Ristretto #7
Merged
Ristretto #7
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eddsa.Public - use IDSlice instead of Set - use ristretto for public shares - constructor does not take public key as input. - handle normalization of Shamir shares only where it is used (NewSign) - make members of Public public instead of using getters. eddsaPublicKey: - include verification - add json.Marshal eddsa.SecretShare: - make members public - remove ability to single sign - simplify json marshalling eddsa.Signature - separate encoding/ToEd25519() - computechallenge now uses the ed25519 encoding - remove verification (now in public key)
- lagrange is now called directly on ID - Remove Set struct and use only sorted slices
- sign.base: compute lagrange normalization directly - sign.round2: verify signature explicitly
- remove malicious channel since cofactors are no longer an issue - updates with regards to previous changes
rename MAX to _MAX
veorq
requested changes
Jun 8, 2021
pkg/eddsa/signature.go
Outdated
| @@ -56,7 +56,7 @@ func (sig *Signature) MarshalBinary() ([]byte, error) { | |||
| // UnmarshalBinary implements the encoding.BinaryUnmarshaler interface. | |||
| func (sig *Signature) UnmarshalBinary(data []byte) error { | |||
| var err error | |||
| if len(data) != MessageLengthSig { | |||
| if len(data) <= MessageLengthSig { | |||
There was a problem hiding this comment.
Shouldnt it be < instead of <= ?
pkg/frost/party/id.go
Outdated
| @@ -12,10 +13,10 @@ import ( | |||
| // ByteSize is the number of bytes required to store and ID or Size | |||
| const ByteSize = 2 | |||
There was a problem hiding this comment.
Suboptimal naming: ByteSize without the context sound like "the size of a byte", rename to IDByteSize?
| // TODO quickcheck | ||
| } | ||
|
|
||
| func TestRistrettoSmallMultiplesTestVectors(t *testing.T) { |
There was a problem hiding this comment.
Maybe add a reference to show that there are the original test vectors, https://ristretto.group/test_vectors/ristretto255.html ?
- Change the name party.ByteSize to party.IDByteSize - add test - rename set.go to idslice.go - return an optional error in Lagrange
Added Header type with more error detection + tests. Remove getters in favor of public fields.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ristretto group support
After the new update to edwards25519, and the accompanying PR to ristretto255 using these changes, this new PR no longer manipulates edwards25519 points directly.
We include the file ristretto255.go from the PR with a slight modification which allows us to obtain canonical ed25519 representations of ristretto group elements.
This ensures compatibility with ed25519 signature verification, but minimizes the impact of the cofactor while the signing is being
Compatiblity
This update also simplifies the API internally, and requires some modifications to existing use cases. The README.md and examples have been updated to reflect this.
In particular, we changed the following:
party.Setstruct withparty.IDSlicewhich wraps a sorted[]party.IDFix issue #6
Fixed issue #6 by returning an error if the length is too short to contain an ID