Open AllFi opened 1 year ago
Do we have any additional trust assumptions regarding new cold storage EC points format? https://github.com/zkBob/zkbob-pool-storage/issues/2#issuecomment-1405081627
Do we have any additional trust assumptions regarding new cold storage EC points format? https://github.com/zkBob/zkbob-pool-storage/issues/2#issuecomment-1405081627
If I haven't made any mistakes in https://github.com/zkBob/libzeropool-zkbob/pull/8 then we don't have any additional trust assumptions. We still check everything that we checked before but in a different order.
In this PR, the following was done:
EdwardPoint::compress
method that packs X coordinate and the sign of Y in 32 bytes.EdwardPoint::decompress_unchecked
method that restores the point serialized with the previous method without checking that the point is in the prime subgroup.EdwardPoint::is_in_prime_subgroup
method that checks that the point is in the prime subgroup.The reason why it could be useful is described at https://github.com/zkBob/zkbob-pool-storage/issues/2.
Refs and implementation examples:
Note: fawkes-crypto uses optimized parameters of twisted edwards curve so the formulas in this PR and in the examples above are different. This transformation is explained in Theorem 4.1 of this proposal.