Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify some details of view key generation. #199

Open
acoglio opened this issue Jun 8, 2023 · 4 comments
Open

Clarify some details of view key generation. #199

acoglio opened this issue Jun 8, 2023 · 4 comments
Assignees
@moAlobaidi

Comments

@acoglio
Copy link
Collaborator

acoglio commented Jun 8, 2023

In the description of view key generation, it is not clear to me what the following things are, exactly:

  • The ppaccount_sig value.
  • The ppaccount_cm value.
  • The AccountSignature.GeneratePublicKey function.
  • The AcountCommitment.Commit function.
@acoglio acoglio changed the title Clarify some details of view key generation Clarify some details of view key generation. Jun 8, 2023
@moAlobaidi
Copy link
Contributor

Hi @acoglio. Taking a look at this now-- would you be able to provide definitions of the referenced values and functions?

@moAlobaidi moAlobaidi self-assigned this Jun 13, 2023
@ghost
Copy link

ghost commented Jun 13, 2023

Hey @acoglio I also need some clarity on what these are. I'll follow-up with the protocol team e.g., @raychu86 and @howardwu and update this issue with their thoughts. It may take a few days, though.

@ghost ghost assigned ghost and moAlobaidi and unassigned moAlobaidi Jun 13, 2023
@ghost
Copy link

ghost commented Jun 13, 2023
edited by ghost
Loading

From @raychu86:

Compute pk_sig := G^sk_sig.
Compute pr_sig := G^r_sig.
Compute sk_prf := HashToScalar(pk_sig || pr_sig).
Compute view_key := sk_sig + r_sig + sk_prf

The G^ and HashtoScalar here are done with public parameters, which is abbreviated pp .

In code its:

pub static ref GENERATOR_G: Vec<Group<Testnet3>> =
Testnet3::new_bases("AleoAccountEncryptionAndSignatureScheme0");

pub static ref POSEIDON_4: Poseidon4<Testnet3> = Poseidon4::
<Testnet3>::setup("AleoPoseidon4").expect("Failed to setup Poseidon4");

And then Address is derived from a view key like this:
Compute address := G^view_key

cc @moAlobaidi @acoglio

@acoglio
Copy link
Collaborator Author

acoglio commented Jun 14, 2023
edited
Loading

@moAlobaidi @aharshbe Thank you for helping to track this down. (And no, I don't know the definitions; I opened this issue both to get the doc improved and to understand the details myself.) I have some follow-up questions:

  • How is the generator G computed exactly? I.e. what does Testnet3::new_bases() do? Presumably it's calculating a curve point according to some hashing algorithm, so the question is what that is.
  • Each of sk_sig and r_sig is a sequence of 32 bytes, resulting from BLAKE2s, but their use as exponents in G^sk_pig and G^r_sig needs them to be integers. Are the 32 bytes converted to integers in little or big endian order?
  • In HashToScalar(pk_sig || pr_sig), is || concatenation, or bitwise 'or'?
  • What hash function is HashToScalar exactly?
  • In sk_sig + r_sig + sk_prf, what are the exact meaning of +? Are sk_sig and the other (32-byte sequences from BLAKE2s) added as (little or big endian) integers?

(As discussed at today's meeting, this level of detail may or may not be the goal for this developer documentation. The purpose of my questions is to get to an informal but precise specification, which would hypothetically suffice for a well-informed developer to implement account creation and other protocol calculations without looking at our Rust code.)

@d0cd d0cd mentioned this issue Jun 22, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@moAlobaidi moAlobaidi

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@acoglio @moAlobaidi