Merge #231: musig: add note about missing verification to partial_sign to doc

jonasnick · jonasnick · commit edcba04c283f · 2023-05-12T09:40:51.000Z
4ab4ec3 musig: add note about missing verification to partial_sign to doc (Jonas Nick) f50ad76 musig: update version number of BIP (Jonas Nick) Pull request description: ACKs for top commit: real-or-random: ACK 4ab4ec3 Tree-SHA512: 1e35d83dd97bac96dfbc02d58841582afe67c38562c728bc3c593a797e1316dfdd550c4988dc78557f25a1633711ec13b35f6c5bae0f7dd29c9f1c994ad5c82c
diff --git a/include/secp256k1_musig.h b/include/secp256k1_musig.h
@@ -9,9 +9,11 @@ extern "C" {
 
 #include <stddef.h>
 
-/** This module implements BIP MuSig2 v1.0.0-rc.3, a multi-signature scheme
- * compatible with BIP-340 ("Schnorr"). You can find an example demonstrating
- * the musig module in examples/musig.c.
+/** This module implements BIP 327 "MuSig2 for BIP340-compatible
+ * Multi-Signatures"
+ * (https://github.com/bitcoin/bips/blob/master/bip-0327.mediawiki)
+ * v1.0.0. You can find an example demonstrating the musig module in
+ * examples/musig.c.
  *
  * The module also supports BIP-341 ("Taproot") public key tweaking and adaptor
  * signatures as described in
@@ -440,6 +442,11 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_process(
  *  created by calling musig_nonce_gen with that pubkey. Otherwise, the
  *  illegal_callback is called.
  *
+ *  This function does not verify the output partial signature, deviating from
+ *  the BIP 327 specification. It is recommended to verify the output partial
+ *  signature with `secp256k1_musig_partial_sig_verify` to prevent random or
+ *  adversarially provoked computation errors.
+ *
  *  Returns: 0 if the arguments are invalid or the provided secnonce has already
  *           been used for signing, 1 otherwise
  *  Args:         ctx: pointer to a context object
