-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integration of Falcon DSA into VM #1068
Conversation
feat: Falcon verification masm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks great! - almost exactly how I was thinking about it as well. Thank you!
This is not a full review - but wanted to leave a few high-level comments about the structure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! Thank you! I reviewed pretty much everything except for the MASM code. I left some comments inline - most of them are very minor.
assembly/src/ast/parsers/adv_ops.rs
Outdated
@@ -77,6 +79,16 @@ pub fn parse_adv_inject(op: &Token) -> Result<Node, ParsingError> { | |||
} | |||
_ => return Err(ParsingError::extra_param(op)), | |||
}, | |||
"push_sign" => match op.num_parts() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor nit: could we change "push_sign" to "push_sig"?
assembly/src/ast/nodes/advice.rs
Outdated
PUSH_SIGN => Ok(AdviceInjectorNode::PushSignature { | ||
kind: SignatureKind::RpoFalcon512, | ||
}), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be good to write the actual serialization and deserialization code for SignatureKind
. The pattern we can use could be something similar to what I used for serializing/deserializing DebugOptions
here.
I know we have just a single signature scheme for now, but it would make it more "future-compatible".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where should this be placed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd put it into assembly/src/ast/nodes/serde/signatures.rs
or something like that.
/// Inputs: | ||
/// Operand stack: [PK, MSG, ...] | ||
/// Advice stack: [...] | ||
/// Advice map: {PK: [pk_raw, sk_raw]} | ||
/// | ||
/// Outputs: | ||
/// Operand stack: [PK, MSG, ...] | ||
/// Advice stack: [NONCE1, NONCE0, h, s2, pi] | ||
/// Advice map: {PK: [pk_raw, sk_raw]} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this can be removed from here, and we may want to update some of the description above to reflect that this just generates a signature (and does not interact with the rest of the VM in any way).
if pk_sk.len() != (PK_LEN + SK_LEN) { | ||
return Err(ExecutionError::AdviceStackReadFailed(0)); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if we should create a specialized error variant for this. Maybe something like InvalidKeyPair
?
/// Where: | ||
/// - PK is the digest of an expanded public. | ||
/// - MSG is the digest of the message to be signed. | ||
/// - DATA is the needed data for signature verification in the VM. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would probably define DATA
in a bit more detail (I believe there are several components to it).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But they are very specific to Falcon signature. For other DSA they could be group elements etc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah - makes sense! Let's leave it as is.
I have included all the above remarks. I am just not sure about the serialization of |
a465a17
to
b54c7a1
Compare
Superseded by #1094. |
Describe your changes
Addresses #1048
Checklist before requesting a review
next
according to naming convention.