zk-nullifier-sig
zk-nullifier-sig copied to clipboard
plume-sig
Implementation of PLUME: nullifier friendly signature scheme on ECDSA
This is a halo2 proof of PLUME signatures. This will be critical for fast client-side proving, and we will release benchmarks as well as simple functions in our NPM package...
while this is draft I put only the needed pieces, and also left some commented code which assist tracking the path of reasoning/designing Approach expressed in seems most elegant and...
I totally trust you just trying to understand. Deterministic as "to know `c` beforehand of signing"; or is it just the fact that V2 wouldn't work since it lacks the...
Current used DST is taken from the example, so it will collide with other projects which didn't introduce their own DST, which defies its purpose. *I see it as quite...
Currently, running serially tends to [fail](https://github.com/plume-sig/zk-nullifier-sig/actions/runs/8200322330/job/22426868597?pr=104). Run all the tests in parallel instead.
It might be a RustCrypto thing which just panics on certain methods when bytes yields the value larger than $p$, but it's still a worthy case to have in the...
It's kind of , but letting moving forward meanwhile. I added [a test](https://github.com/plume-sig/zk-nullifier-sig//tree/h2cFailingTest) which should be showing that hashing to curve isn't correct (at least on signing; before #84 )....
The crate is quite complex and I fail to see any reason behind it. It offers a complex trait, but its type system requires further development to be really useful....
**Context:** [verify_nullifier.circom#L214-L219](https://github.com/plume-sig/zk-nullifier-sig/blob/main/circuits/verify_nullifier.circom#L214-L219), [verify_nullifier.circom#L72](https://github.com/plume-sig/zk-nullifier-sig/blob/main/circuits/verify_nullifier.circom#L72) Public key is compressed twice which results in more constraints than required. **Recommendation:** Use the compressed public key for calculating the hash for `c`, although it makes...
