Merge pull request #5509 from mrdomino/jo/secp-arvo

zuse: add schnorr signatures
This commit is contained in:
Jōshin 2022-02-09 13:00:53 -08:00 committed by GitHub
commit 38dffc34c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 343 additions and 4 deletions

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9a56f675d2a6c5dafa92a9e2d55040d994f3d3d27a1ed827bd87d1158b1e69d0
size 3749183
oid sha256:ae4a7a69fe81c5f2114d7b7360c05602f614fe66b96d1db4c3dc0c2a2a5d856e
size 7536000

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:843387cce113f18b403f76b6ba97ddf1746a5436b107d087d1f33b38db6f8c1a
size 26237959
oid sha256:bcab0698de6efda1bbac54b0833da5e853bca058919110aa5668aa63fb40626e
size 9392699

View File

@ -2235,6 +2235,112 @@
=/ pub (from.j qj)
?< =([0 0] pub)
pub
++ schnorr
~% %schnorr ..schnorr ~
=> |%
++ tagged-hash
|= [tag=@ [l=@ x=@]]
=+ hat=(sha-256:sha (swp 3 tag))
%- sha-256l:sha
:- (add 64 l)
(can 3 ~[[l x] [32 hat] [32 hat]])
++ lift-x
|= x=@I
^- (unit point)
=/ c curve
?. (lth x p.domain.c)
~
=/ fop field-p.c
=+ [fadd fpow]=[sum.fop exp.fop]
=/ cp (fadd (fpow 3 x) 7)
=/ y (fpow (rsh [0 2] +(p.domain.c)) cp)
?. =(cp (fpow 2 y))
~
%- some :- x
?: =(0 (mod y 2))
y
(sub p.domain.c y)
--
|%
::
++ sign :: schnorr signature
~/ %sosi
|= [sk=@I m=@I a=@I]
^- @J
?> (gte 32 (met 3 m))
?> (gte 32 (met 3 a))
=/ c curve
:: implies (gte 32 (met 3 sk))
::
?< |(=(0 sk) (gte sk n.domain.c))
=/ pp
(mul-point-scalar g.domain.c sk)
=/ d
?: =(0 (mod y.pp 2))
sk
(sub n.domain.c sk)
=/ t
%+ mix d
(tagged-hash 'BIP0340/aux' [32 a])
=/ rand
%+ tagged-hash 'BIP0340/nonce'
:- 96
(rep 8 ~[m x.pp t])
=/ kp (mod rand n.domain.c)
?< =(0 kp)
=/ rr (mul-point-scalar g.domain.c kp)
=/ k
?: =(0 (mod y.rr 2))
kp
(sub n.domain.c kp)
=/ e
%- mod
:_ n.domain.c
%+ tagged-hash 'BIP0340/challenge'
:- 96
(rep 8 ~[m x.pp x.rr])
=/ sig
%^ cat 8
(mod (add k (mul e d)) n.domain.c)
x.rr
?> (verify x.pp m sig)
sig
::
++ verify :: schnorr verify
~/ %sove
|= [pk=@I m=@I sig=@J]
^- ?
?> (gte 32 (met 3 pk))
?> (gte 32 (met 3 m))
?> (gte 64 (met 3 sig))
=/ c curve
=/ pup (lift-x pk)
?~ pup
%.n
=/ pp u.pup
=/ r (cut 8 [1 1] sig)
?: (gte r p.domain.c)
%.n
=/ s (end 8 sig)
?: (gte s n.domain.c)
%.n
=/ e
%- mod
:_ n.domain.c
%+ tagged-hash 'BIP0340/challenge'
:- 96
(rep 8 ~[m x.pp r])
=/ aa
(mul-point-scalar g.domain.c s)
=/ bb
(mul-point-scalar pp (sub n.domain.c e))
?: &(=(x.aa x.bb) !=(y.aa y.bb)) :: infinite?
%.n
=/ rr (add-points aa bb)
?. =(0 (mod y.rr 2))
%.n
=(r x.rr)
--
--
--
::

View File

@ -116,4 +116,237 @@
3d07.03a9.9925.0581.
f7de.cd5e.f0f4.f809
==
++ test-schnorr
=> |%
+$ case-sec
$: sec=@
pub=@
aux=@
mes=@
sig=@
==
+$ case-pub
$: pub=@
mes=@
sig=@
res=?
==
--
=< %+ category "bip-0340 vectors"
(zing :(weld t1 t2 t3))
=/ cases-sec=(list case-sec)
:~
:* 0x3
0xf930.8a01.9258.c310.4934.4f85.f89d.5229.
b531.c845.836f.99b0.8601.f113.bce0.36f9
0
0
0xe907.831f.8084.8d10.69a5.371b.4024.1036.
4bdf.1c5f.8307.b008.4c55.f1ce.2dca.8215.
25f6.6a4a.85ea.8b71.e482.a74f.382d.2ce5.
ebee.e8fd.b217.2f47.7df4.900d.3105.36c0
==
:* 0xb7e1.5162.8aed.2a6a.bf71.5880.9cf4.f3c7.
62e7.160f.38b4.da56.a784.d904.5190.cfef
0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
1
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x6896.bd60.eeae.296d.b48a.229f.f71d.fe07.
1bde.413e.6d43.f917.dc8d.cf8c.78de.3341.
8906.d11a.c976.abcc.b20b.0912.92bf.f4ea.
897e.fcb6.39ea.871c.fa95.f6de.339e.4b0a
==
:* 0xc90f.daa2.2168.c234.c4c6.628b.80dc.1cd1.
2902.4e08.8a67.cc74.020b.bea6.3b14.e5c9
0xdd30.8afe.c577.7e13.121f.a72b.9cc1.b7cc.
0139.7153.09b0.86c9.60e1.8fd9.6977.4eb8
0xc87a.a538.24b4.d7ae.2eb0.35a2.b5bb.bccc.
080e.76cd.c6d1.692c.4b0b.62d7.98e6.d906
0x7e2d.58d8.b3bc.df1a.bade.c782.9054.f90d.
da98.05aa.b56c.7733.3024.b9d0.a508.b75c
0x5831.aaee.d7b4.4bb7.4e5e.ab94.ba9d.4294.
c49b.cf2a.6072.8d8b.4c20.0f50.dd31.3c1b.
ab74.5879.a5ad.954a.72c4.5a91.c3a5.1d3c.
7ade.a98d.82f8.481e.0e1e.0367.4a6f.3fb7
==
:* 0xb43.2b26.7793.7381.aef0.5bb0.2a66.ecd0.
1277.3062.cf3f.a254.9e44.f58e.d240.1710
0x25d1.dff9.5105.f525.3c40.22f6.28a9.96ad.
3a0d.95fb.f21d.468a.1b33.f8c1.60d8.f517
0xffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff
0xffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff
0x7eb0.5097.57e2.46f1.9449.8856.5161.1cb9.
65ec.c1a1.87dd.51b6.4fda.1edc.9637.d5ec.
9758.2b9c.b13d.b393.3705.b32b.a982.af5a.
f25f.d788.81eb.b327.71fc.5922.efc6.6ea3
==
==
=/ t1
%+ turn cases-sec
|= case-sec
^- tang
%+ expect-eq
!> sig
!> (sign:schnorr:ecc sec mes aux)
=/ t2
%+ turn cases-sec
|= case-sec
^- tang
%- expect
!> (verify:schnorr:ecc pub mes sig)
=/ cases-pub=(list case-pub)
:~
:* 0xd69c.3509.bb99.e412.e68b.0fe8.544e.7283.
7dfa.3074.6d8b.e2aa.6597.5f29.d22d.c7b9
0x4df3.c3f6.8fcc.83b2.7e9d.42c9.0431.a724.
99f1.7875.c81a.599b.566c.9889.b969.6703
0x3b.78ce.563f.89a0.ed94.14f5.aa28.ad0d.
96d6.795f.9c63.76af.b154.8af6.03b3.eb45.
c9f8.207d.ee10.60cb.71c0.4e80.f593.060b.
07d2.8308.d7f4
%.y
==
:* 0xeefd.ea4c.db67.7750.a420.fee8.07ea.cf21.
eb98.98ae.79b9.7687.66e4.faa0.4a2d.4a34
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x6cff.5c3b.a86c.69ea.4b73.76f3.1a9b.cb4f.
74c1.9760.89b2.d996.3da2.e554.3e17.7769.
69e8.9b4c.5564.d003.4910.6b84.9778.5dd7.
d1d7.13a8.ae82.b32f.a79d.5f7f.c407.d39b
%.n
==
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0xfff9.7bd5.755e.eea4.2045.3a14.3552.35d3.
82f6.472f.8568.a18b.2f05.7a14.6029.7556.
3cc2.7944.640a.c607.cd10.7ae1.0923.d9ef.
7a73.c643.e166.be5e.beaf.a34b.1ac5.53e2
%.n
==
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x1fa6.2e33.1edb.c21c.3947.92d2.ab11.00a7.
b432.b013.df3f.6ff4.f99f.cb33.e0e1.515f.
2889.0b3e.db6e.7189.b630.448b.515c.e4f8.
622a.954c.fe54.5735.aaea.5134.fccd.b2bd
%.n
==
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x6cff.5c3b.a86c.69ea.4b73.76f3.1a9b.cb4f.
74c1.9760.89b2.d996.3da2.e554.3e17.7769.
9617.64b3.aa9b.2ffc.b6ef.947b.6887.a226.
e8d7.c93e.00c5.ed0c.1834.ff0d.0c2e.6da6
%.n
==
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x123d.da83.28af.9c23.a94c.1fee.cfd1.23ba.
4fb7.3476.f0d5.94dc.b65c.6425.bd18.6051
%.n
==
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x1.7615.fbaf.5ae2.8864.013c.0997.42de.
adb4.dba8.7f11.ac67.54f9.3780.d5a1.837c.
f197
%.n
==
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x4a29.8dac.ae57.395a.15d0.795d.dbfd.1dcb.
564d.a82b.0f26.9bc7.0a74.f822.0429.ba1d.
69e8.9b4c.5564.d003.4910.6b84.9778.5dd7.
d1d7.13a8.ae82.b32f.a79d.5f7f.c407.d39b
%.n
==
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0xffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
ffff.ffff.ffff.ffff.ffff.fffe.ffff.fc2f.
69e8.9b4c.5564.d003.4910.6b84.9778.5dd7.
d1d7.13a8.ae82.b32f.a79d.5f7f.c407.d39b
%.n
==
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x6cff.5c3b.a86c.69ea.4b73.76f3.1a9b.cb4f.
74c1.9760.89b2.d996.3da2.e554.3e17.7769.
ffff.ffff.ffff.ffff.ffff.ffff.ffff.fffe.
baae.dce6.af48.a03b.bfd2.5e8c.d036.4141
%.n
==
:* 0xffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
ffff.ffff.ffff.ffff.ffff.fffe.ffff.fc30
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x6cff.5c3b.a86c.69ea.4b73.76f3.1a9b.cb4f.
74c1.9760.89b2.d996.3da2.e554.3e17.7769.
69e8.9b4c.5564.d003.4910.6b84.9778.5dd7.
d1d7.13a8.ae82.b32f.a79d.5f7f.c407.d39b
%.n
==
==
:_ .
^= t3
%+ turn cases-pub
|= case-pub
^- tang
%+ expect-eq
!> res
!> (verify:schnorr:ecc pub mes sig)
++ test-schnorr-bounds
=> |% +$ case [sec=@ pub=@ aux=@ mes=@ sig=@] --
=< %+ category "bounds"
(zing (weld t1 t2))
=/ too-big
0xff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff
=/ big-sig
0xff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff
=/ cases-big-sec=(list case)
:~ [too-big 0 0 0 0]
[1 0 too-big 0 0]
[1 0 0 too-big 0]
==
=/ cases-big-pub=(list case)
:~ [0 too-big 0 0 0]
[0 0 0 too-big 0]
[0 0 0 0 big-sig]
==
=/ t1
%+ turn cases-big-sec
|= case
%- expect-fail
|. (sign:schnorr:ecc sec mes aux)
:_ .
^= t2
%+ turn cases-big-pub
|= case
%- expect-fail
|. (verify:schnorr:ecc pub mes sig)
--