Comments (4)
Current plan is to also allow BLS12-377 because of future potential for snark composition (likely negligible additional work over BLS12-381; probably a compile-time switch)
DKG message signatures will probably be Ed25519 because performance will be much better than BLS signatures for small validator sets (less likely that BLS signature aggregation will offset the pairing cost; please prove me wrong if this is not the case)
Key exchange will probably be over BLS12-{377,381} to minimize code duplication; while I had hoped to use x25519 key exchange to leverage existing crates, it is simpler to depend on one curve/dependency and reimplement the DH step.
from ferveo.
Actually, it is worth discussing whether the VSS/DKG participant public keys should be a different signature scheme instead of BLS, as there probably are not enough participants to justify aggregation. Probably the best approach is to use the same scheme as the ledger, although the keys should be generated separately for use in the DKG.
from ferveo.
Actually, this is not as clear now.
It seems possible to implement the BZ03 threshold encryption scheme with Schnorr signatures instead of BLS signatures (basically, W
plays the role of a signature verifying r
) which gives flexibility to not use a BLS curve, but rather a highly 2-adic curve like one of zcash's pasta curves.
- bls12-381/377 with pairing: U, W are G1, G2 so ciphertext is 48+32+96=176 bytes and ciphertext validity is 1 pairing check (slightly batchable). Can use KZG commitments and also randomness beacon is possible
- bls12-381/377 with schnorr/NIZKP: U,W are G1, nizkp is 2 scalars, ciphertext is 48+32+48+64=192 bytes, ciphertext validity is 1 schnorr check (probably not batchable). Can use KZG and implement randomness beacon
- zcash pasta curve: U,W are G points+nizkp is 2 scalars, ciphertext is 32+32+32+64 = 160 byte, validity check is 1 schnorr check. Cannot use KZG commitments and also is not clear if we can implement randomness beacon (requires further discussion)
A cash pasta curve also potentially allows recursion/composition, instead of composition with bls12-377.
The loss of KZG commitments is a downside as well but the increased performance of a pasta curve may make up for it.
from ferveo.
We have a fairly clear direction now on the threshold encryption scheme and curve selection, with some performance tweaks still needed. However the basic scheme is described and instantiated on BLS12-381, with no major changes anticipated.
from ferveo.
Related Issues (20)
- Enclaves for secret sealing and secret operations HOT 1
- Coding tasks
- Batch pairings for threshold operations HOT 2
- Merge current specification and fix link to docs
- When does the DKG run for a new Epoch? HOT 1
- Summary 09/07/21
- Threshold signature verification benchmarking
- Implement threshold signatures
- Threshold decryption benchmarking HOT 7
- Use VariableBaseMSM to optimize decryption HOT 1
- Loading DKG keys in TPKE
- Complain messages HOT 1
- Caching G2 points
- Improve G2 deserialization performance in arkworks HOT 4
- Use of Ferveo for Threshold Signatures and Light Clients HOT 2
- Parallelize everything with rayon
- Cleanup benchmarks
- Create tests
- Batch subgroup checks
- Implement gossip-layer VSS transcript aggregation
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ferveo.