Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Schnorr signature support #30

Merged
merged 6 commits into from
Jan 21, 2025
Merged

Schnorr signature support #30

merged 6 commits into from
Jan 21, 2025

Conversation

1ma
Copy link

@1ma 1ma commented Jan 21, 2025
edited
Loading

Solves #28

This PR imports the SchnorrSignature class and its supporting code from public-square/phpecc. I just made minimal changes to pass the psalm linter, fix some PHP 8.4 deprecations and make the code compatible with PHP 7.1.

The test vectors used in SchnorrSignatureTest are based on the reference test vectors in Bitcoin Improvement Proposal 340. On a cursory look it doesn't seem like Wycheproof has any additional test vectors for Schnorr signatures.

1ma added 6 commits January 21, 2025 00:58
@1ma
Verbatim import of Schnorr code from public-square/phpecc:
ebe0449 
phpecc/phpecc@master...public-square:phpecc:main

The changes in Point.php seem almost all related to linting. The new $windowSize
attribute with a setter and getter is not used anywhere, so I haven't imported
the changes in that class.
@1ma
fix psalm
6090c76
@1ma
Make the JacobianPoint class compatible with PHP 7.1
7ac20fd
@1ma
add windowSize to fix tests
ab1dedf
@1ma
fix PHP 8.4 deprecations in new code
2a1443f
@1ma
fix invalid X coord issue.
6b666bc 
Context: public-square#1
@paragonie-security paragonie-security merged commit 432bb18 into paragonie:master Jan 21, 2025
6 checks passed
paragonie-security
paragonie-security reviewed Jan 21, 2025
View reviewed changes
src/Crypto/Signature/SchnorrSignature.php
// scalar is private key if Y is even, otherwise it's order - scalar
$scalar = $d;

if ($isEvenY === false) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would recommend avoiding branches in signing.

paragonie-security
paragonie-security reviewed Jan 21, 2025
View reviewed changes
src/Crypto/Signature/SchnorrSignature.php
$point = $generator->mul($d);

// is the Y coordinate even?
$isEvenY = gmp_cmp(gmp_mod($point->getY(), 2), 0) === 0;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a head's up, gmp_cmp() is timing-leaky.

@1ma 1ma deleted the schnorr branch January 21, 2025 16:53
@paragonie-security
Copy link

I've fixed the timing leaks in the master branch, and will cut a release soon.

Please feel free to report these to the source repository for this Schnorr implementation.

@1ma 1ma mentioned this pull request Jan 21, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paragonie-security paragonie-security paragonie-security left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@1ma @paragonie-security