search

w3c-ccg / ld-cryptosuite-registry

REGISTRY: Linked Data Keys Registry (managed by W3C Credentials Community Group)
https://w3c-ccg.github.io/ld-cryptosuite-registry/
Other
12 stars 4 forks source link

Updated ECC based signature to be consistent with other naming and be cryptographically correct #4

Closed mikelodder7 closed 5 years ago

mikelodder7 commented 6 years ago

Dave the problem with what you put there is also what Christopher Allen has mentioned-which signature are you using ElGamal or Schnorr. That’s why I put ECDSA. All caps is how the industry uses it. Not EcDsa. You could do that but crypto folks will cringe. We should make it so ECDSA is consistent with other names but this looks the closest in my opinion

mikelodder7 commented 6 years ago

I’m okay with ECDSASecp256k1VerificationKey2018

mikelodder7 commented 6 years ago

If you agree I’ll make the change and push

dlongley commented 6 years ago

@mikelodder7,

IIRC, you can use a secp256k1 key for creating either kind of signature (Schnorr or ECDSA). I'm not sure what the bitcoin community plans to do -- if they are recommending generating new keys for Schnorr signatures or if you can reuse existing ones. If it's the former, then I suppose it makes sense to make the distinction (i.e. prepend ECDSA). If the latter, then it doesn't.

@ChristopherA -- what's the best course of action here? This is for the key definition, not the signature.

ChristopherA commented 6 years ago

Both keys are the same, the difference is only the signature. So if the JSON data is referring to what kind of keys they are, that would be Secp256k1VerificationKey2018, if they are referring to the signature the keys generate, it would be ECDSASecp256k1VerificationSignature2018 or SchnorrSecp256k1VerificationSignature2018.

ChristopherA commented 6 years ago

Also note, with ECDSA signatures you can validate them with without the public key, but with a Schnorr signature you must separately include the public key if you want them to validate it.

kimdhamilton commented 6 years ago

Where will we list signature definitions? Do we need a separate registry for that? Note: we don't need to block this PR on that; we can discuss elsewhere.

To summarize @dlongley and @ChristopherA, this specific PR refers to the key definition, so we can update it to use Secp256k1VerificationKey2018 and merge. Sounds right?

peacekeeper commented 5 years ago

Replaced by https://github.com/w3c-ccg/ld-cryptosuite-registry/pull/12. Closing.