1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
Return-Path: <theartlav@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id AE169B78
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 7 Jul 2018 02:47:43 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-lj1-f173.google.com (mail-lj1-f173.google.com
[209.85.208.173])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 1B79C70B
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 7 Jul 2018 02:47:43 +0000 (UTC)
Received: by mail-lj1-f173.google.com with SMTP id p10-v6so5004939ljg.2
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 06 Jul 2018 19:47:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:from:date:message-id:subject:to;
bh=KWs55nK0f44WyB7BEDIuFLpv0zrVEBT3QNTO5K2oGSU=;
b=bXa4LNW30iQhXA/lmJi1Zo6dyT2+CFXPaJ/aZZhevEewPC9Yg0uCQB7pXZQhACpWN7
FAwV7kq2CobJH2gi/OqxRL1/gO0vgN1ZuMWIQyIVOFlt1ARlKDY9WPlaqKf8le5uYaPy
BMn/4hJXRwHksKnBuebj0Fq95ov588HjOyQIt3G/xiPY+nzZO2djRgiofPbC2RkBb9PU
aNoCvaC7891a/EBBr7te7SXECAiqkGRh03Xu7LajGyqDGg6lwXEc2v78B8h//SnuotR5
BBI0GlausuOjHwhhNwMDjKzB+pqynUFyRfvMWSeK+heVqknSHuipn6KvenU8UJLe9o1w
zc6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=KWs55nK0f44WyB7BEDIuFLpv0zrVEBT3QNTO5K2oGSU=;
b=TXz3Gl2tmQOuBmiIJLHZCgRvecz8cGLoQFXzlg5Lu0bAx/RCkq7tCFpGTmPXvTt0+Z
iXQHv/nqR1OBlxTcbn+JN6RhyGe6/YvR1Rf75A5cYqUwRJJzwtor5IU1Th1rYXxygEsc
vpkXZzbM48Oa2ZOh3xeQnRG3tNztMcn9eXhhxLFfp3UVMu6lY3b7ffG/2EEpsvEal4cv
M4sM0bcJEi3+LN0LpHJFIIgw8LzHr3CovaWwL9l2QfMBzM05THtxg//VwpKeULEa3cjt
cdMS0HGzkrM6LJzdWNZPZfYV4vLHRro5atd1OVtMjCXQK5eBVd1dCldB+NZqksEg2PJj
C8HQ==
X-Gm-Message-State: APt69E25WQuCbAFgNe6eznk1Vx9h1s3KwZBis/OUapbaw6gAgK6rJbbI
ZtS4uU9si8V7g9r6rqaZ2DvG0ex3XZ1DfvIOPJzWzg==
X-Google-Smtp-Source: AAOMgpeVKhLugghpxLFwMiOxbbbCoG9NADpIlrVtllidnQNDOeDQfBK3dGxAjezdr+9pPpp4HdYUIBeFaFFvOmSPRsw=
X-Received: by 2002:a2e:c52:: with SMTP id o18-v6mr8000496ljd.72.1530931661293;
Fri, 06 Jul 2018 19:47:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a2e:65cb:0:0:0:0:0 with HTTP;
Fri, 6 Jul 2018 19:47:40 -0700 (PDT)
From: =?UTF-8?B?0JDRgNGC0ZHQvCDQm9C40YLQstC40L3QvtCy0LjRhw==?=
<theartlav@gmail.com>
Date: Sat, 7 Jul 2018 05:47:40 +0300
Message-ID: <CAJRVQkD_oTZ_A_eFrX8TjbNFaQpFK1NYc+YkgKx3CRjCFPV9VQ@mail.gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: multipart/alternative; boundary="000000000000d8ce4305705fcdf9"
X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, FROM_EXCESS_BASE64,
HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Sat, 07 Jul 2018 12:08:50 +0000
Subject: Re: [bitcoin-dev] Schnorr signatures BIP
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Jul 2018 02:47:43 -0000
--000000000000d8ce4305705fcdf9
Content-Type: text/plain; charset="UTF-8"
Neat.
Some minor notes as an outsider who just spent an hour implementing and
playing with this:
-In several places you have things like "Let k = int(hash(bytes(d) || m))
mod n", but reference code says things like "e = sha256(R[0].to_bytes(32,
byteorder="big") + bytes_point(point_mul(G, seckey)) + msg)", no modulo.
Confusing.
-x is not defined in "The signature is *bytes(x(R)) || bytes(k + ex mod n)*",
apparently it's the private key.
-jacobi function is great at exposing bugs in divmod implementations, due
to the full 256 bit exponent. Add a line about it being something to watch
for?
-"bytes" notation is defined as "turn to bytes" for an integer, but the
same for a point is "take X with prefix and turn to bytes". Confusing,
might be a good idea to name it differently?
-Finally, it would have been nice to have a larger set of test vectors in a
JSON or CSV file, covering all the edge cases.
Artem
--000000000000d8ce4305705fcdf9
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>Neat.</div><div><br></div><div>Some minor notes as an=
outsider who just spent an hour implementing and playing with this:</div><=
div><br></div><div>-In several places you have things like "Let k =3D =
int(hash(bytes(d) || m)) mod n", but reference code says things like &=
quot;e =3D sha256(R[0].to_bytes(32, byteorder=3D"big") + bytes_po=
int(point_mul(G, seckey)) + msg)", no modulo. Confusing.<br></div><div=
><br></div><div>-x is not defined in "The signature is <i>bytes(x(R)) =
|| bytes(k + ex mod n)</i>", apparently it's the private key.</div=
><div><br></div><div>-jacobi function is great at exposing bugs in divmod i=
mplementations, due to the full 256 bit exponent. Add a line about it being=
something to watch for?</div><div><br></div><div>-"bytes" notati=
on is defined as "turn to bytes" for an integer, but the same for=
a point is "take X with prefix and turn to bytes". Confusing, mi=
ght be a good idea to name it differently?<br></div><div><br></div><div>-Fi=
nally, it would have been nice to have a larger set of test vectors in a JS=
ON or CSV file, covering all the edge cases.<br></div><div><br></div><div><=
br></div><div>Artem<br></div></div>
--000000000000d8ce4305705fcdf9--
|
