Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

primitives: Implement sr25519 #60

Merged
merged 5 commits into from
May 28, 2021
Merged

primitives: Implement sr25519 #60

merged 5 commits into from
May 28, 2021

Conversation

Yawning
Copy link
Contributor

@Yawning Yawning commented May 24, 2021
edited
Loading

Because it is a better algorithm, and people should use it, implement sr25519. This is a notable improvement over the existing Go implementation that appears to be popular because:

  • It is a lot faster in part due to:
    • The underlying operations using a lot more assembly.
    • Not having to re-derive the public key each time the user signs.
    • Instead of calculating the verification by hand (lolololololol), we do it in one-shot.
  • It is more correct:
    • The s11n routines are more idiomatic (and probably actually work as intended). (Fixed)
    • This actually samples 128-bit random scalars when doing batch verification. (Fixed)
    • This uses a transcript RNG, instead of YOLO ignoring the private key nonce.
  • Support for SigningContext instead of having to work with a merlin transcript.
  • A more idiomatic/nicer API:
    • Not having foot+gun API calls like MiniSecretKey.Public().
    • Can override the entropy source wherever one is called for.
    • BinaryMarshaler/BinaryUnmarshaler instead of the Encode/Compress/Decode/whatever.

TODO:

  • Write tests for the key generation/s11n.
  • Implement batch verification.
  • Add license information.

TODO (deferred to a later date):

  • (perf) Replace the strobe implementation with something that doesn't guzzle heap.
  • (feature) Implement the VRF construct (The w3f repo has an issue hinting that this will change).
  • (feature) Implement the HKD construct.

Part of #4

@Yawning
internal/merlin: Add a local copy of github.com/gtank/merlin
83c0ea6 
We could just import this initially, but implementing what I consider to
be a sensible sr25519 API will require forking it anyway.
@Yawning
internal/merlin: Add Transcript.Clone
bc3ac71 
Verify and sign having side-effects doesn't feel amazing from an API
standpoint, so allow cloning the transcript so that we don't need to.

This will be needed for the transcript RNG support anyway.
@Yawning
internal/merlin: Add transcript RNG support
b33980a
@Yawning
curve/scalar: Move the fast scalar canonicity check here
5660b77 
Exposing this is generally useful.
@Yawning Yawning force-pushed the feature/sr25519 branch 9 times, most recently from 368782e to 48e58d5 Compare May 28, 2021 07:27
@Yawning Yawning marked this pull request as ready for review May 28, 2021 07:50
@Yawning Yawning mentioned this pull request May 28, 2021
Open
5 tasks
@Yawning Yawning merged commit b12728c into master May 28, 2021
@Yawning Yawning deleted the feature/sr25519 branch May 28, 2021 08:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kostko kostko kostko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Yawning @kostko