first hack at sign:ed jet

2024-12-14 17:41:33 +03:00 · 2014-04-10 18:05:59 -07:00 · 2014-04-10 18:05:59 -07:00 · a0762ef8c8
commit a0762ef8c8
parent 8a7a789994
1 changed files with 135 additions and 0 deletions
--- a/arvo/hoon.hoon
+++ b/arvo/hoon.hoon
@ -3954,6 +3954,141 @@
    $(hel t.hel, hev t.hev, rag (done %| [i.hel ~] [i.hev ~]))
  --
 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
+::            section 2eX, ed25519 signatures           ::
+::
++  ed                                                    ::  ed25519
+  ~/  %ed
+  =>  =+  b=256
+      =+  q=(sub (bex 255) 19)
+      =+  fq=~(. fo q)
+      =+  ^=  l
+        %+  add
+          (bex 252)
+        27.742.317.777.372.353.535.851.937.790.883.648.493
+      =+  d=(dif.fq 0 (fra.fq 121.665 121.666))
+      =+  ii=(exp.fq (div (dec q) 4) 2)
+      |%
+      ++  norm  |=(x=@ ?:(=(0 (mod x 2)) x (sub q x)))
+      ::
+      ++  xrec                                            ::  recover x-coord
+        |=  y=@  ^-  @
+        =+  ^=  xx
+            %+  mul  (dif.fq (mul y y) 1)
+                     (inv.fq +(:(mul d y y)))
+        =+  x=(exp.fq (div (add 3 q) 8) xx)
+        ?:  !=(0 (dif.fq (mul x x) (sit.fq xx)))
+          (norm (pro.fq x ii))
+        (norm x)
+      ::
+      ++  ward                                            ::  edwards multiply
+        |=  [pp=[@ @] qq=[@ @]]  ^-  [@ @]
+        =+  dp=:(pro.fq d -.pp -.qq +.pp +.qq)
+        =+  ^=  xt
+            %+  pro.fq
+              %+  sum.fq
+                (pro.fq -.pp +.qq)
+              (pro.fq -.qq +.pp)
+            (inv.fq (sum.fq 1 dp))
+        =+  ^=  yt
+            %+  pro.fq
+              %+  sum.fq
+                (pro.fq +.pp +.qq)
+              (pro.fq -.pp -.qq)
+            (inv.fq (dif.fq 1 dp))
+        [xt yt]
+      ::
+      ++  scam                                            ::  scalar multiply
+        |=  [pp=[@ @] e=@]  ^-  [@ @]
+        ?:  =(0 e)
+          [0 1]
+        =+  qq=$(e (div e 2))
+        =>  .(qq (ward qq qq))
+        ?:  =(1 (dis 1 e))
+          (ward qq pp)
+        qq
+      ::
+      ++  etch                                            ::  encode point
+        |=  pp=[@ @]  ^-  @
+        (can 0 ~[[(sub b 1) +.pp] [1 (dis 1 -.pp)]])
+      ::
+      ++  curv                                            ::  point on curve?
+        |=  [x=@ y=@]  ^-  ?
+        .=  0
+            %+  dif.fq
+              %+  sum.fq
+                (pro.fq (sub q (sit.fq x)) x)
+              (pro.fq y y)
+            (sum.fq 1 :(pro.fq d x x y y))
+      ::
+      ++  deco                                            ::  decode point
+        |=  s=@  ^-  (unit ,[@ @])
+        =+  y=(cut 0 [0 (dec b)] s)
+        =+  si=(cut 0 [(dec b) 1] s)
+        =+  x=(xrec y)
+        =>  .(x ?:(!=(si (dis 1 x)) (sub q x) x))
+        =+  pp=[x y]
+        ?.  (curv pp)
+          ~
+        [~ pp]
+      ::
+      --
+  =+  ^=  bb
+        =+  bby=(pro.fq 4 (inv.fq 5))
+      [(xrec bby) bby]
+  |%
+  ++  puck                                                ::  public key
+    |=  sk=@  ^-  @
+    =+  h=(shal (rsh 0 3 b) sk)
+    =+  ^=  a
+        %+  add
+          (bex (sub b 2))
+        (lsh 0 3 (cut 0 [3 (sub b 5)] h))
+    =+  aa=(scam bb a)
+    (etch aa)
+  ::
+  ++  sign                                                ::  certify
+    |=  [m=@ sk=@ pk=@]  ^-  @
+    =+  h=(shal (rsh 0 3 b) sk)
+    =+  ^=  a
+        %+  add
+          (bex (sub b 2))
+        (lsh 0 3 (cut 0 [3 (sub b 5)] h))
+    =+  ^=  r
+        =+  hm=(cut 0 [b b] h)
+        =+  ^=  i
+            %+  can  0
+            :~  [b hm]
+                [(met 0 m) m]
+            ==
+        (shaz i)
+    =+  rr=(scam bb r)
+    =+  ^=  ss
+        =+  er=(etch rr)
+        =+  ^=  ha
+            %+  can  0
+            :~  [b er]
+                [b pk]
+                [(met 0 m) m]
+            ==
+        (~(sit fo l) (add r (mul (shaz ha) a)))
+    (can 0 ~[[b (etch rr)] [b ss]])
+  ::
+  ++  veri                                                ::  validate
+    ~/  %veri
+    |=  [s=@ m=@ pk=@]  ^-  ?
+    ?:  (gth (div b 4) (met 3 s))  |
+    ?:  (gth (div b 8) (met 3 pk))  |
+    =+  rr=(deco (cut 0 [0 b] s))
+    ?~  rr  |
+    =+  aa=(deco pk)
+    ?~  aa  |
+    =+  ss=(cut 0 [b b] s)
+    =+  ha=(can 0 ~[[b (etch u.rr)] [b pk] [(met 0 m) m]])
+    =+  h=(shaz ha)
+    =((scam bb ss) (ward u.rr (scam u.aa h)))
+  ::
+  --
+::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
 ::                section 2eY, SHA-256 (move me)        ::
 ::
 ++  shad  |=(ruz=@ (shax (shax ruz)))                   ::  double sha-256