Updating x-only tweaking for Schnorr (#364)

21-DOT-DEV · May 16, 2023 · 1a14e18 · 1a14e18
1 parent 90afd87
commit 1a14e18
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 5 deletions.
diff --git a/Sources/zkp/Schnorr.swift b/Sources/zkp/Schnorr.swift
@@ -107,8 +107,8 @@ public extension secp256k1.Schnorr {
         /// Generates a secp256k1 x-only public key from a raw representation.
         ///
         /// - Parameter data: A data representation of the x-only public key.
-        public init<D: ContiguousBytes>(dataRepresentation data: D) {
-            self.baseKey = XonlyKeyImplementation(dataRepresentation: data, keyParity: 0)
+        public init<D: ContiguousBytes>(dataRepresentation data: D, keyParity: Int32 = 0) {
+            self.baseKey = XonlyKeyImplementation(dataRepresentation: data, keyParity: keyParity)
         }
 
         /// Determines if two x-only keys are equal.

diff --git a/Sources/zkp/Tweak.swift b/Sources/zkp/Tweak.swift
@@ -106,7 +106,7 @@ public extension secp256k1.Signing.PublicKey {
     }
 }
 
-public extension secp256k1.Signing.XonlyKey {
+public extension secp256k1.Schnorr.XonlyKey {
     /// Create a new `XonlyKey` by adding tweak to the x-only public key.
     /// - Parameters:
     ///   - tweak: the 32-byte tweak object

diff --git a/Tests/zkpTests/secp256k1Tests.swift b/Tests/zkpTests/secp256k1Tests.swift
@@ -460,7 +460,9 @@ final class secp256k1Tests: XCTestCase {
 
         let privateTweak1 = try! sharedSecretSign1.add(xonly: privateSign1.publicKey.xonly.bytes)
         let publicTweak2 = try! sharedSecretSign2.publicKey.add(privateSign1.publicKey.xonly.bytes)
-        let xonlyTweak2 = try! sharedSecretSign2.publicKey.xonly.add(privateSign1.publicKey.xonly.bytes)
+
+        let schnorrPrivate = try! secp256k1.Schnorr.PrivateKey(dataRepresentation: sharedSecretSign2.dataRepresentation)
+        let xonlyTweak2 = try! schnorrPrivate.xonly.add(privateSign1.publicKey.xonly.bytes)
 
         if sharedSecretSign2.publicKey.xonly.parity {
             XCTAssertNotEqual(privateTweak1.publicKey.dataRepresentation, publicTweak2.dataRepresentation)
@@ -560,6 +562,25 @@ final class secp256k1Tests: XCTestCase {
         XCTAssertEqual(privateKey.xonly.bytes, negatedKey.xonly.bytes)
     }
 
+    func testTaprootDerivation() {
+        let privateKeyBytes = try! "41F41D69260DF4CF277826A9B65A3717E4EEDDBEEDF637F212CA096576479361".bytes
+        let privateKey = try! secp256k1.Schnorr.PrivateKey(dataRepresentation: privateKeyBytes)
+        let internalKeyBytes = try! "cc8a4bc64d897bddc5fbc2f670f7a8ba0b386779106cf1223c6fc5d7cd6fc115".bytes
+        let internalKey = privateKey.xonly
+
+        XCTAssertEqual(internalKey.bytes, internalKeyBytes)
+
+        let tweakHash = try! SHA256.taggedHash(
+            tag: "TapTweak".data(using: .utf8)!,
+            data: Data(internalKey.bytes)
+        )
+
+        let outputKeyBytes = try! "a60869f0dbcf1dc659c9cecbaf8050135ea9e8cdc487053f1dc6880949dc684c".bytes
+        let outputKey = try! internalKey.add(tweakHash.bytes)
+
+        XCTAssertEqual(outputKey.bytes, outputKeyBytes)
+    }
+
     static var allTests = [
         ("testUncompressedKeypairCreation", testUncompressedKeypairCreation),
         ("testCompressedKeypairCreation", testCompressedKeypairCreation),
@@ -594,6 +615,7 @@ final class secp256k1Tests: XCTestCase {
         ("testXonlyToPublicKey", testXonlyToPublicKey),
         ("testTapscript", testTapscript),
         ("testCompactSizePrefix", testCompactSizePrefix),
-        ("testSchnorrNegating", testSchnorrNegating)
+        ("testSchnorrNegating", testSchnorrNegating),
+        ("testTaprootDerivation", testTaprootDerivation)
     ]
 }