Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates Schnorr native and circuit verifier challenge with public key, removing salt #258

Merged
merged 4 commits into from
Jul 14, 2021
Merged

Updates Schnorr native and circuit verifier challenge with public key, removing salt #258

merged 4 commits into from
Jul 14, 2021

Conversation

howardwu
Copy link
Contributor

@howardwu howardwu commented Jul 14, 2021
edited
Loading

Motivation

  • Updates Schnorr native and circuit verifier challenge with public key, removing the salt.
  • Updates Schnorr native and circuit randomization scheme.
  • Adds CryptoRng to Signature scheme traits.

Approach

This implementation of Schnorr constructs a signature with a verifier_challenge defined as:

verifier_challenge := ToScalarField( H( prover_commitment || public_key || message_length || message ))

As part of this, the former salt has been removed. In addition, by introducing the public key to the hash, this requires rearchitecting signature randomization. Previously we employed randomization as follows:

[G] := {0, 1}*

private_key := {0, 1}*
[public_key] := private_key * [G]
message := "Hello World"
(prover_response, verifier_challenge) := Sign(private_key, message)

randomizer := {0, 1}*
[randomized_public_key] := randomizer * [public_key]
randomized_prover_response := prover_response - (verifier_challenge * randomizer)
randomized_verifier_challenge := verifier_challenge

However, with the public key in the preimage of the hash, we update the scheme to continue support for randomization as follows (credits to @Pratyush):

[G] := {0, 1}*

private_key := {0, 1}*
[public_key] := private_key * [G]
message := "Hello World"
(prover_response, verifier_challenge) := Sign(private_key, message)

randomizer := {0, 1}*
randomized_private_key := private_key * randomizer
[randomized_public_key] := randomized_private_key * [G] == randomizer * [public_key]
(randomized_prover_response, randomized_verifier_challenge) := Sign(randomized_private_key, message)

Test Plan

  • Updates existing Schnorr tests to reflect the new convention.
  • Adds a new check that randomized_private_key * [G] == randomizer * [public_key]

@howardwu howardwu changed the base branch from master to feat/hash_to_parameters July 14, 2021 01:31
@howardwu howardwu marked this pull request as ready for review July 14, 2021 04:44
This was referenced Jul 14, 2021
Merged
Closed
@howardwu
Copy link
Contributor Author

I can confirm that the Schnorr native and circuit tests are passing on my local machine.

@howardwu
Copy link
Contributor Author

As this is an extension of the feat/hash_to_parameters branch with is still in draft, I am merging this branch in to prevent drift as higher-level changes are made using hash_to_curve on DPC components.

@howardwu howardwu merged commit da89d78 into feat/hash_to_parameters Jul 14, 2021
@howardwu howardwu deleted the feat/schnorr_with_pubkey branch July 14, 2021 06:46
@howardwu howardwu added the staging Staging label Jul 15, 2021
This was referenced Jul 16, 2021
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@weikengchen weikengchen Awaiting requested review from weikengchen

@Pratyush Pratyush Awaiting requested review from Pratyush

@raychu86 raychu86 Awaiting requested review from raychu86

Assignees
No one assigned
Labels
staging Staging
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@howardwu