serializations

[zhenfeizhang]

Group elements

• option 1: use pairing lib's (zkcrypto) internal method to convert a group element into a byte array.
• option 2: follow BLS standard Decision: following BLS stand. Use bls library's SerDes trait.

ciphersuite id

Maps a u8 to a set of parameters

Example (to be decided):

CSID	Curve	PK	Generator	hash to field	deterministic randomness
0x00	BLS12-381	PK in G1	non-randomized generator	bls' hash to field function	true

Parameters

• proposal: start with a ciphtersuite id of 1 byte, followed by the constant d of 1 byte, and concatenation of group elements as a byte string, without guarding bits. Pixel library will handle conversions between parameters and a memory blob.

|ciphersuite id| d | serialize(g2) | serialize(h) | serialize(h0) | ... | serialize(hd)

public key

• proposal: start with a ciphersuite id of 1 byte, followed by the public key |ciphersuite id|serial(pk)|

subsecretkey

• proposal: start with a time stamp (4 bytes), followed by the number of h elements, then a concatenation of the elements |time stamp|hv_length (i.e., t+1) | serial(g2r) | serial(hpoly) | serial(h0) ... | serial(ht)

secret key

• proposal: start with a ciphersuite id (1 byte), followed by the number of ssk-s (1 byte), then 64 bytes of the current prng, then concatenations of ssk-s in chronological order |ciphersuite id| number of ssk-s | prng |serial(first ssk) | serial(second ssk)| ...

note: the time stamp is not stored for secret key. It can be obtained from its first ssk.

signature

• proposal: start with a ciphersuite id (1 byte), then 4 bytes for time stamp, followed by concatenations of sigma1 and sigma2

|ciphersuite id| time |sigma1|sigma2|

[hoeteck]

There's no need to standardize serialization of secret keys and sub secret key, since these are internal to the implementation.

For public keys and signatures, I don't really have an opinion, but it'd make sense to follow whatever is done for BLS signatures, etc. :)

For h, h0, h1, etc, we should fix some special string, and then run hash_to_Gx(string | counter).

[zhenfeizhang]

Thanks! Will follow BLS signature's encoding. And also use hash to group to generate the public parameters.

[zhenfeizhang]

Use the serialization method in the main body of this ticket.