Ported the vrf verification feature #58
Conversation
- imported js-sha3 v0.3.1 from https://github.com/emn178/js-sha3 - extended js-sha3 to support SHAKE256 (output correct up to first 1088bits) - allowed output byte array of 32 bytes
- translated the golang implementation from https://github.com/yahoo/coname/blob/master/vrf/vrf.go#L148
| * Copyright 2015, emn178@gmail.com | ||
| * | ||
| * Licensed under the MIT license: | ||
| * http://www.opensource.org/licenses/MIT |
There was a problem hiding this comment.
Should this go under the @license header? I'm not sure what is the recommended way to include the MIT license in an Apache2 project. @gyehuda
There was a problem hiding this comment.
gd point. i was curious what to do too. I copied the code from there, dropped some, and added some new features. so, what's the license then? follow the MIT? or stick with the Apache as used in other files? or dual licenses? trust the expert @gyehuda can give some insights. thanks
There was a problem hiding this comment.
Sorry for the delay. There are a couple of ways to address this, and it's mostly driven by project convention. Some projects have a strict process where the headers are kept consistent and that all inclusions like this are disclosed in a NOTICES file, other projects are much less strict and have what you see above -- an inclusion in the code that is preceded with the relevant license and copyright text. Both are OK. At first this latter approach is simpler, eventually the code could get messy and you'll want to clean it up.
What is most important though is that somewhere in the project you indicate that emn17 owns the copyright of some code that was licensed under the MIT license and is included in this project.
There was a problem hiding this comment.
Thanks @gyehuda.
@diracdeltas, can you suggest which convention/approach you prefer?
adon-at-work
force-pushed
the
feature/vrf
branch
from
d5d7311
to
8762f42
Compare
|
|
||
| // e is either 1 or -1 | ||
| // x = ev - (1-e)A/2 | ||
| var x = e.isEqual(e2e.vrf.ed25519.curve.ONE) ? v : A.substract(v); |
There was a problem hiding this comment.
Please document that this is not constant time and thus must not be used with secret inputs.
|
@andres-erbsen , once you finished reviewing this. I'll clear all the commented golang here. They're there to facilitate reviews only. OK? |
|
@andres-erbsen and @diracdeltas please check those things fixed. Since many of those discussions are collapsed since the last commit, I list out the following discussions that are yet to be resolved for quick reference (kindly click below to have them expanded, or you may like to check each collapsed one by one): |
|
After the last commit, the final issue to deal with in this PR: #58 (diff) |
adon-at-work
force-pushed
the
feature/vrf
branch
from
a245658
to
9e03e29
Compare
| // return false | ||
| // } | ||
| // hash.Reset() | ||
| hash = e2e.vrf.sha3Shake256(iiB.concat(m), 32); |
|
Currently, the VRF module isn't included in any of the extension files, so the compiler isn't actually checking it for correctness. When I include the vrf module in the extension (such as by prepending |
| goog.require('e2e.ecc.PrimeCurve'); | ||
| goog.require('e2e.error.InvalidArgumentsError'); | ||
|
|
||
| var ed25519 = e2e.ecc.DomainParam.fromCurve(e2e.ecc.PrimeCurve.ED_25519); |
There was a problem hiding this comment.
Declaring variables/functions like this will pollute the global namespace. Please make sure everything is contained in the module namespace. Ex: e2e.vrf.extra255519.ed25519_ = e2e.ecc.DomainParam.fromCurve(e2e.ecc.PrimeCurve.ED_25519)
The underscore at the end of a name indicates to the compiler that this variable is private (should not be accessed outside of the current module).
adon-at-work
force-pushed
the
feature/vrf
branch
from
714aad3
to
0c3a29e
Compare
the errors are cleared. |
|
I'm done with the suggested changes. The build was failed due to an upstream commit (happened roughly an hour ago): Tracking the issue at google/closure-templates#57 |
adon-at-work
force-pushed
the
feature/vrf
branch
from
de0ff59
to
6e2342a
Compare
| * @param {!e2e.ecc.Element} r the representative coordinate | ||
| * @return {!e2e.ecc.Element} | ||
| */ | ||
| function representativeToMontgomeryX(r) { |
There was a problem hiding this comment.
Please put this in the e2e.vrf.extra25519 namespace
to leverage the faster new interfaces update() and digest()
|
@diracdeltas , all done. upgraded to use the latest js-sha3 too |
|
Thanks, LGTM! @andres-erbsen any objections to merging? |
Ported the vrf verification feature
| * @param {!e2e.ByteArray} h A byte array of length 32 | ||
| * @return {!e2e.ecc.point.Ed25519} | ||
| */ | ||
| e2e.vrf.extra25519.hashToEdwards = function(h) { |
There was a problem hiding this comment.
Please document that this is not constant time (because variable-length bignums aren't)
|
No objections. I did add two one-line documentation nits about functions that are not constant-time-ish, though. |
This is the vrf verification implementation ported from https://github.com/yahoo/coname/blob/master/vrf/vrf.go
It lives as an utility function, and is tested with inputs and outputs captured from the original golang implementation.
Please review, thanks.