-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RPO STARK-based signature DSA (with zero knowledge) #349
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you! Looks good! I left some comments inline.
Also, one thing that would be great to do is to add a section to the benchmarks section comparing Falcon and STARK signatures (key gen, sign, verify). For this we probably need to add benchmarks to measure these.
// generate the initial seed for the PRNG used for zero-knowledge | ||
let mut seed = <ChaCha20Rng as SeedableRng>::Seed::default(); | ||
let mut rng = thread_rng(); | ||
rng.fill_bytes(&mut seed); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We shouldn't be able to do this in WASM (or any no-std context), right? I wonder what else can we do here (having a fully deterministic signature would have been nice - but we don't have this yet, right?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I have now made everything depend on one seed, except for the salted Merkle tree which we should discuss in the relevant issue.
Once this is fixed we should be able to de-randomize the signature e.g., make the initial seed a deterministic function of the inputs and some other fixed constants
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Thank you! I left some more comments inline.
Other outstanding things are:
- Come up with a better name for the signature scheme.
- Add a benchmark. This could be in a follow-up PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Thank you! I left a few small comments inline.
I'm wondering that maybe instead of merging it into next
, we should create a separate branch - e.g., rpo_dsa
and merge this and subsequent related PRs into it. This way, we won't break the next
branch until the relevant updates are made in winterfell (and I think the next step is to get the ZK PR in winterfell merged - right?).
That's a must, otherwise things will break. Changed the base now.
That's the logical next step |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you! Looks good! I added some more comments inline - mostly about dependencies and features.
One thing I'm still trying to understand how this will work in no-std
environment (i.e., WASM).
Quality Gate passedIssues Measures |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Thank you!
Describe your changes
Same as #342 but uses the branch of Winterfell implementing zero-knowledge.
Checklist before requesting a review
next
according to naming convention.