Merge branch 'spec' of https://github.com/w3f/ring-vrf into spec

w3f · Mar 27, 2024 · 901b678 · 901b678
2 parents df80efa + fef50a5
commit 901b678
Showing 1 changed file with 25 additions and 46 deletions.
diff --git a/specification_template.md b/specification_template.md
@@ -12,14 +12,18 @@
 
 ### VRF input
 
-VRF input is an ArkTranscript. See ArkTranscript
+Procedure to map arbitrary user input to a point follows the `hash_to_curve`
+procedure described by RFC9380.
+
+    Suite_ID: "bandersnatch_XMD:SHA-512_ELL2_RO_"
+
+See [ArkTranscript](TODO) for details.
 
 #### From transcript to point
 
 You need to call challenge and add b"vrf-input" to it. getting random byte (some hash?)
 then hash to curve it. 
 
-
 ## DELQ VRF
 
 ### Preliminaries
@@ -63,7 +67,6 @@ of a BLS12 curve have the same secret key.
 
 ## Bandersnatch VRF
 
-
 ## Transcript
 
 A Shake-128 based transcript construction which implements the Fiat-Shamir
@@ -73,63 +76,39 @@ We do basic domain separation using postfix writes of the lengths of written
 data (as opposed to the prefix writes by [Merlin](https://merlin.cool)
 `TupleHash` from [SP 800-185](https://csrc.nist.gov/pubs/sp/800/185/final)).
 
-The length of each item should be less than 2^31.
-
-The transcript can be created with an initial domain label.
-The label bytes are written into the hasher as all the other items which
-may follow.
+    H(item_1, item_2, ..., item_n)
 
-On construction the Shake128 hasher state is initialized to hash the empty
-octet-string TODO @davxy: DOUBLE CHECK THIS
+Represents the application of shake-128 to the concatenation of the serialization of each item
+followed by the serialization of the length of each objects, as a 32-bit unsigned integer.
 
-### Pre-defined functions
+    bytes = encode(item_1) || encode(length(item_1)) || .. || encode(item_n) || encode(length(item_n))
+    Shake128(bytes)
 
-Get octet string length
-
-```
-    length(data)
-
-      Input:
-        - data: user data
-      Output:
-        - data length as 32 bit integer
-```
+The length of each item should be less than 2^31.
 
-Big-endian encoding of 32-bit unsigned integers
+## Objects Serialization Encoding
 
-```
-    big_endian_bytes(length)
+### Unsigned Integers
 
-      Input:
-        - length: 32-bit integer
-      Output:
-        - 4 bytes big endian encoding of length
-```
+Unsigned integers are encoded in big-endian.
 
-Update the hasher state with some data
+This applies to both fixed or arbitrary width unsigned integers.
 
-```
-    update_hasher(hasher, data)    
+TODO:
+- ARK serializes integers in LE :-/
+- Check Zcash serialization format (IIRC BE)
 
-      Input:
-        - hasher: Shake128 hasher
-        - data: user provided data
-```
+### EC Points
 
-### Transcript update
+Elliptic curve points are serialized in compressed form as specified by TODO.
 
-Update the hasher state with user data.
+TODO isn't there any standard like https://www.secg.org/sec1-v2.pdf ?
+There the standard serializes in BE as well.
 
-```
-    write_bytes(hasher, data) 
+TODO maybe we must convert to BE our serialized points/scalars?
 
-      Inputs:
-        - hasher: shake128 hasher state
-        - data: user data
 
-      Steps:
-        1. update_hasher(hasher, data)
-```
+## OBSOLETE (TODO: REMOVE THIS PARAGRAPH)
 
 Write unlabeled domain separator into the hasher state.