# Schnorr Protocol

We will make a simple implementation of the schnorr protocol

We start by defining our Finite Field with a prime $p$ and a generator $g$

We define one auxiliary function to get the last digits of the sha256 hash of a string.

We implement the protocol in two functions.
generateProof generates a proof that the prove knows the discrete logarithm $a$ of a value $A\in F_p$. We follow the protocol and implement Fiat-Shamir heuristic to emulate the challenge $b$ that the verifier is supposed to send.
The output of the function is the public key $A$, the commitment $R$ and the proof $z$.

The function that verifies the proof takes as input those exact values and verifies the proof following the protocol.

In [4]:
p = 0x800000000000011000000000000000000000000000000000000000000000001
g = 7 # generator

In [19]:
# aux hash function

import hashlib
def sha256_mod_p(data):
    hash_object = hashlib.sha256()

    
    hash_object.update(data.encode())

    sha256_hash = hash_object.hexdigest()
    sha256_hash_mod_p = int(sha256_hash, 16)%(p-1)
    return sha256_hash_mod_p

In [6]:
import random


def generate_proof():

    # The prover chooses its private key
    random.seed(42)
    a = random.randint(2,p-1) # a = 1009836733293157903490750697761638816704611831659779228157210293632536508831

    A = pow(g,a,p)

    # Prover chooses a random commitment and hides it
    k = random.randint(2,p-1)
    R = pow(g, k, p)

    # We use Fiat-Shamir heuristic to emulate the verifier challenge b
    b = sha256_mod_p(str(g) + str(A) + str(R))

    z = (k + b*a)%(p-1)
    return A, R, z

def verify_proof(A, R, z):

    # Fiat-Shamir
    b = sha256_mod_p(str(g) + str(A) + str(R))
    print(b)

    lhs = pow(g, z, p)
    rhs = R * pow(A, b, p) %p

    return lhs == rhs


In [20]:
proof = generate_proof()
proof_validity = verify_proof(*proof)
if proof_validity:
    print("The proof is valid")

The proof is valid


In [21]:
proof

(3193911330048772750163466840708703342603689863347316625363164265906920649196,
 3381150360092203933314116350121226761344165239458780575523012581341808801475,
 2581178580202173231983361769606702596438937575219053452360943336669012096641)

In [None]:
27417828048169692983411440270675830406092413904797441041903564206699524878711