decodeSession static method
Implementation
static MuSig2SessionValues decodeSession(MuSig2Session session) {
final tweak = keyAggAndTweak(
publicKeys: session.publicKeys,
tweaks: session.tweaks,
);
final hash = P2TRUtils.taggedHash(MuSig2Constants.noncecoefDomain, [
...session.aggnonce,
...tweak.xOnly(),
...session.msg,
]);
final b = BigintUtils.fromBytes(hash) % MuSig2Constants.order;
ProjectiveECCPoint r1 = MuSig2Utils.encodePointAsEven(
session.aggnonce.sublist(0, EcdsaKeysConst.pubKeyCompressedByteLen),
allowInfinity: true,
);
ProjectiveECCPoint r2 = MuSig2Utils.encodePointAsEven(
session.aggnonce.sublist(
EcdsaKeysConst.pubKeyCompressedByteLen,
EcdsaKeysConst.pubKeyCompressedByteLen * 2,
),
allowInfinity: true,
);
ProjectiveECCPoint r = (r1 + (r2 * b)).cast();
if (r.isZero()) {
r = MuSig2Constants.generator;
}
final eHash = P2TRUtils.taggedHash(MuSig2Constants.challengeDomain, [
...r.toXonly(),
...tweak.xOnly(),
...session.msg,
]);
final e = BigintUtils.fromBytes(eHash) % MuSig2Constants.order;
return MuSig2SessionValues(
publicKey: tweak.publicKey,
gacc: tweak.gacc,
tacc: tweak.tacc,
b: BigintUtils.toBytes(b, length: MuSig2Constants.baselen),
r: r,
e: BigintUtils.toBytes(e, length: MuSig2Constants.baselen),
);
}
