Zenroom icon indicating copy to clipboard operation
Zenroom copied to clipboard
verified publisher icon dyne

Implement schnorr signatures over 1st order curve secp256k1 in C

Open jaromil opened this issue 2 years ago • 3 comments

The goal is to make a schnorr signature that aligns with the implementation used in Bitcoin and nostr

The current Schnorr signature implementation uses overloaded arithmetic over ECP using the BLS curve in Zenroom. But most of the implementations out there (bitcoin, nostr..) use the secp256k1 curve, whose arithmetic is only implemented in C. To improve compatibility and efficiency, we need an implementation of schnorr sigs in C: one can follow the code in Lua and translate it.

Verification for the implementation can be done using vectors from Bitcoin BIP34 here https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv

jaromil avatar Sep 30 '23 06:09 jaromil

Zenroom Schnorr signature are performed over BLS (using zenroom.ecp) while the one you linked (and the standard) are over Secp256k1, thus the vector tests will fail. What we are missing to have it aligned with the standard is the possibility to perform operations over Secp256k1 in zenroom.

matteo-cristino avatar Sep 30 '23 07:09 matteo-cristino

@matteo-cristino ACK!! thanks! I forgot this. It is possible to implement schnorr over secp256k1 using C then.

jaromil avatar Sep 30 '23 10:09 jaromil

This may be useful for nostr and therefore interesting to bump up sometimes.

jaromil avatar Jun 03 '25 06:06 jaromil