ed255/pod2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add signature documentation page (#123)

Browse source
This commit is contained in:
arnaucube 2025-03-11 19:49:12 +01:00 committed by GitHub
parent 1b53e3b693
commit a77b522128
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 43 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
book/src/SUMMARY.md
View file

@ -10,6 +10,7 @@
- [The backend structure of a POD]() - [The backend structure of a POD]()
- [Backend types](./backendtypes.md) - [Backend types](./backendtypes.md)
- [MerkleTree](./merkletree.md) - [MerkleTree](./merkletree.md)
- [Signature](./signature.md)
- [Deductions](./deductions.md) - [Deductions](./deductions.md)
- [Statements](./statements.md) - [Statements](./statements.md)
- [Statements involving compound types and Merkle trees](./merklestatements.md) - [Statements involving compound types and Merkle trees](./merklestatements.md)

41
book/src/signature.md Normal file
View file

@ -0,0 +1,41 @@
# Signature
Current signature scheme used is proof-based signatures using Plonky2 proofs, following [https://eprint.iacr.org/2024/1553](https://eprint.iacr.org/2024/1553) and [https://jdodinh.io/assets/files/m-thesis.pdf](https://jdodinh.io/assets/files/m-thesis.pdf). This comes from [Polygon Miden's RPO STARK-based](https://github.com/0xPolygonMiden/crypto/blob/d2a67396053fded90ec72690404c8c7728b98e4e/src/dsa/rpo_stark/signature/mod.rs#L129) signatures.
In future iterations we may replace it by other signature schemes (either elliptic curve based scheme on a Golilocks-prime friendly curve, or a lattice based scheme).
### generate_params()
$pp$: plonky2 circuit prover params<br>
$vp$: plonky2 circuit verifier params<br>
return $(pp, vp)$
### keygen()
secret key: $sk \xleftarrow{R} \mathbb{F}^4$<br>
public key: $pk := H(sk)$ [^1]<br>
return $(sk, pk)$
### sign(pp, sk, m)
$pk := H(sk)$<br>
$s := H(pk, m)$<br>
$\pi = plonky2.Prove(pp, sk, pk, m, s)$<br>
return $(sig:=\pi)$
### verify(vp, sig, pk, m)
$\pi = sig$<br>
$s := H(pk, m)$<br>
return $plonky2.Verify(vp, \pi, pk, m, s)$
### Plonky2 circuit
private inputs: $(sk)$<br>
public inputs: $(pk, m, s)$<br>
$pk \stackrel{!}{=} H(sk)$<br>
$s \stackrel{!}{=} H(pk, m)$
<br><br>
[^1]: The [2024/1553 paper](https://eprint.iacr.org/2024/1553) uses $pk:=H(sk||0^4)$ to have as input (to the hash) 8 field elements, to be able to reuse the same instance of the RPO hash as the one they use later in the signature (where it hashes 8 field elements).

2
book/src/signedpod.md
View file

@ -5,7 +5,7 @@ A SignedPod consists of the following fields:
- it can only contain [`ValueOf` statements](./statements.md). - it can only contain [`ValueOf` statements](./statements.md).
- the Signer's public key is one of the key-values in the `kvs`. - the Signer's public key is one of the key-values in the `kvs`.
- `id`: the Root of the `kvs` MerkleTree - `id`: the Root of the `kvs` MerkleTree
- `signature`: a signature over the `id` - `signature`: a [signature](./signature.md) over the `id`
- `signer`: the public key attached to the digital signature `signature` - `signer`: the public key attached to the digital signature `signature`
- `type`: the constant `SIGNATURE` - `type`: the constant `SIGNATURE`