.  The extra
  32  // and version arguments are optional, but allow additional data to be added to
  33  // the input of the HMAC.  When provided, the extra data must be 32-bytes and
  34  // version must be 16 bytes or they will be ignored.
  35  //
  36  // Finally, the extraIterations parameter provides a method to produce a stream
  37  // of deterministic nonces to ensure the signing code is able to produce a nonce
  38  // that results in a valid signature in the extremely unlikely event the
  39  // original nonce produced results in an invalid signature (e.g. R == 0).
  40  // Signing code should start with 0 and increment it if necessary.
  41  func NonceRFC6979(
  42  	privKey []byte, hash []byte, extra []byte, version []byte,
  43  	extraIterations uint32,
  44  ) *ModNScalar {
  45  
  46  	return secp256k1.NonceRFC6979(
  47  		privKey, hash, extra, version,
  48  		extraIterations,
  49  	)
  50  }
  51