Packages

package musig

Ordering
  1. Alphabetic
Visibility
  1. Public
  2. Protected

Type Members

  1. sealed trait KeySet extends AnyRef

    Represents an ordered set of MuSig signers and their tweaks.

    Represents an ordered set of MuSig signers and their tweaks. This is the data required to (non-interactively) compute the aggPubKey.

  2. case class LexicographicKeySet(keys: Vector[ECPublicKey], tweaks: Vector[MuSigTweak] = Vector.empty) extends KeySet with Product with Serializable

    The default way of ordering a KeySet is lexicographically

  3. case class MuSigNoncePriv(bytes: ByteVector) extends NetworkElement with MaskedToString with Product with Serializable

    Wraps the ephemeral private keys making up a MuSig2 nonce

  4. case class MuSigNoncePub(bytes: ByteVector) extends NetworkElement with Product with Serializable

    Wraps the ephemeral points making up a MuSig2 nonce

  5. case class MuSigSessionContext(aggNonce: MuSigNoncePub, keySet: KeySet, message: ByteVector) extends Product with Serializable

    The data relevant to computing and verifying MuSig partial signatures

  6. case class MuSigSessionValues(tweakContext: MuSigTweakContext, b: FieldElement, R: SecpPointFinite, e: FieldElement) extends Product with Serializable
  7. case class MuSigTweak(tweak: FieldElement, isXOnlyT: Boolean) extends Product with Serializable

    Used to tweak a MuSig aggregate public key, as defined here https://github.com/jonasnick/bips/blob/musig2/bip-musig2.mediawiki#tweaking-definition

  8. case class MuSigTweakContext(Q: SecpPointFinite, parityAcc: ParityMultiplier, tweakAcc: FieldElement) extends Product with Serializable

    Represents the total tweak sum and net parity multiplier after applying all tweaks

  9. case class MuSigTweakData(context: MuSigTweakContext, aggPubKeyParity: KeyParity, e: FieldElement) extends Product with Serializable

    The data required to apply the net tweak during MuSig signature aggregation

  10. sealed trait ParityMultiplier extends AnyRef

    Represents either FieldElement.one or FieldElement.orderMinusOne.

    Represents either FieldElement.one or FieldElement.orderMinusOne. Using this ADT rather than those actual FieldElements saves computation including some unnecessary point multiplications.

    In general there is a correspondence between Pos <-> EvenParity and Neg <-> OddParity, this is because in general x-only keys are assumed to be even and need to be negated if they are meant to be used as odd keys.

  11. case class UnsortedKeySet(keys: Vector[ECPublicKey], tweaks: Vector[MuSigTweak] = Vector.empty) extends KeySet with Product with Serializable

    This represents an arbitrary KeySet, for use in tests.

    This represents an arbitrary KeySet, for use in tests. If you have a non-lexicographical order, extend KeySet.

Value Members

  1. object KeySet
  2. object MuSigNoncePriv extends Factory[MuSigNoncePriv] with Serializable
  3. object MuSigNoncePub extends Factory[MuSigNoncePub] with Serializable
  4. object MuSigSessionContext extends Serializable
  5. object MuSigTweakContext extends Serializable
  6. object MuSigUtil

    Utilities for MuSig2 operations and BIP-0327-related behaviour.

    Utilities for MuSig2 operations and BIP-0327-related behaviour.

    This object implements nonce generation, nonce aggregation, partial signature generation and verification, and deterministic signing helpers used by the MuSig2 protocol. The implementation follows the BIP-0327 ("MuSig2") reference where applicable; see:

    • BIP-0327: https://github.com/bitcoin/bips/blob/master/bip-0327.mediawiki

    Important details and conventions implemented here:

    • Nonces are represented as pairs (r1, r2) and are collapsed using a polynomial sum with a session scalar b as described in the BIP.
    • The point-at-infinity serialization is encoded as 33 zero bytes in MuSigNoncePub (see MuSigNoncePub.infPtBytes).
    • Parity handling for public keys and the aggregated nonce R is handled via ParityMultiplier and conditional negation when required. This matches the reference implementation behavior where sign adjustments are applied during both signing and verification so that stored original public keys remain unmodified.
    • The functions here are low-level helpers; higher-level session construction and key-aggregation logic is in MuSigSessionContext and KeySet.
  7. case object Neg extends ParityMultiplier with Product with Serializable

    Represents FieldElement.orderMinusOne

  8. object ParityMultiplier
  9. case object Pos extends ParityMultiplier with Product with Serializable

    Represents FieldElement.one

Ungrouped