Experimental musig2 python code, not for production use!

Related tags

Security related resourcespython3musigmultisignatureaggregate-signatures
Overview

musig2-py

Experimental musig2 python code, not for production use! This is just for testing things out.

All public keys are encoded as 32 bytes, assuming an even y coordinate, as in BIP-340.

Signatures are 64 bytes. The first 32 bytes encode the x-coordinate of the point R (which is again assumed to have an even y coordinate). The second 32 bytes encode the integer s. This makes them compatible with BIP-340, and hence valid as BIP-341 Taproot Schnorr signatures.

Usage

  1. First generate a public and private keypair:
> python3 musig2.py keygen
Your public key: 666e941a926819cb0ea0147a98531cf99e179ca1fc1d8b4dbd6fb9b198fc4f49

This will create a file secret.key containing the secret key for the above public key. Keep this safe.

  1. Generate nonces:
> python3 musig2.py noncegen
Your nonces:
185cecc34b3991d87c274986df2ad08b5186cc2df1f6928da4fd002cf60b7774
123e2f697e06b8d9bbea630e253bfa6f1e0786714772e5c07908ee9de10d9873

This will also create a file secret_nonces containing the secrets corresponding to these nonces.

  1. Send your public key and two nonces to all other participants in the multisig.

  2. Receive from all participants their public keys and create a file called public_keys containing all these keys (including your own). The order is not important. For example:

666e941a926819cb0ea0147a98531cf99e179ca1fc1d8b4dbd6fb9b198fc4f49
6717de8c80d22400b869981d865ff836af437a41d9a327a6ca2d4d50252b4cd5
dd84fc1a24a05ebef8870614c40fc9045fcc4c0424610c168d335d45b31b2555
  1. Generate the aggregate public key:
> python3 musig2.py aggregatekeys
Aggregate public key: 9875f69e3368d774743d78f80603a05270d4cc72dff90645fadb9a09ec5ebf37

This public key does not depend on the nonces for this session, and will remain the same even if all participants delete their secret_nonces files and generate new nonces. This will be the final public key used for verification of the signature.

  1. Receive from all participants their nonces for this signing session, and create a file called public_nonces containing all these nonce pairs. The two nonces from each participant must be kept in order, but the order of the participants is not important. For example:
185cecc34b3991d87c274986df2ad08b5186cc2df1f6928da4fd002cf60b7774
123e2f697e06b8d9bbea630e253bfa6f1e0786714772e5c07908ee9de10d9873
1faaca07a4a62c5c4efa64b28f37fd353cc74846a6b2bd8ea9c99e59ab861a8f
4898c492494bf3447548af391b1f44b345d1b5d2f8d9b740e7e659b26b2caf0b
d413739284b579d0af6474b4ede0b2b38f50bef57c7859d5c32baa9610c0f971
711c084e99eb08859c35d0140a9d23441a56cc3db07b9278e6b4ce336f3922b4
  1. Create a file called message containing the message you wish to sign. The contents of the file are interpreted as bytes, not as a string. Then use the sign command to generate a partial signature.
> cat message
hello world
> python3 musig2.py sign
Aggregate key: 9875f69e3368d774743d78f80603a05270d4cc72dff90645fadb9a09ec5ebf37
Signature R: 90753c99410a4a8b111af67569d6fa56b2b45424d16f2c2950653a0c7c7fcee8
Partial signature s_1: 08348189f0f2cec03bc49b5acafeded13982a9cacc6fab758aa050114a8dc9b5
  1. Send the partial signature s_1 to all other parties and receive their partial signatures. Create a file called s_values containing all these partial signatures (order does not matter):
08348189f0f2cec03bc49b5acafeded13982a9cacc6fab758aa050114a8dc9b5
3c13ba98da779444d5a247f85fc35c3d02f88185164a462eb16afd9704cc4338
b3e082a44b0ec12b68e58e9d3c4ae980cb76dd1feaa5a2c44d60c08c54b434d5
  1. Aggregate the partial signatures:
> python3 musig2.py aggregatesignature
Hex-encoded signature: 90753c99410a4a8b111af67569d6fa56b2b45424d16f2c2950653a0c7c7fcee8f828bec7167924307a4c71f0670d248f07f2086fcd5f9468896c0e34a40e41c2
  1. Verify the signature created:
> python3 musig2.py verify 9875f69e3368d774743d78f80603a05270d4cc72dff90645fadb9a09ec5ebf37 90753c99410a4a8b111af67569d6fa56b2b45424d16f2c2950653a0c7c7fcee8f828bec7167924307a4c71f0670d248f07f2086fcd5f9468896c0e34a40e41c2
Signature is valid: True

The format for the verification command is verify

Testing

This repository includes two types of tests. The unit tests are run on specific functions to ensure individual components are working correctly.

> python3 unit_tests.py
test_seckey_gen PASSED
test_read_write_bytes PASSED
test_compute_R PASSED
test_aggregate_nonces PASSED
test_aggregate_public_keys PASSED

The functional tests run the code externally simulating multiple users in a key establishment and signing session.

> python3 functional_test.py
X: ac4a3b78a1368de26f96346cdf87149a2e2d6201b14559120f73c78b1b8253c3
S: 3d18300bbcac308f7f860cc263fe0cafd8a54c0b0a18c953b3f5884dd5012e03bcc45d03cab195223bc6bf98f85f7a4ac33a29eb1d46faac172aec9649cfa678
Signature is valid: True
Owner
Samuel Dobson
Ex-Bitcoin Core maintainer — PhD candidate at The University of Auckland specialising in mathematical public-key cryptography
Samuel Dobson
GitHub Repository
IP Denial of Service Vulnerability ")A proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability ")

CVE-2021-24086 This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patc

Carry 1 Nov 25, 2021
The Modern Hash Identification System

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥

1.2k Dec 28, 2022
Template for new OSINT command-line tools

OSINT cli tool skeleton Template for new OSINT command-line tools. Press button "Use this template" to generate your own tool repository. See INSTALL.

36 Dec 20, 2022
Automatic ProxyShell Exploit

proxyshell-auto usage: proxyshell.py [-h] -t T Automatic Exploit ProxyShell optional arguments: -h, --help show this help message and exit -t T

lulz 93 Jan 05, 2023
Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses 🕵️

Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a data leak for

1.1k Aug 24, 2021
CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain device credentials.

CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain device credentials.

EntySec 118 Dec 24, 2022
一款辅助探测Orderby注入漏洞的BurpSuite插件,Python3编写,适用于上xray等扫描器被ban的场景

OrderbyHunter 一款辅助探测Orderby注入漏洞的BurpSuite插件,Python3编写,适用于上xray等扫描器被ban的场景 1. 支持Get/Post型请求参数的探测,被动探测,对于存在Orderby注入的请求将会在HTTP Histroy里标红 2. 自定义排序参数list

Automne 21 Aug 12, 2022
Hadoop Yan RPC unauthorized RCE

Vuln Impact On November 15, 2021, A security researcher disclosed that there was an unauthorized access vulnerability in Hadoop yarn RPC. This vulnera

Al1ex 25 Nov 24, 2022
Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4

Minecraft-Server-Scanner Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4 Installation and running i

116 Jan 08, 2023
Python script to tamper with pages to test for Log4J Shell vulnerability.

log4jShell Scanner This shell script scans a vulnerable web application that is using a version of apache-log4j 2.15.0. This application is a static

GoVanguard 8 Oct 20, 2022
A set of blender assets created for the $yb NFT project.

fyb-blender A set of blender assets created for the $yb NFT project. Install just as you would any other Blender Add-on (via Edit-Preferences-Add-on

Pedro Arroyo 1 May 06, 2022
A simple python script for hosting a Snowflake Proxy in your python program or with it's standalone cli

snowflake-cli Snowflake is a system to defeat internet censorship, made by Tor Project. The system works by volunteers who run the snowflake extension

Guilherme Paixão 6 Jul 14, 2022
Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

CVE-2022-21907 - Double Free in http.sys driver Summary An unauthenticated attacker can send an HTTP request with an "Accept-Encoding" HTTP request he

Podalirius 71 Dec 22, 2022
Python implementation for PrintNightmare using standard Impacket.

PrintNightmare Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket. Installtion $ pip3 install impacket

ollypwn 141 Dec 31, 2022
A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

📂 Public Bug Bounty Targets Data By BugBountyResources A collection of over 5.1M sub-domains and assets belonging to bug bounty targets, all put in a

Bug Bounty Resources 87 Dec 13, 2022
Python bindings to LibreSSL library

LibreSSL bindings for Python using CFFI Python3 bindings to LibreSSL using CFFI. It aims to provide interface to the most important bits of LibreSSL o

Alexander Kiselyov 1 Aug 02, 2022
GitHub Advance Security Compliance Action

advanced-security-compliance This Action was designed to allow users to configure their Risk threshold for security issues reported by GitHub Code Sca

Mathew Payne 121 Dec 14, 2022
This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

Varun Jagtap 5 Oct 08, 2022
Springboot directory scanning

Springboot directory scanning

WINEZERO 87 Dec 28, 2022
Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks.

Dependency Combobulator Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage

Apiiro 84 Dec 23, 2022