Any plan for deterministic signatures?

scalahub · September 20, 2023, 8:24pm

Is there any plan for deterministic signatures in Ergo similar to RFC6979 for DSA? If I’m not mistaken, this can mitigate vulnerabilities in flawed implementations that reuse secrets.

deathgripson · September 22, 2023, 1:27am

If it isn’t already being used to generate nonces then it probably should be.
https://www.rfc-editor.org/rfc/rfc6979

However this is something generally done at the cryptographic protocol level, meaning this would need to be an update to sigmastate interpreter.

For reference Bitcoin core has had this since version 0.10.0 and their cryptographic library lib-secp256k1 implements this as a standard for nonces.

The RFC describes the hash of the private-key and the message as a valid nonce.

Source: https://bitcoin.stackexchange.com/questions/59083/why-the-signature-of-the-same-message-changes-in-some-wallets-but-not-all

kushti · September 22, 2023, 11:05pm

I think this is interesting feature to be considered. Implementation would touch DLogInteractiveProver,firstMessage() and DiffieHellmanTupleInteractiveProver.firstMessage(), and also require for some refactoring to pass message to the methods.

Topic		Replies	Views
Overview of Ergo PoW called Autolykos Resources	1	4617	August 13, 2019
Let's sign collectively! Distributed signatures API Research and Development	7	1434	July 14, 2020
ErgoTree as an Authentication Language Research and Development	3	1167	August 31, 2020
Stealth Address Contract Research and Development	4	2574	May 25, 2021
Improved distributed signatures Research and Development	10	1240	September 21, 2020

Any plan for deterministic signatures?

Related Topics