nonceGenerate static method

MuSig2Nonce nonceGenerate({
  1. required List<int> publicKey,
  2. List<int>? rand,
  3. List<int>? sk,
  4. List<int>? aggPubKey,
  5. List<int>? msg,
  6. List<int>? extra,
})

Generates a MuSig2 nonce for signing

Implementation

static MuSig2Nonce nonceGenerate(
    {required List<int> publicKey,
    List<int>? rand,
    List<int>? sk,
    List<int>? aggPubKey,
    List<int>? msg,
    List<int>? extra}) {
  if (publicKey.length != EcdsaKeysConst.pubKeyCompressedByteLen) {
    throw MuSig2Exception("Invalid public key length.", details: {
      "expected": EcdsaKeysConst.pubKeyCompressedByteLen,
      "length": publicKey.length
    });
  }
  rand ??= QuickCrypto.generateRandom();
  if (sk != null) {
    rand = BytesUtils.xor(
        sk, P2TRUtils.taggedHash(MuSig2Const.musigAuxDomain, rand));
  }
  if (msg == null) {
    msg = [0];
  } else {
    msg = [
      1,
      ...BigintUtils.toBytes(BigInt.from(msg.length), length: 8),
      ...msg
    ];
  }
  extra ??= [];
  aggPubKey ??= [];
  final k1 = MuSig2Utils.nonceHash(
          rand: rand,
          publicKey: publicKey,
          aggPk: aggPubKey,
          i: 0,
          messagePrefix: msg,
          extraIn: extra) %
      MuSig2Const.order;
  final k2 = MuSig2Utils.nonceHash(
          rand: rand,
          publicKey: publicKey,
          aggPk: aggPubKey,
          i: 1,
          messagePrefix: msg,
          extraIn: extra) %
      MuSig2Const.order;
  final rs1 = MuSig2Const.generator * k1;
  final rs2 = MuSig2Const.generator * k2;
  final pubNonce = [...rs1.toBytes(), ...rs2.toBytes()];
  final secNonce = [
    ...BigintUtils.toBytes(k1, length: BigintUtils.bitlengthInBytes(k1)),
    ...BigintUtils.toBytes(k2, length: BigintUtils.bitlengthInBytes(k1)),
    ...publicKey
  ];
  return MuSig2Nonce(secnonce: secNonce, pubnonce: pubNonce);
}