kevacoin/include/secp256k1_schnorr.h

#ifndef _SECP256K1_SCHNORR_
# define _SECP256K1_SCHNORR_

# include "secp256k1.h"

# ifdef __cplusplus
extern "C" {
# endif

/** Create a signature using a custom EC-Schnorr-SHA256 construction. It
 *  produces non-malleable 64-byte signatures which support public key recovery
 *  batch validation, and multiparty signing.
 *  Returns: 1: signature created
 *           0: the nonce generation function failed, or the private key was
 *              invalid.
 *  Args:    ctx:    pointer to a context object, initialized for signing
 *                   (cannot be NULL)
 *  Out:     sig64:  pointer to a 64-byte array where the signature will be
 *                   placed (cannot be NULL)
 *  In:      msg32:  the 32-byte message hash being signed (cannot be NULL)
 *           seckey: pointer to a 32-byte secret key (cannot be NULL)
 *           noncefp:pointer to a nonce generation function. If NULL,
 *                   secp256k1_nonce_function_default is used
 *           ndata:  pointer to arbitrary data used by the nonce generation
 *                   function (can be NULL)
 */
SECP256K1_API int secp256k1_schnorr_sign(
  const secp256k1_context* ctx,
  unsigned char *sig64,
  const unsigned char *msg32,
  const unsigned char *seckey,
  secp256k1_nonce_function noncefp,
  const void *ndata
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);

/** Verify a signature created by secp256k1_schnorr_sign.
 *  Returns: 1: correct signature
 *           0: incorrect signature
 *  Args:    ctx:       a secp256k1 context object, initialized for verification.
 *  In:      sig64:     the 64-byte signature being verified (cannot be NULL)
 *           msg32:     the 32-byte message hash being verified (cannot be NULL)
 *           pubkey:    the public key to verify with (cannot be NULL)
 */
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_verify(
  const secp256k1_context* ctx,
  const unsigned char *sig64,
  const unsigned char *msg32,
  const secp256k1_pubkey *pubkey
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);

/** Recover an EC public key from a Schnorr signature created using
 *  secp256k1_schnorr_sign.
 *  Returns: 1: public key successfully recovered (which guarantees a correct
 *           signature).
 *           0: otherwise.
 *  Args:    ctx:        pointer to a context object, initialized for
 *                       verification (cannot be NULL)
 *  Out:     pubkey:     pointer to a pubkey to set to the recovered public key
 *                       (cannot be NULL).
 *  In:      sig64:      signature as 64 byte array (cannot be NULL)
 *           msg32:      the 32-byte message hash assumed to be signed (cannot
 *                       be NULL)
 */
SECP256K1_API int secp256k1_schnorr_recover(
  const secp256k1_context* ctx,
  secp256k1_pubkey *pubkey,
  const unsigned char *sig64,
  const unsigned char *msg32
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);

/** Generate a nonce pair deterministically for use with
 *  secp256k1_schnorr_partial_sign.
 *  Returns: 1: valid nonce pair was generated.
 *           0: otherwise (nonce generation function failed)
 *  Args:    ctx:         pointer to a context object, initialized for signing
 *                        (cannot be NULL)
 *  Out:     pubnonce:    public side of the nonce (cannot be NULL)
 *           privnonce32: private side of the nonce (32 byte) (cannot be NULL)
 *  In:      msg32:       the 32-byte message hash assumed to be signed (cannot
 *                        be NULL)
 *           sec32:       the 32-byte private key (cannot be NULL)
 *           noncefp:     pointer to a nonce generation function. If NULL,
 *                        secp256k1_nonce_function_default is used
 *           noncedata:   pointer to arbitrary data used by the nonce generation
 *                        function (can be NULL)
 *
 *  Do not use the output as a private/public key pair for signing/validation.
 */
SECP256K1_API int secp256k1_schnorr_generate_nonce_pair(
  const secp256k1_context* ctx,
  secp256k1_pubkey *pubnonce,
  unsigned char *privnonce32,
  const unsigned char *msg32,
  const unsigned char *sec32,
  secp256k1_nonce_function noncefp,
  const void* noncedata
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);

/** Produce a partial Schnorr signature, which can be combined using
 *  secp256k1_schnorr_partial_combine, to end up with a full signature that is
 *  verifiable using secp256k1_schnorr_verify.
 *  Returns: 1: signature created successfully.
 *           0: no valid signature exists with this combination of keys, nonces
 *              and message (chance around 1 in 2^128)
 *          -1: invalid private key, nonce, or public nonces.
 *  Args: ctx:             pointer to context object, initialized for signing (cannot
 *                         be NULL)
 *  Out:  sig64:           pointer to 64-byte array to put partial signature in
 *  In:   msg32:           pointer to 32-byte message to sign
 *        sec32:           pointer to 32-byte private key
 *        pubnonce_others: pointer to pubkey containing the sum of the other's
 *                         nonces (see secp256k1_ec_pubkey_combine)
 *        secnonce32:      pointer to 32-byte array containing our nonce
 *
 * The intended procedure for creating a multiparty signature is:
 * - Each signer S[i] with private key x[i] and public key Q[i] runs
 *   secp256k1_schnorr_generate_nonce_pair to produce a pair (k[i],R[i]) of
 *   private/public nonces.
 * - All signers communicate their public nonces to each other (revealing your
 *   private nonce can lead to discovery of your private key, so it should be
 *   considered secret).
 * - All signers combine all the public nonces they received (excluding their
 *   own) using secp256k1_ec_pubkey_combine to obtain an
 *   Rall[i] = sum(R[0..i-1,i+1..n]).
 * - All signers produce a partial signature using
 *   secp256k1_schnorr_partial_sign, passing in their own private key x[i],
 *   their own private nonce k[i], and the sum of the others' public nonces
 *   Rall[i].
 * - All signers communicate their partial signatures to each other.
 * - Someone combines all partial signatures using
 *   secp256k1_schnorr_partial_combine, to obtain a full signature.
 * - The resulting signature is validatable using secp256k1_schnorr_verify, with
 *   public key equal to the result of secp256k1_ec_pubkey_combine of the
 *   signers' public keys (sum(Q[0..n])).
 *
 *  Note that secp256k1_schnorr_partial_combine and secp256k1_ec_pubkey_combine
 *  function take their arguments in any order, and it is possible to
 *  pre-combine several inputs already with one call, and add more inputs later
 *  by calling the function again (they are commutative and associative).
 */
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_partial_sign(
  const secp256k1_context* ctx,
  unsigned char *sig64,
  const unsigned char *msg32,
  const unsigned char *sec32,
  const secp256k1_pubkey *pubnonce_others,
  const unsigned char *secnonce32
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6);

/** Combine multiple Schnorr partial signatures.
 * Returns: 1: the passed signatures were successfully combined.
 *          0: the resulting signature is not valid (chance of 1 in 2^256)
 *         -1: some inputs were invalid, or the signatures were not created
 *             using the same set of nonces
 * Args:   ctx:      pointer to a context object
 * Out:    sig64:    pointer to a 64-byte array to place the combined signature
 *                   (cannot be NULL)
 * In:     sig64sin: pointer to an array of n pointers to 64-byte input
 *                   signatures
 *         n:        the number of signatures to combine (at least 1)
 */
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_partial_combine(
  const secp256k1_context* ctx,
  unsigned char *sig64,
  const unsigned char * const * sig64sin,
  size_t n
) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);

# ifdef __cplusplus
}
# endif

#endif
Squashed 'src/secp256k1/' changes from 22f60a6..2bfb82b 2bfb82b Merge pull request #351 06aeea5 Turn secp256k1_ec_pubkey_serialize outlen to in/out 970164d Merge pull request #348 6466625 Improvements for coordinate decompression e2100ad Merge pull request #347 8e48787 Change secp256k1_ec_pubkey_combine's count argument to size_t. c69dea0 Clear output in more cases for pubkey_combine, adds tests. 269d422 Comment copyediting. b4d17da Merge pull request #344 4709265 Merge pull request #345 26abce7 Adds 32 static test vectors for scalar mul, sqr, inv. 5b71a3f Better error case handling for pubkey_create & pubkey_serialize, more tests. 3b7bc69 Merge pull request #343 eed87af Change contrib/laxder from headers-only to files compilable as standalone C d7eb1ae Merge pull request #342 7914a6e Make lax_der_privatekey_parsing.h not depend on internal code 73f64ff Merge pull request #339 9234391 Overhaul flags handling 1a36898 Make flags more explicit, add runtime checks. 1a3e03a Merge pull request #340 96be204 Add additional tests for eckey and arg-checks. bb5aa4d Make the tweak function zeroize-output-on-fail behavior consistent. 4a243da Move secp256k1_ec_privkey_import/export to contrib. 1b3efc1 Move secp256k1_ecdsa_sig_recover into the recovery module. e3cd679 Eliminate all side-effects from VERIFY_CHECK() usage. b30fc85 Avoid nonce_function_rfc6979 algo16 argument emulation. 70d4640 Make secp256k1_ec_pubkey_create skip processing invalid secret keys. 6c476a8 Minor comment improvements. 131afe5 Merge pull request #334 0c6ab2f Introduce explicit lower-S normalization fea19e7 Add contrib/lax_der_parsing.h 3bb9c44 Rewrite ECDSA signature parsing code fa57f1b Use secp256k1_rand_int and secp256k1_rand_bits more 49b3749 Add new tests for the extra testrand functions f684d7d Faster secp256k1_rand_int implementation 251b1a6 Improve testrand: add extra random functions 31994c8 Merge pull request #338 f79aa88 Bugfix: swap arguments to noncefp c98df26 Merge pull request #319 67f7da4 Extensive interface and operations tests for secp256k1_ec_pubkey_parse. ee2cb40 Add ARG_CHECKs to secp256k1_ec_pubkey_parse/secp256k1_ec_pubkey_serialize 7450ef1 Merge pull request #328 68a3c76 Merge pull request #329 98135ee Merge pull request #332 37100d7 improve ECDH header-doc b13d749 Fix couple of typos in API comments 7c823e3 travis: fixup module configs cc3141a Merge pull request #325 ee58fae Merge pull request #326 213aa67 Do not force benchmarks to be statically linked. 338fc8b Add API exports to secp256k1_nonce_function_default and secp256k1_nonce_function_rfc6979. 52fd03f Merge pull request #320 9f6993f Remove some dead code. 357f8cd Merge pull request #314 118cd82 Use explicit symbol visibility. 4e64608 Include public module headers when compiling modules. 1f41437 Merge pull request #316 fe0d463 Merge pull request #317 cfe0ed9 Fix miscellaneous style nits that irritate overactive static analysis. 2b199de Use the explicit NULL macro for pointer comparisons. 9e90516 Merge pull request #294 dd891e0 Get rid of _t as it is POSIX reserved 201819b Merge pull request #313 912f203 Eliminate a few unbraced statements that crept into the code. eeab823 Merge pull request #299 486b9bb Use a flags bitfield for compressed option to secp256k1_ec_pubkey_serialize and secp256k1_ec_privkey_export 05732c5 Callback data: Accept pointers to either const or non-const data 1973c73 Bugfix: Reinitialise buffer lengths that have been used as outputs 788038d Use size_t for lengths (at least in external API) c9d7c2a secp256k1_context_set_{error,illegal}_callback: Restore default handler by passing NULL as function argument 9aac008 secp256k1_context_destroy: Allow NULL argument as a no-op 64b730b secp256k1_context_create: Use unsigned type for flags bitfield cb04ab5 Merge pull request #309 a551669 Merge pull request #295 81e45ff Update group_impl.h 85e3a2c Merge pull request #112 b2eb63b Merge pull request #293 dc0ce9f [API BREAK] Change argument order to out/outin/in 6d947ca Merge pull request #298 c822693 Merge pull request #301 6d04350 Merge pull request #303 7ab311c Merge pull request #304 5fb3229 Fixes a bug where bench_sign would fail due to passing in too small a buffer. 263dcbc remove unused assignment b183b41 bugfix: "ARG_CHECK(ctx != NULL)" makes no sense 6da1446 build: fix parallel build 5eb4356 Merge pull request #291 c996d53 Print success 9f443be Move pubkey recovery code to separate module d49abbd Separate ECDSA recovery tests 439d34a Separate recoverable and normal signatures a7b046e Merge pull request #289 f66907f Improve/reformat API documentation secp256k1.h 2f77487 Add context building benchmarks cc623d5 Merge pull request #287 de7e398 small typo fix 9d96e36 Merge pull request #280 432e1ce Merge pull request #283 14727fd Use correct name in gitignore 356b0e9 Actually test static precomputation in Travis ff3a5df Merge pull request #284 2587208 Merge pull request #212 a5a66c7 Add support for custom EC-Schnorr-SHA256 signatures d84a378 Merge pull request #252 72ae443 Improve perf. of cmov-based table lookup 92e53fc Implement endomorphism optimization for secp256k1_ecmult_const ed35d43 Make `secp256k1_scalar_add_bit` conditional; make `secp256k1_scalar_split_lambda_var` constant time 91c0ce9 Add benchmarks for ECDH and const-time multiplication 0739bbb Add ECDH module which works by hashing the output of ecmult_const 4401500 Add constant-time multiply `secp256k1_ecmult_const` for ECDH e4ce393 build: fix hard-coded usage of "gen_context" b8e39ac build: don't use BUILT_SOURCES for the static context header baa75da tests: add a couple tests ae4f0c6 Merge pull request #278 995c548 Introduce callback functions for dealing with errors. c333074 Merge pull request #282 18c329c Remove the internal secp256k1_ecdsa_sig_t type 74a2acd Add a secp256k1_ecdsa_signature_t type 23cfa91 Introduce secp256k1_pubkey_t type 4c63780 Merge pull request #269 3e6f1e2 Change rfc6979 implementation to be a generic PRNG ed5334a Update configure.ac to make it build on OpenBSD 1b68366 Merge pull request #274 a83bb48 Make ecmult static precomputation default 166b32f Merge pull request #276 c37812f Add gen_context src/ecmult_static_context.h to CLEANFILES to fix distclean. 125c15d Merge pull request #275 76f6769 Fix build with static ecmult altroot and make dist. 5133f78 Merge pull request #254 b0a60e6 Merge pull request #258 733c1e6 Add travis build to test the static context. fbecc38 Add ability to use a statically generated ecmult context. 4fb174d Merge pull request #263 4ab8990 Merge pull request #270 bdf0e0c Merge pull request #271 31d0c1f Merge pull request #273 eb2c8ff Add missing casts to SECP256K1_FE_CONST_INNER 55399c2 Further performance improvements to _ecmult_wnaf 99fd963 Add secp256k1_ec_pubkey_compress(), with test similar to the related decompress() function. 145cc6e Improve performance of _ecmult_wnaf 36b305a Verify the result of GMP modular inverse using non-GMP code 0cbc860 Merge pull request #266 06ff7fe Merge pull request #267 5a43124 Save 1 _fe_negate since s1 == -s2 a5d796e Update code comments 3f3964e Add specific VERIFY tests for _fe_cmov 7d054cd Refactor to save a _fe_negate b28d02a Refactor to remove a local var 55e7fc3 Perf. improvement in _gej_add_ge a0601cd Fix VERIFY calculations in _fe_cmov methods 17f7148 Merge pull request #261 7657420 Add tests for adding P+Q with P.x!=Q.x and P.y=-Q.y 8c5d5f7 tests: Add failing unit test for #257 (bad addition formula) 5de4c5d gej_add_ge: fix degenerate case when computing P + (-lambda)P bcf2fcf gej_add_ge: rearrange algebra e2a07c7 Fix compilation with C++ 873a453 Merge pull request #250 91eb0da Merge pull request #247 210ffed Use separate in and out pointers in `secp256k1_ec_pubkey_decompress` a1d5ae1 Tiny optimization 729badf Merge pull request #210 2d5a186 Apply effective-affine trick to precomp 4f9791a Effective affine addition in EC multiplication 2b4cf41 Use pkg-config always when possible, with failover to manual checks for libcrypto git-subtree-dir: src/secp256k1 git-subtree-split: 2bfb82b10edf0f0b0e366a12f94c8b21a914159d 9 years ago			`#ifndef _SECP256K1_SCHNORR_`
			`# define _SECP256K1_SCHNORR_`

			`# include "secp256k1.h"`

			`# ifdef __cplusplus`
			`extern "C" {`
			`# endif`

			`/** Create a signature using a custom EC-Schnorr-SHA256 construction. It`
			`* produces non-malleable 64-byte signatures which support public key recovery`
			`* batch validation, and multiparty signing.`
			`* Returns: 1: signature created`
			`* 0: the nonce generation function failed, or the private key was`
			`* invalid.`
			`* Args: ctx: pointer to a context object, initialized for signing`
			`* (cannot be NULL)`
			`* Out: sig64: pointer to a 64-byte array where the signature will be`
			`* placed (cannot be NULL)`
			`* In: msg32: the 32-byte message hash being signed (cannot be NULL)`
			`* seckey: pointer to a 32-byte secret key (cannot be NULL)`
			`* noncefp:pointer to a nonce generation function. If NULL,`
			`* secp256k1_nonce_function_default is used`
			`* ndata: pointer to arbitrary data used by the nonce generation`
			`* function (can be NULL)`
			`*/`
			`SECP256K1_API int secp256k1_schnorr_sign(`
			`const secp256k1_context* ctx,`
			`unsigned char *sig64,`
			`const unsigned char *msg32,`
			`const unsigned char *seckey,`
			`secp256k1_nonce_function noncefp,`
			`const void *ndata`
			`) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);`

			`/** Verify a signature created by secp256k1_schnorr_sign.`
			`* Returns: 1: correct signature`
			`* 0: incorrect signature`
			`* Args: ctx: a secp256k1 context object, initialized for verification.`
			`* In: sig64: the 64-byte signature being verified (cannot be NULL)`
			`* msg32: the 32-byte message hash being verified (cannot be NULL)`
			`* pubkey: the public key to verify with (cannot be NULL)`
			`*/`
			`SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_verify(`
			`const secp256k1_context* ctx,`
			`const unsigned char *sig64,`
			`const unsigned char *msg32,`
			`const secp256k1_pubkey *pubkey`
			`) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);`

			`/** Recover an EC public key from a Schnorr signature created using`
			`* secp256k1_schnorr_sign.`
			`* Returns: 1: public key successfully recovered (which guarantees a correct`
			`* signature).`
			`* 0: otherwise.`
			`* Args: ctx: pointer to a context object, initialized for`
			`* verification (cannot be NULL)`
			`* Out: pubkey: pointer to a pubkey to set to the recovered public key`
			`* (cannot be NULL).`
			`* In: sig64: signature as 64 byte array (cannot be NULL)`
			`* msg32: the 32-byte message hash assumed to be signed (cannot`
			`* be NULL)`
			`*/`
			`SECP256K1_API int secp256k1_schnorr_recover(`
			`const secp256k1_context* ctx,`
			`secp256k1_pubkey *pubkey,`
			`const unsigned char *sig64,`
			`const unsigned char *msg32`
			`) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);`

			`/** Generate a nonce pair deterministically for use with`
			`* secp256k1_schnorr_partial_sign.`
			`* Returns: 1: valid nonce pair was generated.`
			`* 0: otherwise (nonce generation function failed)`
			`* Args: ctx: pointer to a context object, initialized for signing`
			`* (cannot be NULL)`
			`* Out: pubnonce: public side of the nonce (cannot be NULL)`
			`* privnonce32: private side of the nonce (32 byte) (cannot be NULL)`
			`* In: msg32: the 32-byte message hash assumed to be signed (cannot`
			`* be NULL)`
			`* sec32: the 32-byte private key (cannot be NULL)`
			`* noncefp: pointer to a nonce generation function. If NULL,`
			`* secp256k1_nonce_function_default is used`
			`* noncedata: pointer to arbitrary data used by the nonce generation`
			`* function (can be NULL)`
			`*`
			`* Do not use the output as a private/public key pair for signing/validation.`
			`*/`
			`SECP256K1_API int secp256k1_schnorr_generate_nonce_pair(`
			`const secp256k1_context* ctx,`
			`secp256k1_pubkey *pubnonce,`
			`unsigned char *privnonce32,`
			`const unsigned char *msg32,`
			`const unsigned char *sec32,`
			`secp256k1_nonce_function noncefp,`
			`const void* noncedata`
			`) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);`

			`/** Produce a partial Schnorr signature, which can be combined using`
			`* secp256k1_schnorr_partial_combine, to end up with a full signature that is`
			`* verifiable using secp256k1_schnorr_verify.`
			`* Returns: 1: signature created successfully.`
			`* 0: no valid signature exists with this combination of keys, nonces`
			`* and message (chance around 1 in 2^128)`
			`* -1: invalid private key, nonce, or public nonces.`
			`* Args: ctx: pointer to context object, initialized for signing (cannot`
			`* be NULL)`
			`* Out: sig64: pointer to 64-byte array to put partial signature in`
			`* In: msg32: pointer to 32-byte message to sign`
			`* sec32: pointer to 32-byte private key`
			`* pubnonce_others: pointer to pubkey containing the sum of the other's`
			`* nonces (see secp256k1_ec_pubkey_combine)`
			`* secnonce32: pointer to 32-byte array containing our nonce`
			`*`
			`* The intended procedure for creating a multiparty signature is:`
			`* - Each signer S[i] with private key x[i] and public key Q[i] runs`
			`* secp256k1_schnorr_generate_nonce_pair to produce a pair (k[i],R[i]) of`
			`* private/public nonces.`
			`* - All signers communicate their public nonces to each other (revealing your`
			`* private nonce can lead to discovery of your private key, so it should be`
			`* considered secret).`
			`* - All signers combine all the public nonces they received (excluding their`
			`* own) using secp256k1_ec_pubkey_combine to obtain an`
			`* Rall[i] = sum(R[0..i-1,i+1..n]).`
			`* - All signers produce a partial signature using`
			`* secp256k1_schnorr_partial_sign, passing in their own private key x[i],`
			`* their own private nonce k[i], and the sum of the others' public nonces`
			`* Rall[i].`
			`* - All signers communicate their partial signatures to each other.`
			`* - Someone combines all partial signatures using`
			`* secp256k1_schnorr_partial_combine, to obtain a full signature.`
			`* - The resulting signature is validatable using secp256k1_schnorr_verify, with`
			`* public key equal to the result of secp256k1_ec_pubkey_combine of the`
			`* signers' public keys (sum(Q[0..n])).`
			`*`
			`* Note that secp256k1_schnorr_partial_combine and secp256k1_ec_pubkey_combine`
			`* function take their arguments in any order, and it is possible to`
			`* pre-combine several inputs already with one call, and add more inputs later`
			`* by calling the function again (they are commutative and associative).`
			`*/`
			`SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_partial_sign(`
			`const secp256k1_context* ctx,`
			`unsigned char *sig64,`
			`const unsigned char *msg32,`
			`const unsigned char *sec32,`
			`const secp256k1_pubkey *pubnonce_others,`
			`const unsigned char *secnonce32`
			`) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6);`

			`/** Combine multiple Schnorr partial signatures.`
			`* Returns: 1: the passed signatures were successfully combined.`
			`* 0: the resulting signature is not valid (chance of 1 in 2^256)`
			`* -1: some inputs were invalid, or the signatures were not created`
			`* using the same set of nonces`
			`* Args: ctx: pointer to a context object`
			`* Out: sig64: pointer to a 64-byte array to place the combined signature`
			`* (cannot be NULL)`
			`* In: sig64sin: pointer to an array of n pointers to 64-byte input`
			`* signatures`
			`* n: the number of signatures to combine (at least 1)`
			`*/`
			`SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_partial_combine(`
			`const secp256k1_context* ctx,`
			`unsigned char *sig64,`
			`const unsigned char * const * sig64sin,`
			`size_t n`
			`) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);`

			`# ifdef __cplusplus`
			`}`
			`# endif`

			`#endif`