Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add total public excess to Schnorr challenge #1423

Closed
jaspervdm opened this issue Aug 26, 2018 · 2 comments
Closed

Add total public excess to Schnorr challenge #1423

jaspervdm opened this issue Aug 26, 2018 · 2 comments
Labels
consensus breaking Use for issues or PRs that will break consensus and force a hard fork enhancement must-have Required for the associated milestone
Milestone
Testnet4

Comments

@jaspervdm
Copy link
Contributor

jaspervdm commented Aug 26, 2018
edited
Loading

Currently a kernel signature is defined as the pair (s,kG), where s=k+ex, with k a nonce and x the (secret) excess. The challenge e is defined as e=SHA256(kG|M). To conform to BIP-schnorr (#1294 and here under "key prefixing") and enable features such as atomic swaps, I propose we modify the challenge to

e = SHA256(kG|xG|M)

Doing so will tie the signature to the excess, meaning the same signature for excess x can't be used to sign a kernel with excess x'=x+a.

I am preparing a PR for the grin fork of libsecp256k1, so that the aggsig module can support both types of challenges. If others agree that this change should be implemented, changes to rust-secp256k1-zkp and grin are necessary as well.

Enabling this feature on T3 will require a hardfork. We might want to consider doing this (together with some other improvements), also to gain some experience in doing hardforks before mainnet launch.

Any comments/suggestions are welcome!
@ignopeverell ignopeverell added this to the Mainnet milestone Aug 26, 2018
@ignopeverell ignopeverell added enhancement must-have Required for the associated milestone labels Aug 26, 2018
@yeastplume yeastplume added the consensus breaking Use for issues or PRs that will break consensus and force a hard fork label Aug 27, 2018
@ignopeverell ignopeverell modified the milestones: Mainnet, Testnet4 Sep 4, 2018
@yeastplume yeastplume mentioned this issue Sep 17, 2018
Merged
@ignopeverell
Copy link
Contributor

Is this merged? Can we close this now?

@garyyu
Copy link
Contributor

garyyu commented Oct 13, 2018

Yes. Closed by #1501 and secp256k1-zkp PR: mimblewimble/secp256k1-zkp#22

@garyyu garyyu closed this as completed Oct 13, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
consensus breaking Use for issues or PRs that will break consensus and force a hard fork enhancement must-have Required for the associated milestone
Projects
None yet
Milestone
Testnet4
Development

No branches or pull requests
4 participants
@jaspervdm @garyyu @yeastplume @ignopeverell