NUT-29: Fix batch minting signature message separator #375

Open

a1denvalu3 wants to merge 2 commits from a1denvalu3/fix-nut-29-batch-minting into main

a1denvalu3 commented

2026-05-22 12:07:04 +00:00

(Migrated from github.com)

Summary

Update msg_to_sign for NUT-29 batch minting to include proper colon separators between the quote ID and the blinded messages (e.g. quote_id:B_0:B_1).
Clarify that the outputs are UTF-8 encoded hex strings.
Update test vectors in tests/29-tests.md to reflect the new msg_to_sign and signature validation rule.

## Summary - Update `msg_to_sign` for NUT-29 batch minting to include proper colon separators between the quote ID and the blinded messages (e.g. `quote_id:B_0:B_1`). - Clarify that the outputs are UTF-8 encoded hex strings. - Update test vectors in `tests/29-tests.md` to reflect the new msg_to_sign and signature validation rule.

robwoodgate (Migrated from github.com) approved these changes

2026-05-22 13:32:32 +00:00

robwoodgate (Migrated from github.com) left a comment

Length as a separator may be better as it precludes use of the separator and assures injectivity - eg:

msg = b"Cashu_MintQuoteSig_v1"                       // DST
      ‖ len32(quote_id) ‖ quote_id                   // quote_id = UTF-8 bytes
      ‖ for each output i (in request order):
            len32(amount_i) ‖ amount_i               // amount_i = canonical minimal big-endian
          ‖ len32(B_i)      ‖ B_i                    // B_i = 33-byte secp / 48-byte BLS compressed point

might be safer?

Length as a separator may be better as it precludes use of the separator and assures injectivity - eg: ``` msg = b"Cashu_MintQuoteSig_v1" // DST ‖ len32(quote_id) ‖ quote_id // quote_id = UTF-8 bytes ‖ for each output i (in request order): len32(amount_i) ‖ amount_i // amount_i = canonical minimal big-endian ‖ len32(B_i) ‖ B_i // B_i = 33-byte secp / 48-byte BLS compressed point ``` might be safer?

robwoodgate commented

2026-05-22 14:17:15 +00:00

(Migrated from github.com)

As an addition, we should do the same for NUT-20 message aggregation due to the variable B_ lengths between SECP and BLS.

robwoodgate commented

2026-05-23 00:03:02 +00:00

(Migrated from github.com)

Although we want to minimise MintInfo usage, perhaps a nuts['20'].sig_versions: ["v0","v1"] or similar would help wallets resolve the "which message to sign" issue. Default if not supplied = legacy.

EDIT: The proposed version param for quotes would also resolve the ambiguity around message-to-sign construction

Although we want to minimise MintInfo usage, perhaps a `nuts['20'].sig_versions: ["v0","v1"]` or similar would help wallets resolve the "which message to sign" issue. Default if not supplied = legacy. **EDIT:** The proposed `version` param for quotes would also resolve the ambiguity around message-to-sign construction

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin a1denvalu3/fix-nut-29-batch-minting:a1denvalu3/fix-nut-29-batch-minting

git switch a1denvalu3/fix-nut-29-batch-minting

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main

git merge --no-ff a1denvalu3/fix-nut-29-batch-minting

git switch a1denvalu3/fix-nut-29-batch-minting

git rebase main

git switch main

git merge --ff-only a1denvalu3/fix-nut-29-batch-minting

git switch a1denvalu3/fix-nut-29-batch-minting

git rebase main

git switch main

git merge --no-ff a1denvalu3/fix-nut-29-batch-minting

git switch main

git merge --squash a1denvalu3/fix-nut-29-batch-minting