What's the gain to extract btcec to a diff repo? In the past it was, but then we combined everything into a single repo as otherwise PR's touching diff packages was a major pain.

In the past it was, but then we combined everything into a single repo as otherwise PR's touching diff packages was a major pain.

That issue should be resolved with a good dependency manager. dep or vgo will most probably make that a non-issue. I would think an argument in favor is that it allows for easier experimentation with not-yet-softforked crypto stuffs without bothering btcd development.

Also, cryptographic primitives that are related to Bitcoin, but not consensus-critical, could be added there, but btcd doesn't need them. F.e. tools to construct Schnorr multisigs or discrete log contracts. Basically all layer 2 crypto that btcd doesn't necessarily need.

https://github.com/hbakhtiyor/schnorr/ implemented, feedback appreciate

@stevenroose agreed, separate crypto package would be nice. any new thoughts, also with regards to schnorr?

PR's touching diff packages is a major pain. Consider adding Schnorr and/or EdDSA to btcsuite/btcd (
btcec).

The main blocker here that we were working on was to first switch over all field operations to used fixed sized limbs rather than big ints, as we'll gain quite a performance increase in the process. Once that's in place, the next step would be to implement proper constant time signing using the field elements (which #1667 doesn't use).

The related project dcrd has implemented a lot of what we'll need for this, so we can either use their modules directly or copy things over. They have a schnorr implementation as well, but it deviates from BIP 340.