Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test(VDF): bench rsa vs class #37

Closed
wants to merge 16 commits into from
Closed

test(VDF): bench rsa vs class #37

wants to merge 16 commits into from

Conversation

0xmountaintop
Copy link
Contributor

@0xmountaintop 0xmountaintop commented Aug 5, 2020
edited
Loading

as discussed in #27

@0xmountaintop
Copy link
Contributor Author

0xmountaintop commented Aug 7, 2020
edited
Loading

@omershlo I have refactored the H_g() for RSA,

and setup() for class.

However I am not quite happy about the codes, because now I need to pass x into setup?

@0xmountaintop
Copy link
Contributor Author

and setup() for class.

tested via cargo test --lib vdf -- --test-threads=1

@0xmountaintop
Copy link
Contributor Author

@omershlo I've also refactored RSA one now. The PR is ready, you can take a look again.

@0xmountaintop
Copy link
Contributor Author

BTW, I've got a few questions:

  1. where does prng-style h_g come from? I couldn't find it in
  2. why in https://github.com/poanetwork/vdf/blob/master/vdf/src/proof_pietrzak.rs#L45-L58, they assert iteration as an even number >=66? I couldn't find evidence for it either.

@omershlo
Copy link
Contributor

omershlo commented Aug 9, 2020
edited
Loading

Hi,

I see you made a bunch of commits, does it mean the PR is ready for another review ?
about your questions:

  1. h_g is not specified in the papers, It is one of those things that authors love to keep abstract - they just assume that there exist a hash function mapping strings to group elements. Our implementation is something we came up with that we argue achieve the required functionality and security guarantees.

  2. That's a good question - nothing come to mind immediately but I am not an expert on Pietrzak proof. I suggest opening an issue in that repo to ask, or ask in our telegram group- I would also be interested to learn.

@0xmountaintop
Copy link
Contributor Author

0xmountaintop commented Aug 9, 2020
edited
Loading

Hi,

I see you made a bunch of commits, does it mean the PR is ready for another review ?
about your questions:

  1. h_g is not specified in the papers, It is one of those things that authors love to keep abstract - they just assume that there exist a hash function mapping strings to group elements. Our implementation is something we came up with that we argue achieve the required functionality and security guarantees.
  2. That's a good question - nothing come to mind immediately but I am not an expert on Pietrzak proof. I suggest opening an issue in that repo to ask, or ask in our telegram group- I would also be interested to learn.

yes it's ready again. @omershlo

@omershlo
Copy link
Contributor

omershlo commented Aug 9, 2020

I see you use M13 prime for the modulus. In RSA the modulus should be a bi-prime ( N = p*q for p,q 1024 bit primes)

@0xmountaintop
Copy link
Contributor Author

0xmountaintop commented Aug 20, 2020
edited
Loading

RSA the modulus should be a bi-prime

So a 2048 bi-prime for N?

What about using https://en.wikipedia.org/wiki/RSA_numbers#RSA-2048 here?

@omershlo
Copy link
Contributor

Looks good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@0xmountaintop @omershlo @ChrisLinn