Implementation of Schnorr signature module for mithril-stm.

[damrobi]

Content

This PR includes a new module for mithril-stm containing an implementation for the Schnorr signature that will be used in the SNARK version of mithril.

Pre-submit checklist

• Branch
  • Tests are provided (if possible)
  • Crates versions are updated (if relevant)
  • CHANGELOG file is updated (if relevant)
  • Commit sequence broadly makes sense
  • Key commits have useful messages
• PR
  • All check jobs of the CI have succeeded
  • Self-reviewed the diff
  • Useful pull request description
  • Reviewer requested
• Documentation
  • No new TODOs introduced
• Finalization TODO:
  • Change all Result into StmResult
  • create new Error enum for Schnorr signatures and add specialized errors
  • Provide context for errors
  • Fix from_bytes() functions
  • Add small doc comments to all public functions
  • Shorten comment explanation for sign and verify functions
  • Add tests to check all error types are correct/working
  • Refactor get_coordinates multiple function calls
  • Investigate difference between Dusk and Midnight Poseidon

Benchmark results

The preliminary benchmark results (on my machine) of the two signature schemes are the following.

For individual signature:

• BLS: ~0.121ms
• Schnorr: ~1.51ms
• Comparison: ~12x

For individual verification:

• BLS: ~0.750ms
• Schnorr: ~1.52ms
• Comparison: ~2x

The benchmark are using the Dusk library for running Poseidon. Dusk Poseidon hash:

• For 1 scalar hashed: 0.0424ms
• For 11 scalars hashed (same as in sign): 0.127ms

Comments

For from_bytes() functions, do we want to fail/warn if we receive more bytes than needed?

In the sign function of SchnorrSigningKey, how do we want to handle the randomness?

Add loops when generating random values to avoid 0? Done for the signing key for now.

Removed function hash_msg_to_jubjub for now, we might need it somewhere outside the schnorr signature module.

Issue(s)

Relates to #2756

[github-advanced-security]

cargo-doc found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

[github-advanced-security]

clippy found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

[github-actions]

Test Results

    4 files  ±0    168 suites  ±0   23m 48s ⏱️ -6s
2 214 tests ±0  2 214 ✅ ±0  0 💤 ±0  0 ❌ ±0 
6 905 runs  ±0  6 905 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit 0429dd1. ± Comparison against base commit 2943337.

♻️ This comment has been updated with latest results.

[curiecrypt]

First batch of reviews. It looks good at first glance.

[curiecrypt]

You should use full names even in function parameters. For example verification_key instead of vk.
For simplicity and descriptiveness, we can use random_scalar_1 instead of random_value_1. Consequently, we can call the generator * random_scalar_1 as random_point_1.
This will apply for all cases where we obtain a curve point by multiplying the generator with a scalar: For example: point_signature = generator * signature.
This kind of naming seems more descriptive and pleasant.
Final remark, if you use an underscore for separating numbers in one place, then you should do the same for all other similar cases. It should apply for separating x and y as well.

[Copilot]

Pull request overview

This PR implements a Schnorr signature module for mithril-stm that will be used in the SNARK version of Mithril. The implementation provides signing and verification functionality using the Jubjub elliptic curve and Poseidon hash function, feature-gated behind future_snark.

Key Changes:

• Implementation of Schnorr signature scheme with signing keys, verification keys, and signature structures
• Utility functions for coordinate extraction and field conversions
• Comprehensive test coverage for signing, verification, and serialization
• New error type SchnorrSignatureError for Schnorr-specific errors

Reviewed changes

Copilot reviewed 9 out of 10 changed files in this pull request and generated 15 comments.

Show a summary per file

File	Description
mithril-stm/src/schnorr_signature/verification_key.rs	Defines verification key type with serialization and conversion from signing key
mithril-stm/src/schnorr_signature/signing_key.rs	Implements signing key generation and Schnorr signature creation
mithril-stm/src/schnorr_signature/signature.rs	Defines signature structure and verification logic
mithril-stm/src/schnorr_signature/utils.rs	Utility functions for curve operations and field conversions
mithril-stm/src/schnorr_signature/mod.rs	Module organization with re-exports and integration tests
mithril-stm/src/error.rs	Adds SchnorrSignatureError enum with specialized error variants
mithril-stm/src/lib.rs	Exposes Schnorr types in public API behind future_snark feature
mithril-stm/Cargo.toml	Adds dependencies for Jubjub curve and Poseidon hash (dusk-jubjub, dusk-poseidon, ff, group)
mithril-stm/benches/schnorr_sig.rs	Benchmark for individual Schnorr signature verification
Cargo.lock	Dependency resolution including new cryptographic libraries

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 11 out of 12 changed files in this pull request and generated 5 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.