Skip to content

Implementation of Schnorr signature module for mithril-stm. #2761

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 34 commits into
base: main
Choose a base branch
from
Draft

Implementation of Schnorr signature module for mithril-stm. #2761

wants to merge 34 commits into from
+813 −2

Conversation

@damrobi
Copy link
Collaborator

@damrobi damrobi commented Nov 3, 2025

Content

This PR includes a new module for mithril-stm containing an implementation for the Schnorr signature that will be used in the SNARK version of mithril.

Pre-submit checklist

  • Branch
    • Tests are provided (if possible)
    • Crates versions are updated (if relevant)
    • CHANGELOG file is updated (if relevant)
    • Commit sequence broadly makes sense
    • Key commits have useful messages
  • PR
    • All check jobs of the CI have succeeded
    • Self-reviewed the diff
    • Useful pull request description
    • Reviewer requested
  • Documentation
    • Update README file (if relevant)
    • Update documentation website (if relevant)
    • Add dev blog post (if relevant)
    • Add ADR blog post or Dev ADR entry (if relevant)
    • No new TODOs introduced

Comments

Issue(s)

Relates to #2756

@damrobi damrobi added the feature 🚀 New implemented feature label Nov 3, 2025
@damrobi damrobi force-pushed the damrobi/stm-add-schnorr-sig-module branch from b254ad2 to 1e07c07 Compare November 5, 2025 08:22
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 5, 2025
View reviewed changes
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cargo-doc found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 5, 2025
View reviewed changes
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clippy found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

@github-actions
Copy link

github-actions bot commented Nov 5, 2025
edited
Loading

Test Results

    4 files  ±0    168 suites  ±0   22m 55s ⏱️ -46s
2 210 tests ±0  2 210 ✅ ±0  0 💤 ±0  0 ❌ ±0 
6 895 runs  ±0  6 895 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit 40c68d6. ± Comparison against base commit b9f2466.

♻️ This comment has been updated with latest results.

@damrobi damrobi changed the title Added file structure for Schnorr signature module. Implementation of Schnorr signature module for mithril-stm. Nov 6, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 6, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 6, 2025
View reviewed changes
@damrobi damrobi temporarily deployed to testing-preview November 7, 2025 16:45 — with GitHub Actions Inactive
curiecrypt
curiecrypt reviewed Nov 10, 2025
View reviewed changes
Copy link
Collaborator

@curiecrypt curiecrypt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

First batch of reviews. It looks good at first glance.

jpraynaud
jpraynaud reviewed Nov 12, 2025
View reviewed changes
mithril-stm/src/schnorr_signature/mod.rs
Comment on lines +1 to +2
// TODO: Remove
#![allow(dead_code)]
Copy link
Member

@jpraynaud jpraynaud Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We want the code to be as TODO free as possible.

You can use public visibility to avoid the dead code warnings that we don't want to keep when merged.

Copy link
Collaborator

@curiecrypt curiecrypt Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actually, I suggested this to be removed when we are finished with all tasks of this PR.

mithril-stm/src/schnorr_signature/mod.rs Outdated
Comment on lines 4 to 22
use midnight_circuits::{
ecc::{hash_to_curve::HashToCurveGadget, native::EccChip},
hash::poseidon::PoseidonChip,
types::AssignedNative,
};
use midnight_curves::{
Fq as JubjubBase, Fr as JubjubScalar, JubjubAffine, JubjubExtended, JubjubSubgroup,
};
use sha2::{Digest, Sha256};

use anyhow::{Result, anyhow};

mod signature;
mod signing_key;
mod verification_key;

use signature::*;
// use signing_key::*;
use verification_key::*;
Copy link
Member

@jpraynaud jpraynaud Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should separate the module declaration from the imports and put the imports after. It is usually a good practice to create a new module inline to do that(you can refer to other files in the repository). A better option would be to move all this code in a new separate module like utils.

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 12, 2025
View reviewed changes
damrobi added 14 commits November 17, 2025 12:33
@damrobi
Added file structure for Schnorr signature module.
6b7f3cf
@damrobi
Added to/from bytes for SchnorrSignature and started adding tests.
d6f792e
@damrobi
Moved test out of proptest.
de3a90f
@damrobi
Added more test and helper function to convert msg to base field.
469787c
@damrobi
applied clippy.
c3e3ee3
@damrobi
Cargo.lock change.
4827d96
@damrobi
Update msg to base field conversion.
979bb30
@damrobi
Add to and from bytes for SchnorrSignature.
5c20d3e
@damrobi
Removed prototype implementation of schnorr signature and started new…
54c3d6d 
… one.
@damrobi
Added generate function for Schnorr signature.
20f29aa
@damrobi
Added conversion from sk to vk for use in signature.
8bb1976
@damrobi
Added helper function for converting a message to jubjub base field.
4c8409f
@damrobi
Added sign function for SchnorrSigningKey and necessary helper functi…
ba45d31 
…ons.
@damrobi
Added test function for get_coordinates and fix the sign function.
def6d05
damrobi added 17 commits November 17, 2025 12:33
@damrobi
Added verification function and tests to signature.
a5931d7
@damrobi
Removed unused dependency.
bf1c812
@damrobi
Added DST to signature and removed unwraps.
ae1b4a5
@damrobi
Added conversion function for scalar from BLS12 to Jubjub.
c8c5556
@damrobi
Added wip to and from bytes for Schnorr signing key.
a7ed87e
@damrobi
Added comments and derive for main structs.
56fba1e
@damrobi
Added eval_dense_mapping function to signature.
029be7a
@damrobi
Took comment into account and started to add signature comment descri…
78dedef 
…ption.
@damrobi
Added description for Schnorr sign and verify.
89786bf
@damrobi
Added to and from bytes for verification key and signature.
64d50e1
@damrobi
Changing the variables name and the dependency depending on the futur…
9bfac40 
…e_snark feature.
@damrobi
Added utils module for utility functions.
ab19eef
@damrobi
Small modifications based on JP feedback.
9f912ba
@damrobi
Modifications according to reviews.
1080152
@damrobi
Finished changing variables name.
9ec3f5d
@damrobi
Added crates for jubjub and poseidon to try to replace midnight while…
0c97400 
… it is not published.
@damrobi
Change to dusk jubjub dependency.
3ddf71f
@damrobi damrobi force-pushed the damrobi/stm-add-schnorr-sig-module branch from 00276b3 to 3ddf71f Compare November 17, 2025 11:40
curiecrypt
curiecrypt reviewed Nov 19, 2025
View reviewed changes
Copy link
Collaborator

@curiecrypt curiecrypt left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should use full names even in function parameters. For example verification_key instead of vk.
For simplicity and descriptiveness, we can use random_scalar_1 instead of random_value_1. Consequently, we can call the generator * random_scalar_1 as random_point_1.
This will apply for all cases where we obtain a curve point by multiplying the generator with a scalar: For example: point_signature = generator * signature.
This kind of naming seems more descriptive and pleasant.
Final remark, if you use an underscore for separating numbers in one place, then you should do the same for all other similar cases. It should apply for separating x and y as well.

mithril-stm/src/schnorr_signature/signature.rs Outdated
// Computing R1 = H(msg) * s + sigma * c
let hash_msg_times_sig = hash_msg * self.signature;
let sigma_times_challenge = self.sigma * self.challenge;
let random_value_1_recomputed = hash_msg_times_sig + sigma_times_challenge;
Copy link
Collaborator

@curiecrypt curiecrypt Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can use random_scalar_1, random_scalar_2. WDYT? @damrobi @jpraynaud

Copy link
Collaborator Author

@damrobi damrobi Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think scalar is fine, it's more descriptive

Copy link
Collaborator Author

@damrobi damrobi Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually those values are points, so as you said in an other comment maybe random_point_1 would be better?

mithril-stm/src/schnorr_signature/mod.rs
Comment on lines +1 to +2
// TODO: Remove
#![allow(dead_code)]
Copy link
Collaborator

@curiecrypt curiecrypt Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actually, I suggested this to be removed when we are finished with all tasks of this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jpraynaud jpraynaud jpraynaud left review comments

@curiecrypt curiecrypt curiecrypt left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

feature 🚀 New implemented feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@damrobi @jpraynaud @curiecrypt