Open AmitShah opened 3 months ago
eddsa is unfinished, only because of SHA512 incomplete implementation (it only deals with small blocks now).
The elliptic computations part of the protocol are working. I will push a complete version in April.
I tried to update the test to work as follow:
uint256[2] memory kpub = [
43933056957747458452560886832567536073542840507013052263144963060608791330050,
16962727616734173323702303146057009569815335830970791807500022961899349823996
];
buffer[0] = 0x6291d657deec2402; //Rs
buffer[1] = 0x4827e69c3abe01a3;
buffer[2] = 0x0ce548a284743a44;
buffer[3] = 0x5e3680d7db5ac3ac;
buffer[4] = 0xfc51cd8e6218a1a3; //public y value, swapped
buffer[5] = 0x8da47ed00230f058;
buffer[6] = 0x0816ed13ba3303ac;
buffer[7] = 0x5deb911548908025;
buffer[8] = 0xaf82800000000000; //msg+padd
buffer[15] = 0x210; //end of padding, 66bytes=0x210 bits
//second half of signature
uint256 s = 0x18ff9b538d16f290ae67f760984dc6594a7c15e9716ed28dc027beceea1ec40a;
bool flag = EDDSA.Verify(kpub,buffer,s);
but it is producing flag = false
. Can you provide any feedback if something is passed incorrectly ?
I will push something in April. If you have some reference for test vectors adressing the elliptic part, i'm interested to validate SHA512 and ecc part separately, the only reference i found is: https://crypto.stackexchange.com/questions/99798/test-vectors-points-for-ed25519
I cant find seperate test vectors for each phase either but just the entire eddsa scheme:
Hello @rdubois-crypto is there anything I can help with to move this work ahead ? Appreciate your efforts
Hi Amit.
You will find a more advanced implementation on https://github.com/get-smooth/crypto-lib. The point multiplication is proven effective, and some tests vectors are successfull in the experimental branch. A more complete SHA512 must be pushed now to handle long vectors.
Hi @rdubois-crypto thank you so much for your feedback , I will look through the lib. Assuming this is your eth address crypt0grapher.eth, sending you coffee / beer on polygon
Hi @AmitShah , Ed25519 is now tested OK against the test vectors of RFC8032 here:
Would gladly hear about the use cases you are projecting.
Hello, I was hoping to test this for an eddsa use case. Do we have complete tests for FCL_eddsa? I see FCL_eddsa.t.sol is incomplete ?