Skip to content

RPO STARK-based signature DSA (with zero knowledge)#349

Merged
bobbinth merged 25 commits intorpo-dsafrom
al-stark-signature-dev-masm
Dec 13, 2024
Merged

RPO STARK-based signature DSA (with zero knowledge)#349
bobbinth merged 25 commits intorpo-dsafrom
al-stark-signature-dev-masm

Conversation

@Al-Kindi-0
Copy link
Collaborator

@Al-Kindi-0 Al-Kindi-0 commented Dec 2, 2024

Describe your changes

Same as #342 but uses the branch of Winterfell implementing zero-knowledge.

Checklist before requesting a review

  • Repo forked and branch created from next according to naming convention.
  • Commit messages and codestyle follow conventions.
  • Relevant issues are linked in the PR description.
  • Tests added for new functionality.
  • Documentation/comments updated according to changes.

bobbinth
bobbinth reviewed Dec 9, 2024
View reviewed changes
Copy link
Contributor

@bobbinth bobbinth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! Looks good! I left some comments inline.

Also, one thing that would be great to do is to add a section to the benchmarks section comparing Falcon and STARK signatures (key gen, sign, verify). For this we probably need to add benchmarks to measure these.

src/dsa/rpo_stark/stark/mod.rs
Comment on lines +43 to +46
// generate the initial seed for the PRNG used for zero-knowledge
let mut seed = <ChaCha20Rng as SeedableRng>::Seed::default();
let mut rng = thread_rng();
rng.fill_bytes(&mut seed);
Copy link
Contributor

@bobbinth bobbinth Dec 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We shouldn't be able to do this in WASM (or any no-std context), right? I wonder what else can we do here (having a fully deterministic signature would have been nice - but we don't have this yet, right?)

Copy link
Collaborator Author

@Al-Kindi-0 Al-Kindi-0 Dec 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I have now made everything depend on one seed, except for the salted Merkle tree which we should discuss in the relevant issue.
Once this is fixed we should be able to de-randomize the signature e.g., make the initial seed a deterministic function of the inputs and some other fixed constants

bobbinth
bobbinth reviewed Dec 10, 2024
View reviewed changes
Copy link
Contributor

@bobbinth bobbinth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Thank you! I left some more comments inline.

Other outstanding things are:

  • Come up with a better name for the signature scheme.
  • Add a benchmark. This could be in a follow-up PR.

@Al-Kindi-0
Copy link
Collaborator Author

Al-Kindi-0 commented Dec 10, 2024

Other outstanding things are:

* Come up with a better name for the signature scheme.

Opened the following issue for this #353

* Add a benchmark. This could be in a follow-up PR.

Opened the following PR for this #354

bobbinth
bobbinth approved these changes Dec 11, 2024
View reviewed changes
Copy link
Contributor

@bobbinth bobbinth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Thank you! I left a few small comments inline.

I'm wondering that maybe instead of merging it into next, we should create a separate branch - e.g., rpo_dsa and merge this and subsequent related PRs into it. This way, we won't break the next branch until the relevant updates are made in winterfell (and I think the next step is to get the ZK PR in winterfell merged - right?).

@Al-Kindi-0 Al-Kindi-0 changed the base branch from next to rpo-dsa December 11, 2024 16:52
@Al-Kindi-0
Copy link
Collaborator Author

Al-Kindi-0 commented Dec 11, 2024

I'm wondering that maybe instead of merging it into next, we should create a separate branch - e.g., rpo_dsa and merge this and subsequent related PRs into it. This way, we won't break the next branch until the relevant updates are made in winterfell

That's a must, otherwise things will break. Changed the base now.

(and I think the next step is to get the ZK PR in winterfell merged - right?).

That's the logical next step

bobbinth
bobbinth reviewed Dec 12, 2024
View reviewed changes
Copy link
Contributor

@bobbinth bobbinth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! Looks good! I added some more comments inline - mostly about dependencies and features.

One thing I'm still trying to understand how this will work in no-std environment (i.e., WASM).

@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 12, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

bobbinth
bobbinth approved these changes Dec 13, 2024
View reviewed changes
Copy link
Contributor

@bobbinth bobbinth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Thank you!

@bobbinth bobbinth merged commit 335c50f into rpo-dsa Dec 13, 2024
@bobbinth bobbinth deleted the al-stark-signature-dev-masm branch December 13, 2024 03:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bobbinth bobbinth bobbinth approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Al-Kindi-0 @bobbinth