Instance Method
partialSignature(for:pubnonce:secureNonce:publicNonceAggregate:xonlyKeyAggregate:)
Produces a 36-byte P256K.Schnorr.PartialSignature via secp256k1_musig_partial_sign, consuming and zeroing the secret nonce to prevent reuse.
- iOS 13.0+
- macCatalyst 13.0+
- macOS 10.15+
- tvOS 13.0+
- visionOS 1.0+
- watchOS 6.0+
func partialSignature<D>(for digest: D, pubnonce: P256K.Schnorr.Nonce, secureNonce: consuming P256K.Schnorr.SecureNonce, publicNonceAggregate: P256K.MuSig.Nonce, xonlyKeyAggregate: P256K.MuSig.XonlyKey) throws -> P256K.Schnorr.PartialSignature where D : Digest
Parameters
-
digest
-
The message digest to sign.
-
pubnonce
-
This signer’s own public nonce from nonce generation.
-
secureNonce
-
This signer’s secret nonce (~Copyable); consumed and zeroed on return.
-
publicNonceAggregate
-
The P256K.MuSig.Nonce aggregated from all signers’ public nonces.
-
xonlyKeyAggregate
-
The x-only form of the aggregate(_:) result.
Return Value
A P256K.Schnorr.PartialSignature to send to the aggregator.
Discussion
Warning
The secret nonce is zeroed after this call. secp256k1_musig_partial_sign overwrites secureNonce with zeros as a best-effort defence against nonce reuse; if secureNonce was copied beforehand, that copy must never be used again. Nonce reuse leaks the secret signing key.
This method does not verify the output partial signature, deviating from the BIP-327 specification. Call isValidSignature(_:publicKey:nonce:for:) afterwards to detect computation errors.
Throws
secp256k1Error.underlyingCryptoError if signing fails or the secnonce was already used.