add custom nonce extra data

crypto/schnorr-adaptor-signature/sig.go

@@ -13,17 +13,17 @@ import (
 )
 
 var (
-	// rfc6979ExtraDataV0 is the extra data to feed to RFC6979 when
-	// generating the deterministic nonce for the BIP-340 scheme.  This
-	// ensures the same nonce is not generated for the same message and key
+	// CustomBabylonrfc6979ExtraDataV0 is the extra data to feed to RFC6979 when
+	// generating the deterministic nonce for the BIP-340 Babylon adaptor signature scheme.
+	// This ensures the same nonce is not generated for the same message and key
 	// as for other signing algorithms such as ECDSA.
 	//
-	// It is equal to SHA-256([]byte("BIP-340")).
-	rfc6979ExtraDataV0 = [chainhash.HashSize]uint8{
-		0xa3, 0xeb, 0x4c, 0x18, 0x2f, 0xae, 0x7e, 0xf4,
-		0xe8, 0x10, 0xc6, 0xee, 0x13, 0xb0, 0xe9, 0x26,
-		0x68, 0x6d, 0x71, 0xe8, 0x7f, 0x39, 0x4f, 0x79,
-		0x9c, 0x00, 0xa5, 0x21, 0x03, 0xcb, 0x4e, 0x17,
+	// It is equal to SHA-256([]byte("BIP-340/babylon-adaptor-signature")).
+	customBabylonRFC6979ExtraDataV0 = [chainhash.HashSize]uint8{
+		0xcd, 0x36, 0xb5, 0x97, 0xbd, 0x59, 0x08, 0xfc,
+		0x48, 0x5c, 0xe9, 0xa2, 0xc0, 0xc2, 0x8b, 0xce,
+		0xd0, 0xda, 0xdb, 0x7f, 0xac, 0x7b, 0xf9, 0x4c,
+		0x19, 0x68, 0x51, 0xfb, 0x23, 0x27, 0x07, 0x09,
 	}
 )
 
@@ -219,7 +219,7 @@ func EncSign(sk *btcec.PrivateKey, encKey *EncryptionKey, msgHash []byte) (*Adap
 		// parameterized by the private key, message being signed, extra data
 		// that identifies the scheme, and an iteration count
 		nonce := btcec.NonceRFC6979(
-			privKeyBytes[:], hashForNonce, rfc6979ExtraDataV0[:], nil, iteration,
+			privKeyBytes[:], hashForNonce, customBabylonRFC6979ExtraDataV0[:], nil, iteration,
 		)
 
 		// try to generate adaptor signature