Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

story around signatures in disco #47

Open
mimoo opened this issue Nov 26, 2019 · 1 comment
Open

story around signatures in disco #47

mimoo opened this issue Nov 26, 2019 · 1 comment

Comments

@mimoo
Copy link
Owner

mimoo commented Nov 26, 2019
edited
Loading

We've seemed to have settled on schnorr signatures over ristretto22519. (See this PR #45)

Other choices were:

  • qDSA. Too new.
  • EdDSA. Makes use of SHA-512.
  • ECDSA. Why not, but not really specified for Curve25519.
  • schnorr over P-256. We already use Curve25519, so we should leverage this.

My two concerns are:

  • ristretto. Too new, and not well-supported.
  • schnorr signatures are not specified anywhere.

What references are there out there? I think we should follow the scheme defined by a proof:

https://crypto.stackexchange.com/questions/48616/prove-the-security-of-schnorrs-signature-scheme
@actuallyachraf
Copy link
Contributor

I've recently read the schnorrkel implementation at [1], and came up on a merlin transcripts (see [2]).
I propose we rewrite our schnorrkel implementation to follow the same API in [1] and use merlin transcripts and possibly dynamic contexts for each disco connection.
ChainSafe have an implementation (see [3]) that follows the same API, re-use of that library under might also be a solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mimoo @actuallyachraf