silentpayments: add shared secret creation routine for receiver (A*b)

theStack · theStack · commit 4d04c4db2165 · 2024-02-04T21:23:39.000+01:00
diff --git a/include/secp256k1_silentpayments.h b/include/secp256k1_silentpayments.h
@@ -125,6 +125,30 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_silentpayments_create_p
     const unsigned char *outpoint_smallest36
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(7);
 
+/** Create Silent Payment shared secret for the receiver side.
+ *
+ *  Given public input tweak data A_tweaked and a recipient's scan private key
+ *  b_scan, compute the corresponding shared secret using ECDH:
+ *
+ *  shared_secret = A_tweaked * b_scan
+ *  (where A_tweaked = (A_1 + A_2 + ... + A_n) * input_hash)
+ *
+ *  The resulting data is needed as input for creating silent payments outputs
+ *  belonging to the same receiver scan public key.
+ *
+ *  Returns: 1 if shared secret creation was successful. 0 if an error occured.
+ *  Args:                  ctx: pointer to a context object
+ *  Out:       shared_secret33: pointer to the resulting 33-byte shared secret
+ *  In:      public_tweak_data: pointer to the public tweak data
+ *        receiver_scan_seckey: pointer to the receiver's scan private key
+ */
+SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_silentpayments_receive_create_shared_secret(
+    const secp256k1_context *ctx,
+    unsigned char *shared_secret33,
+    const secp256k1_pubkey *public_tweak_data,
+    const unsigned char *receiver_scan_seckey
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/modules/silentpayments/main_impl.h b/src/modules/silentpayments/main_impl.h
@@ -187,6 +187,20 @@ int secp256k1_silentpayments_create_public_tweak_data(const secp256k1_context *c
     return 1;
 }
 
-/* TODO: implement functions for receiver side. */
+int secp256k1_silentpayments_receive_create_shared_secret(const secp256k1_context *ctx, unsigned char *shared_secret33, const secp256k1_pubkey *public_tweak_data, const unsigned char *receiver_scan_seckey) {
+    /* Sanity check inputs. */
+    VERIFY_CHECK(ctx != NULL);
+    ARG_CHECK(shared_secret33 != NULL);
+    memset(shared_secret33, 0, 33);
+    ARG_CHECK(public_tweak_data != NULL);
+    ARG_CHECK(receiver_scan_seckey != NULL);
+
+    /* Compute shared_secret = A_tweaked * b_scan */
+    if (!secp256k1_ecdh(ctx, shared_secret33, public_tweak_data, receiver_scan_seckey, secp256k1_silentpayments_ecdh_return_pubkey, NULL)) {
+        return 0;
+    }
+
+    return 1;
+}
 
 #endif
