disco icon indicating copy to clipboard operation
disco copied to clipboard

Published 20 hours ago verified publisher icon mimoo

story around signatures in disco

Open mimoo opened this issue 5 years ago • 1 comments

We've seemed to have settled on schnorr signatures over ristretto22519. (See this PR https://github.com/mimoo/disco/pull/45)

Other choices were:

  • qDSA. Too new.
  • EdDSA. Makes use of SHA-512.
  • ECDSA. Why not, but not really specified for Curve25519.
  • schnorr over P-256. We already use Curve25519, so we should leverage this.

My two concerns are:

  • ristretto. Too new, and not well-supported.
  • schnorr signatures are not specified anywhere.

What references are there out there? I think we should follow the scheme defined by a proof:

https://crypto.stackexchange.com/questions/48616/prove-the-security-of-schnorrs-signature-scheme

mimoo avatar Nov 26 '19 06:11 mimoo

I've recently read the schnorrkel implementation at [1], and came up on a merlin transcripts (see [2]). I propose we rewrite our schnorrkel implementation to follow the same API in [1] and use merlin transcripts and possibly dynamic contexts for each disco connection. ChainSafe have an implementation (see [3]) that follows the same API, re-use of that library under might also be a solution.

  • [1] : https://github.com/w3f/schnorrkel/blob/master/src/sign.rs
  • [2] : https://github.com/gtank/merlin
  • [3] : https://github.com/ChainSafe/go-schnorrkel

actuallyachraf avatar Dec 20 '19 11:12 actuallyachraf