GithubHelp home page GithubHelp logo

Hash to Curve about mithril HOT 5 CLOSED

input-output-hk avatar input-output-hk commented on July 3, 2024
Hash to Curve

from mithril.

Comments (5)

markulf avatar markulf commented on July 3, 2024

What is special about

draft-irtf-cfrg-vrf-09?

Here is another hash to curve standard that does not have a public key Y as it is not for VRFs:

draft-irtf-cfrg-hash-to-curve-10.

Maybe add a warning about side channel vulnerability of try-and-increment. Not an issue in our case as the hashed value is not a secret.

from mithril.

abakst avatar abakst commented on July 3, 2024

@markulf if I understand it correctly, the latter document describes suites for specific curves, whereas the former includes a try-and-increment approach. Since we haven't settled on a particular curve, sticking with a rejection-based approach seems appropriate for now, (though there is still that question of the public key).

from mithril.

abakst avatar abakst commented on July 3, 2024

I believe the source of the try-and-increment algorithm is "Short Signatures from the Weil Pairing" (Boneh et al, 2001), which outlines the algorithm presented in this version of the above document (apparently removed from future versions due to the side channel vulnerability).

I think this is a reasonable specification to use for the initial Mithril implementation (until later when a curve-specific implementation can be used).

from mithril.

abakst avatar abakst commented on July 3, 2024

#15 was merged, so I suppose we can consider this closed.

from mithril.

iquerejeta avatar iquerejeta commented on July 3, 2024

@abakst , indeed. We do not need to follow a hash-to-curve specification from the standard, as they only include constant time options, and try-and-increment is not constant time. However, as you stated, it is reasonable (and preferred) for now, to use try-and-increment until we close down on the curve.

The reason I shared the VRF standard is because we also use VRFs within Cardano, and make use of that specific instantiation. However, the instantiation in version 3 of hash-to-curve is ok 👍

from mithril.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.