Module schnorrkel::cert
source · Expand description
Adaptor signature-based implicit certificate scheme for Ristretto
Implicit certificates provide an extremely space efficient public key certificate scheme.
As a rule, implicit certificates do not prove possession of the private key. We thus worry more about fear rogue key attack when using them, but all protocols here should provide strong defenses against then.
We implement an implicit certificate scheme based on adaptor signatures as recommended by [1] and [2], which appears useful for “scriptless script” applications like [3] and [4].
We should eventually place this into some more generally usable adaptor signature framework, but doing this safely this requires more work. We have not actually done security arguments for this code yet either, but we expect to find such results in the paymet channel literature [3]. We might find arguments around Elliptic curve Qu-Vanstone (ECQV) helpful too [5,6].
[1] “Schnorr Signatures for secp256k1” by Pieter Wuille, Jonas Nick, and Tim Ruffing https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki#Adaptor_Signatures [2] Ruben Somsen. “Schnorr signatures, adaptor signatures and statechains” https://bitcoinedge.org/transcript/telaviv2019/statechains [3] Giulio Malavolta and Pedro Moreno-Sanchez and Clara Schneidewind and Aniket Kate and Matteo Maffei “Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability” https://eprint.iacr.org/2018/472 [4] Jonas Nick. “Scriptless Scripts [Using Adaptor Signatures]” https://github.com/ElementsProject/scriptless-scripts [5] “Standards for efficient cryptography, SEC 4: Elliptic Curve Qu-Vanstone Implicit Certificate Scheme (ECQV)”. http://www.secg.org/sec4-1.0.pdf [6] Daniel R. L. Brown, Robert P. Gallant, and Scott A. Vanstone. “Provably Secure Implicit Certificate Schemes”. Financial Cryptography 2001. Lecture Notes in Computer Science. Springer Berlin Heidelberg. 2339 (1): 156–165. doi:10.1007/3-540-46088-8_15. http://www.cacr.math.uwaterloo.ca/techreports/2000/corr2000-55.ps
Structs
- Adaptor Implicit Certificate Public Key Reconstruction Data
- Adaptor Implicit Certificate Secret