silentpayments: add shared secret creation routine for receiver (A*b)

theStack · theStack · commit 8b1f06b221ad · 2023-12-23T16:52:40.000+01:00
diff --git a/include/secp256k1_silentpayments.h b/include/secp256k1_silentpayments.h
@@ -119,6 +119,30 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_silentpayments_create_p
     const unsigned char *outpoints_hash32
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(7);
 
+/** Create Silent Payment shared secret for the receiver side.
+ *
+ *  Given public input tweak data A_tweaked and a recipient's scan private key
+ *  b_scan, compute the corresponding shared secret using ECDH:
+ *
+ *  shared_secret = A_tweaked * b_scan
+ *  (where A_tweaked = (A_0 + A_1 + ... A_(n-1)) * outpoints_hash)
+ *
+ *  The resulting data is needed as input for creating silent payments outputs
+ *  belonging to the same receiver scan public key.
+ *
+ *  Returns: 1 if shared secret creation was successful. 0 if an error occured.
+ *  Args:                  ctx: pointer to a context object
+ *  Out:       shared_secret33: pointer to the resulting 33-byte shared secret
+ *  In:           tweak_data33: pointer to 33-byte public input tweak data
+ *        receiver_scan_seckey: pointer to the receiver's scan private key
+ */
+SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_silentpayments_receive_create_shared_secret(
+    const secp256k1_context *ctx,
+    unsigned char *shared_secret33,
+    const unsigned char *tweak_data33,
+    const unsigned char *receiver_scan_seckey
+) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/modules/silentpayments/main_impl.h b/src/modules/silentpayments/main_impl.h
@@ -179,6 +179,27 @@ int secp256k1_silentpayments_create_public_tweak_data(const secp256k1_context *c
     return 1;
 }
 
-/* TODO: implement functions for receiver side. */
+int secp256k1_silentpayments_receive_create_shared_secret(const secp256k1_context *ctx, unsigned char *shared_secret33, const unsigned char *tweak_data33, const unsigned char *receiver_scan_seckey) {
+    secp256k1_pubkey A_tweaked;
+
+    /* Sanity check inputs. */
+    VERIFY_CHECK(ctx != NULL);
+    ARG_CHECK(shared_secret33 != NULL);
+    memset(shared_secret33, 0, 33);
+    ARG_CHECK(tweak_data33 != NULL);
+    ARG_CHECK(receiver_scan_seckey != NULL);
+
+    /* Parse tweak data into pubkey object */
+    if (!secp256k1_ec_pubkey_parse(ctx, &A_tweaked, tweak_data33, 33)) {
+        return 0;
+    }
+
+    /* Compute shared_secret = A_tweaked * b_scan */
+    if (!secp256k1_ecdh(ctx, shared_secret33, &A_tweaked, receiver_scan_seckey, ecdh_return_pubkey, NULL)) {
+        return 0;
+    }
+
+    return 1;
+}
 
 #endif
