aljaz/dlc-intro
1
1
Fork 0
mirror of https://github.com/aljazceru/dlc-intro.git synced 2025-12-17 05:54:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor

Browse Source
This commit is contained in:
Gregor Pogačnik
2021-09-11 23:14:06 +02:00
parent 9cc0d8fa6b
commit ffc65dffa8
3 changed files with 71 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
README.md
View File

@@ -1,59 +1,8 @@
# schnorr-intro # dlc-intro
A gentle introduction to Schnorr signature scheme using Eliptic Curve Cryptograph (ECC) A gentle introduction to Discreet Log Contracts (DLCs) on Bitcoin
It was invented by german mathematician Claus-Peter Schnorr. Unfortunately he patented the scheme in 1988 (it expired in February 2008). So during the creation of Bitcoin it was "free", unfortunately the space lacked good libraries. Therefore ECDSA scheme was used. They offer a way to implement financial smart contracts on Bitcoin and what is more I believe they could also be used directly via Lightning
## Eliptic Curve Cryptography 101 Outline:
An elliptic curve is defined by formula: First we need go through some [Eliptic Curve Cryptography Basics](ecc101.md). Then we tackle [Schnorr Signature Scheme](./schnorr.md) and finally explain [Discreet Log Contracts](./dlc.md)
![equation](http://www.sciweavers.org/tex2img.php?eq=y%5E2%3Dx%5E3%2Bax%2Bb&bc=Black&fc=White&im=jpg&fs=12&ff=arev&edit=)
![image](ecc.png)
a and b are parameters that define the curve and are carefully tuned.
Secp256k1 curve used by Bitcoin (and others) has the formula
![equation](http://www.sciweavers.org/tex2img.php?eq=y%5E2%3Dx%5E3%2B7&bc=Black&fc=White&im=jpg&fs=12&ff=arev&edit=) (a = 0, b = 7) and looks like this:
![image](Secp256k1.png)
### Operations
We operate on points on the curve A, B, C, G, P (upper-case letters) all define points on the curve with an (x, y) coordinate.
#### Addition
We can define addition of two points A and B by drawing a line through those two points and where the line intersects the curve is the negative of the new point. After transposition over the x axis (y = 0) we get the actual result
![image](addition.gif)
The operation is commutative (A + B = B + A)
#### Multiplications with a scalar
We can also calculate an addition of point P with itself (P + P)
Since this is just one point we now draw a tangent to the curve
![image](pplusp.gif)
P + P is the same as 2*P
P + P + P is 3*P and so on.
So we can define multiplication in the form of k * P.
#### Discrete log problem
Multiplication is asociative but the neat part is that also by knowing P and the curve used we cannot easily "extract" k.
From k -> kP is easy (we just do the adding or actually doubling) but kP -> k is very hard.
Usually we are given a standard curve (like Secp256k1) and generator point G.
Note: we cannot trust just any parameters because we might know something about G beforehand.
But basically random integer x can be a private key, while P = x*G is the public key.
## Schnorr signature scheme

59
ecc101.md Normal file
View File

@@ -0,0 +1,59 @@
## Eliptic Curve Cryptography 101
An elliptic curve is defined by formula:
![equation](http://www.sciweavers.org/tex2img.php?eq=y%5E2%3Dx%5E3%2Bax%2Bb&bc=Black&fc=White&im=jpg&fs=12&ff=arev&edit=)
![image](ecc.png)
a and b are parameters that define the curve and are carefully tuned.
Secp256k1 curve used by Bitcoin (and others) has the formula
![equation](http://www.sciweavers.org/tex2img.php?eq=y%5E2%3Dx%5E3%2B7&bc=Black&fc=White&im=jpg&fs=12&ff=arev&edit=) (a = 0, b = 7) and looks like this:
![image](Secp256k1.png)
### Operations
We operate on points on the curve A, B, C, G, P (upper-case letters) all define points on the curve with an (x, y) coordinate.
#### Addition
We can define addition of two points A and B by drawing a line through those two points and where the line intersects the curve is the negative of the new point. After transposition over the x axis (y = 0) we get the actual result.
![image](addition.gif)
Addition is:
* commutative: A + B = B + A
* associative (A + B) + C = A + (B + C)
#### Multiplications with a scalar
We can also calculate an addition of point P with itself (P + P)
Since this is just one point we now draw a tangent to the curve (t)
![image](pplusp.gif)
P + P is the same as 2*P
P + P + P is 3*P
and so on.
So we can define multiplication in the form of k * P (while P * Q or P * k) doesn't make sense.
Multiplication is distributive (k * (A + B) = kA + kB)
#### Discrete logarithm problem
From k -> kP is easy (we just do the adding or actually doubling) but kP -> k is very hard.
Usually we are given a standard curve (like Secp256k1) and some generator point G. Note: in principle any G is good but we cannot trust just any parameters because peer might know something about G beforehand (there were attacks abusing the blind trust of G sent by other party).
Basically random integer x can be a private key, while P = x*G is the public key. And knowing P or G doesn't help in any way to find out x. This is the eliptic curve discrete logarithm problem that is believed to be computationaly hard.
[Previous - main page](./README.md)
[Next - Schnorr Signature Scheme](./schnorr.md)

7
schnorr.md Normal file
View File

@@ -0,0 +1,7 @@
## Schnorr Signature Scheme
It was invented by german mathematician Claus-Peter Schnorr. Unfortunately he patented the scheme in 1988 (it expired in February 2008). So during the creation of Bitcoin it was "free", unfortunately the space lacked good libraries. Therefore ECDSA scheme was used.
[Previous - ECC](./ecc101.md)
[Next - DLC](./dlc.md)