# Task: prove knowledge of a schnorr signature
## The signature scheme
- Public generator: $G \in \mathbb{G}$
- Private key: $x \in \mathbb{F}_r$
- Public key: $X = xG \in \mathbb{G}$
- Message: m: Blob
- Sign: (X, x, m):
- k $\gets\mathbb{F}_r$
- K = kG
- e = Hash( K | m )
- s = k - xe
- Return (s, e)
- Verify (X, m, s, e):
- K = sG + eX
- hash( K | m ) ?= e
## APIs:
``` rust
struct FieldVar {
f: Variable
}
struct PointVar {
x: Variable,
y: Variable
}
trait PlonkGate {
fn new_constant<C>(&mut self, c: C) -> Variable;
fn new_witness<V>(&mut self, t: V) -> Variable;
}
trait EccGate: PlonkGate {
fn point_add(
&mut self,
p1: &PointVar,
p2: &PointVar,
) -> Result<PointVar, Error>;
fn point_double(
&mut self,
p: &PointVar,
) -> Result<PointVar, Error>;
fn scalar_mul(
&mut self,
p: &PointVar,
s: &FieldVar,
) -> Result<PointVar, Error>;
fn hash_to_field<H: Hash>(
&mut self,
input: &HashInput,
) -> Result<FieldVar, Error>;
fn schnorr_verify(
&mut self,
pubkey: &PointVar,
msg: &Bits,
e: &Digest,
s: &FieldVar,
) -> Result<(), Error>;
}
impl EccGate for PlonkGate {
/* - Verify (X, m, s, e):
- K = sG + eX
- hash( K | m ) ?= e */
fn schnorr_verify(
&mut self,
pubkey: &PointVar,
msg: &Bits,
e: &FieldVar,
s: &FieldVar,
) -> Result<(), Error> {
// sG
let G = self.new_constant(&GENERATOR);
let s = self.new_witness(&s);
let sG = self.scalar_mul(&G, &s);
// eX
let e = self.new_witness(&e);
let eX = self.scalar_mul(&pubkey, &e);
let K = self.point_add(&sG, &eX);
}
}
```
Sign in with Wallet
Connect another wallet