Crypto
- Source:
- Crypto.scala
Type members
Inherited classlikes
Value members
Concrete methods
Convenience method which calculates the parts of the signature that are public knowledge (can be reconstructed) by anybody. Basically a tagged hash turned into a private key see: BIP340/challenge
Convenience method which calculates the parts of the signature that are public knowledge (can be reconstructed) by anybody. Basically a tagged hash turned into a private key see: BIP340/challenge
- Source:
- Crypto.scala
Find the value of k
which would be used to construct a valid BIP340
schnorr signature. A schnorr signature is 64-bytes given by (R,s)
where
the first 32 bytes are R = k*G
. This function returns the value k
.
Find the value of k
which would be used to construct a valid BIP340
schnorr signature. A schnorr signature is 64-bytes given by (R,s)
where
the first 32 bytes are R = k*G
. This function returns the value k
.
- Value parameters:
- data,
the message to be signed
- Returns:
k, the private nonce to be used in a BIP340 schnorr signature
- Source:
- Crypto.scala
Tweak an otherwise valid BIP340 signature with a curve point tweakPoint
.
The result is an "Adaptor Signature". Somebody with knowledge of the
discrete logarithm (the private key) for tweakPoint
will be able to
repair the adaptor signature to reconstruct a valid BIP340 signature. See:
BIP340 https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki See:
https://suredbits.com/schnorr-applications-scriptless-scripts/
Tweak an otherwise valid BIP340 signature with a curve point tweakPoint
.
The result is an "Adaptor Signature". Somebody with knowledge of the
discrete logarithm (the private key) for tweakPoint
will be able to
repair the adaptor signature to reconstruct a valid BIP340 signature. See:
BIP340 https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki See:
https://suredbits.com/schnorr-applications-scriptless-scripts/
- Value parameters:
- privateKey
private key used for signing
- tweakPoint
the curve point by which to "tweak" the signature
- Returns:
(R',s',T) as a 96-byte ByteVector
- Source:
- Crypto.scala
160 bits bitcoin hash, used mostly for address encoding hash160(input) = RIPEMD160(SHA256(input))
160 bits bitcoin hash, used mostly for address encoding hash160(input) = RIPEMD160(SHA256(input))
- Value parameters:
- input
array of byte
- Returns:
the 160 bits BTC hash of input
- Source:
- Crypto.scala
256 bits bitcoin hash hash256(input) = SHA256(SHA256(input))
256 bits bitcoin hash hash256(input) = SHA256(SHA256(input))
- Value parameters:
- input
array of byte
- Returns:
the 256 bits BTC hash of input
- Source:
- Crypto.scala
- Value parameters:
- key
serialized public key
- Returns:
true if the key is valid. Please not that this performs very basic tests and does not check that the point represented by this key is actually valid.
- Source:
- Crypto.scala
Repair an "Adaptor Signature" using knowledge of the discrete logarithm of
the tweakPoint
. Note, this does not first check whether the adaptor
signature is valid. For that you should first call
verifySchnorrAdaptorSignature
. See: BIP340
https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki See:
https://suredbits.com/schnorr-applications-scriptless-scripts/
Repair an "Adaptor Signature" using knowledge of the discrete logarithm of
the tweakPoint
. Note, this does not first check whether the adaptor
signature is valid. For that you should first call
verifySchnorrAdaptorSignature
. See: BIP340
https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki See:
https://suredbits.com/schnorr-applications-scriptless-scripts/
- Value parameters:
- adaptorSig
a 96-byte
ByteVector
(R', s', T)
where each component is 32-bytesR'
is the expected nonce point for a final (repaired) signatures'
isk’ + H(X, R’ + T, m)*x
wherek'*G = R
T
is thetweakPoint
- data
the message which is signed (usually a hash of a bitcoin transaction)
- publicKey
the public key of the signer
- scalarTweak
the discrete logarithm of the
tweakPoint
(scalarTweak*G == tweakPoint
)
- Source:
- Crypto.scala
Sign data with a private key, using RCF6979 deterministic signatures
Sign data with a private key, using RCF6979 deterministic signatures
- Value parameters:
- data
data to sign
- privateKey
private key. If you are using bitcoin "compressed" private keys make sure to only use the first 32 bytes of the key (there is an extra "1" appended to the key)
- Returns:
a signature in compact format (64 bytes)
- Source:
- Crypto.scala
Sign according to BIP340 specification https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
Sign according to BIP340 specification https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
- Value parameters:
- data
data to sign (32 bytes)
- privateKey
private key
- Source:
- Crypto.scala
Tagged hash of input as defined in BIP340
Tagged hash of input as defined in BIP340
- Source:
- Crypto.scala
Tweak a valid schnorr signature (R,s)
with a scalar value t
to create
an adaptor signature (R - t*G, s - t, t*G). Anybody with knowledge of
t`
will be able to repair the resulting adaptor signature to reconstruct the
valid original signature. Because knowledge of the signing key was not
necessary to create the adaptor signature, this shows that adaptor
signatures posess a denaibility property. see:
https://suredbits.com/schnorr-applications-scriptless-scripts/
Tweak a valid schnorr signature (R,s)
with a scalar value t
to create
an adaptor signature (R - t*G, s - t, t*G). Anybody with knowledge of
t`
will be able to repair the resulting adaptor signature to reconstruct the
valid original signature. Because knowledge of the signing key was not
necessary to create the adaptor signature, this shows that adaptor
signatures posess a denaibility property. see:
https://suredbits.com/schnorr-applications-scriptless-scripts/
- Source:
- Crypto.scala
(Unsafe) Sign according to BIP340 specification
https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki Note: this
is unsafe! It is uses a less-tested, inefficient, but platform-independent
implementation to do the signing. Prefer signSchnorr
for anything in
production.
(Unsafe) Sign according to BIP340 specification
https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki Note: this
is unsafe! It is uses a less-tested, inefficient, but platform-independent
implementation to do the signing. Prefer signSchnorr
for anything in
production.
- Source:
- Crypto.scala
(Unsafe) verification of signature according to BIP340 specification
https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki Note: this
is unsafe! It is a uses less-tested, inefficient, but platform-independent
implementation. Prefer verifySignatureSchnorr
for anything in
production.
(Unsafe) verification of signature according to BIP340 specification
https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki Note: this
is unsafe! It is a uses less-tested, inefficient, but platform-independent
implementation. Prefer verifySignatureSchnorr
for anything in
production.
- Source:
- Crypto.scala
Verify an "Adaptor Signature." If verification is successful and the
verifier knows the discrete logarithm (private key) for the tweakPoint
,
then verifier will be able to repair the adaptor signature into a complete
and valid BIP340 schnorr signature by calling
repairSchnorrAdaptorSignature
. See: BIP340
https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki See:
https://suredbits.com/schnorr-applications-scriptless-scripts/
Verify an "Adaptor Signature." If verification is successful and the
verifier knows the discrete logarithm (private key) for the tweakPoint
,
then verifier will be able to repair the adaptor signature into a complete
and valid BIP340 schnorr signature by calling
repairSchnorrAdaptorSignature
. See: BIP340
https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki See:
https://suredbits.com/schnorr-applications-scriptless-scripts/
- Value parameters:
- adaptorSig
a 96-byte
ByteVector
(R', s', T)
where each component is 32-bytesR'
is the expected nonce point for a final (repaired) signatures'
isk’ + H(X, R’ + T, m)*x
wherek'*G = R
T
is thetweakPoint
- data
the message which is signed (usually a hash of a bitcoin transaction)
- publicKey
the public key of the signer
- Source:
- Crypto.scala
- Value parameters:
- data
data
- publicKey
public key
- signature
signature
- Returns:
true is signature is valid for this data with this public key
- Source:
- Crypto.scala
Verify a BIP340 schnorr signature
Verify a BIP340 schnorr signature
- Source:
- Crypto.scala
Inherited methods
- Value parameters:
- key
serialized public key
- Returns:
true if the key is valid. This check is much more expensive than its lax version since here we check that the public key is a valid point on the secp256k1 curve
- Inherited from:
- CryptoPlatform (hidden)
- Source:
- CryptoPlatform.scala
Recover public keys from a signature and the message that was signed. This method will return 2 public keys, and the signature can be verified with both, but only one of them matches that private key that was used to generate the signature.
Recover public keys from a signature and the message that was signed. This method will return 2 public keys, and the signature can be verified with both, but only one of them matches that private key that was used to generate the signature.
- Value parameters:
- message
message that was signed
- signature
signature
- Returns:
a recovered public key
- Inherited from:
- CryptoPlatform (hidden)
- Source:
- CryptoPlatform.scala
- Inherited from:
- CryptoPlatform (hidden)
- Source:
- CryptoPlatform.scala
- Inherited from:
- CryptoPlatform (hidden)
- Source:
- CryptoPlatform.scala