Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

implement schnorr siganture #116

Merged
merged 15 commits into from
Aug 31, 2023
Merged

implement schnorr siganture #116

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
b020599
schnorr signature draft
odyssey2077 Aug 13, 2023
f8bef53
record hash update code
odyssey2077 Aug 14, 2023
e842724
refactor function signature
odyssey2077 Aug 14, 2023
96269b3
clean up
odyssey2077 Aug 14, 2023
61c1e39
add test for schnorr signature
odyssey2077 Aug 15, 2023
1a075c5
update comment
odyssey2077 Aug 15, 2023
6c9febb
implement even check
odyssey2077 Aug 17, 2023
aa5eb7a
update test
odyssey2077 Aug 17, 2023
0124f00
fix a bug
odyssey2077 Aug 17, 2023
fe821fe
update test
odyssey2077 Aug 17, 2023
9ccba60
nit
odyssey2077 Aug 21, 2023
a1daa90
resolve comments
odyssey2077 Aug 23, 2023
4b343a4
resolve comments
odyssey2077 Aug 23, 2023
fcd90cb
nits
odyssey2077 Aug 28, 2023
f2b94af
nits
odyssey2077 Aug 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions halo2-ecc/src/bigint/big_is_even.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,11 @@
use super::OverflowInteger;
use halo2_base::gates::GateInstructions;
use halo2_base::gates::RangeChip;
use halo2_base::QuantumCell::Constant;
use halo2_base::{safe_types::RangeInstructions, utils::ScalarField, AssignedValue, Context};

/// # Assumptions
/// * `a` has nonzero number of limbs
pub fn positive<F: ScalarField>(
pub fn range<F: ScalarField>(
odyssey2077 marked this conversation as resolved.
Show resolved Hide resolved
gate: &RangeChip<F>,
odyssey2077 marked this conversation as resolved.
Show resolved Hide resolved
odyssey2077 marked this conversation as resolved.
Show resolved Hide resolved
ctx: &mut Context<F>,
a: OverflowInteger<F>,
Expand All @@ -17,5 +16,5 @@ pub fn positive<F: ScalarField>(
let first_cell: AssignedValue<F> = a.limbs[0];

let last_bit = gate.get_last_bit(ctx, first_cell, limb_bits);
gate.gate.sub(ctx, Constant(F::one()), last_bit)
gate.gate.not(ctx, last_bit)
}
6 changes: 4 additions & 2 deletions halo2-ecc/src/ecc/schnorr_signature.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ use super::{fixed_base, scalar_multiply, EcPoint, EccChip};
// SF is the scalar field of GA
// p = base field modulus
// n = scalar field modulus
// assume r < p, 0 < s < n, 0 < msgHash < n
odyssey2077 marked this conversation as resolved.
Show resolved Hide resolved
// this circuit applies over constraints that s > 0, msgHash > 0 cause scalar_multiply can't handle zero scalar
/// `pubkey` should not be the identity point
/// follow spec in https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
odyssey2077 marked this conversation as resolved.
Show resolved Hide resolved
pub fn schnorr_verify_no_pubkey_check<F: PrimeField, CF: PrimeField, SF: PrimeField, GA>(
Expand All @@ -29,9 +31,9 @@ where

// check r < p
let r_valid = base_chip.is_less_than_p(ctx, &r);
// check s < n
// check 0 < s < n
let s_valid = scalar_chip.is_soft_nonzero(ctx, &s);
// check e < n
// check 0 < e < n
let e_valid = scalar_chip.is_soft_nonzero(ctx, &msgHash);

// compute s * G and msgHash * pubkey
Expand Down
2 changes: 1 addition & 1 deletion halo2-ecc/src/fields/fp.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ impl<'range, F: PrimeField, Fp: PrimeField> FpChip<'range, F, Fp> {
) -> AssignedValue<F> {
let a = a.into();
self.enforce_less_than_p(ctx, a.clone());
big_is_even::positive(self.range(), ctx, a.0.truncation, self.limb_bits)
big_is_even::range(self.range(), ctx, a.0.truncation, self.limb_bits)
}
}

Expand Down