bls

package
v1.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 7, 2024 License: GPL-3.0, GPL-3.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const (
	BLSCryptoType     = 1
	BN256Curve        = 1
	BLS12377Curve     = 2
	BLS12381Curve     = 3
	PUBLICKEYBYTES    = 128
	G1PUBLICKEYBYTES  = 64
	SIGNATUREBYTES    = 64
	EPOCHENTROPYBYTES = 16
)
View Source
const (
	MODULUS256  = "21888242871839275222246405745257275088548364400416034343698204186575808495617"
	MODULUSBITS = 254
	MODULUSMASK = 63 // == 2**(254-(256-8)) - 1
)

Variables

This section is empty.

Functions

func GenKeyPair

func GenKeyPair(randReader io.Reader) (*PublicKey, *SecretKey, error)

GenKeyPair generates Public and Private Keys

func PerformHash

func PerformHash(msg []byte) ([]byte, error)

func PrivateToG1Public

func PrivateToG1Public(privateKeyBytes []byte) ([]byte, error)

func PrivateToPublic

func PrivateToPublic(privateKeyBytes []byte) ([]byte, error)

func UnmarshalG1Pk

func UnmarshalG1Pk(g1pkmsg []byte) (*cfbn256.G1, error)

func Verify

func Verify(apk *Apk, msg []byte, sigma *Signature) error

Verify is the verification step of an aggregated apk signature

func Verify2

func Verify2(apk *Apk, msg []byte, sigma *Signature) error

func VerifyBatch

func VerifyBatch(apks []*Apk, msgs [][]byte, sigma *Signature) error

VerifyBatch is the verification step of a batch of aggregated apk signatures TODO: consider adding the possibility to handle non distinct messages (at batch level after aggregating APK)

func VerifyCompressed

func VerifyCompressed(pks []*cfbn256.G2, msgList [][]byte, compressedSig []byte, allowDistinct bool) error

VerifyCompressed verifies a Compressed marshalled signature

func VerifyG1Pk

func VerifyG1Pk(g1pk []byte, g2pk []byte) error

func VerifyUnsafe

func VerifyUnsafe(pkey *PublicKey, msg []byte, signature *UnsafeSignature) error

VerifyUnsafe checks the given BLS signature bls on the message m using the public key pkey by verifying that the equality e(H(m), X) == e(H(m), x*B2) == e(x*H(m), B2) == e(S, B2) holds where e is the pairing operation and B2 is the base point from curve G2.

func VerifyUnsafe2

func VerifyUnsafe2(pkey *PublicKey, msg []byte, signature *UnsafeSignature) error

func VerifyUnsafeBatch

func VerifyUnsafeBatch(pkeys []*PublicKey, msgList [][]byte, signature *UnsafeSignature) error

VerifyUnsafeBatch verifies a batch of messages signed with aggregated signature the rogue-key attack is prevented by making all messages distinct

Types

type Apk

type Apk struct {
	*PublicKey
}

Apk is the short aggregated public key struct

func AggregateApk

func AggregateApk(pks []*PublicKey) (*Apk, error)

AggregateApk aggregates the public key according to the following formula: apk ← ∏ⁿᵢ₌₁ pk^H₁(pkᵢ)

func NewApk

func NewApk(pk *PublicKey) *Apk

NewApk creates an Apk either from a public key or scratch

func UnmarshalApk

func UnmarshalApk(b []byte) (*Apk, error)

UnmarshalApk unmarshals a byte array into an aggregated PublicKey

func (*Apk) Aggregate

func (apk *Apk) Aggregate(pk *PublicKey) error

Aggregate a Public Key to the Apk struct according to the formula pk^H₁(pkᵢ)

func (*Apk) AggregateBytes

func (apk *Apk) AggregateBytes(b []byte) error

AggregateBytes is a convenient method to aggregate the unmarshalled form of PublicKey directly

func (*Apk) Copy

func (apk *Apk) Copy() *Apk

Copy the APK by marshalling and unmarshalling the internals. It is somewhat wasteful but does the job

type BLSCryptoSelector

type BLSCryptoSelector interface {
	ECDSAToBLS(privateKeyECDSA *ecdsa.PrivateKey) ([]byte, error)
	PrivateToPublic(privateKeyBytes []byte) (SerializedPublicKey, error)
	PrivateToG1Public(privateKeyBytes []byte) (SerializedG1PublicKey, error)
	VerifyAggregatedSignature(publicKeys []SerializedPublicKey, message []byte, extraData []byte, signature []byte, shouldUseCompositeHasher, cip22 bool, fork, cur *big.Int) error
	AggregateSignatures(signatures [][]byte) ([]byte, error)
	VerifySignature(publicKey SerializedPublicKey, message []byte, extraData []byte, signature []byte, shouldUseCompositeHasher, cip22 bool, fork, cur *big.Int) error
	EncodeEpochSnarkDataCIP22(newValSet []SerializedPublicKey, maximumNonSigners, maxValidators uint32, epochIndex uint16, round uint8, blockHash, parentHash EpochEntropy) ([]byte, []byte, error)
	UncompressKey(serialized SerializedPublicKey) ([]byte, error)
}

func CryptoType

func CryptoType() BLSCryptoSelector

type BN256

type BN256 struct{}

func (BN256) AggregateSignatures

func (BN256) AggregateSignatures(signatures [][]byte) ([]byte, error)

func (BN256) ECDSAToBLS

func (BN256) ECDSAToBLS(privateKeyECDSA *ecdsa.PrivateKey) ([]byte, error)
func (BN256) ECDSAToBLS(privateKeyECDSA *ecdsa.PrivateKey) ([]byte, error) {
	return crypto.FromECDSA(privateKeyECDSA), nil
}

func (BN256) EncodeEpochSnarkDataCIP22

func (BN256) EncodeEpochSnarkDataCIP22(newValSet []SerializedPublicKey, maximumNonSigners, maxValidators uint32, epochIndex uint16, round uint8, blockHash, parentHash EpochEntropy) ([]byte, []byte, error)

func (BN256) PrivateToG1Public

func (BN256) PrivateToG1Public(privateKeyBytes []byte) (SerializedG1PublicKey, error)

func (BN256) PrivateToPublic

func (BN256) PrivateToPublic(privateKeyBytes []byte) (SerializedPublicKey, error)

func (BN256) UncompressKey

func (BN256) UncompressKey(serialized SerializedPublicKey) ([]byte, error)

func (BN256) VerifyAggregatedSignature

func (BN256) VerifyAggregatedSignature(publicKeys []SerializedPublicKey, message []byte, extraData []byte,
	signature []byte, shouldUseCompositeHasher, cip22 bool, fork, cur *big.Int) error

func (BN256) VerifySignature

func (BN256) VerifySignature(publicKey SerializedPublicKey, message []byte, extraData []byte,
	signature []byte, shouldUseCompositeHasher, cip22 bool, fork, cur *big.Int) error

type EpochEntropy

type EpochEntropy [EPOCHENTROPYBYTES]byte

EpochEntropy is a string of unprediactable bytes included in the epoch SNARK data to make prediction of future epoch message values infeasible.

func EpochEntropyFromHash

func EpochEntropyFromHash(hash common.Hash) EpochEntropy

EpochEntropyFromHash truncates the given hash to the length of epoch SNARK entropy.

type PublicKey

type PublicKey struct {
	// contains filtered or unexported fields
}

PublicKey is calculated as g^x

func AggregatePK

func AggregatePK(pks []*PublicKey) *PublicKey

func UnmarshalPk

func UnmarshalPk(b []byte) (*PublicKey, error)

UnmarshalPk unmarshals a byte array into a BLS PublicKey

func (*PublicKey) Aggregate

func (pk *PublicKey) Aggregate(pp *PublicKey) *PublicKey

Aggregate is a shortcut for Public Key aggregation

func (*PublicKey) Marshal

func (pk *PublicKey) Marshal() []byte

Marshal returns the binary representation of the G2 point being the public key

func (*PublicKey) MarshalText

func (pk *PublicKey) MarshalText() ([]byte, error)

MarshalText encodes the string representation of the public key

func (*PublicKey) Unmarshal

func (pk *PublicKey) Unmarshal(data []byte) error

Unmarshal a public key from a byte array

func (*PublicKey) UnmarshalText

func (pk *PublicKey) UnmarshalText(data []byte) error

UnmarshalText decode the string/byte representation into the public key

type SecretKey

type SecretKey struct {
	// contains filtered or unexported fields
}

SecretKey has "x" as secret for the BLS signature

func DeserializePrivateKey

func DeserializePrivateKey(privateKeyBytes []byte) (*SecretKey, error)

func (*SecretKey) Serialize

func (self *SecretKey) Serialize() ([]byte, error)

func (*SecretKey) ToG1Public

func (self *SecretKey) ToG1Public() []byte

func (*SecretKey) ToPublic

func (self *SecretKey) ToPublic() *PublicKey

type SerializedG1PublicKey

type SerializedG1PublicKey [G1PUBLICKEYBYTES]byte

func (SerializedG1PublicKey) MarshalText

func (pk SerializedG1PublicKey) MarshalText() ([]byte, error)

MarshalText returns the hex representation of pk.

func (*SerializedG1PublicKey) UnmarshalJSON

func (pk *SerializedG1PublicKey) UnmarshalJSON(input []byte) error

UnmarshalJSON parses a BLS public key in hex syntax.

func (*SerializedG1PublicKey) UnmarshalText

func (pk *SerializedG1PublicKey) UnmarshalText(input []byte) error

UnmarshalText parses a BLS public key in hex syntax.

type SerializedPublicKey

type SerializedPublicKey [PUBLICKEYBYTES]byte

func (SerializedPublicKey) MarshalText

func (pk SerializedPublicKey) MarshalText() ([]byte, error)

MarshalText returns the hex representation of pk.

func (*SerializedPublicKey) UnmarshalJSON

func (pk *SerializedPublicKey) UnmarshalJSON(input []byte) error

UnmarshalJSON parses a BLS public key in hex syntax.

func (*SerializedPublicKey) UnmarshalText

func (pk *SerializedPublicKey) UnmarshalText(input []byte) error

UnmarshalText parses a BLS public key in hex syntax.

type SerializedSignature

type SerializedSignature [SIGNATUREBYTES]byte

func SerializedSignatureFromBytes

func SerializedSignatureFromBytes(serializedSignature []byte) (SerializedSignature, error)

func (SerializedSignature) MarshalText

func (sig SerializedSignature) MarshalText() ([]byte, error)

MarshalText returns the hex representation of sig.

func (*SerializedSignature) UnmarshalJSON

func (sig *SerializedSignature) UnmarshalJSON(input []byte) error

UnmarshalJSON parses a BLS signature in hex syntax.

func (*SerializedSignature) UnmarshalText

func (sig *SerializedSignature) UnmarshalText(input []byte) error

UnmarshalText parses a BLS signature in hex syntax.

type Signature

type Signature struct {
	// contains filtered or unexported fields
}

Signature is the plain public key model of the BLS signature being resilient to rogue key attack

func Sign

func Sign(sk *SecretKey, pk *PublicKey, msg []byte) (*Signature, error)

Sign creates a signature from the private key and the public key pk

func Sign2

func Sign2(sk *SecretKey, pk *PublicKey, msg []byte) (*Signature, error)

func UnmarshalSignature

func UnmarshalSignature(sig []byte) (*Signature, error)

UnmarshalSignature unmarshals a byte array into a BLS signature

func (*Signature) Add

func (sigma *Signature) Add(pk *PublicKey, sig *UnsafeSignature) error

Add creates an aggregated signature from a normal BLS Signature and related public key

func (*Signature) Aggregate

func (sigma *Signature) Aggregate(other *Signature) *Signature

Aggregate two Signature

func (*Signature) AggregateBytes

func (sigma *Signature) AggregateBytes(other []byte) error

AggregateBytes is a shorthand for unmarshalling a byte array into a Signature and thus mutate Signature sigma by aggregating the unmarshalled signature

func (*Signature) Compress

func (sigma *Signature) Compress() []byte

Compress the signature to the 32 byte form

func (*Signature) Copy

func (sigma *Signature) Copy() *Signature

Copy (inefficiently) the Signature by unmarshaling and marshaling the embedded G1

func (*Signature) Decompress

func (sigma *Signature) Decompress(x []byte) error

Decompress reconstructs the 64 byte signature from the compressed form

func (*Signature) Marshal

func (sigma *Signature) Marshal() []byte

Marshal a Signature into a byte array

func (*Signature) Unmarshal

func (sigma *Signature) Unmarshal(msg []byte) error

Unmarshal a byte array into a Signature

type UnsafeSignature

type UnsafeSignature struct {
	// contains filtered or unexported fields
}

UnsafeSignature is the BLS Signature Struct not resilient to rogue-key attack

func UnsafeAggregate

func UnsafeAggregate(one, other *UnsafeSignature) *UnsafeSignature

UnsafeAggregate combines signatures on distinct messages.

func UnsafeBatch

func UnsafeBatch(sigs ...*UnsafeSignature) (*UnsafeSignature, error)

UnsafeBatch is a utility function to aggregate distinct messages (if not distinct the scheme is vulnerable to chosen-key attack)

func UnsafeSign

func UnsafeSign(key *SecretKey, msg []byte) (*UnsafeSignature, error)

UnsafeSign generates an UnsafeSignature being vulnerable to the rogue-key attack and therefore can only be used if the messages are distinct

func UnsafeSign2

func UnsafeSign2(key *SecretKey, msg []byte) (*UnsafeSignature, error)

func (*UnsafeSignature) Compress

func (usig *UnsafeSignature) Compress() []byte

Compress the signature to the 32 byte form

func (*UnsafeSignature) Decompress

func (usig *UnsafeSignature) Decompress(x []byte) error

Decompress reconstructs the 64 byte signature from the compressed form

func (*UnsafeSignature) Marshal

func (usig *UnsafeSignature) Marshal() []byte

Marshal an UnsafeSignature into a byte array

func (*UnsafeSignature) Unmarshal

func (usig *UnsafeSignature) Unmarshal(msg []byte) error

Unmarshal a byte array into an UnsafeSignature

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL