Documentation
¶
Overview ¶
Package ted25519 implements the Ed25519 signature algorithm. See https://ed25519.cr.yp.to/
These functions are also compatible with the "Ed25519" function defined in RFC 8032. However, unlike RFC 8032's formulation, this package's private key representation includes a public key suffix to make multiple signing operations with the same key more efficient. This package refers to the RFC 8032 private key as the "seed". This code is a port of the public domain, “ref10” implementation of ed25519 from SUPERCOP.
Index ¶
- Constants
- func ExpandSeed(seed []byte) []byte
- func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error)
- func GenerateSharedKey(config *ShareConfiguration) (PublicKey, []*KeyShare, Commitments, error)
- func GenerateSharedNonce(config *ShareConfiguration, s *KeyShare, p PublicKey, m Message) (PublicKey, []*NonceShare, Commitments, error)
- func PublicKeyFromBytes(bytes []byte) ([]byte, error)
- func Reconstruct(keyShares []*KeyShare, config *ShareConfiguration) ([]byte, error)
- func Sign(privateKey PrivateKey, message []byte) ([]byte, error)
- func ThresholdSign(expandedSecretKeyShare []byte, publicKey PublicKey, message []byte, ...) []byte
- func Verify(publicKey PublicKey, message, sig []byte) (bool, error)
- type Commitments
- type KeyShare
- type Message
- type NonceShare
- type PartialSignature
- type PrivateKey
- type PublicKey
- type ShareConfiguration
- type Signature
Constants ¶
const ( // PublicKeySize is the size, in bytes, of public keys as used in this package. PublicKeySize = 32 // PrivateKeySize is the size, in bytes, of private keys as used in this package. PrivateKeySize = 64 // SignatureSize is the size, in bytes, of signatures generated and verified by this package. SignatureSize = 64 // SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032. SeedSize = 32 )
Variables ¶
This section is empty.
Functions ¶
func ExpandSeed ¶
ExpandSeed applies the standard Ed25519 transform to the seed to turn it into the real private key that is used for signing. It returns the expanded seed.
func GenerateKey ¶
func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error)
GenerateKey generates a public/private key pair using entropy from rand. If rand is nil, crypto/rand.Reader will be used.
func GenerateSharedKey ¶
func GenerateSharedKey(config *ShareConfiguration) (PublicKey, []*KeyShare, Commitments, error)
GenerateSharedKey generates a random key, splits it, and returns the public key, shares, and VSS commitments.
func GenerateSharedNonce ¶
func GenerateSharedNonce(config *ShareConfiguration, s *KeyShare, p PublicKey, m Message) ( PublicKey, []*NonceShare, Commitments, error, )
GenerateSharedNonce generates a random nonce, splits it, and returns the nonce pubkey, nonce shares, and VSS commitments.
func PublicKeyFromBytes ¶
PublicKeyFromBytes converts byte array into PublicKey byte array
func Reconstruct ¶
func Reconstruct(keyShares []*KeyShare, config *ShareConfiguration) ([]byte, error)
Reconstruct recovers the secret from a set of secret shares.
func Sign ¶
func Sign(privateKey PrivateKey, message []byte) ([]byte, error)
Sign signs the message with privateKey and returns a signature. It will panic if len(privateKey) is not PrivateKeySize.
func ThresholdSign ¶
func ThresholdSign( expandedSecretKeyShare []byte, publicKey PublicKey, message []byte, rShare []byte, R PublicKey, ) []byte
ThresholdSign is used for creating signatures for threshold protocols that replace the values of the private key and nonce with shamir shares instead. Because of this we must have a custom signing implementation that accepts arguments for values that cannot be derived anymore and removes the extended key generation since that should be done before the secret is shared.
expandedSecretKeyShare and rShare must be little-endian.
Types ¶
type Commitments ¶
Commitments is a collection of public keys with each coefficient of a polynomial as the secret keys.
func CommitmentsFromBytes ¶
func CommitmentsFromBytes(bytes [][]byte) (Commitments, error)
CommitmentsFromBytes converts bytes to commitments
func (Commitments) CommitmentsToBytes ¶
func (commitments Commitments) CommitmentsToBytes() [][]byte
CommitmentsToBytes converts commitments to bytes
type KeyShare ¶
type KeyShare struct {
}
KeyShare represents a share of a generated key.
func KeyShareFromBytes ¶
KeyShareFromBytes converts byte array into KeyShare type
func NewKeyShare ¶
NewKeyShare is a KeyShare constructor.
func (*KeyShare) VerifyVSS ¶
func (share *KeyShare) VerifyVSS(commitments Commitments, config *ShareConfiguration) (bool, error)
VerifyVSS validates that a Share represents a solution to a Shamir polynomial in which len(commitments) + 1 solutions are required to construct the private key for the public key at commitments[0].
type NonceShare ¶
type NonceShare struct {
}
NonceShare represents a share of a generated nonce.
func NewNonceShare ¶
func NewNonceShare(identifier byte, secret []byte) *NonceShare
NewNonceShare is a NonceShare construction
func NonceShareFromBytes ¶
func NonceShareFromBytes(bytes []byte) *NonceShare
NonceShareFromBytes unmashals a NonceShare from its bytes representation
func (NonceShare) Add ¶
func (n NonceShare) Add(other *NonceShare) *NonceShare
Add returns the sum of two NonceShares.
type PartialSignature ¶
type PartialSignature struct {
Sig []byte // 64-byte signature: R || s
}
func NewPartialSignature ¶
func NewPartialSignature(identifier byte, sig []byte) *PartialSignature
NewPartialSignature creates a new PartialSignature
func TSign ¶
func TSign(message Message, key *KeyShare, pub PublicKey, nonce *NonceShare, noncePub PublicKey) *PartialSignature
TSign generates a signature that can later be aggregated with others to produce a signature valid under the provided public key and nonce pair.
func (*PartialSignature) Bytes ¶
func (sig *PartialSignature) Bytes() []byte
func (*PartialSignature) R ¶
func (sig *PartialSignature) R() []byte
R returns the R component of the signature
func (*PartialSignature) S ¶
func (sig *PartialSignature) S() []byte
S returns the s component of the signature
type PrivateKey ¶
type PrivateKey []byte
PrivateKey is the type of Ed25519 private keys. It implements crypto.Signer.
func NewKeyFromSeed ¶
func NewKeyFromSeed(seed []byte) (PrivateKey, error)
NewKeyFromSeed calculates a private key from a seed. It will panic if len(seed) is not SeedSize. This function is provided for interoperability with RFC 8032. RFC 8032's private keys correspond to seeds in this package.
func (PrivateKey) Public ¶
func (priv PrivateKey) Public() crypto.PublicKey
Public returns the PublicKey corresponding to priv.
func (PrivateKey) Seed ¶
func (priv PrivateKey) Seed() []byte
Seed returns the private key seed corresponding to priv. It is provided for interoperability with RFC 8032. RFC 8032's private keys correspond to seeds in this package.
func (PrivateKey) Sign ¶
func (priv PrivateKey) Sign(rand io.Reader, message []byte, opts crypto.SignerOpts) (signature []byte, err error)
Sign signs the given message with priv. Ed25519 performs two passes over messages to be signed and therefore cannot handle pre-hashed messages. Thus opts.HashFunc() must return zero to indicate the message hasn't been hashed. This can be achieved by passing crypto.Hash(0) as the value for opts.
type PublicKey ¶
type PublicKey []byte
PublicKey is the type of Ed25519 public keys.
type ShareConfiguration ¶
type ShareConfiguration struct {
}
ShareConfiguration sets threshold and limit for the protocol
type Signature ¶
type Signature = []byte
func Aggregate ¶
func Aggregate(sigs []*PartialSignature, config *ShareConfiguration) (Signature, error)
Source Files