Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add new commitment signature to use complete representation pro…
…of (#131) Commitment signatures are currently used (via the `CommitmentSignature` type) in Tari protocols as part of transaction authorization, as described in [RFC-0201](https://rfc.tari.com/RFC-0201_TariScript.html). The cryptographic design of commitment signatures is such that they are a representation proof of a Pedersen commitment that is bound to arbitrary message data (via a Fiat-Shamir challenge) to produce a signature. In both cases where commitment signatures are used, two elements of input data are summed prior to generating or verifying the signature. The cases are: - an output commitment and a sender offset public key - an input commitment and a script public key In both cases, the individual elements are included separately in the challenge. This approach is not a proof of knowledge of the openings of the individual elements. Instead, it is a proof of knowledge of the commitment value, and of the sum of the commitment mask and discrete logarithm of the public key. It is unclear if this can lead to practical transaction malleability or other insecure outcomes. This PR adds a new `CommitmentAndPublicKeySignature` signature type that mitigates the issue by proving knowledge of the commitment value, commitment mask, and public key discrete logarithm. As before, it is the responsibility of the caller to ensure that the Fiat-Shamir challenge is generated correctly. The existing `CommitmentSignature` is left unchanged, but should not be used for the aforementioned use cases.
- Loading branch information
1 parent
b8fffca
commit e02fa0f
Showing
8 changed files
with
1,281 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.