Struct musig2::SecondRound

pub struct SecondRound<M: AsRef<[u8]>> { /* private fields */ }

A state machine to manage second round of a MuSig2 signing session.

This round handles collecting partial signatures one by one. Once all signers have provided a signature, it can be finalized into an aggregated Schnorr signature valid for the group’s aggregated key.

Implementations

impl<M: AsRef<[u8]>> SecondRound<M>

pub fn aggregated_nonce(&self) -> &AggNonce

Returns the aggregated nonce built from the nonces provided in the first round. Signers who find themselves in an aggregator role can distribute this aggregated nonce to other signers to that they can produce an aggregated signature without 1:1 communication between every pair of signers.

pub fn our_signature<T: From<PartialSignature>>(&self) -> T

Returns the partial signature created during finalization of the first round.

pub fn holdouts(&self) -> &[usize]

Returns a slice of all signer indexes from whom we have yet to receive a PartialSignature. Note that since our signature was constructed at the end of the first round, this slice will never contain the signer index provided to FirstRound::new.

pub fn receive_signature( &mut self, signer_index: usize, partial_signature: impl Into<PartialSignature> ) -> Result<(), RoundContributionError>

Adds a PartialSignature to the internal state, registering it to a specific signer at a given index. Returns an error if the signature is not valid, or if the given signer index is out of range, or if we already have a different partial signature on-file for that signer.

pub fn is_complete(&self) -> bool

Returns true once we have all partial signatures from the group.

pub fn finalize<T>(self) -> Result<T, RoundFinalizeError>

where T: From<LiftedSignature>,

Finishes the second round once all partial signatures are received, combining signatures into an aggregated signature on the message given to FirstRound::finalize.

This method should only be invoked once is_complete returns true, otherwise it will fail. Can also return an error if partial signature aggregation fails, but if receive_signature didn’t complain, then finalizing will succeed with overwhelming probability.

If the FirstRound was finalized with FirstRound::finalize_adaptor, then the second round must also be finalized with SecondRound::finalize_adaptor, otherwise this method will return RoundFinalizeError::InvalidAggregatedSignature.

pub fn finalize_adaptor<T>(self) -> Result<AdaptorSignature, RoundFinalizeError>

Finishes the second round once all partial adaptor signatures are received, combining signatures into an aggregated adaptor signature on the message given to FirstRound::finalize.

To make this signature valid, it must then be adapted with the discrete log of the adaptor point given to FirstRound::finalize.

This method should only be invoked once is_complete returns true, otherwise it will fail. Can also return an error if partial signature aggregation fails, but if receive_signature didn’t complain, then finalizing will succeed with overwhelming probability.

If this signing session did not use adaptor signatures, the signature returned by this method will be a valid signature which can be adapted with MaybeScalar::Zero.