decodeSessionConst static method

MuSig2SessionValues decodeSessionConst(MuSig2Session session)

Implementation

static MuSig2SessionValues decodeSessionConst(MuSig2Session session) {
  final tweak = keyAggAndTweak(
    publicKeys: session.publicKeys,
    tweaks: session.tweaks,
  );
  final hash = P2TRUtils.taggedHash(MuSig2Constants.noncecoefDomain, [
    ...session.aggnonce,
    ...tweak.xOnly(),
    ...session.msg,
  ]);
  final b = Secp256k1Utils.scalarFromBytes(hash);
  Secp256k1Ge r1 = encodePointAsEvenConst(
    session.aggnonce.sublist(0, EcdsaKeysConst.pubKeyCompressedByteLen),
    allowInfitity: true,
  );
  Secp256k1Ge r2 = encodePointAsEvenConst(
    session.aggnonce.sublist(
      EcdsaKeysConst.pubKeyCompressedByteLen,
      EcdsaKeysConst.pubKeyCompressedByteLen * 2,
    ),
    allowInfitity: true,
  );
  Secp256k1Ge r = Secp256k1Ge();

  if (!r2.infinity.toBool) {
    Secp256k1Gej e = Secp256k1Utils.secp256k1Mult(scalar: b, point: r2);
    Secp256k1.secp256k1GejAddGe(e, e, r1);
    Secp256k1.secp256k1GeSetGej(r, e);
  } else {
    r = Secp256k1Const.G.clone();
  }
  final List<int> rBytes = List<int>.filled(MuSig2Constants.baselen, 0);
  Secp256k1.secp256k1FeGetB32(rBytes, r.x);
  final eHash = P2TRUtils.taggedHash(MuSig2Constants.challengeDomain, [
    ...rBytes,
    ...tweak.xOnly(),
    ...session.msg,
  ]);
  final sc = Secp256k1Utils.scalarFromBytes(eHash);
  return MuSig2SessionValues(
    publicKey: tweak.publicKey,
    gacc: tweak.gacc,
    tacc: tweak.tacc,
    b: Secp256k1Utils.scalarToBytes(b, clean: true),
    r: Secp256k1Utils.geToEcPoint(r),
    e: Secp256k1Utils.scalarToBytes(sc, clean: true),
  );
}