qr

package
v0.0.0-...-c0e0803 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 6, 2022 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ProveQR

func ProveQR(y1 *big.Int, group *schnorr.Group) bool

ProveQR demonstrates how the prover can prove that y1^2 is QR.

Types

type Prover

type Prover struct {
	Group *schnorr.Group
	Y     *big.Int
	// contains filtered or unexported fields
}

func NewProver

func NewProver(group *schnorr.Group, y1 *big.Int) *Prover

func (*Prover) GetProofData

func (p *Prover) GetProofData(challenge *big.Int) (*big.Int, error)

func (*Prover) GetProofRandomData

func (p *Prover) GetProofRandomData() *big.Int

type RSA

type RSA struct {
	N     *big.Int // N = P * Q
	P     *big.Int
	Q     *big.Int
	Order *big.Int // Order = (P-1)/2 * (Q-1)/2
}

RSA presents QR_N - group of quadratic residues modulo N where N is a product of two primes. This group is in general NOT cyclic (it is only when (P-1)/2 and (Q-1)/2 are primes, see RSASpecial). The group QR_N is isomorphic to QR_P x QR_Q.

func NewRSA

func NewRSA(P, Q *big.Int) (*RSA, error)

func NewRSAPublic

func NewRSAPublic(N *big.Int) *RSA

func (*RSA) Add

func (g *RSA) Add(x, y *big.Int) *big.Int

Add computes x + y (mod N)

func (*RSA) Exp

func (g *RSA) Exp(base, exponent *big.Int) *big.Int

Exp computes base^exponent in QR_N. This means base^exponent mod rsa.N.

func (*RSA) Inv

func (g *RSA) Inv(x *big.Int) *big.Int

Inv computes inverse of x in QR_N. This means xInv such that x * xInv = 1 mod N.

func (*RSA) IsElementInGroup

func (g *RSA) IsElementInGroup(a *big.Int) (bool, error)

IsElementInGroup returns true if a is in QR_N and false otherwise.

func (*RSA) Mul

func (g *RSA) Mul(x, y *big.Int) *big.Int

Mul computes x * y in QR_N. This means x * y mod N.

type RSASpecial

type RSASpecial struct {
	RSA
	P1 *big.Int
	Q1 *big.Int
}

RSASpecial presents QR_N - group of quadratic residues modulo N where N is a product of two SAFE primes. This group is cyclic and a generator is easy to find. The group QR_N is isomorphic to QR_P x QR_Q. The order of QR_P and QR_Q are P1 and Q1 respectively. Because gcd(P1, Q1) = 1, QR_P x QR_Q is cyclic as well. The order of RSASpecial is P1 * Q1.

func NewRSASpecial

func NewRSASpecial(safePrimeBitLength int) (*RSASpecial, error)

func NewRSASpecialFromParams

func NewRSASpecialFromParams(specialRSAPrimes *RSASpecialPrimes) (*RSASpecial, error)

func NewRSApecialPublic

func NewRSApecialPublic(N *big.Int) *RSASpecial

func (*RSASpecial) GetPrimes

func (rs *RSASpecial) GetPrimes() *RSASpecialPrimes

func (*RSASpecial) GetRandomElement

func (rs *RSASpecial) GetRandomElement() (*big.Int, error)

GetRandomElement returns a random element from this group. First a random generator is chosen and then it is exponentiated to the random int between 0 and order of QR_N (P1 * Q1).

func (*RSASpecial) GetRandomGenerator

func (rs *RSASpecial) GetRandomGenerator() (*big.Int, error)

GetRandomGenerator returns a random generator of a group of quadratic residues QR_N.

type RSASpecialPrimes

type RSASpecialPrimes struct {
	P  *big.Int
	Q  *big.Int
	P1 *big.Int
	Q1 *big.Int
}

func GetRSASpecialPrimes

func GetRSASpecialPrimes(bits int) (*RSASpecialPrimes, error)

GetRSASpecialPrimes returns primes P, Q, p, q such that P = 2*p + 1 and Q = 2*q + 1.

func NewRSASpecialPrimes

func NewRSASpecialPrimes(P, Q, p, q *big.Int) *RSASpecialPrimes

type RepresentationProof

type RepresentationProof struct {
	ProofRandomData *big.Int
	Challenge       *big.Int
	ProofData       []*big.Int
}

RepresentationProof presents all three messages in sigma protocol - useful when challenge is generated by prover via Fiat-Shamir.

func NewRepresentationProof

func NewRepresentationProof(proofRandomData, challenge *big.Int,
	proofData []*big.Int) *RepresentationProof

type RepresentationProver

type RepresentationProver struct {
	// contains filtered or unexported fields
}

RepresentationProver is like SchnorrProver but in a RSASpecial group (note that here proof data is computed in Z, not modulo as in Schnorr). Also, RepresentationProver with only one base and one secret is very similar to the DFCommitmentOpeningProver (RepresentationProver does not have a committer though).

func NewRepresentationProver

func NewRepresentationProver(qrSpecialRSA *RSASpecial,
	secParam int, secrets, bases []*big.Int, y *big.Int) *RepresentationProver

func (*RepresentationProver) GetProofData

func (p *RepresentationProver) GetProofData(challenge *big.Int) []*big.Int

func (*RepresentationProver) GetProofRandomData

func (p *RepresentationProver) GetProofRandomData(alsoNeg bool) *big.Int

GetProofRandomData returns t = g_1^r_1 * ... * g_k^r_k where g_i are bases and r_i are random values. If alsoNeg is true values r_i can be negative as well.

func (*RepresentationProver) GetProofRandomDataGivenBoundaries

func (p *RepresentationProver) GetProofRandomDataGivenBoundaries(boundariesBitLength []int,
	alsoNeg bool) (*big.Int, error)

GetProofRandomDataGivenBoundaries returns t = g_1^r_1 * ... * g_k^r_k where g_i are bases and each r_i is a random value of boundariesBitLength[i] bit length. If alsoNeg is true values r_i can be negative as well.

type RepresentationVerifier

type RepresentationVerifier struct {
	// contains filtered or unexported fields
}

func NewRepresentationVerifier

func NewRepresentationVerifier(qrSpecialRSA *RSASpecial,
	challengeSpaceSize int) *RepresentationVerifier

func (*RepresentationVerifier) GetChallenge

func (v *RepresentationVerifier) GetChallenge() *big.Int

func (*RepresentationVerifier) SetChallenge

func (v *RepresentationVerifier) SetChallenge(challenge *big.Int)

SetChallenge is used when Fiat-Shamir is used - when challenge is generated using hash by the prover.

func (*RepresentationVerifier) SetProofRandomData

func (v *RepresentationVerifier) SetProofRandomData(proofRandomData *big.Int, bases []*big.Int,
	y *big.Int)

TODO: SetProofRandomData name is not ok - it is not only setting proofRandomData, but also bases and y.

func (*RepresentationVerifier) Verify

func (v *RepresentationVerifier) Verify(proofData []*big.Int) bool

type Verifier

type Verifier struct {
	Group *schnorr.Group
	// contains filtered or unexported fields
}

func NewVerifier

func NewVerifier(y *big.Int, group *schnorr.Group) *Verifier

func (*Verifier) GetChallenge

func (v *Verifier) GetChallenge(x *big.Int) *big.Int

func (*Verifier) Verify

func (v *Verifier) Verify(z *big.Int) bool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL