Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
schnorr.hpp
Go to the documentation of this file.
1#pragma once
2
3#include <array>
4#include <memory.h>
5#include <string>
6
7#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"
8
9#include "barretenberg/crypto/hashers/hashers.hpp"
10
11#include "barretenberg/common/serialize.hpp"
12#include "barretenberg/common/streams.hpp"
13#include "barretenberg/serialize/msgpack.hpp"
14
15namespace bb::crypto {
16template <typename Fr, typename G1> struct schnorr_key_pair {
17 Fr private_key;
18 typename G1::affine_element public_key;
19};
20
21// Raw representation of a Schnorr signature (e,s). We use the short variant of Schnorr
22// where we include the challenge hash `e` instead of the group element R representing
23// the provers initial message.
24struct schnorr_signature {
25
26 // `s` is a serialized field element (also 32 bytes), representing the prover's response to
27 // to the verifier challenge `e`.
28 // We do not enforce that `s` is canonical since signatures are verified inside a circuit,
29 // and are provided as private inputs. Malleability is not an issue in this case.
30 std::array<uint8_t, 32> s;
31 // `e` represents the verifier's challenge in the protocol. It is encoded as the 32-byte
32 // output of a hash function modeling a random oracle in the Fiat-Shamir transform.
33 std::array<uint8_t, 32> e;
34 MSGPACK_FIELDS(s, e);
35};
36
37template <typename Hash, typename Fq, typename Fr, typename G1>
38bool schnorr_verify_signature(const std::string& message,
39 const typename G1::affine_element& public_key,
40 const schnorr_signature& sig);
41
42template <typename Hash, typename Fq, typename Fr, typename G1>
43schnorr_signature schnorr_construct_signature(const std::string& message, const schnorr_key_pair<Fr, G1>& account);
44
45inline bool operator==(schnorr_signature const& lhs, schnorr_signature const& rhs)
46{
47 return lhs.s == rhs.s && lhs.e == rhs.e;
48}
49
50inline std::ostream& operator<<(std::ostream& os, schnorr_signature const& sig)
51{
52 os << "{ " << sig.s << ", " << sig.e << " }";
53 return os;
54}
55
56template <typename B> inline void read(B& it, schnorr_key_pair<grumpkin::fr, grumpkin::g1>& keypair)
57{
58 read(it, keypair.private_key);
59 read(it, keypair.public_key);
60}
61
62template <typename B> inline void write(B& buf, schnorr_key_pair<grumpkin::fr, grumpkin::g1> const& keypair)
63{
64 write(buf, keypair.private_key);
65 write(buf, keypair.public_key);
66}
67} // namespace bb::crypto
68#include "./schnorr.tcc"
buf
uint8_t const * buf
Definition data_store.hpp:9
bb::crypto::schnorr_construct_signature
schnorr_signature schnorr_construct_signature(const std::string &message, const schnorr_key_pair< Fr, G1 > &account)
bb::crypto::read
void read(B &it, SchnorrProofOfPossession< G1, Hash > &proof_of_possession)
Definition proof_of_possession.hpp:124
bb::crypto::write
void write(B &buf, SchnorrProofOfPossession< G1, Hash > const &proof_of_possession)
Definition proof_of_possession.hpp:131
bb::crypto::schnorr_verify_signature
bool schnorr_verify_signature(const std::string &message, const typename G1::affine_element &public_key, const schnorr_signature &sig)
bb::crypto::operator==
bool operator==(ecdsa_signature const &lhs, ecdsa_signature const &rhs)
Definition ecdsa.hpp:45
bb::crypto::operator<<
std::ostream & operator<<(std::ostream &os, ecdsa_signature const &sig)
Definition ecdsa.hpp:50
bb::crypto::schnorr_key_pair
Definition schnorr.hpp:16
bb::crypto::schnorr_key_pair::private_key
Fr private_key
Definition schnorr.hpp:17
bb::crypto::schnorr_key_pair::public_key
G1::affine_element public_key
Definition schnorr.hpp:18
bb::crypto::schnorr_signature
Definition schnorr.hpp:24
bb::crypto::schnorr_signature::s
std::array< uint8_t, 32 > s
Definition schnorr.hpp:30
bb::crypto::schnorr_signature::MSGPACK_FIELDS
MSGPACK_FIELDS(s, e)
bb::crypto::schnorr_signature::e
std::array< uint8_t, 32 > e
Definition schnorr.hpp:33