search

ZenGo-X / class

Rust library for building IQC: cryptography based on class groups of imaginary quadratic orders
GNU General Public License v3.0
63 stars 31 forks source link

test(VDF): bench rsa vs class #37

Closed HAOYUatHZ closed 3 years ago

HAOYUatHZ commented 4 years ago

as discussed in https://github.com/KZen-networks/class/issues/27

HAOYUatHZ commented 4 years ago

@omershlo I have refactored the H_g() for RSA,

and setup() for class.

However I am not quite happy about the codes, because now I need to pass x into setup?

HAOYUatHZ commented 4 years ago

and setup() for class.

tested via cargo test --lib vdf -- --test-threads=1

HAOYUatHZ commented 4 years ago

@omershlo I've also refactored RSA one now. The PR is ready, you can take a look again.

HAOYUatHZ commented 4 years ago

BTW, I've got a few questions:

  1. where does prng-style h_g come from? I couldn't find it in
  2. why in https://github.com/poanetwork/vdf/blob/master/vdf/src/proof_pietrzak.rs#L45-L58, they assert iteration as an even number >=66? I couldn't find evidence for it either.
omershlo commented 4 years ago

Hi,

I see you made a bunch of commits, does it mean the PR is ready for another review ? about your questions: 1) h_g is not specified in the papers, It is one of those things that authors love to keep abstract - they just assume that there exist a hash function mapping strings to group elements. Our implementation is something we came up with that we argue achieve the required functionality and security guarantees.

2) That's a good question - nothing come to mind immediately but I am not an expert on Pietrzak proof. I suggest opening an issue in that repo to ask, or ask in our telegram group- I would also be interested to learn.

HAOYUatHZ commented 4 years ago

Hi,

I see you made a bunch of commits, does it mean the PR is ready for another review ? about your questions:

  1. h_g is not specified in the papers, It is one of those things that authors love to keep abstract - they just assume that there exist a hash function mapping strings to group elements. Our implementation is something we came up with that we argue achieve the required functionality and security guarantees.
  2. That's a good question - nothing come to mind immediately but I am not an expert on Pietrzak proof. I suggest opening an issue in that repo to ask, or ask in our telegram group- I would also be interested to learn.

yes it's ready again. @omershlo

omershlo commented 4 years ago

I see you use M13 prime for the modulus. In RSA the modulus should be a bi-prime ( N = p*q for p,q 1024 bit primes)

HAOYUatHZ commented 4 years ago

RSA the modulus should be a bi-prime

So a 2048 bi-prime for N?

What about using https://en.wikipedia.org/wiki/RSA_numbers#RSA-2048 here?

omershlo commented 4 years ago

Looks good.