-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update did keys as compressed keys #36
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These look good to me, but I have been bitten by uvarint before... @troyronda any chance you can confirm these?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Looks reasonable to me (though I haven't confirmed the varint part).
Also (not a blocking comment, by any means), maybe it'd be less confusing if we used full URLs (instead of just hash fragments) for IDs?
FWIW, this was a get it done fast attempt. I'm still fine tuning this. I need to write more tests. Thus far my did:keys (compressed) look consistent for P-256, P-384, and P521. Thus far my did:key documents from the resolver look okay for P-256 and P-384. I want to look more at P-521. The y component does not look good. The curve seems weird [1]. Of course, more tests. Curiously, my code has the multibase prefix u for base64url. This may be out of scope for this pull request. |
@dmitrizagidulin I accept responsibility for promoting relative refs in did documents.... and I agree they are confusing... |
Here is what I get from decoding those values (using https://github.com/hyperledger/aries-framework-go/blob/fce55e1/pkg/vdr/fingerprint/fingerprint.go#L79): zDnaerx9CtbPJ1q36T5Ln5wYt3MQYeGRG5ehnPAmxcf5mDZpv zDnaerDaTF5BXEavCrfRZEk316dpbLsfPDZ3WJ5hRTPFU2169 z82LkvCwHNreneWpsgPEbV3gu1C6NFJEBg4srfJ5gdxEsMGRJUz2sG9FE42shbn2xkZJh54 z82Lm1MpAkeJcix9K8TMiLd5NMAhnwkjjCBeWHXyu3U4oT2MVJJKXkcVBgjGhnLBn2Kaau9 z2J9gaYxrKVpdoG9A4gRnmpnRCcxU6agDtFVVBVdn1JedouoZN7SzcyREXXzWgt3gGiwpoHq7K68X4m32D8HgzG8wv3sY5j7 z2J9gcGdb2nEyMDmzQYv2QZQcM1vXktvy1Pw4MduSWxGabLZ9XESSWLQgbuPhwnXN7zP7HpTzWqrMTzaY5zWe6hpzJ2jnw4f |
@OR13 wrote:
Can we stop using relative URLs in One really nasty side-effect that this is going to have is it's going to make CBOR-LD-style compression of things that would normally be compressible DIDs impossible. It's not so much an issue for |
@msporny yes, I think we can now... The main reason our did:key implementations use relative refs (where these test vectors originally came from) is that sidetree uses them, and we like being able to test conformance easily... but we've learned to hate them over time... All of the test vectors are out of date thanks to did core context changes (not a bad thing, but requires us to fix stuff in a lot of places). IMO, did:key test vectors should use 100% absolute DID URLs and cover all the key types for both |
Useful reference: https://asecuritysite.com/encryption/ecc_points2
and people wonder about those NIST curves ... look at those cute little b values. |
I am in the process of confirming these results, here: transmute-industries/verifiable-data#55 So far I am able to at least confirm that elliptic and the "by hand" method agree for P256 / P384 |
p-521 [1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf, D.2.5. , p 104 |
I tested these, and I think they are correct. |
I was able to take a first run at compressing the keys for P-521, P-384, and P-256:
I used this code:
https://gist.github.com/bshambaugh/60d90a32fd5b3bacd8113c631ba98491
I will double check that they resolve tomorrow.