ronkathon icon indicating copy to clipboard operation
ronkathon copied to clipboard
verified publisher icon pluto

feat: Diffie-Hellman and elliptic curve DH

Open lonerapier opened this issue 1 year ago • 7 comments

Since we have ECDSA now, it would be fascinating to see a toy implementation of Diffie-Hellman and ECDH.

Resources:

  • https://web.math.ucsb.edu/~kylehansen/Papers/Elliptic_Curve_Cryptography.pdf
  • http://koclab.cs.ucsb.edu/teaching/ecc/project/2015Projects/Haakegaard+Lang.pdf
  • https://www.gabriel.urdhr.fr/2021/10/19/diffie-hellman-intro/

lonerapier avatar May 25 '24 17:05 lonerapier

i can give this a go tomorrow, maybe move src/ecdsa.rs into src/ecc/ecdsa.rs then add the ecdh

jtriley2p avatar Jul 01 '24 03:07 jtriley2p

sir, if possible, do try tripartite DH using Tate pairings as well

lonerapier avatar Jul 01 '24 16:07 lonerapier

ecdh

jtriley2p avatar Jul 01 '24 16:07 jtriley2p

gonna have to solidify my understanding of bilinear maps & G2+ a bit first, but will do 🫡

jtriley2p avatar Jul 01 '24 16:07 jtriley2p

classic scary sounding thing for "take two things make new unique new thing"|

Autoparallel avatar Jul 01 '24 17:07 Autoparallel

"Key Exchange", simple and better.

@jtriley-eth just ping me, would love to jam with you and help anywhere possible. Pairings was an amazing topic that I enjoyed battling with a lot (still don't understand it completely lol)

lonerapier avatar Jul 01 '24 17:07 lonerapier

Pluto internal code has some magic ECDH that we depend on :). Definitely recommend diving into and exploring this primitive. It's key to how our web proofs works.

We will be open-sourcing something substantial in ~2 weeks for that.

I wonder if clever tripartite ecdh could be used for web proofs... hm!

devloper avatar Jul 02 '24 01:07 devloper

I want to push this up the list of TODOs. This is a really cool problem. @jtriley2p do you still have interest in this?

Autoparallel avatar Jan 28 '25 22:01 Autoparallel

it was early july, a cool summer day, the aroma of rwandan espresso wafted through the air, its gentle notes of citrus and cherry accompanied an artisanal muesli, decorated with slices of orange and raspberries. i peered into my smart phone, the interface to the technological abyss, the screen was marked with "feat: Diffie-Hellman and elliptic curve DH", a familiar name. one which, in my amateur ventures into the shallows of the deep, dark ocean of cryptography, i thought quite approachable.

it was supposed to be a simple job, in and out, no hitches. but that's not often how these things go is it? a comment as simple as "sir, if possible, do try tripartite DH using Tate pairings as well", one which appeared on its surface to be a simple addition to the collection, another trophy for the contributor wall, but which entailed a dive. a dive into the deep, dark ocean of cryptography. i embarked upon the journey with a youthful smile. "it's only elliptic curve pairings" i foolishly believed. "it's only bilinearity on an already abelian group" i spoke to my friends. despite the warnings of those who came before me, "just black box it" or "it's just bilinear, don't worry about it", i stubbornly continued.

what followed was a brutal and ruthless journey, one filled with arcane runes, countless misguided turns, and.. mathematicians. yes, the academics which guard their chambers with elaborate streams of pedantic jargon and deeply refined and distilled syntax, one which conveys information and structure alone, one which leaves the intuition and profound inspiration as an exercise to the observer. there is no life to be lived here, there is only the proposition and the proof. in the depths of this sea i encountered abstract nonsense after abstract nonsense. even the tools bestowed upon me by bartosz milewski could not save me now. i was in algebraic topology's territory now. everything up to here was conquerable, the group theoretic structures, the reduction to finite fields, the field extension towers, perhaps in a looser sense, polynomial exponentiation. but the miller algorithm. that god forsaken miller algorithm. i could not do it. no matter how many variants there were, no matter which bits we iterated, no matter whether we performed the final exponentiation or used an alternative residue check, there is no understanding of that algorithm. there is only the infinite depths of function quotients in algebraic topology and surrender.

after narrowly returning from my journey with my life, i bear only the good word and the near-death experience to accompany it.

"it's just bilinear, don't worry about it"

yea i'll do the thing, lemme sync up & add the 3p ecdh

jtriley2p avatar Jan 29 '25 17:01 jtriley2p

I read this and weeped. Both tears of joy, and real tears of being called out for the pedant I am.

mathematicians

Hurt...

pedantic jargon and deeply refined and distilled syntax

Guh

With all that said, don't we have a Miller loop in here already? Jeez, @jtriley2p it's like you don't even CARE about ME.

It's just bilinear man. Don't even think about it. Blackbox it. Pray to Grothendieck and you will be okay.

Autoparallel avatar Jan 29 '25 18:01 Autoparallel