From 1002104ece1fe3de7a091084d97e031c7291c9c0 Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Sun, 1 Sep 2024 00:44:30 +0200 Subject: [PATCH 1/2] nip44: clarify ecdh hashing --- 44.md | 1 + 1 file changed, 1 insertion(+) diff --git a/44.md b/44.md index f3071ea9..339d3002 100644 --- a/44.md +++ b/44.md @@ -142,6 +142,7 @@ validation rules, refer to BIP-340. The operation produces a shared point, and we encode the shared point's 32-byte x coordinate, using method `bytes(P)` from BIP340. Private and public keys must be validated as per BIP340: pubkey must be a valid, on-curve point, and private key must be a scalar in range `[1, secp256k1_order - 1]`. + Some libraries, like libsecp256k1, apply sha256 on the output. The hashing is unnecessary in NIP44. - Operators - `x[i:j]`, where `x` is a byte array and `i, j <= 0` returns a `(j - i)`-byte array with a copy of the `i`-th byte (inclusive) to the `j`-th byte (exclusive) of `x`. From be17e5dcd9943c1d4854eccd5714241d4fe246e1 Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Sun, 1 Sep 2024 16:13:12 +0200 Subject: [PATCH 2/2] Clarify function name in libsecp256k1 --- 44.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/44.md b/44.md index 339d3002..ccd1f505 100644 --- a/44.md +++ b/44.md @@ -142,7 +142,8 @@ validation rules, refer to BIP-340. The operation produces a shared point, and we encode the shared point's 32-byte x coordinate, using method `bytes(P)` from BIP340. Private and public keys must be validated as per BIP340: pubkey must be a valid, on-curve point, and private key must be a scalar in range `[1, secp256k1_order - 1]`. - Some libraries, like libsecp256k1, apply sha256 on the output. The hashing is unnecessary in NIP44. + NIP44 doesn't do hashing of the output: keep this in mind, because some libraries hash it using sha256. + As an example, in libsecp256k1, unhashed version is available in `secp256k1_ec_pubkey_tweak_mul` - Operators - `x[i:j]`, where `x` is a byte array and `i, j <= 0` returns a `(j - i)`-byte array with a copy of the `i`-th byte (inclusive) to the `j`-th byte (exclusive) of `x`.