3 releases
new 0.1.2 | Mar 20, 2025 |
---|---|
0.1.1 | Feb 28, 2025 |
0.1.0 | Feb 21, 2025 |
#7 in #side-channel
558 downloads per month
785KB
2.5K
SLoC
Elliptic Curve VRF-AD
This library provides flexible and efficient implementations of Verifiable Random Functions with Additional Data (VRF-AD), a cryptographic construct that augments a standard VRF scheme by incorporating auxiliary information into its signature.
It leverages the Arkworks framework and supports customization of scheme parameters.
Supported VRFs
- IETF VRF: Complies with ECVRF described in RFC9381.
- Pedersen VRF: Described in BCHSV23.
- Ring VRF: A zero-knowledge-based inspired by BCHSV23.
Schemes Specifications
Built-In suites
The library conditionally includes the following pre-configured suites (see features section):
- Ed25519-SHA-512-TAI: Supports IETF and Pedersen VRFs.
- Secp256r1-SHA-256-TAI: Supports IETF and Pedersen VRFs.
- Bandersnatch (Edwards curve on BLS12-381): Supports IETF, Pedersen, and Ring VRFs.
- JubJub (Edwards curve on BLS12-381): Supports IETF, Pedersen, and Ring VRFs.
- Baby-JubJub (Edwards curve on BN254): Supports IETF, Pedersen, and Ring VRFs.
Basic Usage
use ark_ec_vrfs::suites::bandersnatch::*;
let secret = Secret::from_seed(b"example seed");
let public = secret.public();
let input = Input::new(b"example input");
let output = secret.output(input);
let aux_data = b"optional aux data";
IETF-VRF
Prove
use ark_ec_vrfs::ietf::Prover;
let proof = secret.prove(input, output, aux_data);
Verify
use ark_ec_vrfs::ietf::Verifier;
let result = public.verify(input, output, aux_data, &proof);
Ring-VRF
Ring construction
const RING_SIZE: usize = 100;
let prover_key_index = 3;
// Construct an example ring with dummy keys
let mut ring = (0..RING_SIZE).map(|i| Secret::from_seed(&i.to_le_bytes()).public().0).collect();
// Patch the ring with the public key of the prover
ring[prover_key_index] = public.0;
// Any key can be replaced with the padding point
ring[0] = RingProofParams::padding_point();
Ring parameters construction
let params = RingProofParams::from_seed(RING_SIZE, b"example seed");
Prove
use ark_ec_vrfs::ring::Prover;
let prover_key = params.prover_key(&ring);
let prover = params.prover(prover_key, prover_key_index);
let proof = secret.prove(input, output, aux_data, &prover);
Verify
use ark_ec_vrfs::ring::Verifier;
let verifier_key = params.verifier_key(&ring);
let verifier = params.verifier(verifier_key);
let result = Public::verify(input, output, aux_data, &proof, &verifier);
Verifier key from commitment
let ring_commitment = params.verifier_key().commitment();
let verifier_key = params.verifier_key_from_commitment(ring_commitment);
Features
default
:std
full
: Enables all features listed below exceptsecret-split
,parallel
,asm
,rfc-6979
,test-vectors
.secret-split
: Point scalar multiplication with secret split. Secret scalar is split into the sum of two scalars, which randomly mutate but retain the same sum. Incurs 2x penalty in some internal sensible scalar multiplications, but provides side channel defenses.ring
: Ring-VRF for the curves supporting it.rfc-6979
: Support for nonce generation according to RFC-9381 section 5.4.2.1.test-vectors
: Deterministic ring-vrf proof. Useful for reproducible test vectors generation.
Curves
ed25519
jubjub
bandersnatch
baby-jubjub
secp256r1
Arkworks optimizations
parallel
: Parallel execution where worth usingrayon
.asm
: Assembly implementation of some low level operations.
License
Distributed under the MIT License.
Dependencies
~4.5–6MB
~114K SLoC