From 3dea188546198d190145f18046668d7e30666603 Mon Sep 17 00:00:00 2001
From: martonp <marci93@gmail.com>
Date: Fri, 20 Sep 2024 10:55:39 +0200
Subject: [PATCH] Use updated secp256k1 library

---
 go.mod                          |  2 +-
 go.sum                          |  2 ++
 internal/adaptorsigs/adaptor.go | 38 ++++++++-------------------------
 3 files changed, 12 insertions(+), 30 deletions(-)

diff --git a/go.mod b/go.mod
index 773061eef1..04f19121b0 100644
--- a/go.mod
+++ b/go.mod
@@ -34,7 +34,7 @@ require (
 	github.com/decred/dcrd/crypto/blake256 v1.0.1
 	github.com/decred/dcrd/dcrec v1.0.1
 	github.com/decred/dcrd/dcrec/edwards/v2 v2.0.3
-	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.1-0.20240912225101-7333f805850b
 	github.com/decred/dcrd/dcrjson/v4 v4.1.0
 	github.com/decred/dcrd/dcrutil/v4 v4.0.2
 	github.com/decred/dcrd/gcs/v4 v4.1.0
diff --git a/go.sum b/go.sum
index f54e0947b4..34fc86f33e 100644
--- a/go.sum
+++ b/go.sum
@@ -295,6 +295,8 @@ github.com/decred/dcrd/dcrec/edwards/v2 v2.0.3/go.mod h1:AKpV6+wZ2MfPRJnTbQ6NPgW
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnNEcHYvcCuK6dPZSg=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.1-0.20240912225101-7333f805850b h1:HIjTBv19sQRjUiifEKPy6BLFKkOtV44uCnDThmYQ37s=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.1-0.20240912225101-7333f805850b/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
 github.com/decred/dcrd/dcrjson/v4 v4.1.0 h1:WJVogRnYnNxB5hWoGHODvP4fNTG1JycTuHHKt/XucHk=
 github.com/decred/dcrd/dcrjson/v4 v4.1.0/go.mod h1:2qVikafVF9/X3PngQVmqkbUbyAl32uik0k/kydgtqMc=
 github.com/decred/dcrd/dcrutil/v4 v4.0.2 h1:eIl3E6gGln54qE8nk5o5lLtjh2/9C2Rz63OpD662h+8=
diff --git a/internal/adaptorsigs/adaptor.go b/internal/adaptorsigs/adaptor.go
index c0fa30905e..5cb0a2e1f1 100644
--- a/internal/adaptorsigs/adaptor.go
+++ b/internal/adaptorsigs/adaptor.go
@@ -122,7 +122,6 @@ func ParseAdaptorSignature(b []byte) (*AdaptorSignature, error) {
 		str := "invalid signature: not for a valid curve point"
 		return nil, errors.New(str)
 	}
-	t.y.Normalize()
 
 	pubKeyTweak := b[96]&1 == 1
 
@@ -266,12 +265,8 @@ func (sig *AdaptorSignature) Verify(hash []byte, pubKey *secp256k1.PublicKey) er
 func (sig *AdaptorSignature) Decrypt(tweak *secp256k1.ModNScalar) (*schnorr.Signature, error) {
 	var expectedT secp256k1.JacobianPoint
 	secp256k1.ScalarBaseMultNonConst(tweak, &expectedT)
-	expectedT.ToAffine()
-	if !expectedT.X.Equals(&sig.t.x) {
-		return nil, fmt.Errorf("tweak X does not match expected")
-	}
-	if !expectedT.Y.Equals(&sig.t.y) {
-		return nil, fmt.Errorf("tweak Y does not match expected")
+	if !expectedT.EquivalentNonConst(sig.t.asJacobian()) {
+		return nil, fmt.Errorf("tweak does not match expected value")
 	}
 
 	s := new(secp256k1.ModNScalar).Set(tweak)
@@ -290,19 +285,14 @@ func (sig *AdaptorSignature) RecoverTweak(validSig *schnorr.Signature) (*secp256
 		return nil, fmt.Errorf("only pub key tweaked sigs can be recovered")
 	}
 
-	_, s := parseSig(validSig)
-
-	t := new(secp256k1.ModNScalar).NegateVal(&sig.s).Add(s)
+	s := validSig.S()
+	t := new(secp256k1.ModNScalar).NegateVal(&sig.s).Add(&s)
 
 	// Verify the recovered tweak
 	var expectedT secp256k1.JacobianPoint
 	secp256k1.ScalarBaseMultNonConst(t, &expectedT)
-	expectedT.ToAffine()
-	if !expectedT.X.Equals(&sig.t.x) {
-		return nil, fmt.Errorf("recovered tweak does not match expected")
-	}
-	if !expectedT.Y.Equals(&sig.t.y) {
-		return nil, fmt.Errorf("recovered tweak does not match expected")
+	if !expectedT.EquivalentNonConst(sig.t.asJacobian()) {
+		return nil, fmt.Errorf("tweak does not match expected value")
 	}
 
 	return t, nil
@@ -483,14 +473,6 @@ func PublicKeyTweakedAdaptorSig(privKey *secp256k1.PrivateKey, hash []byte, T *s
 	}
 }
 
-func parseSig(sig *schnorr.Signature) (r *secp256k1.FieldVal, s *secp256k1.ModNScalar) {
-	sigB := sig.Serialize()
-	r, s = new(secp256k1.FieldVal), new(secp256k1.ModNScalar)
-	r.SetBytes((*[32]byte)(sigB[0:32]))
-	s.SetBytes((*[32]byte)(sigB[32:64]))
-	return r, s
-}
-
 // PrivateKeyTweakedAdaptorSig creates a private key tweaked adaptor signature.
 // This is created by a party which knows the hidden value.
 func PrivateKeyTweakedAdaptorSig(sig *schnorr.Signature, pubKey *secp256k1.PublicKey, t *secp256k1.ModNScalar) *AdaptorSignature {
@@ -498,12 +480,10 @@ func PrivateKeyTweakedAdaptorSig(sig *schnorr.Signature, pubKey *secp256k1.Publi
 	secp256k1.ScalarBaseMultNonConst(t, T)
 	T.ToAffine()
 
-	r, s := parseSig(sig)
-	tweakedS := new(secp256k1.ModNScalar).Add2(s, t)
-
+	s := sig.S()
 	return &AdaptorSignature{
-		r: *r,
-		s: *tweakedS,
+		r: sig.R(),
+		s: *new(secp256k1.ModNScalar).Add2(&s, t),
 		t: affinePoint{x: T.X, y: T.Y},
 	}
 }