P256K
P256K
P256K.Schnorr
P256K.Schnorr.PrivateKey

Structure

P256K.Schnorr.PrivateKey

secp256k1 BIP-340 Schnorr private key for signing messages with P256K.Schnorr.SchnorrSignature and for deriving the x-only public key used in verification.

iOS 13.0+
macCatalyst 13.0+
macOS 10.15+
tvOS 13.0+
visionOS 1.0+
watchOS 6.0+

struct PrivateKey

Mentioned In

Overview

Schnorr signatures use secp256k1_schnorrsig_sign_custom with the BIP-340 nonce function (secp256k1_nonce_function_bip340), both declared in Vendor/secp256k1/include/secp256k1_schnorrsig.h. Unlike ECDSA, signing takes a 32-byte auxiliary randomness input that is mixed into the nonce for protection against fault attacks; the default signature(for:) overloads supply fresh random bytes automatically via SecureBytes.

Verification uses x-only public keys (xonly), not full compressed keys. The publicKey property returns the full P256K.Schnorr.PublicKey for contexts that require it (key aggregation, Taproot key-path spending).

Topics

Construction

Inspection

var publicKey: P256K.Schnorr.PublicKey
The full secp256k1 public key derived from this private key, in uncompressed form (65 bytes).
var xonly: P256K.Schnorr.XonlyKey
The 32-byte x-only public key (X coordinate only) for verifying BIP-340 Schnorr signatures created with this key.
var dataRepresentation: Data
The raw 32-byte secret key as Data. Keep this value confidential; disclosure allows anyone to sign on your behalf.
var negation: P256K.Schnorr.PrivateKey
A new P256K.Schnorr.PrivateKey whose secret scalar is the additive inverse modulo the secp256k1 curve order, produced by secp256k1_ec_seckey_negate.

Operators

static func == (P256K.Schnorr.PrivateKey, P256K.Schnorr.PrivateKey) -> Bool
Returns true if both keys have identical 32-byte secret scalars.

Instance Methods

func add([UInt8]) throws -> P256K.Schnorr.PrivateKey
Creates a new P256K.Schnorr.PrivateKey by applying a BIP-341 Taproot x-only tweak to the secret scalar via secp256k1_keypair_xonly_tweak_add (declared in Vendor/secp256k1/include/secp256k1_extrakeys.h).
func partialSignature<D>(for: D, pubnonce: P256K.Schnorr.Nonce, secureNonce: consuming P256K.Schnorr.SecureNonce, publicNonceAggregate: P256K.MuSig.Nonce, publicKeyAggregate: P256K.MuSig.PublicKey) throws -> P256K.Schnorr.PartialSignature
Convenience overload of partialSignature(for:pubnonce:secureNonce:publicNonceAggregate:xonlyKeyAggregate:) that derives the x-only key from a P256K.MuSig.PublicKey.
func partialSignature<D>(for: D, pubnonce: P256K.Schnorr.Nonce, secureNonce: consuming P256K.Schnorr.SecureNonce, publicNonceAggregate: P256K.MuSig.Nonce, xonlyKeyAggregate: P256K.MuSig.XonlyKey) throws -> P256K.Schnorr.PartialSignature
Produces a P256K.Schnorr.PartialSignature via secp256k1_musig_partial_sign, consuming and zeroing the secret nonce to prevent reuse. The resulting partial signature is an opaque 36-byte in-memory struct; its stable wire format is 32 bytes (see dataRepresentation).
func signature<D>(for: D) throws -> P256K.Schnorr.SchnorrSignature
Generates a BIP-340 Schnorr signature from a pre-computed digest using secp256k1_schnorrsig_sign_custom with fresh 32-byte auxiliary randomness.
func signature<D>(for: D, auxiliaryRand: [UInt8]) throws -> P256K.Schnorr.SchnorrSignature
Generates a BIP-340 Schnorr signature from a pre-computed digest using caller-supplied auxiliary randomness.
func signature(message: inout [UInt8], auxiliaryRand: UnsafeMutableRawPointer?, strict: Bool) throws -> P256K.Schnorr.SchnorrSignature
Generates a Schnorr signature over an arbitrary-length message using secp256k1_schnorrsig_sign_custom.