Work a bit on signatures
This commit is contained in:
parent
d4c10896b2
commit
ff65bbbcb8
2 changed files with 38 additions and 2 deletions
|
@ -7,3 +7,10 @@
|
||||||
\newcommand{\clsl}{\ll_0}
|
\newcommand{\clsl}{\ll_0}
|
||||||
\newcommand{\clsr}{\gg_{0, \text{l}}}
|
\newcommand{\clsr}{\gg_{0, \text{l}}}
|
||||||
\newcommand{\casr}{\gg_{0, \text{a}}}
|
\newcommand{\casr}{\gg_{0, \text{a}}}
|
||||||
|
|
||||||
|
\newcommand{\xor}{\oplus}
|
||||||
|
|
||||||
|
%\newcommand{\path}[1]{\texttt{#1}}
|
||||||
|
|
||||||
|
\newcommand{\sigconst}[1]{\mathcal{SC}_{#1}}
|
||||||
|
\newcommand{\sigop}{\mathfrak{h}}
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
\usepackage{indentfirst}
|
\usepackage{indentfirst}
|
||||||
\usepackage{enumerate}
|
\usepackage{enumerate}
|
||||||
\usepackage{caption}
|
\usepackage{caption}
|
||||||
|
\usepackage{algorithmicx}
|
||||||
\usepackage[backend=biber,style=trad-alpha]{biblatex}
|
\usepackage[backend=biber,style=trad-alpha]{biblatex}
|
||||||
\usepackage[left=2cm,right=2cm,top=2cm,bottom=2cm]{geometry}
|
\usepackage[left=2cm,right=2cm,top=2cm,bottom=2cm]{geometry}
|
||||||
|
|
||||||
|
@ -60,6 +61,8 @@
|
||||||
|
|
||||||
\tableofcontents
|
\tableofcontents
|
||||||
|
|
||||||
|
\todo{Talk of the repo, somewhere}
|
||||||
|
|
||||||
\pagebreak
|
\pagebreak
|
||||||
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
@ -239,7 +242,7 @@ three main parts.
|
||||||
|
|
||||||
\paragraph{Signatures.} The initial idea to make the computation fast is to
|
\paragraph{Signatures.} The initial idea to make the computation fast is to
|
||||||
aggregate the inner data of a gate --- be it a leaf gate or a group --- in a
|
aggregate the inner data of a gate --- be it a leaf gate or a group --- in a
|
||||||
kind of hash, a 32 bits unsigned integer. This approach is directly inspired
|
kind of hash, a 64 bits unsigned integer. This approach is directly inspired
|
||||||
from what was done in fl, back at Intel. This hash must be easy to compute,
|
from what was done in fl, back at Intel. This hash must be easy to compute,
|
||||||
and must be based only on the structure of the graph --- that is, must be
|
and must be based only on the structure of the graph --- that is, must be
|
||||||
entirely oblivious of the labels given, the order in which the circuit is
|
entirely oblivious of the labels given, the order in which the circuit is
|
||||||
|
@ -274,7 +277,33 @@ this problem, that uses the specificities of the graph to be a little faster.
|
||||||
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
\section{Signatures}
|
\section{Signatures}
|
||||||
\todo{}
|
|
||||||
|
The signature is computed as a simple hash of the element, and is defined for
|
||||||
|
every type of expression and circuit. It could probably be enhanced with a bit
|
||||||
|
more work to cover more uniformly the hash space, but no collision was observed
|
||||||
|
on the examples tested.
|
||||||
|
|
||||||
|
\paragraph{Signature constants.} Signature constants are used all around the
|
||||||
|
signing process, and is a 5-tuple $\sigconst{} = (a, x_l, x_h, d_l, d_h)$ of 32
|
||||||
|
bits unsigned numbers. All of $x_l$, $x_h$, $d_l$ and $d_h$ are picked as prime
|
||||||
|
numbers between $10^8$ and $10^9$ (which just fits in a 32 bits unsigned
|
||||||
|
integer); while $a$ is a random integer uniformly picked between $2^{16}$ and
|
||||||
|
$2^{32}$. These constants are generated by a small python script,
|
||||||
|
\path{util/primegen/pickPrimes.py}.
|
||||||
|
|
||||||
|
Those constants are used to produce a 64 bits unsigned value out of another 64
|
||||||
|
bits unsigned value, called $v$ thereafter, through an operator $\sigop$,
|
||||||
|
computed as follows.
|
||||||
|
|
||||||
|
\begin{algorithmic}
|
||||||
|
\Function{$\sigop$}{$\sigconst{}, v$}
|
||||||
|
\State{} $out1 \gets (v + a) \cdot x_l$
|
||||||
|
\State{} $v_h \gets (v \lsr 32) \xor (out1 \lsr 32)$
|
||||||
|
\State{} $low \gets out1 \,\%\, d_l$
|
||||||
|
\State{} $high \gets \left((v_h + a) \cdot x_h \right) \%\, d_h$
|
||||||
|
\State{} \Return{} $low + 2^{32} \cdot high$
|
||||||
|
\EndFunction{}
|
||||||
|
\end{algorithmic}
|
||||||
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
\section{Group equality}
|
\section{Group equality}
|
||||||
|
|
Loading…
Reference in a new issue