absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-13 22:49:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b83ca7d6660c19cc0922f29e4d6aaf90dd85c17a
serai/crypto/frost/src/schnorr.rs
Luke Parker 7b4c5dbe52 Remove rng_seed's additional entropy 
It was never used as we derive entropy via the other fields in the 
transcript, and explicitly add fields directly as needed for entropy.

Also drops an unused crate and corrects a bug in FROST's Schnorr 
implementation which used the Group's generator, instead of the Curve's.

Also updates the Monero crate's description.
2022-05-31 02:12:14 -04:00

67 lines
1.5 KiB
Rust
Raw Blame History

use rand_core::{RngCore, CryptoRng};
use ff::Field;
use multiexp::BatchVerifier;
use crate::Curve;
#[allow(non_snake_case)]
#[derive(Clone, Copy, PartialEq, Eq, Debug)]
pub struct SchnorrSignature<C: Curve> {
pub R: C::G,
pub s: C::F,
}
impl<C: Curve> SchnorrSignature<C> {
pub fn serialize(&self) -> Vec<u8> {
let mut res = Vec::with_capacity(C::G_len() + C::F_len());
res.extend(C::G_to_bytes(&self.R));
res.extend(C::F_to_bytes(&self.s));
res
}
}
pub(crate) fn sign<C: Curve>(
private_key: C::F,
nonce: C::F,
challenge: C::F
) -> SchnorrSignature<C> {
SchnorrSignature {
R: C::generator_table() * nonce,
s: nonce + (private_key * challenge)
}
}
pub(crate) fn verify<C: Curve>(
public_key: C::G,
challenge: C::F,
signature: &SchnorrSignature<C>
) -> bool {
(C::generator_table() * signature.s) == (signature.R + (public_key * challenge))
}
pub(crate) fn batch_verify<C: Curve, R: RngCore + CryptoRng>(
rng: &mut R,
triplets: &[(u16, C::G, C::F, SchnorrSignature<C>)]
) -> Result<(), u16> {
let mut values = [(C::F::one(), C::generator()); 3];
let mut batch = BatchVerifier::new(triplets.len(), C::little_endian());
for triple in triplets {
// s = r + ca
// sG == R + cA
// R + cA - sG == 0
// R
values[0].1 = triple.3.R;
// cA
values[1] = (triple.2, triple.1);
// -sG
values[2].0 = -triple.3.s;
batch.queue(rng, triple.0, values);
}
batch.verify_vartime_with_vartime_blame()
}
Reference in New Issue View Git Blame Copy Permalink