flowchart TD
classDef root fill:#f96;
classDef expr fill:#ff0;
classDef leaf fill:#0f0;
A:::root
A2:::root
A3:::root
A4:::root
A5:::root
A6:::root
P22:::leaf
A(The secret key 'sk': a 32-byte array) --> B(sk)
B --> C["Let pk = bytes(int(sk).G"]
C:::expr --> D(pk)
D --> E("Let P = lift_x(int(pk))")
E:::expr --> F(P)
B --> C2["Let d' = int(sk)"]
A5("tweak 't': a 32-byte array") --> B5(t)
B5 --> C5["Let T = t.G"]
C5:::expr --> D5(T)
C2:::expr --> D2(d')
B2 --> join2
B2 --> join10
subgraph createAdaptor
D5 --> join11
D2 --> E2["Let P = d'.G"]
E2:::expr --> F2(P)
D2 --> join1
F2 --> join1
join1((o)) --> G2["Let d = d' if has_even_y(P), \n otherwise let d = n - d'"]
G2:::expr --> H2(d)
H2 --> join9((o))
join9 --> I2["Let t be the byte-wise xor \n of bytes(d) and hash[BIP340/aux](a)"]
I2:::expr --> J2(t)
J2 --> join2
F2 --> join2
join2((o)) --> Z22["Let rand = hash[BIP0340/nonce] \n (t || bytes(P) || m )"]
Z22:::expr --> Y22(rand)
Y22 --> K2["Let k' = int(rand) mod n"]
K2:::expr --> L2(k')
L2 --> M2["Let R = k'.G"]
M2:::expr --> N2(R)
F2 --> join10
N2 --> join10((o))
join10 --> O2["Let e = int(hash[BIP340/challenge]\n(bytes(R) || bytes(P) || m)) mod n"]
O2:::expr --> R2(e)
N2 --> P2["Let k = k' if has_even_y(R), \n otherwise let k = n - k'"]
P2:::expr --> Q2(k)
N2 --> join11((o))
join11 --> U2["Let R' = R + T"]
U2:::expr --> S2(R')
R2 --> join7((o))
Q2 --> join7
join7 --> T2["Let s = bytes((k + e.d) mod n)"]
T2:::expr --> V2(S)
V2 --> join12((o))
join12 --> W2["Let sig' = bytes(R') || s"]
end
S2 --> join12
W2:::expr --> X2(sig')
X2 --> Y2["Let s = int(sig'[32:64])"]
Y2:::expr --> A22(s)
X2 --> Z2["Let r' = int(sig'[0:32])"]
Z2:::expr --> B22(r')
B5 --> join6
subgraph recoverSignatureFromAdaptor
B22 --> join6((o))
join6 --> C22["Let r = r' + t"]
C22:::expr --> D22(r)
A22 --> join8((o))
D22 --> join8
join8 --> E22["Let sig = r || s"]
end
E22:::expr --> F22(sig)
F22 --> H22["Let r = int(sig[0:32])"]
H22:::expr --> J22(r)
F22 --> G22["Let s = int(sig[32:64])"]
G22:::expr --> I22(s)
B2 --> join3
subgraph verifySignature
F --> join4((o))
I22 --> join4
L22 --> join4
F --> join3
J22 --> join3((o))
join3 --> K22["Let e = int(hash[BIP0340/challenge]\n(bytes(r) || bytes(P) || m)) mod n"]
K22:::expr --> L22(e)
join4 --> M22["Let R = s.G - e.P"]
M22:::expr --> N22(R)
N22 --> join5((o))
J22 --> join5
join5 --> O22["!is_infinite(R) && has_even_y(R) && x(R) == r"]
O22:::expr --> P22(success)
end
A2(The message 'm': a 32-byte array) --> B2(m)
A3("Auxiliary random data 'a': a 32-byte array.") --> C3(a)
C3 --> join9
A4("The curve order 'n':
0xFFFFFFFF FFFFFFFF \n
FFFFFFFF FFFFFFFE \n
BAAEDCE6 AF48A03B \n
BFD25E8C D0364141\n") --> B4(n)
A6("Base point 'G'") --> B6(G)
Last active
May 15, 2022 06:17
-
-
Save Eunoia1729/53ae0fc4cdd6a4a6c31be38c455a5c44 to your computer and use it in GitHub Desktop.
Schnorr & Adapter Signature flowchart
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment