Documentation ¶
Index ¶
- Constants
- func GenKeyPair(randReader io.Reader) (*PublicKey, *SecretKey, error)
- func PerformHash(msg []byte) ([]byte, error)
- func PrivateToG1Public(privateKeyBytes []byte) ([]byte, error)
- func PrivateToPublic(privateKeyBytes []byte) ([]byte, error)
- func UnmarshalG1Pk(g1pkmsg []byte) (*cfbn256.G1, error)
- func Verify(apk *Apk, msg []byte, sigma *Signature) error
- func Verify2(apk *Apk, msg []byte, sigma *Signature) error
- func VerifyBatch(apks []*Apk, msgs [][]byte, sigma *Signature) error
- func VerifyCompressed(pks []*cfbn256.G2, msgList [][]byte, compressedSig []byte, allowDistinct bool) error
- func VerifyG1Pk(g1pk []byte, g2pk []byte) error
- func VerifyUnsafe(pkey *PublicKey, msg []byte, signature *UnsafeSignature) error
- func VerifyUnsafe2(pkey *PublicKey, msg []byte, signature *UnsafeSignature) error
- func VerifyUnsafeBatch(pkeys []*PublicKey, msgList [][]byte, signature *UnsafeSignature) error
- type Apk
- type BLSCryptoSelector
- type BN256
- func (BN256) AggregateSignatures(signatures [][]byte) ([]byte, error)
- func (BN256) ECDSAToBLS(privateKeyECDSA *ecdsa.PrivateKey) ([]byte, error)
- func (BN256) EncodeEpochSnarkDataCIP22(newValSet []SerializedPublicKey, maximumNonSigners, maxValidators uint32, ...) ([]byte, []byte, error)
- func (BN256) PrivateToG1Public(privateKeyBytes []byte) (SerializedG1PublicKey, error)
- func (BN256) PrivateToPublic(privateKeyBytes []byte) (SerializedPublicKey, error)
- func (BN256) UncompressKey(serialized SerializedPublicKey) ([]byte, error)
- func (BN256) VerifyAggregatedSignature(publicKeys []SerializedPublicKey, message []byte, extraData []byte, ...) error
- func (BN256) VerifySignature(publicKey SerializedPublicKey, message []byte, extraData []byte, ...) error
- type EpochEntropy
- type PublicKey
- type SecretKey
- type SerializedG1PublicKey
- type SerializedPublicKey
- type SerializedSignature
- type Signature
- func (sigma *Signature) Add(pk *PublicKey, sig *UnsafeSignature) error
- func (sigma *Signature) Aggregate(other *Signature) *Signature
- func (sigma *Signature) AggregateBytes(other []byte) error
- func (sigma *Signature) Compress() []byte
- func (sigma *Signature) Copy() *Signature
- func (sigma *Signature) Decompress(x []byte) error
- func (sigma *Signature) Marshal() []byte
- func (sigma *Signature) Unmarshal(msg []byte) error
- type UnsafeSignature
Constants ¶
const ( BLSCryptoType = 1 BN256Curve = 1 BLS12377Curve = 2 BLS12381Curve = 3 PUBLICKEYBYTES = 128 G1PUBLICKEYBYTES = 64 SIGNATUREBYTES = 64 EPOCHENTROPYBYTES = 16 )
const ( MODULUS256 = "21888242871839275222246405745257275088548364400416034343698204186575808495617" MODULUSBITS = 254 MODULUSMASK = 63 // == 2**(254-(256-8)) - 1 )
Variables ¶
This section is empty.
Functions ¶
func GenKeyPair ¶
GenKeyPair generates Public and Private Keys
func PerformHash ¶
func PrivateToG1Public ¶
func PrivateToPublic ¶
func VerifyBatch ¶
VerifyBatch is the verification step of a batch of aggregated apk signatures TODO: consider adding the possibility to handle non distinct messages (at batch level after aggregating APK)
func VerifyCompressed ¶
func VerifyCompressed(pks []*cfbn256.G2, msgList [][]byte, compressedSig []byte, allowDistinct bool) error
VerifyCompressed verifies a Compressed marshalled signature
func VerifyG1Pk ¶
func VerifyUnsafe ¶
func VerifyUnsafe(pkey *PublicKey, msg []byte, signature *UnsafeSignature) error
VerifyUnsafe checks the given BLS signature bls on the message m using the public key pkey by verifying that the equality e(H(m), X) == e(H(m), x*B2) == e(x*H(m), B2) == e(S, B2) holds where e is the pairing operation and B2 is the base point from curve G2.
func VerifyUnsafe2 ¶
func VerifyUnsafe2(pkey *PublicKey, msg []byte, signature *UnsafeSignature) error
func VerifyUnsafeBatch ¶
func VerifyUnsafeBatch(pkeys []*PublicKey, msgList [][]byte, signature *UnsafeSignature) error
VerifyUnsafeBatch verifies a batch of messages signed with aggregated signature the rogue-key attack is prevented by making all messages distinct
Types ¶
type Apk ¶
type Apk struct {
*PublicKey
}
Apk is the short aggregated public key struct
func AggregateApk ¶
AggregateApk aggregates the public key according to the following formula: apk ← ∏ⁿᵢ₌₁ pk^H₁(pkᵢ)
func UnmarshalApk ¶
UnmarshalApk unmarshals a byte array into an aggregated PublicKey
func (*Apk) Aggregate ¶
Aggregate a Public Key to the Apk struct according to the formula pk^H₁(pkᵢ)
func (*Apk) AggregateBytes ¶
AggregateBytes is a convenient method to aggregate the unmarshalled form of PublicKey directly
type BLSCryptoSelector ¶
type BLSCryptoSelector interface { ECDSAToBLS(privateKeyECDSA *ecdsa.PrivateKey) ([]byte, error) PrivateToPublic(privateKeyBytes []byte) (SerializedPublicKey, error) PrivateToG1Public(privateKeyBytes []byte) (SerializedG1PublicKey, error) VerifyAggregatedSignature(publicKeys []SerializedPublicKey, message []byte, extraData []byte, signature []byte, shouldUseCompositeHasher, cip22 bool, fork, cur *big.Int) error AggregateSignatures(signatures [][]byte) ([]byte, error) VerifySignature(publicKey SerializedPublicKey, message []byte, extraData []byte, signature []byte, shouldUseCompositeHasher, cip22 bool, fork, cur *big.Int) error EncodeEpochSnarkDataCIP22(newValSet []SerializedPublicKey, maximumNonSigners, maxValidators uint32, epochIndex uint16, round uint8, blockHash, parentHash EpochEntropy) ([]byte, []byte, error) UncompressKey(serialized SerializedPublicKey) ([]byte, error) }
func CryptoType ¶
func CryptoType() BLSCryptoSelector
type BN256 ¶
type BN256 struct{}
func (BN256) AggregateSignatures ¶
func (BN256) ECDSAToBLS ¶
func (BN256) ECDSAToBLS(privateKeyECDSA *ecdsa.PrivateKey) ([]byte, error)
func (BN256) ECDSAToBLS(privateKeyECDSA *ecdsa.PrivateKey) ([]byte, error) { return crypto.FromECDSA(privateKeyECDSA), nil }
func (BN256) EncodeEpochSnarkDataCIP22 ¶
func (BN256) EncodeEpochSnarkDataCIP22(newValSet []SerializedPublicKey, maximumNonSigners, maxValidators uint32, epochIndex uint16, round uint8, blockHash, parentHash EpochEntropy) ([]byte, []byte, error)
func (BN256) PrivateToG1Public ¶
func (BN256) PrivateToG1Public(privateKeyBytes []byte) (SerializedG1PublicKey, error)
func (BN256) PrivateToPublic ¶
func (BN256) PrivateToPublic(privateKeyBytes []byte) (SerializedPublicKey, error)
func (BN256) UncompressKey ¶
func (BN256) UncompressKey(serialized SerializedPublicKey) ([]byte, error)
func (BN256) VerifyAggregatedSignature ¶
type EpochEntropy ¶
type EpochEntropy [EPOCHENTROPYBYTES]byte
EpochEntropy is a string of unprediactable bytes included in the epoch SNARK data to make prediction of future epoch message values infeasible.
func EpochEntropyFromHash ¶
func EpochEntropyFromHash(hash common.Hash) EpochEntropy
EpochEntropyFromHash truncates the given hash to the length of epoch SNARK entropy.
type PublicKey ¶
type PublicKey struct {
// contains filtered or unexported fields
}
PublicKey is calculated as g^x
func AggregatePK ¶
func UnmarshalPk ¶
UnmarshalPk unmarshals a byte array into a BLS PublicKey
func (*PublicKey) Marshal ¶
Marshal returns the binary representation of the G2 point being the public key
func (*PublicKey) MarshalText ¶
MarshalText encodes the string representation of the public key
func (*PublicKey) UnmarshalText ¶
UnmarshalText decode the string/byte representation into the public key
type SecretKey ¶
type SecretKey struct {
// contains filtered or unexported fields
}
SecretKey has "x" as secret for the BLS signature
func DeserializePrivateKey ¶
func (*SecretKey) ToG1Public ¶
type SerializedG1PublicKey ¶
type SerializedG1PublicKey [G1PUBLICKEYBYTES]byte
func (SerializedG1PublicKey) MarshalText ¶
func (pk SerializedG1PublicKey) MarshalText() ([]byte, error)
MarshalText returns the hex representation of pk.
func (*SerializedG1PublicKey) UnmarshalJSON ¶
func (pk *SerializedG1PublicKey) UnmarshalJSON(input []byte) error
UnmarshalJSON parses a BLS public key in hex syntax.
func (*SerializedG1PublicKey) UnmarshalText ¶
func (pk *SerializedG1PublicKey) UnmarshalText(input []byte) error
UnmarshalText parses a BLS public key in hex syntax.
type SerializedPublicKey ¶
type SerializedPublicKey [PUBLICKEYBYTES]byte
func (SerializedPublicKey) MarshalText ¶
func (pk SerializedPublicKey) MarshalText() ([]byte, error)
MarshalText returns the hex representation of pk.
func (*SerializedPublicKey) UnmarshalJSON ¶
func (pk *SerializedPublicKey) UnmarshalJSON(input []byte) error
UnmarshalJSON parses a BLS public key in hex syntax.
func (*SerializedPublicKey) UnmarshalText ¶
func (pk *SerializedPublicKey) UnmarshalText(input []byte) error
UnmarshalText parses a BLS public key in hex syntax.
type SerializedSignature ¶
type SerializedSignature [SIGNATUREBYTES]byte
func SerializedSignatureFromBytes ¶
func SerializedSignatureFromBytes(serializedSignature []byte) (SerializedSignature, error)
func (SerializedSignature) MarshalText ¶
func (sig SerializedSignature) MarshalText() ([]byte, error)
MarshalText returns the hex representation of sig.
func (*SerializedSignature) UnmarshalJSON ¶
func (sig *SerializedSignature) UnmarshalJSON(input []byte) error
UnmarshalJSON parses a BLS signature in hex syntax.
func (*SerializedSignature) UnmarshalText ¶
func (sig *SerializedSignature) UnmarshalText(input []byte) error
UnmarshalText parses a BLS signature in hex syntax.
type Signature ¶
type Signature struct {
// contains filtered or unexported fields
}
Signature is the plain public key model of the BLS signature being resilient to rogue key attack
func UnmarshalSignature ¶
UnmarshalSignature unmarshals a byte array into a BLS signature
func (*Signature) Add ¶
func (sigma *Signature) Add(pk *PublicKey, sig *UnsafeSignature) error
Add creates an aggregated signature from a normal BLS Signature and related public key
func (*Signature) AggregateBytes ¶
AggregateBytes is a shorthand for unmarshalling a byte array into a Signature and thus mutate Signature sigma by aggregating the unmarshalled signature
func (*Signature) Copy ¶
Copy (inefficiently) the Signature by unmarshaling and marshaling the embedded G1
func (*Signature) Decompress ¶
Decompress reconstructs the 64 byte signature from the compressed form
type UnsafeSignature ¶
type UnsafeSignature struct {
// contains filtered or unexported fields
}
UnsafeSignature is the BLS Signature Struct not resilient to rogue-key attack
func UnsafeAggregate ¶
func UnsafeAggregate(one, other *UnsafeSignature) *UnsafeSignature
UnsafeAggregate combines signatures on distinct messages.
func UnsafeBatch ¶
func UnsafeBatch(sigs ...*UnsafeSignature) (*UnsafeSignature, error)
UnsafeBatch is a utility function to aggregate distinct messages (if not distinct the scheme is vulnerable to chosen-key attack)
func UnsafeSign ¶
func UnsafeSign(key *SecretKey, msg []byte) (*UnsafeSignature, error)
UnsafeSign generates an UnsafeSignature being vulnerable to the rogue-key attack and therefore can only be used if the messages are distinct
func UnsafeSign2 ¶
func UnsafeSign2(key *SecretKey, msg []byte) (*UnsafeSignature, error)
func (*UnsafeSignature) Compress ¶
func (usig *UnsafeSignature) Compress() []byte
Compress the signature to the 32 byte form
func (*UnsafeSignature) Decompress ¶
func (usig *UnsafeSignature) Decompress(x []byte) error
Decompress reconstructs the 64 byte signature from the compressed form
func (*UnsafeSignature) Marshal ¶
func (usig *UnsafeSignature) Marshal() []byte
Marshal an UnsafeSignature into a byte array
func (*UnsafeSignature) Unmarshal ¶
func (usig *UnsafeSignature) Unmarshal(msg []byte) error
Unmarshal a byte array into an UnsafeSignature