-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Blind Schnorr Signatures #98
base: master
Are you sure you want to change the base?
Conversation
227b6f2 is an attempt to make this secure (still almost certainly insecure -- do not use). To safely sign, the signing server should use I doubt this API is ideal (particularly if async), but it's somewhere to start |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work. Left some comments. The big picture comment I have is whether we can via the API prevent a user from opening more parallel sessions than they should be allowed to given the difficultly of the modified ROS problem. e.g. if you try and open one when you already have too many open you get an None
back.
1bb2f18
to
48a0e28
Compare
6151810
to
f5c6f45
Compare
I'd like to clean up the multiple uses of "blinded" and "tweaked". The |
35461a6
to
2409363
Compare
4ead9f4
to
a06a8d1
Compare
These changes have introduced a The Users' requests are processed with sequential calls to I have made it so that you can set |
4274181
to
e2e47e5
Compare
Latest commits make steps to more safely handle state and a clearer distinction between parallel and single-call execution. There is now a |
eeaf933
to
ac7fcc8
Compare
60e49ac
to
ff9edc9
Compare
* Disconnect on 1 of N sessions, unless N=1 * Use up nonces when signing. * Expire sessions when we have given out too many nonces * Store already signed signatures for polling * Store already_signed as None for closed sessions * serde_json Serialize, Deserialize * Separate sign_all_but_one function for immediate signing
ff9edc9
to
1aec1c0
Compare
Blind schnorr signatures
Todo:
fn BlindingTweaks::from_values(alpha, beta)
needs_negations
?Move frost and musigJustnonce.rs
stuff tobinonce
and introduce a singularnonce
that generates with even-Y (don't have to manually negate in tests & everywhere)derive_nonce!()
for nowwrapper. Instead follow: Blind Schnorr Signatures and Signed ElGamal Encryptionin the Algebraic Group Model .
None
when sessions are maxed out. Do not give out any signatures until all N sessions are connected.t
)sign()
1
and whether to immediately sign (never concurrent)already_signed
is appropriate.BlindSigner::drain_sign
or something to sign remainingmaybe insecure -- do not use