Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Schnorrkel uprev #368

Merged
merged 12 commits into from
Aug 19, 2020
Merged

Schnorrkel uprev #368

merged 12 commits into from
Aug 19, 2020

Conversation

sugargoat
Copy link
Contributor

Soundtrack of this PR: DJ Fauci

Motivation

We we were previously carrying a patch of Schnorrkel in order to pass in our own rng, which enabled us to build in no_std. However, as mentioned in w3f/schnorrkel#55, we can use attach_rng instead. This requires us to use the Merlin Transcript directly, as opposed to the signing_context, which is a wrapper around a Transcript. This is fine, as the signing context functionality is preserved in this revision.

In this PR

  • Remove patch to schnorrkel and uprev to "0.9"
  • Add context_tag to digest as well, addressing remaining FIXME

MC-1619, MC-1761

@sugargoat sugargoat mentioned this pull request Aug 13, 2020
Closed
cbeck88
cbeck88 reviewed Aug 15, 2020
View reviewed changes
crypto/sig/src/lib.rs Outdated
let mut hasher = Blake2b256::new();
hasher.input(context_tag);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be a good idea to add as a prefix, the length of the context_tag as well, since it is variable length
that prevents situations where "", private_key1 "privatekey1 foo" has the same nonce as a signature from another context"privatekey1", privatekey1, "foo")

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(i dont think we need framing around the message because it is the last thing in the sequence)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think this kind of framing is what merlin does: https://merlin.cool/transcript/ops.html#appending-messages

Copy link
Contributor

@isislovecruft isislovecruft Aug 18, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree that including the lengths of any variable-length tags/context/etc. is a good idea. For simplicity's sake, you probably just want to use merlin again for the nonce generation here, using Transcript.build_rng(), so that you're getting identical behaviour w.r.t. domain separation as you are in the Schnorrkel signature (or, at least, no worse, since Schnorrkel is also using merlin).

@cbeck88
Copy link
Contributor

cbeck88 commented Aug 15, 2020

LGTM otherwise!

isislovecruft
isislovecruft approved these changes Aug 18, 2020
View reviewed changes
Copy link
Contributor

@isislovecruft isislovecruft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

crypto/sig/src/lib.rs Outdated
let mut hasher = Blake2b256::new();
hasher.input(context_tag);
Copy link
Contributor

@isislovecruft isislovecruft Aug 18, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree that including the lengths of any variable-length tags/context/etc. is a good idea. For simplicity's sake, you probably just want to use merlin again for the nonce generation here, using Transcript.build_rng(), so that you're getting identical behaviour w.r.t. domain separation as you are in the Schnorrkel signature (or, at least, no worse, since Schnorrkel is also using merlin).

cbeck88
cbeck88 reviewed Aug 18, 2020
View reviewed changes
crypto/sig/README.md Outdated Show resolved Hide resolved
cbeck88
cbeck88 reviewed Aug 18, 2020
View reviewed changes
crypto/sig/README.md Outdated Show resolved Hide resolved
cbeck88
cbeck88 reviewed Aug 18, 2020
View reviewed changes
crypto/sig/src/lib.rs Outdated Show resolved Hide resolved
xoloki
xoloki approved these changes Aug 19, 2020
View reviewed changes
Copy link
Contributor

@xoloki xoloki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sugargoat sugargoat merged commit 783fa9d into mobilecoinfoundation:master Aug 19, 2020
@sugargoat sugargoat deleted the schnorrkel-uprev branch August 19, 2020 20:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cbeck88 cbeck88 cbeck88 approved these changes

@mfaulk mfaulk mfaulk approved these changes

@isislovecruft isislovecruft isislovecruft approved these changes

@xoloki xoloki xoloki approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sugargoat @cbeck88 @xoloki @isislovecruft @mfaulk