Integrate libsodium (Algorand's VRF lib) into Tendermint#4
Integrate libsodium (Algorand's VRF lib) into Tendermint#4
Conversation
056b347 to
885b885
Compare
faaf139 to
10bcded
Compare
|
local unit-test passed |
crypto/vrf/internal/vrf/vrf.go
Outdated
| messagePtr := (*C.uchar)(unsafe.Pointer(&message)) | ||
| messageLen := (C.ulonglong)(len(message)) | ||
| if C.crypto_vrf_prove(proofPtr, privateKeyPtr, messagePtr, messageLen) != 0 { | ||
| return nil, errors.New(fmt.Sprintf("unable to decode the given privateKey: %s", |
There was a problem hiding this comment.
If some error can be raised with correct privateKey and wrong message, printing private key in log is not good for security reasons.
crypto/vrf/vrf_test.go
Outdated
| if err3 != nil { | ||
| t.Errorf("failed to verify: %s", err3) | ||
| } else if ! bytes.Equal(hash1[:], hash2[:]) { | ||
| t.Errorf("output incompativle: %s != %s", enc(hash1[:]), enc(hash2[:])) |
There was a problem hiding this comment.
typo: incompativle
and I am asking for just wonder, is the result of verifying same to proof?
There was a problem hiding this comment.
fix it.
Yes, the outputs of proof_to_hash() and verify() must exactly match for a valid proof pi. According to the IETF draft 4:
Thus, the VRF also comes with an algorithm
VRF_verify(PK, alpha, pi)that outputs (VALID, beta = VRF_proof_to_hash(pi)) if pi is valid, and INVALID otherwise."
| privateKeyPtr := (*C.uchar)(unsafe.Pointer(privateKey)) | ||
| C.crypto_vrf_sk_to_seed(seedPtr, privateKeyPtr) // void | ||
| return &seed | ||
| } |
There was a problem hiding this comment.
I understand that VRF has four functions(hash(), prove(), proofToHash(), verify()). But I cannot see hash() function in this file. Must the prover use proofToHash() rather than hash() to get beta?
There was a problem hiding this comment.
Yes, it is. This PR is to integrate the libsodium API and the library doesn't provide a hash() function. I think this is because hash() can be composited from prove() and hash_to_poof(). This probably follows the IETF policy.
Notice that this means that
VRF_hash(SK, alpha) = VRF_proof_to_hash(VRF_prove(SK, alpha))and thus this document will specify VRF_prove and VRF_proof_to_hash
rather than VRF_hash.
100ef8e to
1fecb81
Compare
|
CircleCI normalize 🎉 Changes
|
|
BTW, where are our commits? I think this PR is difficult to understand our changes... I'm afraid to squash 224 commits... |
How about merge #11 first? |
|
Now, we can see only our changes. 😀 |
|
This PR became complicated by a number of commits and rebases, so we move to a new one #12. |
|
wow, you can rebase using git command and force push on this PR... |
This PR on #1, #2 allows us to call the library
libsodiumimplemented in C from within the Tendermint project. This contains golang functions that are equivalent to the VRF functions defined inlibsodium.Note that the
libsodiumused in this PR is a cryptography library of the same name with VRF capability (IRFT Draft 3) added by Algorand. The original libsodium does not contain a VRF.In a newly checked out environment, libsodium must be built and installed before compiling golang.