Constant schnorrkel::vrf::KUSAMA_VRF

source ·
pub const KUSAMA_VRF: bool = true;
Expand description

Value for kusama paramater to *dleq* methods that yields the VRF for kusama.

Greg Maxwell argue that nonce generation should hash all parameters that challenge generation does in https://moderncrypto.org/mail-archive/curves/2020/001012.html We support this position in prionciple as a defense in depth against attacks that cause missalignment between the public and secret keys.

We did this for signatures but not for the VRF deployed in Kusama. We cannot justify add this defense to the deployed VRF because several layers already address this attack, including merlin’s witnesses and that signers normally only sign VRF outputs once.

We suggest using Greg Maxwell’s trick if you use a stand alone DLEQ proof though, meaning call *dleq* methods with kusama: false.

see: https://github.com/w3f/schnorrkel/issues/53