mirror of
https://github.com/urbit/shrub.git
synced 2024-12-19 08:32:39 +03:00
Merge pull request #5509 from mrdomino/jo/secp-arvo
zuse: add schnorr signatures
This commit is contained in:
commit
38dffc34c8
@ -1,3 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:9a56f675d2a6c5dafa92a9e2d55040d994f3d3d27a1ed827bd87d1158b1e69d0
|
||||
size 3749183
|
||||
oid sha256:ae4a7a69fe81c5f2114d7b7360c05602f614fe66b96d1db4c3dc0c2a2a5d856e
|
||||
size 7536000
|
||||
|
@ -1,3 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:843387cce113f18b403f76b6ba97ddf1746a5436b107d087d1f33b38db6f8c1a
|
||||
size 26237959
|
||||
oid sha256:bcab0698de6efda1bbac54b0833da5e853bca058919110aa5668aa63fb40626e
|
||||
size 9392699
|
||||
|
@ -2235,6 +2235,112 @@
|
||||
=/ pub (from.j qj)
|
||||
?< =([0 0] pub)
|
||||
pub
|
||||
++ schnorr
|
||||
~% %schnorr ..schnorr ~
|
||||
=> |%
|
||||
++ tagged-hash
|
||||
|= [tag=@ [l=@ x=@]]
|
||||
=+ hat=(sha-256:sha (swp 3 tag))
|
||||
%- sha-256l:sha
|
||||
:- (add 64 l)
|
||||
(can 3 ~[[l x] [32 hat] [32 hat]])
|
||||
++ lift-x
|
||||
|= x=@I
|
||||
^- (unit point)
|
||||
=/ c curve
|
||||
?. (lth x p.domain.c)
|
||||
~
|
||||
=/ fop field-p.c
|
||||
=+ [fadd fpow]=[sum.fop exp.fop]
|
||||
=/ cp (fadd (fpow 3 x) 7)
|
||||
=/ y (fpow (rsh [0 2] +(p.domain.c)) cp)
|
||||
?. =(cp (fpow 2 y))
|
||||
~
|
||||
%- some :- x
|
||||
?: =(0 (mod y 2))
|
||||
y
|
||||
(sub p.domain.c y)
|
||||
--
|
||||
|%
|
||||
::
|
||||
++ sign :: schnorr signature
|
||||
~/ %sosi
|
||||
|= [sk=@I m=@I a=@I]
|
||||
^- @J
|
||||
?> (gte 32 (met 3 m))
|
||||
?> (gte 32 (met 3 a))
|
||||
=/ c curve
|
||||
:: implies (gte 32 (met 3 sk))
|
||||
::
|
||||
?< |(=(0 sk) (gte sk n.domain.c))
|
||||
=/ pp
|
||||
(mul-point-scalar g.domain.c sk)
|
||||
=/ d
|
||||
?: =(0 (mod y.pp 2))
|
||||
sk
|
||||
(sub n.domain.c sk)
|
||||
=/ t
|
||||
%+ mix d
|
||||
(tagged-hash 'BIP0340/aux' [32 a])
|
||||
=/ rand
|
||||
%+ tagged-hash 'BIP0340/nonce'
|
||||
:- 96
|
||||
(rep 8 ~[m x.pp t])
|
||||
=/ kp (mod rand n.domain.c)
|
||||
?< =(0 kp)
|
||||
=/ rr (mul-point-scalar g.domain.c kp)
|
||||
=/ k
|
||||
?: =(0 (mod y.rr 2))
|
||||
kp
|
||||
(sub n.domain.c kp)
|
||||
=/ e
|
||||
%- mod
|
||||
:_ n.domain.c
|
||||
%+ tagged-hash 'BIP0340/challenge'
|
||||
:- 96
|
||||
(rep 8 ~[m x.pp x.rr])
|
||||
=/ sig
|
||||
%^ cat 8
|
||||
(mod (add k (mul e d)) n.domain.c)
|
||||
x.rr
|
||||
?> (verify x.pp m sig)
|
||||
sig
|
||||
::
|
||||
++ verify :: schnorr verify
|
||||
~/ %sove
|
||||
|= [pk=@I m=@I sig=@J]
|
||||
^- ?
|
||||
?> (gte 32 (met 3 pk))
|
||||
?> (gte 32 (met 3 m))
|
||||
?> (gte 64 (met 3 sig))
|
||||
=/ c curve
|
||||
=/ pup (lift-x pk)
|
||||
?~ pup
|
||||
%.n
|
||||
=/ pp u.pup
|
||||
=/ r (cut 8 [1 1] sig)
|
||||
?: (gte r p.domain.c)
|
||||
%.n
|
||||
=/ s (end 8 sig)
|
||||
?: (gte s n.domain.c)
|
||||
%.n
|
||||
=/ e
|
||||
%- mod
|
||||
:_ n.domain.c
|
||||
%+ tagged-hash 'BIP0340/challenge'
|
||||
:- 96
|
||||
(rep 8 ~[m x.pp r])
|
||||
=/ aa
|
||||
(mul-point-scalar g.domain.c s)
|
||||
=/ bb
|
||||
(mul-point-scalar pp (sub n.domain.c e))
|
||||
?: &(=(x.aa x.bb) !=(y.aa y.bb)) :: infinite?
|
||||
%.n
|
||||
=/ rr (add-points aa bb)
|
||||
?. =(0 (mod y.rr 2))
|
||||
%.n
|
||||
=(r x.rr)
|
||||
--
|
||||
--
|
||||
--
|
||||
::
|
||||
|
@ -116,4 +116,237 @@
|
||||
3d07.03a9.9925.0581.
|
||||
f7de.cd5e.f0f4.f809
|
||||
==
|
||||
++ test-schnorr
|
||||
=> |%
|
||||
+$ case-sec
|
||||
$: sec=@
|
||||
pub=@
|
||||
aux=@
|
||||
mes=@
|
||||
sig=@
|
||||
==
|
||||
+$ case-pub
|
||||
$: pub=@
|
||||
mes=@
|
||||
sig=@
|
||||
res=?
|
||||
==
|
||||
--
|
||||
=< %+ category "bip-0340 vectors"
|
||||
(zing :(weld t1 t2 t3))
|
||||
=/ cases-sec=(list case-sec)
|
||||
:~
|
||||
:* 0x3
|
||||
0xf930.8a01.9258.c310.4934.4f85.f89d.5229.
|
||||
b531.c845.836f.99b0.8601.f113.bce0.36f9
|
||||
0
|
||||
0
|
||||
0xe907.831f.8084.8d10.69a5.371b.4024.1036.
|
||||
4bdf.1c5f.8307.b008.4c55.f1ce.2dca.8215.
|
||||
25f6.6a4a.85ea.8b71.e482.a74f.382d.2ce5.
|
||||
ebee.e8fd.b217.2f47.7df4.900d.3105.36c0
|
||||
==
|
||||
:* 0xb7e1.5162.8aed.2a6a.bf71.5880.9cf4.f3c7.
|
||||
62e7.160f.38b4.da56.a784.d904.5190.cfef
|
||||
0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
|
||||
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
|
||||
1
|
||||
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
|
||||
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
|
||||
0x6896.bd60.eeae.296d.b48a.229f.f71d.fe07.
|
||||
1bde.413e.6d43.f917.dc8d.cf8c.78de.3341.
|
||||
8906.d11a.c976.abcc.b20b.0912.92bf.f4ea.
|
||||
897e.fcb6.39ea.871c.fa95.f6de.339e.4b0a
|
||||
==
|
||||
:* 0xc90f.daa2.2168.c234.c4c6.628b.80dc.1cd1.
|
||||
2902.4e08.8a67.cc74.020b.bea6.3b14.e5c9
|
||||
0xdd30.8afe.c577.7e13.121f.a72b.9cc1.b7cc.
|
||||
0139.7153.09b0.86c9.60e1.8fd9.6977.4eb8
|
||||
0xc87a.a538.24b4.d7ae.2eb0.35a2.b5bb.bccc.
|
||||
080e.76cd.c6d1.692c.4b0b.62d7.98e6.d906
|
||||
0x7e2d.58d8.b3bc.df1a.bade.c782.9054.f90d.
|
||||
da98.05aa.b56c.7733.3024.b9d0.a508.b75c
|
||||
0x5831.aaee.d7b4.4bb7.4e5e.ab94.ba9d.4294.
|
||||
c49b.cf2a.6072.8d8b.4c20.0f50.dd31.3c1b.
|
||||
ab74.5879.a5ad.954a.72c4.5a91.c3a5.1d3c.
|
||||
7ade.a98d.82f8.481e.0e1e.0367.4a6f.3fb7
|
||||
==
|
||||
:* 0xb43.2b26.7793.7381.aef0.5bb0.2a66.ecd0.
|
||||
1277.3062.cf3f.a254.9e44.f58e.d240.1710
|
||||
0x25d1.dff9.5105.f525.3c40.22f6.28a9.96ad.
|
||||
3a0d.95fb.f21d.468a.1b33.f8c1.60d8.f517
|
||||
0xffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
|
||||
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff
|
||||
0xffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
|
||||
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff
|
||||
0x7eb0.5097.57e2.46f1.9449.8856.5161.1cb9.
|
||||
65ec.c1a1.87dd.51b6.4fda.1edc.9637.d5ec.
|
||||
9758.2b9c.b13d.b393.3705.b32b.a982.af5a.
|
||||
f25f.d788.81eb.b327.71fc.5922.efc6.6ea3
|
||||
==
|
||||
==
|
||||
=/ t1
|
||||
%+ turn cases-sec
|
||||
|= case-sec
|
||||
^- tang
|
||||
%+ expect-eq
|
||||
!> sig
|
||||
!> (sign:schnorr:ecc sec mes aux)
|
||||
=/ t2
|
||||
%+ turn cases-sec
|
||||
|= case-sec
|
||||
^- tang
|
||||
%- expect
|
||||
!> (verify:schnorr:ecc pub mes sig)
|
||||
=/ cases-pub=(list case-pub)
|
||||
:~
|
||||
:* 0xd69c.3509.bb99.e412.e68b.0fe8.544e.7283.
|
||||
7dfa.3074.6d8b.e2aa.6597.5f29.d22d.c7b9
|
||||
0x4df3.c3f6.8fcc.83b2.7e9d.42c9.0431.a724.
|
||||
99f1.7875.c81a.599b.566c.9889.b969.6703
|
||||
0x3b.78ce.563f.89a0.ed94.14f5.aa28.ad0d.
|
||||
96d6.795f.9c63.76af.b154.8af6.03b3.eb45.
|
||||
c9f8.207d.ee10.60cb.71c0.4e80.f593.060b.
|
||||
07d2.8308.d7f4
|
||||
%.y
|
||||
==
|
||||
:* 0xeefd.ea4c.db67.7750.a420.fee8.07ea.cf21.
|
||||
eb98.98ae.79b9.7687.66e4.faa0.4a2d.4a34
|
||||
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
|
||||
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
|
||||
0x6cff.5c3b.a86c.69ea.4b73.76f3.1a9b.cb4f.
|
||||
74c1.9760.89b2.d996.3da2.e554.3e17.7769.
|
||||
69e8.9b4c.5564.d003.4910.6b84.9778.5dd7.
|
||||
d1d7.13a8.ae82.b32f.a79d.5f7f.c407.d39b
|
||||
%.n
|
||||
==
|
||||
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
|
||||
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
|
||||
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
|
||||
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
|
||||
0xfff9.7bd5.755e.eea4.2045.3a14.3552.35d3.
|
||||
82f6.472f.8568.a18b.2f05.7a14.6029.7556.
|
||||
3cc2.7944.640a.c607.cd10.7ae1.0923.d9ef.
|
||||
7a73.c643.e166.be5e.beaf.a34b.1ac5.53e2
|
||||
%.n
|
||||
==
|
||||
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
|
||||
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
|
||||
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
|
||||
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
|
||||
0x1fa6.2e33.1edb.c21c.3947.92d2.ab11.00a7.
|
||||
b432.b013.df3f.6ff4.f99f.cb33.e0e1.515f.
|
||||
2889.0b3e.db6e.7189.b630.448b.515c.e4f8.
|
||||
622a.954c.fe54.5735.aaea.5134.fccd.b2bd
|
||||
%.n
|
||||
==
|
||||
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
|
||||
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
|
||||
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
|
||||
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
|
||||
0x6cff.5c3b.a86c.69ea.4b73.76f3.1a9b.cb4f.
|
||||
74c1.9760.89b2.d996.3da2.e554.3e17.7769.
|
||||
9617.64b3.aa9b.2ffc.b6ef.947b.6887.a226.
|
||||
e8d7.c93e.00c5.ed0c.1834.ff0d.0c2e.6da6
|
||||
%.n
|
||||
==
|
||||
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
|
||||
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
|
||||
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
|
||||
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
|
||||
0x123d.da83.28af.9c23.a94c.1fee.cfd1.23ba.
|
||||
4fb7.3476.f0d5.94dc.b65c.6425.bd18.6051
|
||||
%.n
|
||||
==
|
||||
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
|
||||
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
|
||||
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
|
||||
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
|
||||
0x1.7615.fbaf.5ae2.8864.013c.0997.42de.
|
||||
adb4.dba8.7f11.ac67.54f9.3780.d5a1.837c.
|
||||
f197
|
||||
%.n
|
||||
==
|
||||
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
|
||||
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
|
||||
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
|
||||
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
|
||||
0x4a29.8dac.ae57.395a.15d0.795d.dbfd.1dcb.
|
||||
564d.a82b.0f26.9bc7.0a74.f822.0429.ba1d.
|
||||
69e8.9b4c.5564.d003.4910.6b84.9778.5dd7.
|
||||
d1d7.13a8.ae82.b32f.a79d.5f7f.c407.d39b
|
||||
%.n
|
||||
==
|
||||
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
|
||||
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
|
||||
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
|
||||
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
|
||||
0xffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
|
||||
ffff.ffff.ffff.ffff.ffff.fffe.ffff.fc2f.
|
||||
69e8.9b4c.5564.d003.4910.6b84.9778.5dd7.
|
||||
d1d7.13a8.ae82.b32f.a79d.5f7f.c407.d39b
|
||||
%.n
|
||||
==
|
||||
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
|
||||
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
|
||||
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
|
||||
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
|
||||
0x6cff.5c3b.a86c.69ea.4b73.76f3.1a9b.cb4f.
|
||||
74c1.9760.89b2.d996.3da2.e554.3e17.7769.
|
||||
ffff.ffff.ffff.ffff.ffff.ffff.ffff.fffe.
|
||||
baae.dce6.af48.a03b.bfd2.5e8c.d036.4141
|
||||
%.n
|
||||
==
|
||||
:* 0xffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
|
||||
ffff.ffff.ffff.ffff.ffff.fffe.ffff.fc30
|
||||
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
|
||||
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
|
||||
0x6cff.5c3b.a86c.69ea.4b73.76f3.1a9b.cb4f.
|
||||
74c1.9760.89b2.d996.3da2.e554.3e17.7769.
|
||||
69e8.9b4c.5564.d003.4910.6b84.9778.5dd7.
|
||||
d1d7.13a8.ae82.b32f.a79d.5f7f.c407.d39b
|
||||
%.n
|
||||
==
|
||||
==
|
||||
:_ .
|
||||
^= t3
|
||||
%+ turn cases-pub
|
||||
|= case-pub
|
||||
^- tang
|
||||
%+ expect-eq
|
||||
!> res
|
||||
!> (verify:schnorr:ecc pub mes sig)
|
||||
++ test-schnorr-bounds
|
||||
=> |% +$ case [sec=@ pub=@ aux=@ mes=@ sig=@] --
|
||||
=< %+ category "bounds"
|
||||
(zing (weld t1 t2))
|
||||
=/ too-big
|
||||
0xff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
|
||||
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff
|
||||
=/ big-sig
|
||||
0xff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
|
||||
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
|
||||
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
|
||||
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff
|
||||
=/ cases-big-sec=(list case)
|
||||
:~ [too-big 0 0 0 0]
|
||||
[1 0 too-big 0 0]
|
||||
[1 0 0 too-big 0]
|
||||
==
|
||||
=/ cases-big-pub=(list case)
|
||||
:~ [0 too-big 0 0 0]
|
||||
[0 0 0 too-big 0]
|
||||
[0 0 0 0 big-sig]
|
||||
==
|
||||
=/ t1
|
||||
%+ turn cases-big-sec
|
||||
|= case
|
||||
%- expect-fail
|
||||
|. (sign:schnorr:ecc sec mes aux)
|
||||
:_ .
|
||||
^= t2
|
||||
%+ turn cases-big-pub
|
||||
|= case
|
||||
%- expect-fail
|
||||
|. (verify:schnorr:ecc pub mes sig)
|
||||
--
|
||||
|
Loading…
Reference in New Issue
Block a user