Add anti nonce-sidechannel protocol to schnorrsigs #572

pull jonasnick wants to merge 7 commits into bitcoin-core:master from jonasnick:schnorrsig-s2c changing 18 files +2343 −15
  1. jonasnick commented at 4:00 pm on November 1, 2018: contributor

    Based on #588.

    Adding anti nonce-sidechannel functionality was a request in the schnorrsig module PR. The use case is to prevent a signing device from exfiltrating the secret signing keys through biased signature nonces, for example after a bad firmware update. It uses sign-to-contract commitments to host supplied randomness which forces the signer to randomize the nonce.

    In order to add more sign-to-contract commitments the host can create a merkle tree of data to be committed and randomness and send that to the signing device as “host randomness”.

    See https://github.com/bitcoin-core/secp256k1/pull/572/files#diff-b19c5ee427283d4d82bc5beb4e2f4777R59 for the workflow.

  2. jonasnick force-pushed on Nov 1, 2018
  3. jonasnick commented at 6:08 pm on November 1, 2018: contributor
    rebased on #558
  4. in include/secp256k1_schnorrsig.h:200 in a75765668a outdated 
    195+ *           0: incorrect opening
196+ *  Args:    ctx: a secp256k1 context object, initialized for verification.
197+ *  In:      sig: the signature containing the sign-to-contract commitment (cannot be NULL)
198+ *        data32: the 32-byte data that was committed to (cannot be NULL)
199+ *       original_nonce: pointer to the original_nonce created when signing (cannot be NULL)
200+ * negated_nonce: integer indicating if signing algorithm negated the nonce (can be NULL)
    instagibbs commented at 2:09 pm on December 11, 2018:

    (can be NULL)

    Nah

    Also specify what the integer must be to be considered true/false

    jonasnick commented at 10:25 pm on January 29, 2019:
    fixed
  5. add chacha20 function f4153a29ab
  6. Add schnorrsig module which implements BIP-schnorr [0] compatible signing, verification and batch verification. 
    [0] https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki
    d65adc82f8
  7. Add secp256k1_context argument to secp256k1_nonce_functions 39fe790b89
  8. Add ec_commitments which are essentially the pay-to-contract-style tweaks of public keys. 
    The functionality is not exposed.
    72342d4fec
  9. Add and expose sign-to-contract contexts and make nonce_function_bipschnorr do sign-to-contract commitments if an s2c context is provided as nonce data 673d0e35a0
  10. Add verification of schnorrsig sign-to-contract commitments 30c1d71311
  11. jonasnick cross-referenced this on Jan 29, 2019 from issue Allow sign-to-contract commitments in schnorrsigs by jonasnick
  12. Add anti nonce sidechannel protocol for schnorrsigs using nonce_function_bipschnorr bcfc256f0b
  13. jonasnick force-pushed on Jan 29, 2019
  14. jonasnick renamed this:
    Add sign-to-contract and an anti nonce-sidechannel protocol to schnorrsigs
    Add anti nonce-sidechannel protocol to schnorrsigs
    on Jan 29, 2019
  15. jonasnick commented at 10:26 pm on January 29, 2019: contributor
    The sign-to-contract functionality is not split off into new PR #588.
  16. jonasnick cross-referenced this on Feb 15, 2019 from issue Add anti nonce-sidechannel protocol to schnorrsigs [̶a̶l̶t̶e̶r̶n̶a̶t̶i̶v̶e̶]̶ by jonasnick
  17. jonasnick commented at 1:00 pm on July 3, 2019: contributor
    Closing in favor of #590
  18. jonasnick closed this on Jul 3, 2019
  19. landanhu cross-referenced this on Dec 29, 2019 from issue Problem: rust-secp256k1 fork diverged from upstream by landanhu


jonasnick instagibbs

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-22 23:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me