add signature documentation page (#123)
This commit is contained in:
arnaucube
GitHub
parent
1b53e3b693
commit
a77b522128
3 changed files with 43 additions and 1 deletions
|
|
@ -10,6 +10,7 @@
|
|||
- [The backend structure of a POD]()
|
||||
- [Backend types](./backendtypes.md)
|
||||
- [MerkleTree](./merkletree.md)
|
||||
- [Signature](./signature.md)
|
||||
- [Deductions](./deductions.md)
|
||||
- [Statements](./statements.md)
|
||||
- [Statements involving compound types and Merkle trees](./merklestatements.md)
|
||||
|
|
|
|||
41
book/src/signature.md
Normal file
41
book/src/signature.md
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
# Signature
|
||||
|
||||
|
||||
Current signature scheme used is proof-based signatures using Plonky2 proofs, following [https://eprint.iacr.org/2024/1553](https://eprint.iacr.org/2024/1553) and [https://jdodinh.io/assets/files/m-thesis.pdf](https://jdodinh.io/assets/files/m-thesis.pdf). This comes from [Polygon Miden's RPO STARK-based](https://github.com/0xPolygonMiden/crypto/blob/d2a67396053fded90ec72690404c8c7728b98e4e/src/dsa/rpo_stark/signature/mod.rs#L129) signatures.
|
||||
|
||||
In future iterations we may replace it by other signature schemes (either elliptic curve based scheme on a Golilocks-prime friendly curve, or a lattice based scheme).
|
||||
|
||||
|
||||
|
||||
### generate_params()
|
||||
$pp$: plonky2 circuit prover params<br>
|
||||
$vp$: plonky2 circuit verifier params<br>
|
||||
return $(pp, vp)$
|
||||
|
||||
### keygen()
|
||||
secret key: $sk \xleftarrow{R} \mathbb{F}^4$<br>
|
||||
public key: $pk := H(sk)$ [^1]<br>
|
||||
return $(sk, pk)$
|
||||
|
||||
### sign(pp, sk, m)
|
||||
$pk := H(sk)$<br>
|
||||
$s := H(pk, m)$<br>
|
||||
$\pi = plonky2.Prove(pp, sk, pk, m, s)$<br>
|
||||
return $(sig:=\pi)$
|
||||
|
||||
### verify(vp, sig, pk, m)
|
||||
$\pi = sig$<br>
|
||||
$s := H(pk, m)$<br>
|
||||
return $plonky2.Verify(vp, \pi, pk, m, s)$
|
||||
|
||||
|
||||
### Plonky2 circuit
|
||||
private inputs: $(sk)$<br>
|
||||
public inputs: $(pk, m, s)$<br>
|
||||
$pk \stackrel{!}{=} H(sk)$<br>
|
||||
$s \stackrel{!}{=} H(pk, m)$
|
||||
|
||||
|
||||
<br><br>
|
||||
|
||||
[^1]: The [2024/1553 paper](https://eprint.iacr.org/2024/1553) uses $pk:=H(sk||0^4)$ to have as input (to the hash) 8 field elements, to be able to reuse the same instance of the RPO hash as the one they use later in the signature (where it hashes 8 field elements).
|
||||
|
|
@ -5,7 +5,7 @@ A SignedPod consists of the following fields:
|
|||
- it can only contain [`ValueOf` statements](./statements.md).
|
||||
- the Signer's public key is one of the key-values in the `kvs`.
|
||||
- `id`: the Root of the `kvs` MerkleTree
|
||||
- `signature`: a signature over the `id`
|
||||
- `signature`: a [signature](./signature.md) over the `id`
|
||||
- `signer`: the public key attached to the digital signature `signature`
|
||||
- `type`: the constant `SIGNATURE`
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue