Re-anchor benchmark to the NUT-00 BLS12-381 (v3) spec (nuts#371)#1
Merged
Conversation
Track the actual spec (cashubtc/nuts#371) instead of the nutshell PR #999 implementation draft. The core BDHKE already matched; this adds what the spec mandates and regenerates all numbers on the ESP32-C3. esp32c3-bench-blst: - Mandatory point validation (NUT-00 Point Validation): every received B_/C_/C (G1) and K (G2) is uncompressed from canonical bytes and rejected unless on-curve, non-identity, and in the prime-order subgroup. Timed ops take the wire bytes so validation is in the measured cost; each keyset key is validated once. - Deterministic Fiat-Shamir batch weights: BLS_BATCH_DST transcript -> SHA-256 challenge -> per-proof rejection sampling in Fr* against BLS_FR_ORDER, replacing arbitrary scalars. - Spec-conformance gate against the NUT-00 test vectors (tests/00-tests.md): single-proof Y/K/B_/C_/C plus the batch challenge and both weights, all byte-exact on-chip; MPI mul_mont stays bit-exact. - New point-validation primitive timings. Docs (README, RESULTS, Cargo.toml, legacy/*): re-anchor PR #999 -> nuts#371, K2 -> K, DLEQ scoped to secp256k1 (NUT-12). Numbers regenerated for portable-C (State 1) and MPI-all (State 3): ~4.5x across the board; typical 10-proof token ~0.93 s (MPI), at parity with the secp256k1+DLEQ wallet. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Track the actual spec (cashubtc/nuts#371) instead of the nutshell PR #999 implementation draft. The core BDHKE already matched; this adds what the spec mandates and regenerates all numbers on the ESP32-C3.
esp32c3-bench-blst:
SHA-256 challenge -> per-proof rejection sampling in Fr* against BLS_FR_ORDER, replacing arbitrary scalars.
Docs (README, RESULTS, Cargo.toml, legacy/*): re-anchor PR #999 -> nuts#371, K2 -> K, DLEQ scoped to secp256k1 (NUT-12). Numbers regenerated for portable-C (State 1) and MPI-all (State 3): ~4.5x across the board; typical 10-proof token ~0.93 s (MPI), at parity with the secp256k1+DLEQ wallet.