Skip to content
This repository has been archived by the owner on Oct 11, 2024. It is now read-only.

Ensure VRF uniqueness #568

Merged
merged 7 commits into from
Jun 21, 2017
Merged

Ensure VRF uniqueness #568

merged 7 commits into from
Jun 21, 2017

Conversation

gdbelvin
Copy link
Contributor

@gdbelvin gdbelvin commented Apr 26, 2017
edited
Loading

VRF uniqueness could be violated because the VRF output itself was not
included in the the computation of s, the commitment to the VRF and
zero knowledge proof. Fixes #567.

Other changes also included in this PR:

  • H2(.., m, ..) -> H2(.., H1(m),..) for better alignment with the NSEC5 VRF (sec 3.5). This change was suggested by Leonid Reyzin and approved by @jcb82 (the CONIKS paper has been updated).
  • Variable name notation has been updated for better code clarity.
  • Add test vectors Create Test Vectors #613

References:

jcb82
jcb82 reviewed Apr 26, 2017
View reviewed changes
core/crypto/vrf/p256/p256.go Outdated
// G is the base point
// s = H2(m, [r]G, [r]H)
// s = H2(m, [r]G, [r]H, [k]H)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Order is not following either the CONIKs paper or Franklin paper (which list [k]H earlier)

Also, why not hash in G (base point) and the public key kG? As is done in both papers

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added the base point and the public key.
Updated the order to match the CONIKS paper.

@codecov-io
Copy link

codecov-io commented Apr 26, 2017
edited
Loading

Codecov Report

Merging #568 into master will increase coverage by 0.03%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #568      +/-   ##
==========================================
+ Coverage   57.21%   57.24%   +0.03%     
==========================================
  Files          35       35              
  Lines        2489     2491       +2     
==========================================
+ Hits         1424     1426       +2     
  Misses        776      776              
  Partials      289      289
Impacted Files Coverage Δ
core/crypto/vrf/p256/p256.go 82.25% <100%> (+0.29%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a223e8b...124965f. Read the comment docs.

@gdbelvin gdbelvin force-pushed the vrf-fix branch 2 times, most recently from 804ecec to e04d45f Compare May 11, 2017 21:23
@gdbelvin gdbelvin requested a review from a user June 2, 2017 20:02
@gdbelvin gdbelvin force-pushed the vrf-fix branch 4 times, most recently from f729569 to f4e17a7 Compare June 20, 2017 18:41
@gdbelvin
Ensure VRF uniqueness
88c3786 
Fixes google#567

VRF uniqueness could be violated because the VRF output itself was not
included in the the computation of `s`, the commitment to the VRF and
zero knowledge proof.
@gdbelvin
Reorder vrf to match CONIKS paper
295a28d
@gdbelvin
Add TODOs for migrating to NSEC5
29b12f3
@gdbelvin
Use binary.Write to write fixed with integers
7b5a1b8
@gdbelvin
Add test vectors
640617d
@gdbelvin gdbelvin force-pushed the vrf-fix branch 2 times, most recently from 228d7a0 to 2f9ae65 Compare June 21, 2017 12:21
@gdbelvin gdbelvin merged commit b10ca28 into google:master Jun 21, 2017
@gdbelvin gdbelvin deleted the vrf-fix branch June 21, 2017 17:19
@liamsi liamsi mentioned this pull request Jun 22, 2017
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jcb82 jcb82 jcb82 left review comments

@cryptosubtlety cryptosubtlety cryptosubtlety approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gdbelvin @codecov-io @jcb82 @cryptosubtlety