Comments (5)
What is special about
Here is another hash to curve standard that does not have a public key Y
as it is not for VRFs:
draft-irtf-cfrg-hash-to-curve-10.
Maybe add a warning about side channel vulnerability of try-and-increment. Not an issue in our case as the hashed value is not a secret.
from mithril.
@markulf if I understand it correctly, the latter document describes suites for specific curves, whereas the former includes a try-and-increment
approach. Since we haven't settled on a particular curve, sticking with a rejection-based approach seems appropriate for now, (though there is still that question of the public key).
from mithril.
I believe the source of the try-and-increment algorithm is "Short Signatures from the Weil Pairing" (Boneh et al, 2001), which outlines the algorithm presented in this version of the above document (apparently removed from future versions due to the side channel vulnerability).
I think this is a reasonable specification to use for the initial Mithril implementation (until later when a curve-specific implementation can be used).
from mithril.
#15 was merged, so I suppose we can consider this closed.
from mithril.
@abakst , indeed. We do not need to follow a hash-to-curve specification from the standard, as they only include constant time options, and try-and-increment
is not constant time. However, as you stated, it is reasonable (and preferred) for now, to use try-and-increment
until we close down on the curve.
The reason I shared the VRF standard is because we also use VRFs within Cardano, and make use of that specific instantiation. However, the instantiation in version 3 of hash-to-curve is ok 👍
from mithril.
Related Issues (20)
- Implement Resource Pooling for Block Range Merkle maps HOT 1
- Performance optimizations for Cardano transactions signature/proof
- Document Cardano transactions signature and proving in website
- Low latency signature of Cardano transactions
- Block Streamer returns `ChainScannedBlocks`
- Import Cardano transactions with `ChainReader`
- SQLite WAL files are not truncated in signer and aggregator
- Remove connections coupling with providers in database
- Client verification fails with an already stored but non certified yet transaction
- Custom headers in mithril client
- Cardano transactions prover performances drop with more than 5 transactions
- Handle rollbacks in Cardano transactions
- Conditional embedding of Cardano CLI in Docker images
- Fix JSON formatting of configuration examples and documentation
- Computation of Merkle proof has bottleneck with multiple transactions
- Allow the underlying TLS implementation to be selectable when using a library.
- Automatic rollback on SQL transactions
- Pooled resources should be reset when given back
- Cardano signatures are not produced on `testing-sanchonet` HOT 1
- Build, test and package `arm64` binaries in CI
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mithril.