diff --git a/coordinator/src/tributary/mod.rs b/coordinator/src/tributary/mod.rs index 12da3220..1b718e76 100644 --- a/coordinator/src/tributary/mod.rs +++ b/coordinator/src/tributary/mod.rs @@ -458,11 +458,9 @@ impl Transaction { signed_ref.signer = Ristretto::generator() * key.deref(); signed_ref.nonce = nonce; + let sig_nonce = Zeroizing::new(::F::random(rng)); + signed(self).signature.R = ::generator() * sig_nonce.deref(); let sig_hash = self.sig_hash(genesis); - signed(self).signature = SchnorrSignature::::sign( - key, - Zeroizing::new(::F::random(rng)), - sig_hash, - ); + signed(self).signature = SchnorrSignature::::sign(key, sig_nonce, sig_hash); } } diff --git a/coordinator/tributary/src/tests/transaction/mod.rs b/coordinator/tributary/src/tests/transaction/mod.rs index ce6597a2..b264568c 100644 --- a/coordinator/tributary/src/tests/transaction/mod.rs +++ b/coordinator/tributary/src/tests/transaction/mod.rs @@ -1,3 +1,4 @@ +use core::ops::Deref; use std::{io, collections::HashMap}; use zeroize::Zeroizing; @@ -114,11 +115,9 @@ pub fn signed_transaction( let mut tx = SignedTransaction(data, Signed { signer, nonce, signature: random_signed(rng).signature }); - tx.1.signature = SchnorrSignature::sign( - key, - Zeroizing::new(::F::random(rng)), - tx.sig_hash(genesis), - ); + let sig_nonce = Zeroizing::new(::F::random(rng)); + tx.1.signature.R = Ristretto::generator() * sig_nonce.deref(); + tx.1.signature = SchnorrSignature::sign(key, sig_nonce, tx.sig_hash(genesis)); let mut nonces = HashMap::from([(signer, nonce)]); verify_transaction(&tx, genesis, &mut nonces).unwrap(); diff --git a/coordinator/tributary/src/transaction.rs b/coordinator/tributary/src/transaction.rs index d28fc3d0..f45387fd 100644 --- a/coordinator/tributary/src/transaction.rs +++ b/coordinator/tributary/src/transaction.rs @@ -98,10 +98,20 @@ pub trait Transaction: 'static + Send + Sync + Clone + Eq + Debug + ReadWrite { /// Obtain the challenge for this transaction's signature. /// /// Do not override this unless you know what you're doing. + /// + /// Panics if called on non-signed transactions. fn sig_hash(&self, genesis: [u8; 32]) -> ::F { - ::F::from_bytes_mod_order_wide( - &Blake2b512::digest([genesis, self.hash()].concat()).into(), - ) + match self.kind() { + TransactionKind::Signed(Signed { signature, .. }) => { + ::F::from_bytes_mod_order_wide( + &Blake2b512::digest( + [genesis.as_ref(), &self.hash(), signature.R.to_bytes().as_ref()].concat(), + ) + .into(), + ) + } + _ => panic!("sig_hash called on non-signed transaction"), + } } }