story around signatures in disco

[mimoo]

We've seemed to have settled on schnorr signatures over ristretto22519. (See this PR https://github.com/mimoo/disco/pull/45)

Other choices were:

• qDSA. Too new.
• EdDSA. Makes use of SHA-512.
• ECDSA. Why not, but not really specified for Curve25519.
• schnorr over P-256. We already use Curve25519, so we should leverage this.

My two concerns are:

• ristretto. Too new, and not well-supported.
• schnorr signatures are not specified anywhere.

What references are there out there? I think we should follow the scheme defined by a proof:

https://crypto.stackexchange.com/questions/48616/prove-the-security-of-schnorrs-signature-scheme

[actuallyachraf]

I've recently read the schnorrkel implementation at [1], and came up on a merlin transcripts (see [2]). I propose we rewrite our schnorrkel implementation to follow the same API in [1] and use merlin transcripts and possibly dynamic contexts for each disco connection. ChainSafe have an implementation (see [3]) that follows the same API, re-use of that library under might also be a solution.

• [1] : https://github.com/w3f/schnorrkel/blob/master/src/sign.rs
• [2] : https://github.com/gtank/merlin
• [3] : https://github.com/ChainSafe/go-schnorrkel