Add ED25519 and Secp256r1 #484
Conversation
Add additional signature recovery operations for the Edwards curve and P256.
Fixing links
src/vm/instruction_set.md
Outdated
|
|
||
| If the signature cannot be verified, `MEM[$rA, 64]` is set to `0` and `$err` is set to `1`, otherwise `$err` is cleared. | ||
|
|
||
| ### ED19: Ed25519 signature recovery |
There was a problem hiding this comment.
Doing public key recovery with ed25519 is not possible, see this for instance.
There was a problem hiding this comment.
Should be verification not signature recovery. My bad.
There was a problem hiding this comment.
It's not recovering the public key, it should just be verifying the signature against the public key and message.
There was a problem hiding this comment.
The additions here are mainly for signature recovery over ECDSA for two curves (secp256k1 and secp256r1) and signature verification for edDSA over curve25519 (mostly known as Ed25519). We should be precise about that because it's not clear what exact signature scheme is used as it's currently specified in the draft spec.
Another thing is that you'd also want to make available operations over these curves as well. In other words, have opcodes for ECMUL, ECADD. I would recommend implementing EIP-1829 to easily support these elliptic curves and others that might be useful in the future, mainly as it pertains to the use of zero-knowledge proofs and other signature schemes.
|
@SilentCicero Any thoughs on the above? It might be a bit easier to add any other EC opcodes right now if we're going to need them. It might also make sense consider to whether a Sway-based implementation could be efficient enough. |
|
I think looking at it from a practical and behavioral perspective, the developer will be aiming at trying to do signature recovery in about 90% of cases. A sway based version will simply never be anywhere close to as efficient as a predefined opcode. I agree with Mikerah, we can add those additional EC opcodes after, perhaps with a host of others as well. |
# Conflicts: # src/protocol/cryptographic_primitives.md
|
Pushed some updates to the cryptography section, @Mikerah could you review this? |
…onal-signature-recovery # Conflicts: # src/fuel-vm/instruction-set.md
Abstract
Add additional signature recovery operations for Edwards 25519 and Secp256r1 (or P256) and renames
ERCtoECK1for consistency.Opcodes
ECK1for Secp256k1 signature recovery (non recoverable compressed signature)ECR1for Secp256r1 signature recovery (non recoverable compressed signature)ED19for ED25519 verification.