Closed BasileiosKal closed 1 year ago
Would it be possible to include fixtures for some of the other utility operations, specifically scalars = hash_to_scalar(msg_octets, count)
. This operation is harder to validate as it's always a dependent part inside existing operations. A simple fixture for hashing an octet string into 1 and 2 scalars would go a long way.
Some of the DST or SEED values contain RO_
in them, while some use R0_
, letter O
vs number 0
. Is this intentional?
R.e., the R0_
in the DST's it's a typo. Thanks for identifying it, would never had picked it up 😅 The correct form is RO_
(not with the zero). The fixtures use the correct DST (with RO_
)
R.e., the make_generators
procedure, the current one is not up to date with the latest spec. PR #220 updates it. This PR has "deactivated" that tooling for the workflow, i.e., the generators fixtures are not yet created from that tool. Will reactivate it after #220 is merged.
Added hash-to-scalar
and MapMessageToScalarAsHash
test vectors. @tmarkovski hope those will be useful!
@tmarkovski, @christianpaquin I just pushed some new test vectors, after fixing a typo i made in one of the dst's. Sorry about that. It should be consistent now. Please use the updated ones in your testings!
Happy to report that all test vectors are passing at present! Thanks for updating the test vectors and looking into the my issue.
My thoughts and findings:
Sign
algorithm accept SK and PK as input, but doesn't validate if the PK is correct. SkToPk
is fairly inexpensive operation, it seems that only SK is needed. Is there a security concern similar to what affected ECDSA?@tmarkovski are the implementation and tests (referred in your message above) public? If so, could you please share a link?
It would be good to add a signing test over 0 messages, and a proof test disclosing no messages, to provide test cases for edge conditions (to validate the handling of empty argument arrays).
@tmarkovski are the implementation and tests (referred in your message above) public? If so, could you please share a link?
I believe it is this @jovfer? https://github.com/trinsic-id/bbs/tree/main
FYI @BasileiosKal, my implementation now validates these test vectors; simply sync with main and npm test
.
I've attempted to capture all the comments from this PR in #225 and #7. Because we have three implementations verifying these fixtures I'd like to merge at this point and publish a new draft revision ahead of the IETF meeting.
Multiple approvals, reviewed on last WG call, residual gaps captured in issues, merging
Great. I updated my lib to fetch fixtures from the main branch.
This PR:
Notes