Adaptor Signatures
Bitcoin-S now has support for an old experimental version of ECDSA Adaptor Signatures. This old version will soon be replaced by a newer version which is being specified but in the meantime, bitcoin-s' version can still be used to experiment with applications of ECDSA adaptor signatures as it has a similar interface.
There are four relevant functions to adaptor signatures:
sign
- This function belongs to
ECPrivateKey
and creates an adaptor signature given a message (ByteVector
) and an adaptor point (ECPublicKey
).
- This function belongs to
verify
- Verifies an adaptor signature given the signing public key, the message and the adaptor point.
complete
- This function belongs to
ECPrivateKey
and computes a valid ECDSA signature given a valid adaptor signature whose adaptor point is this private key's public key.
- This function belongs to
extract
- This function belongs to
ECPublicKey
and computes the adaptor secret (private key to this public key) given a valid adaptor signature for this adaptor point, and the valid ECDSA signature computed usingcomplete
.
- This function belongs to
The following code shows each function to do with adaptor signature usage:
// Alice generages an adaptor signature using her private key and the adaptor point
val adaptorSig = privKey.adaptorSign(adaptorPoint, msg)
// Bob verifies this adaptor signature using Alice's public key and the adaptor point
require(pubKey.adaptorVerify(msg, adaptorPoint, adaptorSig))
// Bob computes a valid ECDSA signature using the adaptorSignature, which he knows
val sig = adaptorSecret.completeAdaptorSignature(adaptorSig)
// Anyone can validate this signature
require(pubKey.verify(msg, sig))
// Alice can compute the adaptor secret from the signatures
val secret = adaptorPoint.extractAdaptorSecret(adaptorSig, sig)
require(secret == adaptorSecret)