rust-bitcoin-unsafe-fast/src/util/schnorr.rs

// Rust Bitcoin Library
// Written in 2014 by
//     Andrew Poelstra <apoelstra@wpsoftware.net>
// To the extent possible under law, the author(s) have dedicated all
// copyright and related and neighboring rights to this software to
// the public domain worldwide. This software is distributed without
// any warranty.
//
// You should have received a copy of the CC0 Public Domain Dedication
// along with this software.
// If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
//

//! Schnorr Bitcoin keys.
//!
//! This module provides Schnorr keys used in Bitcoin, reexporting Secp256k1
//! Schnorr key types.
//!

use core::fmt;
use prelude::*;

pub use secp256k1::schnorrsig::{PublicKey, KeyPair};
use secp256k1::{self, Secp256k1, Verification, constants};
use hashes::Hash;
use util::taproot::{TapBranchHash, TapTweakHash};
use SchnorrSigHashType;

/// Untweaked Schnorr public key
pub type UntweakedPublicKey = PublicKey;

/// Tweaked Schnorr public key
#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub struct TweakedPublicKey(PublicKey);

impl fmt::LowerHex for TweakedPublicKey {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        fmt::LowerHex::fmt(&self.0, f)
    }
}

impl fmt::Display for TweakedPublicKey {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        fmt::Display::fmt(&self.0, f)
    }
}

/// A trait for tweaking Schnorr public keys
pub trait TapTweak {
    /// Tweaks an untweaked public key given an untweaked key and optional script tree merkle root.
    ///
    /// This is done by using the equation Q = P + H(P|c)G, where
    ///  * Q is the tweaked key
    ///  * P is the internal key
    ///  * H is the hash function
    ///  * c is the commitment data
    ///  * G is the generator point
    ///
    /// # Returns
    /// The tweaked key and its parity.
    fn tap_tweak<C: Verification>(self, secp: &Secp256k1<C>, merkle_root: Option<TapBranchHash>) -> (TweakedPublicKey, bool);

    /// Directly converts an [`UntweakedPublicKey`] to a [`TweakedPublicKey`]
    ///
    /// This method is dangerous and can lead to loss of funds if used incorrectly.
    /// Specifically, in multi-party protocols a peer can provide a value that allows them to steal.
    fn dangerous_assume_tweaked(self) -> TweakedPublicKey;
}

impl TapTweak for UntweakedPublicKey {
    fn tap_tweak<C: Verification>(self, secp: &Secp256k1<C>, merkle_root: Option<TapBranchHash>) -> (TweakedPublicKey, bool) {
        let tweak_value = TapTweakHash::from_key_and_tweak(self, merkle_root).into_inner();
        let mut output_key = self.clone();
        let parity = output_key.tweak_add_assign(&secp, &tweak_value).expect("Tap tweak failed");

        debug_assert!(self.tweak_add_check(&secp, &output_key, parity, tweak_value));
        (TweakedPublicKey(output_key), parity)
    }

    fn dangerous_assume_tweaked(self) -> TweakedPublicKey {
        TweakedPublicKey(self)
    }
}

impl TweakedPublicKey {
    /// Creates a new [`TweakedPublicKey`] from a [`PublicKey`]. No tweak is applied, consider
    /// calling `tap_tweak` on an [`UntweakedPublicKey`] instead of using this constructor.
    pub fn dangerous_assume_tweaked(key: PublicKey) -> TweakedPublicKey {
        TweakedPublicKey(key)
    }

    /// Returns the underlying public key.
    pub fn into_inner(self) -> PublicKey {
        self.0
    }

    /// Returns a reference to underlying public key.
    pub fn as_inner(&self) -> &PublicKey {
        &self.0
    }

    /// Serialize the key as a byte-encoded pair of values. In compressed form
    /// the y-coordinate is represented by only a single bit, as x determines
    /// it up to one bit.
    #[inline]
    pub fn serialize(&self) -> [u8; constants::SCHNORRSIG_PUBLIC_KEY_SIZE] {
        self.0.serialize()
    }
}

/// A BIP340-341 serialized schnorr signature with the corresponding hash type.
#[derive(Debug, Copy, Clone, PartialEq, Eq, PartialOrd, Ord)]
#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
pub struct SchnorrSig {
    /// The underlying schnorr signature
    pub sig: secp256k1::schnorrsig::Signature,
    /// The corresponding hash type
    pub hash_ty: SchnorrSigHashType,
}

impl SchnorrSig {

    /// Deserialize from slice
    pub fn from_slice(sl: &[u8]) -> Result<Self, SchnorrSigError> {
        match sl.len() {
            64 => {
                // default type
                let sig = secp256k1::schnorrsig::Signature::from_slice(sl)
                    .map_err(SchnorrSigError::Secp256k1)?;
                return Ok( SchnorrSig { sig, hash_ty : SchnorrSigHashType::Default });
            },
            65 => {
                let (hash_ty, sig) = sl.split_last().expect("Slice len checked == 65");
                let hash_ty = SchnorrSigHashType::from_u8(*hash_ty)
                    .map_err(|_| SchnorrSigError::InvalidSighashType(*hash_ty))?;
                let sig = secp256k1::schnorrsig::Signature::from_slice(sig)
                    .map_err(SchnorrSigError::Secp256k1)?;
                Ok(SchnorrSig { sig, hash_ty })
            }
            len => {
                Err(SchnorrSigError::InvalidSchnorrSigSize(len))
            }
        }
    }

    /// Serialize SchnorrSig
    pub fn to_vec(&self) -> Vec<u8> {
        // TODO: add support to serialize to a writer to SerializedSig
        let mut ser_sig = self.sig.as_ref().to_vec();
        if self.hash_ty == SchnorrSigHashType::Default {
            // default sighash type, don't add extra sighash byte
        } else {
            ser_sig.push(self.hash_ty as u8);
        }
        ser_sig
    }

}

/// A schnorr sig related error.
#[derive(Clone, PartialEq, Eq, PartialOrd, Ord, Hash, Debug)]
pub enum SchnorrSigError {
    /// Base58 encoding error
    InvalidSighashType(u8),
    /// Signature has valid size but does not parse correctly
    Secp256k1(secp256k1::Error),
    /// Invalid schnorr signature size
    InvalidSchnorrSigSize(usize),
}


impl fmt::Display for SchnorrSigError {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        match *self {
            SchnorrSigError::InvalidSighashType(hash_ty) =>
                write!(f, "Invalid signature hash type {}", hash_ty),
            SchnorrSigError::Secp256k1(ref e) =>
                write!(f, "Schnorr Signature has correct len, but is malformed : {}", e),
            SchnorrSigError::InvalidSchnorrSigSize(sz) =>
                write!(f, "Invalid Schnorr signature size: {}", sz),
        }
    }
}

#[cfg(feature = "std")]
#[cfg_attr(docsrs, doc(cfg(feature = "std")))]
impl ::std::error::Error for SchnorrSigError {}

impl From<secp256k1::Error> for SchnorrSigError {

    fn from(e: secp256k1::Error) -> SchnorrSigError {
        SchnorrSigError::Secp256k1(e)
    }
}
Re-export Scep256k1 Schnorr keys under `util::schnorr` This is second step in introducing Schnorr key support as per #588 2021-04-12 11:24:25 +00:00			`// Rust Bitcoin Library`
			`// Written in 2014 by`
			`// Andrew Poelstra <apoelstra@wpsoftware.net>`
			`// To the extent possible under law, the author(s) have dedicated all`
			`// copyright and related and neighboring rights to this software to`
			`// the public domain worldwide. This software is distributed without`
			`// any warranty.`
			`//`
			`// You should have received a copy of the CC0 Public Domain Dedication`
			`// along with this software.`
			`// If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.`
			`//`

Clean up module level rustdocs Docs can always do with a bit of love. Clean up the module level (`//!`) rustdocs for all public modules. I claim uniform is better than any specific method/style. I tried to fit in with what ever was either most sane of most prevalent, therefore attaining uniformity without unnecessary code churn (one exception being the changes to headings described below). Notes: * Headings - use heading as a regular sentence for all modules e.g., ``` //! Bitcoin network messages. ``` as opposed to ``` //! # Bitcoin Network Messages ``` It was not clear which style to use so I picked a 'random' mature project and copied their style. * Added 'This module' in _most_ places as the start of the module description, however I was not religious about this one. * Fixed line length if necessary since most of our code seems to follow short (80 char) line lengths for comments anyways. * Added periods and fixed obvious (and sometimes not so obvious) grammatically errors. * Added a trailing `//!` to every block since this was almost universal already. I don't really like this one but I'm guessing it is Andrew's preferred style since its on the copyright notices as well. 2021-11-05 21:58:18 +00:00			`//! Schnorr Bitcoin keys.`
Re-export Scep256k1 Schnorr keys under `util::schnorr` This is second step in introducing Schnorr key support as per #588 2021-04-12 11:24:25 +00:00			`//!`
Clean up module level rustdocs Docs can always do with a bit of love. Clean up the module level (`//!`) rustdocs for all public modules. I claim uniform is better than any specific method/style. I tried to fit in with what ever was either most sane of most prevalent, therefore attaining uniformity without unnecessary code churn (one exception being the changes to headings described below). Notes: * Headings - use heading as a regular sentence for all modules e.g., ``` //! Bitcoin network messages. ``` as opposed to ``` //! # Bitcoin Network Messages ``` It was not clear which style to use so I picked a 'random' mature project and copied their style. * Added 'This module' in _most_ places as the start of the module description, however I was not religious about this one. * Fixed line length if necessary since most of our code seems to follow short (80 char) line lengths for comments anyways. * Added periods and fixed obvious (and sometimes not so obvious) grammatically errors. * Added a trailing `//!` to every block since this was almost universal already. I don't really like this one but I'm guessing it is Andrew's preferred style since its on the copyright notices as well. 2021-11-05 21:58:18 +00:00			`//! This module provides Schnorr keys used in Bitcoin, reexporting Secp256k1`
			`//! Schnorr key types.`
Re-export Scep256k1 Schnorr keys under `util::schnorr` This is second step in introducing Schnorr key support as per #588 2021-04-12 11:24:25 +00:00			`//!`

Add SchnorrSig type Export Sigs/Sigerrors 2021-11-16 00:00:12 +00:00			`use core::fmt;`
			`use prelude::*;`

Re-export Scep256k1 Schnorr keys under `util::schnorr` This is second step in introducing Schnorr key support as per #588 2021-04-12 11:24:25 +00:00			`pub use secp256k1::schnorrsig::{PublicKey, KeyPair};`
Add SchnorrSig type Export Sigs/Sigerrors 2021-11-16 00:00:12 +00:00			`use secp256k1::{self, Secp256k1, Verification, constants};`
Use TapTweakHash method for computing tweak 2021-11-24 22:45:27 +00:00			`use hashes::Hash;`
P2TR address from untweaked public key Ambiguous TweakedPublicKey and UntweakedPublicKey type aliases and methods to convert Use structs for Untweaked and Tweaked key type swap dangerous api to work on tweaked keys remove unecessary allocations and rename methods Use type alias for UntweakedPublicKey TweakedPublicKey::new(...) method added minor naming and doc changes 2021-11-07 06:11:43 +00:00			`use util::taproot::{TapBranchHash, TapTweakHash};`
Add SchnorrSig type Export Sigs/Sigerrors 2021-11-16 00:00:12 +00:00			`use SchnorrSigHashType;`
P2TR address from untweaked public key Ambiguous TweakedPublicKey and UntweakedPublicKey type aliases and methods to convert Use structs for Untweaked and Tweaked key type swap dangerous api to work on tweaked keys remove unecessary allocations and rename methods Use type alias for UntweakedPublicKey TweakedPublicKey::new(...) method added minor naming and doc changes 2021-11-07 06:11:43 +00:00
			`/// Untweaked Schnorr public key`
			`pub type UntweakedPublicKey = PublicKey;`

			`/// Tweaked Schnorr public key`
Add standard derives to TweakedPublickKey All new types in `rust-bitcoin` should use our standard set of derives. Add said standard derives to `TweakedPublickKey`. 2021-11-29 02:18:22 +00:00			`#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash)]`
P2TR address from untweaked public key Ambiguous TweakedPublicKey and UntweakedPublicKey type aliases and methods to convert Use structs for Untweaked and Tweaked key type swap dangerous api to work on tweaked keys remove unecessary allocations and rename methods Use type alias for UntweakedPublicKey TweakedPublicKey::new(...) method added minor naming and doc changes 2021-11-07 06:11:43 +00:00			`pub struct TweakedPublicKey(PublicKey);`

Add Display and LowerHex to TweakedPublicKey 2021-12-12 14:23:57 +00:00			`impl fmt::LowerHex for TweakedPublicKey {`
			`fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {`
			`fmt::LowerHex::fmt(&self.0, f)`
			`}`
			`}`

			`impl fmt::Display for TweakedPublicKey {`
			`fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {`
			`fmt::Display::fmt(&self.0, f)`
			`}`
			`}`

P2TR address from untweaked public key Ambiguous TweakedPublicKey and UntweakedPublicKey type aliases and methods to convert Use structs for Untweaked and Tweaked key type swap dangerous api to work on tweaked keys remove unecessary allocations and rename methods Use type alias for UntweakedPublicKey TweakedPublicKey::new(...) method added minor naming and doc changes 2021-11-07 06:11:43 +00:00			`/// A trait for tweaking Schnorr public keys`
			`pub trait TapTweak {`
			`/// Tweaks an untweaked public key given an untweaked key and optional script tree merkle root.`
fixups to taptweaking code 2021-11-12 21:36:31 +00:00			`///`
			`/// This is done by using the equation Q = P + H(P\|c)G, where`
P2TR address from untweaked public key Ambiguous TweakedPublicKey and UntweakedPublicKey type aliases and methods to convert Use structs for Untweaked and Tweaked key type swap dangerous api to work on tweaked keys remove unecessary allocations and rename methods Use type alias for UntweakedPublicKey TweakedPublicKey::new(...) method added minor naming and doc changes 2021-11-07 06:11:43 +00:00			`/// * Q is the tweaked key`
			`/// * P is the internal key`
			`/// * H is the hash function`
			`/// * c is the commitment data`
			`/// * G is the generator point`
Return parity when doing tap_tweak Currently we calculate the parity during `tap_tweak` but do not return it, this means others must re-do work done inside `tap_tweak` in order to calculate the parity. We can just return the parity along with the tweaked key. 2021-12-02 03:43:38 +00:00			`///`
			`/// # Returns`
			`/// The tweaked key and its parity.`
			`fn tap_tweak<C: Verification>(self, secp: &Secp256k1<C>, merkle_root: Option<TapBranchHash>) -> (TweakedPublicKey, bool);`
P2TR address from untweaked public key Ambiguous TweakedPublicKey and UntweakedPublicKey type aliases and methods to convert Use structs for Untweaked and Tweaked key type swap dangerous api to work on tweaked keys remove unecessary allocations and rename methods Use type alias for UntweakedPublicKey TweakedPublicKey::new(...) method added minor naming and doc changes 2021-11-07 06:11:43 +00:00
Improve rustdocs on schnorr module Improve the docs by doing: - Use [`Foo`] for types - Use third person tense - Add trailing periods 2021-12-10 00:42:43 +00:00			/// Directly converts an [`UntweakedPublicKey`] to a [`TweakedPublicKey`]
fixups to taptweaking code 2021-11-12 21:36:31 +00:00			`///`
P2TR address from untweaked public key Ambiguous TweakedPublicKey and UntweakedPublicKey type aliases and methods to convert Use structs for Untweaked and Tweaked key type swap dangerous api to work on tweaked keys remove unecessary allocations and rename methods Use type alias for UntweakedPublicKey TweakedPublicKey::new(...) method added minor naming and doc changes 2021-11-07 06:11:43 +00:00			`/// This method is dangerous and can lead to loss of funds if used incorrectly.`
			`/// Specifically, in multi-party protocols a peer can provide a value that allows them to steal.`
			`fn dangerous_assume_tweaked(self) -> TweakedPublicKey;`
			`}`

			`impl TapTweak for UntweakedPublicKey {`
Return parity when doing tap_tweak Currently we calculate the parity during `tap_tweak` but do not return it, this means others must re-do work done inside `tap_tweak` in order to calculate the parity. We can just return the parity along with the tweaked key. 2021-12-02 03:43:38 +00:00			`fn tap_tweak<C: Verification>(self, secp: &Secp256k1<C>, merkle_root: Option<TapBranchHash>) -> (TweakedPublicKey, bool) {`
Use TapTweakHash method for computing tweak 2021-11-24 22:45:27 +00:00			`let tweak_value = TapTweakHash::from_key_and_tweak(self, merkle_root).into_inner();`
P2TR address from untweaked public key Ambiguous TweakedPublicKey and UntweakedPublicKey type aliases and methods to convert Use structs for Untweaked and Tweaked key type swap dangerous api to work on tweaked keys remove unecessary allocations and rename methods Use type alias for UntweakedPublicKey TweakedPublicKey::new(...) method added minor naming and doc changes 2021-11-07 06:11:43 +00:00			`let mut output_key = self.clone();`
			`let parity = output_key.tweak_add_assign(&secp, &tweak_value).expect("Tap tweak failed");`
Remove use of unreachable in error branch We currently run `tweak_add_check` and use the result as a conditional branch, the error path of which uses `unreachable`. This usage of `unreachable` is non-typical. An 'unreachable' statement is by definition supposed to be unreachable, it is not clear why we would need to have a conditional branch to check an unreachable statement. Use `debug_assert!` so programmer errors get caught in un-optimised builds but in optimised builds the call to `tweak_add_check` is not even done. 2021-12-02 03:13:33 +00:00
			`debug_assert!(self.tweak_add_check(&secp, &output_key, parity, tweak_value));`
Return parity when doing tap_tweak Currently we calculate the parity during `tap_tweak` but do not return it, this means others must re-do work done inside `tap_tweak` in order to calculate the parity. We can just return the parity along with the tweaked key. 2021-12-02 03:43:38 +00:00			`(TweakedPublicKey(output_key), parity)`
P2TR address from untweaked public key Ambiguous TweakedPublicKey and UntweakedPublicKey type aliases and methods to convert Use structs for Untweaked and Tweaked key type swap dangerous api to work on tweaked keys remove unecessary allocations and rename methods Use type alias for UntweakedPublicKey TweakedPublicKey::new(...) method added minor naming and doc changes 2021-11-07 06:11:43 +00:00			`}`

			`fn dangerous_assume_tweaked(self) -> TweakedPublicKey {`
			`TweakedPublicKey(self)`
			`}`
			`}`

			`impl TweakedPublicKey {`
Re-name TweakedPublicKey constructor Keeping inline with the method on `UntweakedPublicKey` that outputs a `TweakedPublicKey` we can use the same name, for the same reasons. Use `dangerous_assume_tweaked` as the constructor name to highlight the fact that this constructor should probably not be being used. 2021-12-02 03:40:24 +00:00			/// Creates a new [`TweakedPublicKey`] from a [`PublicKey`]. No tweak is applied, consider
			/// calling `tap_tweak` on an [`UntweakedPublicKey`] instead of using this constructor.
			`pub fn dangerous_assume_tweaked(key: PublicKey) -> TweakedPublicKey {`
P2TR address from untweaked public key Ambiguous TweakedPublicKey and UntweakedPublicKey type aliases and methods to convert Use structs for Untweaked and Tweaked key type swap dangerous api to work on tweaked keys remove unecessary allocations and rename methods Use type alias for UntweakedPublicKey TweakedPublicKey::new(...) method added minor naming and doc changes 2021-11-07 06:11:43 +00:00			`TweakedPublicKey(key)`
			`}`
fixups to taptweaking code 2021-11-12 21:36:31 +00:00
Improve rustdocs on schnorr module Improve the docs by doing: - Use [`Foo`] for types - Use third person tense - Add trailing periods 2021-12-10 00:42:43 +00:00			`/// Returns the underlying public key.`
P2TR address from untweaked public key Ambiguous TweakedPublicKey and UntweakedPublicKey type aliases and methods to convert Use structs for Untweaked and Tweaked key type swap dangerous api to work on tweaked keys remove unecessary allocations and rename methods Use type alias for UntweakedPublicKey TweakedPublicKey::new(...) method added minor naming and doc changes 2021-11-07 06:11:43 +00:00			`pub fn into_inner(self) -> PublicKey {`
			`self.0`
			`}`
fixups to taptweaking code 2021-11-12 21:36:31 +00:00
Improve rustdocs on schnorr module Improve the docs by doing: - Use [`Foo`] for types - Use third person tense - Add trailing periods 2021-12-10 00:42:43 +00:00			`/// Returns a reference to underlying public key.`
fixups to taptweaking code 2021-11-12 21:36:31 +00:00			`pub fn as_inner(&self) -> &PublicKey {`
			`&self.0`
			`}`

Add slice 'serialize' method for TweakedPublicKey 2021-12-12 14:24:31 +00:00			`/// Serialize the key as a byte-encoded pair of values. In compressed form`
			`/// the y-coordinate is represented by only a single bit, as x determines`
			`/// it up to one bit.`
			`#[inline]`
			`pub fn serialize(&self) -> [u8; constants::SCHNORRSIG_PUBLIC_KEY_SIZE] {`
			`self.0.serialize()`
			`}`
Add newline to end of file Idiomatic UNIX file handling leaves files with a newline at the end. Add newline to end of `schnorr` module. 2021-11-29 02:17:16 +00:00			`}`
Add SchnorrSig type Export Sigs/Sigerrors 2021-11-16 00:00:12 +00:00
			`/// A BIP340-341 serialized schnorr signature with the corresponding hash type.`
			`#[derive(Debug, Copy, Clone, PartialEq, Eq, PartialOrd, Ord)]`
Derive serde for taproot stuctures 2021-10-28 07:43:02 +00:00			`#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]`
Add SchnorrSig type Export Sigs/Sigerrors 2021-11-16 00:00:12 +00:00			`pub struct SchnorrSig {`
			`/// The underlying schnorr signature`
			`pub sig: secp256k1::schnorrsig::Signature,`
			`/// The corresponding hash type`
			`pub hash_ty: SchnorrSigHashType,`
			`}`

			`impl SchnorrSig {`

			`/// Deserialize from slice`
			`pub fn from_slice(sl: &[u8]) -> Result<Self, SchnorrSigError> {`
			`match sl.len() {`
			`64 => {`
			`// default type`
			`let sig = secp256k1::schnorrsig::Signature::from_slice(sl)`
			`.map_err(SchnorrSigError::Secp256k1)?;`
			`return Ok( SchnorrSig { sig, hash_ty : SchnorrSigHashType::Default });`
			`},`
			`65 => {`
			`let (hash_ty, sig) = sl.split_last().expect("Slice len checked == 65");`
			`let hash_ty = SchnorrSigHashType::from_u8(*hash_ty)`
			`.map_err(\|_\| SchnorrSigError::InvalidSighashType(*hash_ty))?;`
			`let sig = secp256k1::schnorrsig::Signature::from_slice(sig)`
			`.map_err(SchnorrSigError::Secp256k1)?;`
			`Ok(SchnorrSig { sig, hash_ty })`
			`}`
			`len => {`
			`Err(SchnorrSigError::InvalidSchnorrSigSize(len))`
			`}`
			`}`
			`}`

			`/// Serialize SchnorrSig`
			`pub fn to_vec(&self) -> Vec<u8> {`
			`// TODO: add support to serialize to a writer to SerializedSig`
			`let mut ser_sig = self.sig.as_ref().to_vec();`
			`if self.hash_ty == SchnorrSigHashType::Default {`
			`// default sighash type, don't add extra sighash byte`
			`} else {`
			`ser_sig.push(self.hash_ty as u8);`
			`}`
			`ser_sig`
			`}`

			`}`

			`/// A schnorr sig related error.`
			`#[derive(Clone, PartialEq, Eq, PartialOrd, Ord, Hash, Debug)]`
			`pub enum SchnorrSigError {`
			`/// Base58 encoding error`
			`InvalidSighashType(u8),`
			`/// Signature has valid size but does not parse correctly`
			`Secp256k1(secp256k1::Error),`
			`/// Invalid schnorr signature size`
			`InvalidSchnorrSigSize(usize),`
			`}`


			`impl fmt::Display for SchnorrSigError {`
			`fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {`
			`match *self {`
			`SchnorrSigError::InvalidSighashType(hash_ty) =>`
			`write!(f, "Invalid signature hash type {}", hash_ty),`
			`SchnorrSigError::Secp256k1(ref e) =>`
			`write!(f, "Schnorr Signature has correct len, but is malformed : {}", e),`
			`SchnorrSigError::InvalidSchnorrSigSize(sz) =>`
			`write!(f, "Invalid Schnorr signature size: {}", sz),`
			`}`
			`}`
			`}`

			`#[cfg(feature = "std")]`
			`#[cfg_attr(docsrs, doc(cfg(feature = "std")))]`
			`impl ::std::error::Error for SchnorrSigError {}`

			`impl From<secp256k1::Error> for SchnorrSigError {`

			`fn from(e: secp256k1::Error) -> SchnorrSigError {`
			`SchnorrSigError::Secp256k1(e)`
			`}`
			`}`