diff --git a/zokrates_book/src/concepts/stdlib.md b/zokrates_book/src/concepts/stdlib.md index e4dbe690..a761ae41 100644 --- a/zokrates_book/src/concepts/stdlib.md +++ b/zokrates_book/src/concepts/stdlib.md @@ -51,7 +51,7 @@ where `G` is the chosen base point of the subgroup and `*` denotes scalar multip import "signatures/verifyEddsa.code" ``` -Verifies an EdDSA Signature. Checks the correctness of a given EdDSA Signature `(R,S)` for the provided public key `A` and message `(M0, M1)`. +Verifies an EdDSA Signature. Checks the correctness of a given EdDSA Signature `(R,S)` for the provided public key `A` and message `(M0, M1)`. Check out this [python repository](https://github.com/Zokrates/pycrypto) for tooling to create valid signatures. ### Packing / Unpacking diff --git a/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.code b/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.code index c9b0e7e4..b7cea471 100644 --- a/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.code +++ b/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.code @@ -1,9 +1,11 @@ import "ecc/edwardsAdd.code" as add import "ecc/edwardsOnCurve.code" as assertOnCurve -// Function that implements scalar multiplication for a given base point +// Function that implements scalar multiplication for a fixed base point // Curve parameters are defined with the last argument +// The exponent is hard-coded to a 256bit scalar, hence we allow wrapping around the group for certain +// curve parameters. // Note that the exponent array is not check to be boolean in this gadget -// https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/fs.rs#L555 +// Reference: https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/fs.rs#L555 def main(field[256] exponent, field[2] pt, field[10] context) -> (field[2]): field[2] infinity = [context[2], context[3]] diff --git a/zokrates_stdlib/stdlib/signatures/verifyEddsa.code b/zokrates_stdlib/stdlib/signatures/verifyEddsa.code index 82b5a5b6..4670ae28 100644 --- a/zokrates_stdlib/stdlib/signatures/verifyEddsa.code +++ b/zokrates_stdlib/stdlib/signatures/verifyEddsa.code @@ -9,6 +9,9 @@ import "ecc/edwardsOrderCheck.code" as orderCheck /// /// Checks the correctness of a given EdDSA Signature (R,S) for the provided /// public key A and message (M0, M1). +/// This python repo provides the tooling for creating valid signatures: +/// https://github.com/Zokrates/pycrypto +/// /// For more information see: /// https://en.wikipedia.org/wiki/EdDSA /// https://eprint.iacr.org/2015/677.pdf