xnyss

README

xnyss

Implementation of the eXtended Naor-Yung Signature Scheme. It was specifically designed for use in blockchain technologies.

XNYSS uses a modified form of Naor-Yung chaining to transform a One-Time Signature (OTS) scheme into a many-time scheme. This is achieved by including the hashes of two public keys, to be used for future signatures, in every created signature. Thus every signature in the resulting binary tree can be traced back to the first one.

This implementation is part of my master's thesis, which can be found here.

Documentation

Overview

Implements the eXtended Naor-Yung Signature Scheme (XNYSS). Note that the NYTree struct is not thread safe.

Index

• Constants
• Variables
• type NYTree
  • func Load(b []byte) (*NYTree, error)
  • func New(seed, pubSeed []byte, ots bool) *NYTree
  • func (t *NYTree) Available(txid []byte) (n int)
  • func (t *NYTree) Backup(count int) (*NYTree, error)
  • func (t *NYTree) Bytes() []byte
  • func (t *NYTree) Confirm(pkh []byte, confirms uint8)
  • func (t *NYTree) PublicKey() []byte
  • func (t *NYTree) Sign(msg, txid []byte) (*Signature, error)
  • func (t *NYTree) Unconfirmed() (pkhashes [][]byte)
  • func (t *NYTree) Wipe()
• type Signature
  • func NewSignature(sigBytes, msg []byte) (sig *Signature, err error)
  • func (sig *Signature) Bytes() []byte
  • func (sig *Signature) PublicKey() ([]byte, error)

Constants

const (
	MsgLen    = 32
	SigLen    = wotsp.SigLen
	PubKeyLen = wotsp.PubKeyLen
)

Variables

var (
	ErrInvalidSigEncoding = errors.New("invalid signature encoding")
	ErrSigMsgNotSet       = errors.New("signature message is not set")
)

var (
	ErrInvalidMsgLen     = errors.New("invalid message length (must be 32 bytes)")
	ErrTreeInvalidInput  = errors.New("invalid input, must contain at least a private and a public seed")
	ErrTreeNoneAvailable = errors.New("no signature nodes available")
	ErrTreeBackupOneTime = errors.New("cannot create a backup of a one-time tree")
	ErrTreeBackupFailed  = errors.New("more backup nodes requested than are available")
)

var Branches = 3

Denotes the branching factor when using long-term keys

var ConfirmsRequired uint8 = 1

Denotes the amount of confirmations (or block depth) that are required before a node can be used to create new signatures.

var (
	ErrNodeInvalidInput = errors.New("input is not a valid node")
)

Types

type NYTree

type NYTree struct {
	// contains filtered or unexported fields
}

func Load

func Load(b []byte) (*NYTree, error)

Loads an existing Naor-Yung chain tree from bytes.

func New

func New(seed, pubSeed []byte, ots bool) *NYTree

Creates a new Naor-Yung chain tree using the given secret and public seeds.

func (*NYTree) Available

func (t *NYTree) Available(txid []byte) (n int)

Returns the amount of signatures that can be created with the tree t. If txid is not nil, nodes with a matching txid are counted as valid even if they do not have enough confirmations. This is useful when a transaction includes multiple inputs: these can all be signed in one subtree.

func (*NYTree) Backup

func (t *NYTree) Backup(count int) (*NYTree, error)

Create a backup of the tree t by moving 'count' nodes of t to a new tree. A backup can only be created if the original tree contains more than one node that is available for signing (i.e. has at least ConfirmsRequired confirmations).

func (*NYTree) Bytes

func (t *NYTree) Bytes() []byte

Returns a byte representation of the tree t.

func (*NYTree) Confirm

func (t *NYTree) Confirm(pkh []byte, confirms uint8)

Sets the confirmation count of all nodes in the tree with the given txid to the given number of confirmations.

Because we have to calculate the public key hash for every node on the fly, this function can be a performance hog if you need to confirm many nodes. We can speed this up by saving the public key hash of every (unconfirmed) node, which would increase the size of every node with 32 bytes. Depending on the amount of (unconfirmed) nodes that are in the state, this could be an acceptable tradeoff. An ameliorating factor is that when we are confirming a batch of nodes, the performance of this function will improve after every call since each time an additional node will be confirmed.

func (*NYTree) PublicKey

func (t *NYTree) PublicKey() []byte

Returns the long-term public key of a tree.

func (*NYTree) Sign

func (t *NYTree) Sign(msg, txid []byte) (*Signature, error)

Creates a signature for the given message. The txid and input are used to create new nodes in the tree. Returns an error if no nodes are available to create new signatures, of if the input message is longer than 32 bytes.

Whenever a signature is created, two new nodes are added to the tree. These new nodes can be used in the future to create new signatures. The returned signature signs the message H(msg||H(pk1)||H(pk2)) where msg is the original message passed to this function. Both H(pk1) and H(pk2) are included in the returned signature structure.

func (*NYTree) Unconfirmed

func (t *NYTree) Unconfirmed() (pkhashes [][]byte)

Returns a list of public key hashes of unconfirmed nodes present in the tree.

func (*NYTree) Wipe

func (t *NYTree) Wipe()

Wipes secret data.

type Signature

type Signature struct {
	PubSeed     []byte
	Message     []byte
	ChildHashes [][]byte
	SigBytes    []byte
}

func NewSignature

func NewSignature(sigBytes, msg []byte) (sig *Signature, err error)

func (*Signature) Bytes

func (sig *Signature) Bytes() []byte

func (*Signature) PublicKey

func (sig *Signature) PublicKey() ([]byte, error)