Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor RedJubjub to serialize the pubkey internally #179

Closed
str4d opened this issue Dec 4, 2019 · 2 comments
Closed

Refactor RedJubjub to serialize the pubkey internally #179

str4d opened this issue Dec 4, 2019 · 2 comments

Comments

@str4d
Copy link
Contributor

str4d commented Dec 4, 2019
edited
Loading

The current implementation serializes R || M because this was how RedJubjub was originally specified. Late in the Sapling development process, this was altered to R || vk || M to make a security proof easier. The code was not altered at the time because all RedJubjub callers were already prepending pubkeys to their messages before signing, which is functionally identical.

We should refactor RedJubjub to instead serialize vk internally, so that the callsites do not need to care, and the implementation more closely matches the spec.
@str4d str4d added the E-good-first-issue Effort: Suitable for someone new to the codebase. label Dec 4, 2019
@daira daira mentioned this issue Dec 4, 2019
Closed
@daira
Copy link
Contributor

daira commented Dec 4, 2019
edited
Loading

More precisely, it's not that the security proof was made easier; it's that Strong Unforgeability under Randomised Keys does not hold generically unless the public key is included in the hash.

@hdevalence hdevalence mentioned this issue Dec 9, 2019
Closed
@daira daira removed the E-good-first-issue Effort: Suitable for someone new to the codebase. label Dec 12, 2024
@daira
Copy link
Contributor

daira commented Dec 12, 2024
edited
Loading

The redjubjub crate was refactored to be a wrapper over the reddsa crate in ZcashFoundation/redjubjub#152 (in February 2023, included in redjubjub 0.7.0 which depends on reddsa 0.5.0). reddsa 0.5.0 does do the prefixing itself, for signing and for verification. So there is nothing more to do here.

@daira daira closed this as completed Dec 12, 2024
@daira daira mentioned this issue Dec 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daira @str4d