zuse: schnorrsig-sign from spec

test vectors match, but are byte-flipped. has to do a lot of endianness twiddling.
2024-11-28 19:55:53 +03:00 · 2021-12-25 21:29:53 +00:00 · 2021-12-25 21:29:53 +00:00 · a1c548ced4
commit a1c548ced4
parent aa3bbe165e
1 changed files with 47 additions and 6 deletions
--- a/pkg/arvo/sys/zuse.hoon
+++ b/pkg/arvo/sys/zuse.hoon
@ -2235,14 +2235,55 @@
        =/  pub  (from.j qj)
        ?<  =([0 0] pub)
        pub
+      ++  hash-tag
+        |=  [tag=@ [l=@ x=@]]
+        =+  hat=(shax tag)
+        %-  shay
+        =/  pin
+          (cat 8 hat (cat 8 hat x))
+        [(add 64 l) pin]
      ++  schnorrsig-sign
-        ~&  %no-impl
-        ~/  %sosi
-        |=  *
-        !!
+        ::  ~/  %sosi
+        |=  [sk=@I m=@I a=@I]
+        =/  c  curve
+        =/  j  jc.c
+        ?<  |(=(0 sk) (gte sk n.domain.c))
+        =/  pp  (mul-point-scalar g.domain.c sk)
+        =/  d
+          ?:  =(0 (mod y.pp 2))
+            sk
+          (sub n.domain.c sk)
+        =/  t
+          %+  mix  (rev 3 32 d)
+          (hash-tag 'BIP0340/aux' [32 (rev 3 32 a)])
+        =/  rand
+          %+  hash-tag  'BIP0340/nonce'
+          =/  pin
+            (can 8 ~[[1 t] [1 (rev 3 32 x.pp)] [1 (rev 3 32 m)]])
+          [96 pin]
+        =/  kp  (rev 3 32 (mod rand n.domain.c))
+        =/  rr  (mul-point-scalar g.domain.c kp)
+        =/  k
+          ?:  =(0 (mod y.rr 2))
+            kp
+          (sub n.domain.c kp)
+        =/  e
+          %^  rev  3  32
+          %+  mod
+            %+  hash-tag  'BIP0340/challenge'
+            =/  pin
+              (can 8 ~[[1 (rev 3 32 x.rr)] [1 (rev 3 32 x.pp)] [1 (rev 3 32 m)]])
+            [96 pin]
+          n.domain.c
+        =/  sig
+          %^  cat  8
+            (rev 3 32 x.rr)
+          %^  rev  3  32
+          (mod (add k (mul e d)) n.domain.c)
+        ::  ?>  (schnorrsig-verify pp message sig)
+        sig
      ++  schnorrsig-verify
-        ~&  %no-impl
-        ~/  %sove
+        ::  ~/  %sove
        |=  *
        !!
      --