Merlin

Schnorrkel implementation relies on Merlin. And it is basically only in Rust: https://github.com/dalek-cryptography/merlin

So we tried to rewrite it! And it was real nice.

It is still in our sr25519 library, but we belive that we should move it to its separate repository, so you who want to use Merlin directly without its accompanying sr25519 would use more lightweight repository.

It is based on Strobe protocol, which is basically is everything we have here.

So we have Strobe128 class which has its own state managed by keccak algorithm you can find few sections above sr25519 library. This was also hard to find in either Java or Kotlin, especially fully opened to use its basic F1600 function besides popular sizes.

This class has next interface:

// Part of every operation with Strobe, it accepts label and size of upcoming message to sign/verify
fun metaAd(data: ByteArray, more: Boolean)

// Append actual data to Strobe
fun ad(data: ByteArray, more: Boolean)

// Used for bytes challenge in signing/verifying
fun prf(data: ByteArray, more: Boolean)

// Provides some obfuscation with a variable value like nonce
fun key(data: ByteArray, more: Boolean)

Example of usage from Transcript:

// Used to append method to execute, body to sign, public key to verify, and so on
strobe.metaAd(label, false)
strobe.metaAd(message.size.toByteArray(), true)
strobe.ad(message, false)

// Adds nonce while expanding ed25519 secret key to full size secret key
strobe.metaAd(label, false)
strobe.metaAd(destination.size.toByteArray(), true)
strobe.prf(destination, false)

// Rekeys Strobe when signing with nonce or verifying signature
// Resulting Strobe's state should be the same in both cases for same data 
strobe.metaAd(label, false)
strobe.metaAd(witness.size.toByteArray(), true)
strobe.key(witness, false)
PreviousUsage ExampleNextSecret Key

Last updated