secp256k1::musig

Function new_nonce_pair

Source 
pub fn new_nonce_pair(
    session_secrand: SessionSecretRand,
    key_agg_cache: Option<&KeyAggCache>,
    sec_key: Option<SecretKey>,
    pub_key: PublicKey,
    msg: Option<&[u8; 32]>,
    extra_rand: Option<[u8; 32]>,
) -> (SecretNonce, PublicNonce)
Expand description

Low level API for starting a signing session by generating a nonce.

Use KeyAggCache::nonce_gen whenever possible. This API provides full flexibility in providing custom nonce generation, but should be use with care.

This function outputs a secret nonce that will be required for signing and a corresponding public nonce that is intended to be sent to other signers.

MuSig differs from regular Schnorr signing in that implementers must take special care to not reuse a nonce. If you cannot provide a sec_key, session_secrand UNIFORMLY RANDOM AND KEPT SECRET (even from other signers). Refer to libsecp256k1 documentation for additional considerations.

MuSig2 nonces can be precomputed without knowing the aggregate public key, the message to sign. Refer to libsecp256k1 documentation for additional considerations.

ยงArguments:

  • session_secrand: SessionSecretRand Uniform random identifier for this session. Each call to this function must have a UNIQUE session_secrand.
  • sec_key: Optional SecretKey that we will use to sign to a create partial signature. Provide this for maximal mis-use resistance.
  • pub_key: PublicKey that we will use to create partial signature. The secnonce output of this function cannot be used to sign for any other public key.
  • msg: Optional message that will be signed later on. Provide this for maximal misuse resistance.
  • extra_rand: Additional randomness for mis-use resistance. Provide this for maximal misuse resistance

Remember that nonce reuse will immediately leak the secret key!

Example:

// The session id must be sampled at random. Read documentation for more details.
let session_secrand = SessionSecretRand::from_rng(&mut rand::rng());
let sk = SecretKey::new(&mut rand::rng());
let pk = PublicKey::from_secret_key(&sk);

// Supply extra auxiliary randomness to prevent misuse(for example, time of day)
let extra_rand : Option<[u8; 32]> = None;

let (_sec_nonce, _pub_nonce) = new_nonce_pair(session_secrand, None, Some(sk), pk, None, None);