Skalman pok new interface #29
Conversation
drskalman
commented
Feb 8, 2021
drskalman
commented
- PoP: using schnorr proof.
- Moving the backend to arkworks.
- Remove some redundants trait.
Commenting out lots of problematic types to make engine.rs compiles.
… compiles but not the tests.
but two tests fail.
…into skalman-pok-new-interface
order to resolve CountSigned test failure.
- Removed old secret serialization and derive it from Arkworks serialization
|
|
||
| let mut k_as_hash = <H as Digest>::new().chain(r_point_as_bytes).chain(message.0).finalize(); | ||
| let random_scalar : &mut [u8] = k_as_hash.as_mut_slice(); | ||
| random_scalar[31] &= 31; // BROKEN HACK DO BOT DEPLOY |
There was a problem hiding this comment.
right this part.. what is the group order again? they just added hash to field, right?
There was a problem hiding this comment.
Yes they did. It wasn't merged at the time, but I think it should have made it to the master/main now: #32 .
| let mut r_point_as_bytes = Vec::<u8>::new(); | ||
| r_point.into_affine().write(&mut r_point_as_bytes).unwrap(); | ||
|
|
||
| let mut k_as_hash = <H as Digest>::new().chain(r_point_as_bytes).chain(message.0).finalize(); |
There was a problem hiding this comment.
one should include the public key here.
There was a problem hiding this comment.
M was public key before but I thought we decided to replace with any arbitary message which can be public key as well. You want public key to be a mandatory part of the message?
|
|
||
| impl<E: EngineBLS, H: Digest> ProofOfPossessionGenerator<E,H> for SecretKey<E> { | ||
|
|
||
| fn generate_pok(&self, message: Message) -> SchnorrProof<E> { |
There was a problem hiding this comment.
I'm tempted to use a transcript abstraction instead of Message like in schnorrkel, ring-vrf, and now the apk crate. Message made sense for BLS signatures message. And maybe still does. I do not see much point in a schnorr proof.
There was a problem hiding this comment.
We should maybe make this PoK do both G1 and G2 if we're going that route, no? I guess that's a seperate thing that depends upon only Engine. Ugh.
| } | ||
| // // #[test] | ||
| // // fn foo() { } | ||
| // } |
There was a problem hiding this comment.
We can do global tests in a follow up, not sure what's not tested yet actually.
|
|
||
| use pairing::{CurveAffine, CurveProjective}; // Engine, Field, PrimeField, SqrtField | ||
| use ark_ec::ProjectiveCurve; | ||
| use ark_serialize::{CanonicalSerialize}; | ||
|
|
||
| use super::*; | ||
|
|
There was a problem hiding this comment.
We'll keep these I guess, and they could be useful if collecting by gossip, but we do not envision using them ourselves, and maybe https://eprint.iacr.org/2021/005 provides interesting ides for gossip situations.
There was a problem hiding this comment.
Hmm, what do you mean by "these"?
There was a problem hiding this comment.
I meant the whole file with these aggregate BLS verifiers.
| #[inline] | ||
| fn uncompressed_size(&self) -> usize { | ||
| self.0.into_affine().uncompressed_size() | ||
| } |
There was a problem hiding this comment.
Can we just pass this through to the CanonicalSerialize on the underlying type?
I'm not sure what I think of this CanonicalSerialize trait overall yet, but I guess it's what arkworks does. Is it what celo does?
There was a problem hiding this comment.
hmm, we can't. because projective points can't be canonically serialized (and hence ProjectiveCurve trait does not implement CanonicalSerialize. I think turn them into affine and call the serialization functions is the closest thing we do. I can look into celo's approach though.
There was a problem hiding this comment.
Are we serializing projective without going through affine here? Why? Did i do that?
There was a problem hiding this comment.
No, we go through affine as in self.0.into_affine() . What I meant was that we just can't simply derive CanonicalSerialize for the Public/Private key because we need to perform this into_affine() step manually.
You basically reimplemented serialization from scratch, there was no official serialization in the original pairing library.
There was a problem hiding this comment.
We could pass this through to the underlying affine curve then maybe?
There was a problem hiding this comment.
I'll just merge this and then we can make another issue for passing these through.
There was a problem hiding this comment.
We could pass this through to the underlying affine curve then maybe?
I thought I was doing that. Could you show me what is the proper way of doing it?
|
We should discuss the above things, but I'm satisfied this moves in the correct direction, so we can merge it and then focus on more detailed issues. |
