From 8808455004fe86bb99c8a204c4fe0ab1ce58b239 Mon Sep 17 00:00:00 2001
From: ertosns <mohab-metwally@riseup.net>
Date: Mon, 16 Oct 2023 16:26:50 +0300
Subject: [PATCH] [src/architecture/crypto] add spec to vrf, signature,
 commitment

---
 doc/src/architecture/crypto/commitment.md |  9 +++++++++
 doc/src/architecture/crypto/signature.md  |  9 +++++++++
 doc/src/architecture/crypto/vrf.md        | 20 ++++++++++++++++++++
 3 files changed, 38 insertions(+)
 create mode 100644 doc/src/architecture/crypto/commitment.md
 create mode 100644 doc/src/architecture/crypto/signature.md
 create mode 100644 doc/src/architecture/crypto/vrf.md

diff --git a/doc/src/architecture/crypto/commitment.md b/doc/src/architecture/crypto/commitment.md
new file mode 100644
index 000000000..8cdd279ab
--- /dev/null
+++ b/doc/src/architecture/crypto/commitment.md
@@ -0,0 +1,9 @@
+# commitment
+
+darkfi contract uses computationally binding, perfectly hiding pedersen commitment function in both money, and consensus contracts.
+
+cm = comm(m, r), m is data encrypted as curve field element, r a random curve scalar is blinding factor, is a computationally hiding, computationally binding commitment.
+
+## curve point commitment
+commitment to a curve point pt after convertion to affine coordinates $pt = (pt_x, pt_y)$
+$$cm_x, cm_y = comm(pt) = comm(pt_x, r_x), comm(pt_y, r_y)$$
diff --git a/doc/src/architecture/crypto/signature.md b/doc/src/architecture/crypto/signature.md
new file mode 100644
index 000000000..c3bfe439d
--- /dev/null
+++ b/doc/src/architecture/crypto/signature.md
@@ -0,0 +1,9 @@
+# signature
+signature for keypair over the elliptic curve, with security hinged on the security of hash random oracle.
+
+# signature protocol
+signature = sign(sk, msg), `sk` private key used for message signature generation, `msg` message to be signed, signature as response, and challenge pair
+verify(pk, msg, signature) `pk` public key corresponding to message signing private key,  validate signature is valid for given msg with signature public key.
+
+# nonce leakage
+make sure the nonce, or source of randomness is true random every time call to signature sign is called with the same keypair, otherwise the secret key be leaked given just two signatures, $response_1 - response_2  = mask - sk * challenge_1 - mask + sk * challenge_2 = sk * (challenge_2 - challenge_1)$
diff --git a/doc/src/architecture/crypto/vrf.md b/doc/src/architecture/crypto/vrf.md
new file mode 100644
index 000000000..362fafb25
--- /dev/null
+++ b/doc/src/architecture/crypto/vrf.md
@@ -0,0 +1,20 @@
+# ecvrf
+ecvrf[^1] is elliptic curve Verifiable Random Function satisfies:
+
+- trusted uniqueness [^2]
+- trusted collision resistance [^3]
+- full pseudo-randomness [^4]
+
+## ecvrf protocol
+### proof generation
+
+$proof = prove(sk, data)$, `sk` is VRF private key, `data` is input data as stream of bytes, proof is the vrf output.
+generate a vrf proof, that can be publicly verified.
+
+### proof verification
+$verify(pk, proof, data)$, `pk` is VRF public key, validate that the proof is correct.
+
+[^1]: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-vrf-04#section-5
+[^2]: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-vrf-04#section-3.1
+[^3]: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-vrf-04#section-3.2
+[^4]: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-vrf-04#section-3.3