-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
brushingup crypto slides #30
base: main
Are you sure you want to change the base?
Changes from 4 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -57,6 +57,8 @@ Notes: | |
|
||
It turns out that converting from hex/base64 to base58 can in theory take n^2 time! | ||
|
||
The number of bits of a character is log2(Base) so for base58 it is log2(58) ~ 5.8 | ||
|
||
--- | ||
|
||
# Mnemonics and Seed Creation | ||
|
@@ -114,18 +116,19 @@ _The first 5 words of the [BIP39 English dictionary](https://github.com/bitcoin/ | |
|
||
## Mnemonic to Secret Key | ||
|
||
Of course, the secret key is a point on an elliptic curve, not a phrase. | ||
|
||
BIP39 applies 2,048 rounds of the SHA-512 hash function<br />to the mnemonic to derive a 64 byte key. | ||
The secret key is a scalar value from the scalar field of the base field which the elliptic curve is defined over. Not a phrase. | ||
|
||
Substrate uses the entropy byte array from the mnemonic. | ||
BIP39 applies 2,048 rounds of the SHA-512 hash function<br /> to the mnemonic to derive a 64 byte key. | ||
|
||
--- | ||
|
||
## Portability | ||
|
||
Different key derivation functions affect the ability to use the same mnemonic in multiple wallets as different wallets may use different functions to derive the secret from the mnemonic. | ||
|
||
Notes: | ||
i.e. May hash to a different base field because of a different elliptic curve | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In here you can put the details previously added to the slide, saying that in ECC a secret key is actually a scalar value from the scalar field of the base field which the elliptic curve is defined over. |
||
|
||
--- | ||
|
||
## Cryptography Types | ||
|
@@ -140,7 +143,14 @@ We will go more in depth in future lectures! | |
|
||
Notes: | ||
|
||
These are digital signature schemes. ECDSA can use any elliptic curve but | ||
in the case of bitcoin it use secp256k1 | ||
|
||
Sr25519 and Ed25519 uses the same which is Curve25519 | ||
|
||
You may have learned RSA in school. It is outdated now, and requires _huge_ keys. | ||
RSA-4096: A 4096-bit RSA key 512 bytes | ||
coax1d marked this conversation as resolved.
Show resolved
Hide resolved
|
||
sr25519 is 32 bytes | ||
|
||
--- | ||
|
||
|
@@ -150,6 +160,9 @@ An address is a representation of a public key, potentially with additional cont | |
|
||
Notes: | ||
|
||
A public key is a point on a defined elliptic curve more specifically | ||
the secret scalar value multiplied times a fixed base point on some curve G | ||
|
||
Having an address for a symmetric cryptography doesn't actually make any sense, because there is no | ||
public information about a symmetric key. | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,10 +12,12 @@ duration: 1 hour | |
|
||
Signature libraries should generally all expose some basic functions: | ||
|
||
- `fn generate_key(r) -> sk;` <br /> Generate a `sk` (secret key) from some input `r`. | ||
- `fn public_key(sk) -> pk;` <br /> Return the `pk` (public key) from a `sk`. | ||
- `fn sign(sk, msg) -> signature;` <br /> Takes `sk` and a message; returns a digital signature. | ||
- `fn verify(pk, msg, signature) -> bool;` <br /> For the inputs `pk`, a message, and a signature; returns whether the signature is valid. | ||
<ul> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. All this stuff doesn't even render for me. What's the reasoning for making this as inline HTML instead of just keeping it as markdown? I don't see anything in here that isn't supported in markdown (unordered lists, code). There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It renders for me. But it already got pushed in the pba-content repo. Idk half of the slides in all modules is HTML or MD so it is a mix. There really hasnt been any enforcement. Also the MD cant be limiting sometimes it doesnt cover everything. If its really a big deal it can be changed. It wouldnt take long. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ah, weird that it doesn't render for me locally but does otherwise There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Glad to see the book getting some love 🌠 wishing the team for HK all the best 🙏 - hope to see the work for that wave end up translating here. I am not in the game for it (at least for now) but have some advice/notes if you wanna hear em 😁
Ultimately not up to me anymore, though I tried to enforce MD. I did work with you @coax1d directly on this before in case you forgot 😝 🫶 - you even helped convert a subset of your HTML to MD where possible before too. I did intentionally archive the (private) For some background, the chief motivator for using the
Maybe @Asamartino wants to do something different now, and that driving factor isn't as important now. 🤷 Happy to help outline and implement a strategy with maintainers here that lands in the contributor's guide, if the PBA team wants this. For the rendering, sadly as it stands there are at least four different HTML servers depending on what commands you run (reveal has dev and build, bun with a minimal static server, and mdbook has a watching one). This could be cleaned up for a better overall UX, IMHO this would fork or replace the reveal-md tooling with something minimal here, and as I moved to bun for the book's static server here, I would opt for better configure mdbook (perhaps a custom plugin) as a tool to get slides -> reveal HTML -> full book. Maybe related: webpro/reveal-md#433 but it's been a while since I played with different behavior. In the end, the source of truth on what things will render as should be assessed via running |
||
<li class="fragment"><code>fn generate_key(r) -> sk;</code> <br />Generate a <code>sk</code> (secret key) from some input <code>r</code>.</li> | ||
<li class="fragment"><code>fn public_key(sk) -> pk;</code> <br /> Return the <code>pk</code> (public key) from a <code>sk</code>.</li> | ||
<li class="fragment"><code>fn sign(sk, msg) -> signature;</code> <br /> Takes <code>sk</code> and a message; returns a digital signature.</li> | ||
<li class="fragment"><code>fn verify(pk, msg, signature) -> bool;</code> <br /> For the inputs <code>pk</code>, a message, and a signature; returns whether the signature is valid.</li> | ||
</ul> | ||
|
||
Notes: | ||
|
||
|
@@ -72,10 +74,12 @@ This means the verifier will need to run the correct hash function on the messag | |
|
||
Signatures provide many useful properties: | ||
|
||
- Confidentiality: Weak, the same as a hash | ||
- Authenticity: Yes | ||
- Integrity: Yes | ||
- Non-repudiation: Yes | ||
<ul> | ||
<li class="fragment"><strong>Confidentiality: </strong> Weak, the same as a hash</li> | ||
<li class="fragment"><strong>Authenticity: </strong> Yes</li> | ||
<li class="fragment"><strong>Integrity: </strong> Yes</li> | ||
<li class="fragment"><strong>Non-repudiation: </strong> Yes</li> | ||
</ul> | ||
|
||
Notes: | ||
|
||
|
@@ -85,10 +89,11 @@ If a hash is signed, you can prove a signature is valid _without_ telling anyone | |
|
||
## Signing Payloads | ||
|
||
Signing payloads are an important part of system design.<br /> | ||
Users should have credible expectations about how their messages are used. | ||
|
||
For example, when a user authorizes a transfer,<br />they almost always mean just one time. | ||
<ul> | ||
<li class="fragment">Signing payloads are an important part of system design.</li> | ||
<li class="fragment">Users should have credible expectations about how their messages are used.</li> | ||
<li class="fragment">For example, when a user authorizes a transfer, they almost always mean just one time.</li> | ||
</ul> | ||
|
||
Notes: | ||
|
||
|
@@ -135,9 +140,11 @@ Examples: | |
|
||
<pba-flex center> | ||
|
||
- Monotonically increasing account nonces | ||
- Timestamps (or previous blocks) | ||
- Context identifiers like genesis hash and spec versions | ||
<ul> | ||
<li class="fragment">Monotonically increasing account nonces</li> | ||
<li class="fragment">Timestamps (or previous blocks)</li> | ||
<li class="fragment">Context identifiers like genesis hash and spec versions</li> | ||
</ul> | ||
|
||
--- | ||
|
||
|
@@ -147,18 +154,22 @@ Examples: | |
|
||
## ECDSA | ||
|
||
- Uses Secp256k1 elliptic curve. | ||
- ECDSA (used initially in Bitcoin/Ethereum) was developed to work around the patent on Schnorr signatures. | ||
- ECDSA complicates more advanced cryptographic techniques, like threshold signatures. | ||
- Nondeterministic | ||
<ul> | ||
<li class="fragment">Commonly uses Secp256k1 elliptic curve.</li> | ||
<li class="fragment">ECDSA (used initially in Bitcoin/Ethereum) was developed to work around the patent on Schnorr signatures.</li> | ||
<li class="fragment">ECDSA complicates more advanced cryptographic techniques, like threshold signatures.</li> | ||
<li class="fragment">Non-Deterministic</li> | ||
</ul> | ||
|
||
--- | ||
|
||
## Ed25519 | ||
|
||
- Schnorr signature designed to reduce mistakes in implementation and usage in classical applications, like TLS certificates. | ||
- Signing is 20-30x faster than ECDSA signatures. | ||
- Deterministic | ||
<ul> | ||
<li class="fragment">Schnorr signature designed to reduce mistakes in implementation and usage in classical applications, like TLS certificates.</li> | ||
<li class="fragment">Signing is 20-30x faster than ECDSA signatures.</li> | ||
<li class="fragment">Deterministic</li> | ||
</ul> | ||
|
||
--- | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is probably too detailed for the level of math the cryptography module should talk about, and the number of words and terms will just make people confused.
Probably better to phrase it as either "a 64-byte value" (which is a bit imprecise, but more black-boxy) or "a mathematical construct specific to the cryptography you're using" (which is broadly accurate, and doesn't necessitate readers to try to figure out what a "scalar value", "scalar field", or "base field" are.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am correcting the incorrect statement which was made that a secret key is a point on an elliptic curve which is just a false statement. If math is going to be talked about it should atleast be correct.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A secret key is not a curve point
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead we can just not reference any elliptic curve. But to be honest we are going to introduce a ZK section some small references to curves and fields isnt that bad. There isnt even a single actual math line in here I kind of disagree that it is too much math. I am not showing the scalar field times the base field element or something.
It is also important to note that there will be founders in crypto which probably wont understand half of it either so I think we are going to just have to wing it with what we choose to let some people scratch their head over.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree that we should be correct everywhere we do reference the math, and should for sure correct what's in here right now.
If you want to keep the definition as written, I'm fine with that if you add something in the notes for the lecturer to say that the definition is not important to know. My thought was that the definition written is a bit long and contains a few terms most won't know, and as people are learning most everything for the first time, it would be distracting.