schnorr

package

v0.0.0-...-c0e0803 Latest Latest Go to latest Published: Sep 6, 2022 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/awsong/crypto

Documentation ¶

Index ¶

func ProveEquality(secret, g1, g2, t1, t2 *big.Int, group *Group) bool
func ProvePartialDLogKnowledge(group *Group, secret1, a1, a2, b2 *big.Int) bool
type BTEqualityProver
- func NewBTEqualityProver(group *Group) *BTEqualityProver
- func (p *BTEqualityProver) GetProofData(challenge *big.Int) *big.Int
- func (p *BTEqualityProver) GetProofRandomData(secret, g1, g2 *big.Int) (*big.Int, *big.Int)
type BTEqualityVerifier
- func NewBTEqualityVerifier(group *Group, gamma *big.Int) *BTEqualityVerifier
- func (v *BTEqualityVerifier) GetChallenge(g1, g2, t1, t2, x1, x2 *big.Int) *big.Int
- func (v *BTEqualityVerifier) Verify(z *big.Int) (bool, *BlindedTrans, *big.Int, *big.Int)
type BlindedTrans
- func NewBlindedTrans(a, b, hash, zAlpha *big.Int) *BlindedTrans
- func (t *BlindedTrans) Verify(group *Group, g1, t1, G2, T2 *big.Int) bool
type EqualityProver
- func NewEqualityProver(group *Group) *EqualityProver
- func (p *EqualityProver) GetProofData(challenge *big.Int) *big.Int
- func (p *EqualityProver) GetProofRandomData(secret, g1, g2 *big.Int) (*big.Int, *big.Int)
type EqualityVerifier
- func NewEqualityVerifier(group *Group) *EqualityVerifier
- func (v *EqualityVerifier) GetChallenge(g1, g2, t1, t2, x1, x2 *big.Int) *big.Int
- func (v *EqualityVerifier) Verify(z *big.Int) bool
type Group
- func NewGroup(qBitLength int) (*Group, error)
- func NewGroupFromParams(p, g, q *big.Int) *Group
- func (g *Group) Add(x, y *big.Int) *big.Int
- func (g *Group) Exp(base, exponent *big.Int) *big.Int
- func (g *Group) GetRandomElement() *big.Int
- func (g *Group) Inv(x *big.Int) *big.Int
- func (g *Group) IsElementInGroup(x *big.Int) bool
- func (g *Group) Mul(x, y *big.Int) *big.Int
type PartialProver
- func NewPartialProver(group *Group) *PartialProver
- func (p *PartialProver) GetProofData(challenge *big.Int) (*big.Int, *big.Int, *big.Int, *big.Int)
- func (p *PartialProver) GetProofRandomData(secret1, a1, b1, a2, b2 *big.Int) (*common.Triple, *common.Triple)
type PartialVerifier
- func NewPartialVerifier(group *Group) *PartialVerifier
- func (v *PartialVerifier) GetChallenge() *big.Int
- func (v *PartialVerifier) SetProofRandomData(triple1, triple2 *common.Triple)
- func (v *PartialVerifier) Verify(c1, z1, c2, z2 *big.Int) bool
type Proof
- func NewProof(proofRandomData, challenge *big.Int, proofData []*big.Int) *Proof
type Prover
- func NewProver(group *Group, secrets, bases []*big.Int, y *big.Int) (*Prover, error)
- func (p *Prover) GetProofData(challenge *big.Int) []*big.Int
- func (p *Prover) GetProofRandomData() *big.Int
type Verifier
- func NewVerifier(group *Group) *Verifier
- func (v *Verifier) GetChallenge() *big.Int
- func (v *Verifier) SetChallenge(challenge *big.Int)
- func (v *Verifier) SetProofRandomData(proofRandomData *big.Int, bases []*big.Int, y *big.Int)
- func (v *Verifier) Verify(proofData []*big.Int) bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ProveEquality ¶

func ProveEquality(secret, g1, g2, t1, t2 *big.Int, group *Group) bool

ProveEquality demonstrates how prover can prove the knowledge of log_g1(t1), log_g2(t2) and that log_g1(t1) = log_g2(t2).

func ProvePartialDLogKnowledge ¶

func ProvePartialDLogKnowledge(group *Group, secret1, a1, a2, b2 *big.Int) bool

ProvePartialDLogKnowledge demonstrates how prover can prove that he knows dlog_a2(b2) and the verifier does not know whether knowledge of dlog_a1(b1) or knowledge of dlog_a2(b2) was proved.

Types ¶

type BTEqualityProver ¶

type BTEqualityProver struct {
	Group *Group
	// contains filtered or unexported fields
}

func NewBTEqualityProver ¶

func NewBTEqualityProver(group *Group) *BTEqualityProver

func (*BTEqualityProver) GetProofData ¶

func (p *BTEqualityProver) GetProofData(challenge *big.Int) *big.Int

func (*BTEqualityProver) GetProofRandomData ¶

func (p *BTEqualityProver) GetProofRandomData(secret, g1, g2 *big.Int) (*big.Int,
	*big.Int)

Prove that you know dlog_g1(h1), dlog_g2(h2) and that dlog_g1(h1) = dlog_g2(h2).

type BTEqualityVerifier ¶

type BTEqualityVerifier struct {
	Group *Group
	// contains filtered or unexported fields
}

func NewBTEqualityVerifier ¶

func NewBTEqualityVerifier(group *Group,
	gamma *big.Int) *BTEqualityVerifier

func (*BTEqualityVerifier) GetChallenge ¶

func (v *BTEqualityVerifier) GetChallenge(g1, g2, t1, t2, x1, x2 *big.Int) *big.Int

func (*BTEqualityVerifier) Verify ¶

func (v *BTEqualityVerifier) Verify(z *big.Int) (bool, *BlindedTrans,
	*big.Int, *big.Int)

It receives z = r + secret * challenge. It returns true if g1^z = g1^r * (g1^secret) ^ challenge and g2^z = g2^r * (g2^secret) ^ challenge.

type BlindedTrans ¶

type BlindedTrans struct {
	A      *big.Int
	B      *big.Int
	Hash   *big.Int
	ZAlpha *big.Int
}

BlindedTrans represents a blinded transcript.

func NewBlindedTrans ¶

func NewBlindedTrans(a, b, hash, zAlpha *big.Int) *BlindedTrans

func (*BlindedTrans) Verify ¶

func (t *BlindedTrans) Verify(group *Group, g1, t1, G2, T2 *big.Int) bool

Verifies that the blinded transcript is valid. That means the knowledge of log_g1(t1), log_G2(T2) and log_g1(t1) = log_G2(T2). Note that G2 = g2^gamma, T2 = t2^gamma where gamma was chosen by verifier.

type EqualityProver ¶

type EqualityProver struct {
	Group *Group
	// contains filtered or unexported fields
}

func NewEqualityProver ¶

func NewEqualityProver(group *Group) *EqualityProver

func (*EqualityProver) GetProofData ¶

func (p *EqualityProver) GetProofData(challenge *big.Int) *big.Int

func (*EqualityProver) GetProofRandomData ¶

func (p *EqualityProver) GetProofRandomData(secret, g1, g2 *big.Int) (*big.Int, *big.Int)

type EqualityVerifier ¶

type EqualityVerifier struct {
	Group *Group
	// contains filtered or unexported fields
}

func NewEqualityVerifier ¶

func NewEqualityVerifier(group *Group) *EqualityVerifier

func (*EqualityVerifier) GetChallenge ¶

func (v *EqualityVerifier) GetChallenge(g1, g2, t1, t2, x1, x2 *big.Int) *big.Int

func (*EqualityVerifier) Verify ¶

func (v *EqualityVerifier) Verify(z *big.Int) bool

It receives z = r + secret * challenge. It returns true if g1^z = g1^r * (g1^secret) ^ challenge and g2^z = g2^r * (g2^secret) ^ challenge.

type Group ¶

type Group struct {
	P *big.Int // modulus of the group
	G *big.Int // generator of subgroup
	Q *big.Int // order of G
}

Group is a cyclic group in modular arithmetic. It holds P = Q * R + 1 for some R. The actual value R is never used (although a random element from this group could be computed by a^R for some random a from Z_p* - this element would have order Q and would be thus from this group), the important thing is that Q divides P-1.

func NewGroup ¶

func NewGroup(qBitLength int) (*Group, error)

NewGroup generates random Group with generator G and parameters P and Q where P = R * Q + 1 for some R. Order of G is Q.

func NewGroupFromParams ¶

func NewGroupFromParams(p, g, q *big.Int) *Group

func (*Group) Add ¶

func (g *Group) Add(x, y *big.Int) *big.Int

Add computes x + y in Group. This means x + y mod group.P.

func (*Group) Exp ¶

func (g *Group) Exp(base, exponent *big.Int) *big.Int

Exp computes base^exponent in Group. This means base^exponent mod group.P.

func (*Group) GetRandomElement ¶

func (g *Group) GetRandomElement() *big.Int

GetRandomElement returns a random element from this group. Note that elements from this group are integers smaller than group.P, but not all - only Q of them. GetRandomElement returns one (random) of these Q elements.

func (*Group) Inv ¶

func (g *Group) Inv(x *big.Int) *big.Int

Inv computes inverse of x in Group. This means xInv such that x * xInv = 1 mod group.P.

func (*Group) IsElementInGroup ¶

func (g *Group) IsElementInGroup(x *big.Int) bool

IsElementInGroup returns true if x is in the group and false otherwise. Note that an element x is in Schnorr group when x^group.Q = 1 mod group.P.

func (*Group) Mul ¶

func (g *Group) Mul(x, y *big.Int) *big.Int

Mul computes x * y in Group. This means x * y mod group.P.

type PartialProver ¶

type PartialProver struct {
	Group *Group
	// contains filtered or unexported fields
}

Proving that it knows either secret1 such that a1^secret1 = b1 (mod p1) or

secret2 such that a2^secret2 = b2 (mod p2).

func NewPartialProver ¶

func NewPartialProver(group *Group) *PartialProver

func (*PartialProver) GetProofData ¶

func (p *PartialProver) GetProofData(challenge *big.Int) (*big.Int, *big.Int,
	*big.Int, *big.Int)

func (*PartialProver) GetProofRandomData ¶

func (p *PartialProver) GetProofRandomData(secret1, a1, b1, a2,
	b2 *big.Int) (*common.Triple, *common.Triple)

type PartialVerifier ¶

type PartialVerifier struct {
	Group *Group
	// contains filtered or unexported fields
}

func NewPartialVerifier ¶

func NewPartialVerifier(group *Group) *PartialVerifier

func (*PartialVerifier) GetChallenge ¶

func (v *PartialVerifier) GetChallenge() *big.Int

func (*PartialVerifier) SetProofRandomData ¶

func (v *PartialVerifier) SetProofRandomData(triple1, triple2 *common.Triple)

func (*PartialVerifier) Verify ¶

func (v *PartialVerifier) Verify(c1, z1, c2, z2 *big.Int) bool

type Proof ¶

type Proof struct {
	ProofRandomData *big.Int
	Challenge       *big.Int
	ProofData       []*big.Int
}

Proof presents all three messages in sigma protocol - useful when challenge is generated by prover via Fiat-Shamir.

func NewProof ¶

func NewProof(proofRandomData, challenge *big.Int,
	proofData []*big.Int) *Proof

type Prover ¶

type Prover struct {
	Group *Group
	// contains filtered or unexported fields
}

Prover is a generalized Schnorr - while usually Schnorr proof is executed with one base, Prover for a given y enables proof of knowledge of secrets x_1,...,x_k such that y = g_1^x_1 * ... * g_k^x_k where g_i are given generators (bases) of Schnorr group. For a "normal" Schnorr just use bases and secrets arrays with only one element.

func NewProver ¶

func NewProver(group *Group, secrets,
	bases []*big.Int, y *big.Int) (*Prover, error)

func (*Prover) GetProofData ¶

func (p *Prover) GetProofData(challenge *big.Int) []*big.Int

func (*Prover) GetProofRandomData ¶

func (p *Prover) GetProofRandomData() *big.Int

type Verifier ¶

type Verifier struct {
	Group *Group
	// contains filtered or unexported fields
}

func NewVerifier ¶

func NewVerifier(group *Group) *Verifier

func (*Verifier) GetChallenge ¶

func (v *Verifier) GetChallenge() *big.Int

func (*Verifier) SetChallenge ¶

func (v *Verifier) SetChallenge(challenge *big.Int)

SetChallenge is used when Fiat-Shamir is used - when challenge is generated using hash by the prover.

func (*Verifier) SetProofRandomData ¶

func (v *Verifier) SetProofRandomData(proofRandomData *big.Int, bases []*big.Int,
	y *big.Int)

TODO: SetProofRandomData name is not ok - it is not only setting proofRandomData, but also bases and y. It might be split (a, b for example set in Verifier constructor).

func (*Verifier) Verify ¶

func (v *Verifier) Verify(proofData []*big.Int) bool

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL