e:=Hash(R,X,Message)
本文来自Wisdom Chain官方TwitterURL:https://twitter.com/Wisdom_Chain/status/1301382987762806784?s=20
So if the value of X is very large, even greater than the sum of all the atoms in the universe, it will take an unacceptable time to guess the value of X. At the same time, if someone holds the correct x, calculating x*A is very fast. This asymmetry will be the premise of our discussion.
Schnorr签名协议的简捷描写如下:
当我们讲一个点与自身相加多次时,我们称其为“乘以一个数”:D=3 C。显而易见的,假如将一个点A与自身相加许多次(可能说将其乘以一个很大的数)然后获得一个点B,假如我们只是知道原始点A和功效点B,计较出与A相乘的这个大数是相当坚苦的。这里的“坚苦”意思是,假如要计较出这个“大数”,我们不能简朴的用B除以A,只能不绝的揣摩一个值x,计较是否x A便是B。
原文标题:要害 |《Wisdom Chain文档常识库》之Schnorr签名算法Schnorr签名算法最初是由德国暗码学家ClausSchnorr于2008年提出的,在暗码学中,它是一种数字签名方案,以其简朴高效著称,其安详性基于某些离散对数问题的难处理惩罚性。
This article comes from the official Twitter of Wisdom ChainURL:https://twitter.com/Wisdom_Chain/status/1301382987762806784?s=20
下面用小写字母暗示数字,好比:a=42。同时我们将利用一些椭圆曲线(ellipticcurve)上的点。这些点是一些满意椭圆曲线方程的大数对。
Schnorr Signature Algorithm of Wisdom Chain DocumentKnowledge Base
In the last chapter, we talked about the aggregate signature used in WisdomChain is the signature aggregation of each key generated by the parties using Schnorr signature. Now let's learn about the past and present of the Schnorr signature algorithm.
Twitter:@Wisdom_Chain微博:WisdomChain知乎:伶俐链技能社区Facebook:WisdomChainTelegram:@WisdomPublicChain相关资源
Alice sends Bob R, X, message, and point values s, Bob verifies s G equals R+e X. In fact, not only is Bob, but anyone in the world can prove this proof by itself. Once s G=R+e X passes validation, it can prove that Alice holds X of private key and generates a legal signature: (s, e).
Alice持有私钥x,然后选择一个随机数r,以及椭圆曲线上的原点G,计较出R:=r G,公钥X:=xG,利用哈希函数获取一个随机的用于验证的数字e:=Hash(R,X,message),,然后计较s:=e*x+r。
03
The brief description of Schnorr Signature Protocol is as follows:
We will use capital letters to represent these points, such as A= (4,68). Some algebraic operations can be performed on points on elliptic curves. The above two points can be added together and we can get approximately random third points, which is expressed as: C=A+B. A point can be added to itself many times: D = C + C + C.
Alice holds the private key x, then selects a random number r and the origin G on the elliptic curve, calculates R: = r G, public key X: = xG, uses the hash function to obtain a random number e: = Hash (R,X, message), and then calculates s: = e * x + r.
Alice给Bob发送点R,X,message,和点数值s,Bob验证s G便是R+e X。事实上,不只是Bob,这个世界上的任何人都可以独自对这一证明举办验证。一旦s G=R+e X通过了验证,既可以证明Alice持有私钥x,并生成了一个正当的签名:(s,e)。
一个精采的哈希函数,会在哪怕仅有一个字符有变动的环境下,也会返回完全差异的哈希值,使得计较出s的值是不行能的任务。
存眷Wisdom Chain动态
最终,假如要将签名从这一证明中缔造出来,Alice需要定制一个哈希函数来对她签名的动静的举办哈希计较。这样的话需要确定针对一个动静所计较出的签名,不能被复用给别的一个动静。
Based on this, developers can add more complex concepts in the future, such as WisdomChain aggregated signatures. The advantage of aggregate signature is that all the input involved in a transaction can be completed by only one merge signature, which greatly reduces the amount of data processing and makes the network faster and more efficient.
Setup:x: random number (aka private key)G := common pointX: x*G(aka public key)Sign:r : random number (aka nonce)R: r* G(aka commitment)e : Hash(R, x, message)(aka challenge)s:=r+e*x(aka response)return (R, x, s, message)((S, e) aka signature)Verify:receive (R, x, s, message)e := Hash(R, x, message)S1:= R+e*XS2 :=s*Greturn OK if S1 qeuals S2
02
R,X与签名信息
When we talk about a point adding itself many times, we call it "multiply by a number": D = 3 C. Obviously, if we add a point A to itself many times (or multiplied by a large number) and get a point B, if we only know the original point A and the result point B, it is quite difficult to calculate the large number multiplied by A. The "difficulty" here means that if we want to calculate this "big number", we can not simply divide B by A, we can only guess a value x continuously and calculate whether x A equals B.
所以假如这个x的值很是大,甚至大于宇宙中所有原子数目标和,揣摩这个x的值将耗费一个难以接管的时间。同时假如或人持有正确的x,计较x*A长短常迅速的。这种非对称性将作为我们接头的前提。
郑重声明:本文版权归原作者所有,转载文章仅为传播更多信息之目的,如作者信息标记有误,请第一时间联系我们修改或删除,多谢。
