README
¶
ed25519
This package extends Golang's native Ed25519 package for additional functionality. Among other things, it adds support for signature aggregation, including adaptor signatures.
Documentation
¶
Overview ¶
Package ed25519 implements the Ed25519 signature algorithm. See https://ed25519.cr.yp.to/.
These functions are also compatible with the “Ed25519” function defined in RFC 8032.
Index ¶
- Constants
- func AddSignature(signature1, signature2 []byte) []byte
- func GenerateAdaptor(rand io.Reader) (Adaptor, CurvePoint, error)
- func GenerateJointKey(publicKeys []PublicKey) (jointKey PublicKey, primeKeys []PublicKey, err error)
- func GenerateKey(rand io.Reader) (publicKey PublicKey, privateKey PrivateKey, err error)
- func GenerateNonce(privateKey PrivateKey, message []byte) [32]byte
- func JointSign(privateKey, jointPrivateKey PrivateKey, noncePoints []CurvePoint, ...) []byte
- func JointSignWithAdaptor(privateKey, jointPrivateKey PrivateKey, ...) []byte
- func Sign(privateKey PrivateKey, message []byte) []byte
- func Verify(publicKey PublicKey, message, sig []byte) bool
- func VerifyAdaptorSignature(publicKey, jointPublicKey PublicKey, ...) bool
- type Adaptor
- type CurvePoint
- type PrivateKey
- type PublicKey
- type Scalar
Constants ¶
const ( // PublicKeySize is the size, in bytes, of public keys as used in this package. PublicKeySize = 32 // PrivateKeySize is the size, in bytes, of private keys as used in this package. PrivateKeySize = 64 // SignatureSize is the size, in bytes, of signatures generated and verified by this package. SignatureSize = 64 // AdaptorSize is the size, in bytes, of secret adaptors used in adaptor signatures AdaptorSize = 32 // CurvePointSize is the size, in bytes, of points on the elliptic curve CurvePointSize = 32 // CurvePointSize is the size, in bytes, of a large scalar ScalarSize = 32 )
Variables ¶
This section is empty.
Functions ¶
func AddSignature ¶
s_agg = s_A + s_B R_agg = R_A + R_B
func GenerateAdaptor ¶
func GenerateAdaptor(rand io.Reader) (Adaptor, CurvePoint, error)
func GenerateJointKey ¶
func GenerateJointKey(publicKeys []PublicKey) (jointKey PublicKey, primeKeys []PublicKey, err error)
Takes n pubkeys: P1, P2, ..., Pn Returns n+1 pubkeys: an aggregate joint key, J, as well as n modified pubkeys: P'1, P'2, ..., P'n Implemented as described in: https://blockstream.com/2018/01/23/musig-key-aggregation-schnorr-signatures.html
func GenerateKey ¶
func GenerateKey(rand io.Reader) (publicKey PublicKey, privateKey PrivateKey, err error)
GenerateKey generates a public/private key pair using entropy from rand. If rand is nil, crypto/rand.Reader will be used.
func GenerateNonce ¶
func GenerateNonce(privateKey PrivateKey, message []byte) [32]byte
func JointSign ¶
func JointSign(privateKey, jointPrivateKey PrivateKey, noncePoints []CurvePoint, message []byte) []byte
H(R1 + R2 + ... + Rn || J(P1, P2, ..., Pn) || m) = e si = ri + e * x'i
func JointSignWithAdaptor ¶
func JointSignWithAdaptor(privateKey, jointPrivateKey PrivateKey, noncePoint1, noncePoint2, adaptorPoint CurvePoint, message []byte) []byte
e = H(R_A + R_B + T || J(A, B) || m) s_A = r_A + e * x_A' s_B' = r_B + e * x_B'
func Sign ¶
func Sign(privateKey PrivateKey, message []byte) []byte
Signature is calculated: s = r + H(R,A,m)a The signature is encoded as: R || s
func VerifyAdaptorSignature ¶
func VerifyAdaptorSignature(publicKey, jointPublicKey PublicKey, noncePoint1, noncePoint2, adaptorPoint CurvePoint, message, sig []byte) bool
e = H(R_A + R_B + T || J(A, B) || m) s_B' * G ?= R_B + e * P_B' So R_B ?= S_B' - e * P_B'?
Types ¶
type Adaptor ¶
type Adaptor []byte
Adaptor is the type of secret adaptors used in adaptor signatures
type CurvePoint ¶
type CurvePoint []byte
CurvePoint is the byte representation of a point on the elliptic curve
func GenerateCurvePoint ¶
func GenerateCurvePoint(scalar []byte) CurvePoint
func GenerateNoncePoint ¶
func GenerateNoncePoint(privateKey PrivateKey, message []byte) CurvePoint
func (CurvePoint) Add ¶
func (cp CurvePoint) Add(point CurvePoint) CurvePoint
type PrivateKey ¶
type PrivateKey []byte
PrivateKey is the type of Ed25519 private keys. It implements crypto.Signer.
func GenerateJointPrivateKey ¶
func GenerateJointPrivateKey(publicKeys []PublicKey, privateKey PrivateKey, n int) (jointPrivateKey PrivateKey, err error)
func (PrivateKey) Public ¶
func (priv PrivateKey) Public() crypto.PublicKey
Public returns the PublicKey corresponding to priv.
func (PrivateKey) Sign ¶
func (priv PrivateKey) Sign(rand io.Reader, message []byte, opts crypto.SignerOpts) (signature []byte, err error)
Sign signs the given message with priv. Ed25519 performs two passes over messages to be signed and therefore cannot handle pre-hashed messages. Thus opts.HashFunc() must return zero to indicate the message hasn't been hashed. This can be achieved by passing crypto.Hash(0) as the value for opts.
Source Files
Directories