18 posts tagged with "crypto"

High level summary​

The open fronts that the crypto team is working on are:

• Mithril: Helper functions finished. Continue preparing a RFP for an audit of mithril's core library (decided to add audit of KES). Design proposal for viable registration.
• cardano-base: Praos to PraosBatchCompat ready. KES secure forgetting finished, but holding merge for delivery strategy (breaking changes). Tested real world SNARK verification on plutus.
• KES agent: using snockets and making things testable in IOSim
• MuSig2: started implementation in rust.

Low level summary​

Mithril​

• Transmute helpers merged PR#722
• We have progressed with the RFP document for the mithril-stm library. Progressing with description of octopus algorithm. Included KES in scope.
• We are working in a modification of KES to require caller to allocate the secret key buffer.
• Proposed a solution for signer registration of Mithril.

cardano-base​

• Progressing with BLS12-381. Worked with plutus team to have a plutus script verifying a Groth16 proof.
  • Results are promising, with using only 23% of the execution budget to verify a realistic proof.
  • Next step is to build a real world use case (and not use a dummy proof). Projects being considered are Sidechains, Hydra or Mithril.
• KES secure forgetting merge is being held off, due to breaking changes. We are considering handling several branches in cardano-base for this.
• Conversion finally merged PR#344.

KES agent​

• Figuring out how to use sockets to write directly into the file descriptor. Digging into the sockets implementation
• Figuring out how to go from fake file descriptor to write the raw bytes

MuSig2​

• Started implementing MuSig2 in Rust using the Ristretto prime order group. Still experimental.

High level summary​

The open fronts that the crypto team is working on are:

• Mithril: We are creating helper functions to single out the usage of unsafe to facilitate auditing. We are also preparing a RFP for an audit of mithril's core library. Exploring future paths of mithril.
• cardano-base: Decision of whether to continue with BLS12-381 or switch curves. Conversion Praos to PraosBatchCompat ready, as well as KES secure forgetting.
• KES agent: using snockets and making things testable in IOSim
• MuSig2: GH actions updated for checking the files whether they end with an empty line. Also, we reorganized the library.

Low level summary​

Mithril​

• Given that removing the usage of transmute really affects the benchmarks, we decided to group all unsafe functions to facilitate auditing PR#722
• We have progressed with the RFP document for the mithril-stm library. We are documenting the differences with respect with the original paper.
• We are exploring possible paths of how mithril could be used 'as-a-service'. Other projects such as sidechains or Catalyst would benefit of such a service. We are at a very early stage of brainstorming how it could work.

cardano-base​

• There has been a very thorough discussion with potential users of the BLS12-381 bindings if that is the best curve. We have considered alternatives such as Pasta curves, Pluto-Eris or BLS12-377, and considering it's trade-offs. Seems that the most interesting curve to have on main-net is still 381.
• The team is gaining expertise in SNARKs to be able to experiment with them, and conclude whether the bindings will allow for SNARK verification on main-net in a timely manner.
• The update VRF PR#341 is finally merged, and we are ready to merge PR#344, which implements conversion functions from the compatible types between Praos and PraosBatchCompat.

KES agent​

• Use of snockets to send the data directly from the socket to secure memory.
• We realized that in order for the DirectSerialise / DirectDeserialise classes to work against IOSim, we have to generalize a bunch of additional primitives
• Our plans are to: (1) Split up MonadSodium into separate typeclasses, each capturing a more sensible concern; (2) Rename those typeclasses to something that reflects their nature better.

MuSig2​

The GitHub Action linelint is used to check the files.

• A new job for linting is added to the file /.github/workflows/ci.yml. The rules are configured in the file /.github/workflows/.linelint.yml. Some files from the configuration of libsecp were failing, so in the rules in .linelint.yml the failing files are denoted to be ignored by the linter.
• Folders are reorganized. We created a folder to handle the example. This folder includes the examplemusig2.c, a distinct config.h, and helper.c. The example is enhanced by implementing the functions in the helper for the configuration given in config.h. The number of messages is different than the tests. The example is made more generic to run with a loop.

High level summary​

The open fronts that the crypto team is working on are:

• Mithril: We explored whether some uses of transmute could be removed, but it resulted in considerable regression.
• cardano-base: Some issues with Nix are blocking merge of VRF update. BLS12-381 benchmarks where quite satisfactory. Next steps will be defined by cryptography strategic decision.
• KES agent: An inconsistency between contra-tracer available in hackage and the one in cardano-haskell delayed our progress. Now we are adapting PRs to the contra-tracer used by consensus.

Low level summary​

Mithril​

• We removed the usage of transmute in mithril-core (and exchanged it with ser/deser, as unfortunately there is no other way with the library we currently use). However, the benchmarks showed an important regression - ~30% worse on average PR#675. We decided to keep transmute, but instead group all its usage in helper functions, to facilitate auditing.
• We are writing a RFP for the audit of the core library.

cardano-base​

• A problem with Nix is blocking merge of PR#341
• Plutus team ran benchmarks of BLS12-381 built-ins. The results are satisfactory, and while we have yet not implemented SNARK verification in plutus, it all seems to point that we'll be able to verify some proofs in a single script execution.
• Team is fully digesting the Plonk paper.
• There's been a lot of discussions (with internal and external projects) regarding pairings in plutus, and what elliptic curve should be used.

KES agent​

• A little unforseen delay has been caused by a mismatch in the use of contra-tracer. The one in hackage and that in cardano-haskell are not compatible. Unfortunately, for secure forgetting we use that of hackage, and now realised. We are doing the change, but still the CI is not happy.
• The same was needed for the KES agents prerequisites PR#317.
• We've started working with the agent itself again, upgrading the cardano-base dependency and adding ouroboros-network-framework dependency

High level summary​

The four open fronts that the crypto team is working on are:

• MuSig2: The API features (error handling) has been merged.
• Mithril: We update the KES library and published it in crates.io. Similarly, we merged batch verification of STM signatures.
• cardano-base: VRF and BLS are still waiting to be merged, as we have some problems with the CI.
• KES agent: We keep progressing with KES secure forgetting implementation.

We also started working in the cryptography engineering handbook, which will be a cross team effort.

Low level summary​

MuSig2​

• Merged the more granular error handling mechanism PR#33

Mithril​

• Adapted KES library so that sk contains its corresponding period, making key handling easier. Avoid making unnecessary copies of the KES key. Expose function to get associated period. All included in Version 0.1.1, which was published in crates.io.
• Updated new KES format to mithril library PR 674
• We implemeneted batch verification of stm signatures, which improves the benchmarks for mithril chain-sync PR 531
• We keep progressing on reducing the use of transmute in mithril-stm.

cardano-base​

• Nothing new to report. Still working in merging these PRs. We are only missing nix merge of PR#520 and the updates on VRF will be merged.

KES agent​

• We keep progressing in the secure forgetting PR. Added NoThunks tests, error hasndling to detect when mlocking fails, resolved bugs due to incorrect usage of mlocked memory and wrote more efficient tests PR#255.

Cryptography handbook​

We have made available the (temporary) cryptography handbook https://input-output-hk.github.io/cryptography_spec/, and included the description of some primitives (Ed25519, KES and VRF). This is an ongoing effort, and we plan on further expanding the list of available primitives.

High level summary​

The four open fronts that the crypto team is working on are:

• MuSig2: We were blocked with a CI issue, that we finally resolved. Similarly, we merged the redesig of the API to mantain consistency.
• Mithril: Merged the reformat of the signle signature. Similarly, we started working in ensuring KES implementation in rust is safe.
• cardano-base: VRF and BLS are still waiting to be merged, as we have some problems with the CI. Moreover, we started experimenting how rust can be included in the cardano-base code-stack.
• KES agent: We keep progressing with KES secure forgetting implementation as well as the KES agent.

Low level summary​

MuSig2​

• [Still in progress] We are introducing a more granular error handling mechanism PR#33
• We merged the API redesig PR#35
• We were blocked for a while with a CI issue, for which we are currently simply using a simpler version of Ubuntu. We'll probably circle back to this in the future PR#36

Mithril​

• We merged the individual signature PR#620
• We are modifying important parts of the KES mplementation to guarantee there are no unnecessary copies during Ser/Deser (kes repo)

cardano-base​

• Nothing new to report. Still working in merging these PRs.
• We started experimenting on how we can use cabal-pack to create haskell libraries out of rust libraries, and how this would affect the cardano-base fork. We encountered what seems to be a bug in GHC

KES agent​

• We keep progressing in the secure forgetting PR and resolving some bugs on memory handling PR#255
• Fixed a 'use-after-free' bug in the KES agent.