tss

package
v3.0.0-...-6ddf7be Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 27, 2024 License: GPL-3.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ContextString = "BAND-TSS-secp256k1-v0"
)

Variables

View Source 
var (
	ErrParseError            = ErrorKind("parse error")
	ErrInvalidLength         = ErrorKind("invalid length")
	ErrInvalidOrder          = ErrorKind("invalid order")
	ErrGenerateKeyPairFailed = ErrorKind("generate key pair failed")
	ErrPrivateKeyZero        = ErrorKind("private key zero")
	ErrNotOnCurve            = ErrorKind("not on curve")
	ErrInvalidSecretShare    = ErrorKind("invalid secret share")
	ErrValidSecretShare      = ErrorKind("valid secret share")
	ErrInvalidSignature      = ErrorKind("invalid signature")
	ErrNotInOrder            = ErrorKind("not in order")
	ErrInvalidPubkeyFormat   = ErrorKind("invalid pubkey format")
	ErrRandomError           = ErrorKind("random error")
)

Predefined error kinds

View Source 
var ContextStringConst = "TSSLib-secp256k1-SHA256-v0"

Functions

func ComputeCommitment 

func ComputeCommitment(mids []MemberID, pubDs Points, pubEs Points) ([]byte, error)

ComputeCommitment calculates the bytes that consists of memberID, public D, and public E.

func ConcatBytes 

func ConcatBytes(data ...[]byte) []byte

ConcatBytes concatenates multiple byte slices into a single byte slice.

func DecryptHKDF 

func DecryptHKDF(e EncSecretShare, aesKey []byte) ([]byte, error)

DecryptHKDF decrypts the given encrypted secret share using an AES key derived from the provided aesKey. It uses the HKDF algorithm for key derivation and AES in CTR mode for decryption.

func EncryptHKDF 

func EncryptHKDF(shareBytes, aesKey, nonceBytes []byte) ([]byte, error)

EncryptHKDF encrypts the given shareBytes using an AES key derived from the provided aesKey and nonceBytes using the HKDF algorithm.

func ExpandMessageXMD 

func ExpandMessageXMD(h func(data ...[]byte) []byte, msg []byte, dst []byte, len_in_bytes int) ([]byte, error)

ExpandMessageXMD generates a uniformly random byte string using a cryptographic hash function H that outputs b bits.

Requirements:

  • H should output b bits where b >= 2 * k (k is the target security level in bits) and b is divisible by 8. This ensures k-bit collision resistance and uniformity of output.
  • H could be a Merkle-Damgaard hash function like SHA-2, a sponge-based hash function like SHA-3 or BLAKE2, or any hash function that is indifferentiable from a random oracle.
  • Recommended choices for H are SHA-2 and SHA-3. For a 128-bit security level, b >= 256 bits and either SHA-256 or SHA3-256 would be appropriate.
  • H should ingest fixed-length blocks of data. The length in bits of these blocks is the input block size (s). H requires b <= s for correctness.

Parameters: - H: A hash function. - msg: Input byte string. - DST: Domain Separation Tag, a byte string of at most 255 bytes. - lenInBytes: Length of the requested output in bytes, not greater than the lesser of (255 * b_in_bytes) or 2^16-1.

This function returns a byte string of length lenInBytes that is uniformly random and independent of msg, provided H meets the requirements above.

https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-16#name-expand_message_xmd

func GenerateDKGNonce 

func GenerateDKGNonce() (Scalar, Point, error)

GenerateDKGNonce generates a DKG (Distributed Key Generation) nonce consisting of a scalar and a point.

func H1 

func H1(msg []byte) ([]byte, error)

Implemented as hash_to_field(m, 1) using expand_message_xmd with SHA-256 with parameters DST = contextString || "rho", F set to the scalar field, p set to G.Order(), m = 1, and L = 48.

func H2 

func H2(msg []byte) ([]byte, error)

H2(m): Implemented as hash_to_field(m, 1) using expand_message_xmd with SHA-256 with parameters DST = contextString || "chal", F set to the scalar field, p set to G.Order(), m = 1, and L = 48.

func H3 

func H3(msg []byte) ([]byte, error)

H3(m): Implemented as hash_to_field(m, 1) using expand_message_xmd with SHA-256 with parameters DST = contextString || "nonce", F set to the scalar field, p set to G.Order(), m = 1, and L = 48.

func H4 

func H4(msg []byte) []byte

H4(m): Implemented by computing H(contextString || "msg" || m).

func H5 

func H5(msg []byte) []byte

H5(m): Implemented by computing H(contextString || "com" || m).

func H_M1_L48 

func H_M1_L48(
	h func(data ...[]byte) []byte,
	count int,
	p *big.Int,
	msg []byte,
	contextString string,
) ([][]*big.Int, error)

H_M1_L48 is a helper function that hashes an input message into a set of field elements. It uses a hash function H and an expand function defined by the ExpandMessageXMD method.

Parameters:

  • H: A function that takes a variable number of byte slices and returns a byte slice. This function is used as the hash function in the ExpandMessageXMD method.
  • count: The number of field elements to produce.
  • p: The prime number defining the finite field.
  • msg: The input message to be hashed.
  • contextString: A domain separation string for the ExpandMessageXMD method.

The function first defines an expand function that uses the provided hash function H and the domain separation string. It then calls the HashToField function with this expand function and the other parameters to produce the field elements.

Returns: - A slice of field elements, each represented as a *big.Int. - An error if the HashToField function returns an error.

func Hash 

func Hash(data ...[]byte) []byte

H(m) Hash calculates the Keccak-256 hash of the given data. It returns the hash value as a byte slice.

func HashSignCommitment 

func HashSignCommitment(data []byte) []byte

H6(m) HashSignCommitment computes a hash of commitment and returns the hash as a byte slice.

func HashSignMsg 

func HashSignMsg(data []byte) []byte

H5(m) HashSignMsg computes a hash of the message for signing purposes and returns the hash as a byte slice.

func HashToField 

func HashToField(
	msg []byte,
	count int,
	p *big.Int,
	m int,
	l int,
	expand func([]byte, int) ([]byte, error),
) ([][]*big.Int, error)

HashToField is a function that hashes an input message into a set of field elements. It is designed to be efficient for certain extension fields, specifically fields of the form GF(p^m).

Parameters: - msg: The input message to be hashed. - count: The number of field elements to output. - p: The characteristic of the finite field F. - m: The extension degree of the finite field F. - L: A parameter defined as ceil((ceil(log2(p)) + k) / 8), where k is the security parameter of the suite. - expand: A function that expands a byte string into a uniformly random byte string.

The function generates field elements that are uniformly random except with bias at most 2^-k, where k is the security parameter. It does not use rejection sampling and is designed to be amenable to straight line implementations.

The function may fail (abort) if the expand function fails.

Returns: - A slice of field elements, each represented as a *big.Int. - An error if the expand function returns an error.

https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-16#section-5.1

func I2OSP 

func I2OSP(x, xLen int) ([]byte, error)

I2OSP - Integer-to-Octet-String primitive converts a nonnegative integer to an octet string of a specified length `len(buf)`, and stores it in `buf`. Reference: https://datatracker.ietf.org/doc/html/rfc8017#section-4.1

func OS2IP 

func OS2IP(buf []byte) *big.Int

OS2IP - Octet-String-to-Integer primitive converts an octet string to a nonnegative integer. Reference: https://datatracker.ietf.org/doc/html/rfc8017#section-4.2

func PaddingBytes 

func PaddingBytes(data []byte, length int) []byte

PaddingBytes pads a byte slice with zero bytes to a specified length.

func RandomBytes 

func RandomBytes(length int) ([]byte, error)

RandomBytes generates random bytes.

func SignComplaint 

func SignComplaint(
	oneTimePubI Point,
	oneTimePubJ Point,
	oneTimePrivI Scalar,
) (ComplaintSignature, Point, error)

SignComplaint generates a signature and related parameters for complaining against a misbehaving member.

func Verify 

func Verify(
	rawSignatureR Point,
	rawSignatureS Scalar,
	rawChallenge Scalar,
	rawPubKey Point,
	rawGenerator Point,
	rawLagrange Scalar,
) error

Verify verifies the given schnorr signature against the challenge, public key, generator point, and optional override signature R value. It returns an error if the verification process fails.

func VerifyA0Signature 

func VerifyA0Signature(
	mid MemberID,
	dkgContext []byte,
	signature Signature,
	a0Pub Point,
) error

VerifyA0Signature verifies the signature for the A0 in round 1.

func VerifyComplaint 

func VerifyComplaint(
	oneTimePubI Point,
	oneTimePubJ Point,
	keySym Point,
	complaintSignature ComplaintSignature,
	encSecretShare EncSecretShare,
	midI MemberID,
	commits Points,
) error

VerifyComplaint verifies the complaint using the complaint signature and encrypted secret share.

func VerifyComplaintSignature 

func VerifyComplaintSignature(
	oneTimePubI Point,
	oneTimePubJ Point,
	keySym Point,
	complaintSignature ComplaintSignature,
) error

VerifyComplaintSignature verifies the signature of a complaint using the given parameters.

func VerifyGroupSigningSignature 

func VerifyGroupSigningSignature(
	groupPubKey Point,
	data []byte,
	signature Signature,
) error

VerifyGroupSigning verifies the group signing using the group public key, data, and signature.

func VerifyOneTimeSignature 

func VerifyOneTimeSignature(
	mid MemberID,
	dkgContext []byte,
	signature Signature,
	oneTimePub Point,
) error

VerifyOneTimeSignature verifies the signature for the one-time in round 1.

func VerifyOwnPubKeySignature 

func VerifyOwnPubKeySignature(
	mid MemberID,
	dkgContext []byte,
	signature Signature,
	ownPub Point,
) error

VerifyOwnPubKeySignature verifies the signature of an own public key using the given DKG context, own public key, and signature.

func VerifySecretShare 

func VerifySecretShare(mid MemberID, rawSecretShare Scalar, rawCommits Points) error

VerifySecretShare verifies the validity of a secret share for a given member. It compares the computed yG from the secret share with the yG computed from the commits.

func VerifySigningSignature 

func VerifySigningSignature(
	groupPubNonce Point,
	groupPubKey Point,
	data []byte,
	rawLagrange Scalar,
	signature Signature,
	ownPubKey Point,
) error

VerifySigning verifies the signing using the group public nonce, group public key, data, Lagrange coefficient, signature, and own public key.

Types

type CommitmentIDE 

type CommitmentIDE struct {
	ID MemberID
	D  Point
	E  Point
}

CommitmentIDE represents a commitment issued by a participant in the signing process

Fields: - ID: A NonZeroScalar identifier for the participant (uint64) - D: The hiding nonce commitment is represented by the type Point - E: The binding nonce commitment is represented by the type Point

type CommitmentIDEList 

type CommitmentIDEList []CommitmentIDE

CommitmentIDEList is a slice of CommitmentIDE structs.

This type represents a list of commitments issued by each participant in the signing process. Each element in the list indicates an identifier and two commitment PublicKey values as a tuple <i, hiding_nonce_commitment, binding_nonce_commitment>.

Please note that this list must be sorted in ascending order by identifier

func (CommitmentIDEList) Len 

func (b CommitmentIDEList) Len() int

Len returns the number of elements in the CommitmentIDEList.

func (CommitmentIDEList) Sort 

func (b CommitmentIDEList) Sort() error

Sort sorts the CommitmentIDEList in ascending order by the identifier (ID) of each CommitmentIDE. It also checks for repeated elements and returns an error if any are found.

type ComplaintSignature 

type ComplaintSignature []byte

ComplaintSignature represents a signature (a1, a2, z) stored as bytes. It uses schnorr.ComplaintSignature as a base implementation for serialization and parsing.

func NewComplaintSignature 

func NewComplaintSignature(bytes []byte) (ComplaintSignature, error)

NewComplaintSignature constructs a ComplaintSignature from bytes.

func NewComplaintSignatureFromComponents 

func NewComplaintSignatureFromComponents(rawA1 Point, rawA2 Point, rawZ Scalar) (ComplaintSignature, error)

NewComplaintSignatureFromComponents generates a complaint signature from 2 Points (A1, A2) and Scalar (Z). It returns a ComplaintSignature and an error, if any.

func NewComplaintSignatureFromType 

func NewComplaintSignatureFromType(signature *schnorr.ComplaintSignature) ComplaintSignature

NewComplaintSignatureFromType parses a schnorr.ComplaintSignature into a ComplaintSignature.

func (ComplaintSignature) A1 

func (cs ComplaintSignature) A1() Point

A1 returns the A1 part of the complaint signature.

func (ComplaintSignature) A2 

func (cs ComplaintSignature) A2() Point

A2 returns the A2 part of the complaint signature.

func (ComplaintSignature) Bytes 

func (cs ComplaintSignature) Bytes() []byte

Bytes returns the underlying byte slice of the ComplaintSignature.

func (ComplaintSignature) Marshal 

func (cs ComplaintSignature) Marshal() ([]byte, error)

Marshal needed for protobuf compatibility

func (ComplaintSignature) MarshalJSON 

func (cs ComplaintSignature) MarshalJSON() ([]byte, error)

MarshalJSON converts the ComplaintSignature to its JSON representation.

func (ComplaintSignature) String 

func (cs ComplaintSignature) String() string

String returns the hexadecimal representation of the ComplaintSignature in uppercase.

func (*ComplaintSignature) Unmarshal 

func (cs *ComplaintSignature) Unmarshal(data []byte) error

Unmarshal needed for protobuf compatibility

func (*ComplaintSignature) UnmarshalJSON 

func (cs *ComplaintSignature) UnmarshalJSON(data []byte) error

UnmarshalJSON parses a JSON string into a ComplaintSignature.

func (ComplaintSignature) Validate 

func (cs ComplaintSignature) Validate() error

Validate returns an error if the value is invalid.

func (ComplaintSignature) Z 

func (cs ComplaintSignature) Z() Scalar

Z returns the Z part of the complaint signature.

type ComplaintSignatures 

type ComplaintSignatures []ComplaintSignature

ComplaintSignatures represents a slice of ComplaintSignature values.

type DefaultNonce16Generator 

type DefaultNonce16Generator struct{}

DefaultNonce16Generator is a struct that implements the INonce16Generator interface. It provides a default mechanism to generate a slice of 16 random bytes.

func (DefaultNonce16Generator) RandBytes16 

func (dng DefaultNonce16Generator) RandBytes16() ([]byte, error)

RandBytes16 generates a 16-byte random nonce. It returns a slice of 16 cryptographically secure random bytes and an error if the random byte generation fails. This method satisfies the INonce16Generator interface.

type EncSecretShare 

type EncSecretShare []byte

EncSecretShare represents a structure for storing an encrypted secret share. It contains the encrypted value `Value` and the corresponding nonce `Nonce` used in the Elgamal encryption process. The `Value` field holds the encrypted data, and `Nonce` is used to ensure the security and uniqueness of the encryption.

func Encrypt 

func Encrypt(value Scalar, key Point, n16g INonce16Generator) (EncSecretShare, error)

Encrypt takes a scalar value and a point key and returns an encrypted secret share. It uses a INonce16Generator to generate a nonce for the encryption process.

func NewEncSecretShare 

func NewEncSecretShare(value []byte, nonce []byte) (EncSecretShare, error)

func (EncSecretShare) Bytes 

func (e EncSecretShare) Bytes() []byte

Bytes returns the underlying byte slice of the EncSecretShare.

func (EncSecretShare) Clone 

func (e EncSecretShare) Clone() EncSecretShare

Clone creates a deep copy of the EncSecretShare instance.

func (EncSecretShare) Marshal 

func (e EncSecretShare) Marshal() ([]byte, error)

Marshal needed for protobuf compatibility

func (EncSecretShare) MarshalJSON 

func (e EncSecretShare) MarshalJSON() ([]byte, error)

MarshalJSON converts the EncSecretShare to its JSON representation.

func (EncSecretShare) Nonce 

func (e EncSecretShare) Nonce() []byte

Nonce return the nonce part of EncSecretShare

func (EncSecretShare) String 

func (e EncSecretShare) String() string

String returns the hexadecimal representation of the EncSecretShare in uppercase.

func (*EncSecretShare) Unmarshal 

func (e *EncSecretShare) Unmarshal(data []byte) error

Unmarshal needed for protobuf compatibility

func (*EncSecretShare) UnmarshalJSON 

func (e *EncSecretShare) UnmarshalJSON(data []byte) error

UnmarshalJSON parses a JSON string into a EncSecretShare.

func (EncSecretShare) Validate 

func (e EncSecretShare) Validate() error

Validate checks the integrity and validity of the EncSecretShare instance. It ensures that the encrypted value and nonce have the correct expected sizes.

func (EncSecretShare) Value 

func (e EncSecretShare) Value() []byte

Value return the value part of EncSecretShare

type EncSecretShares 

type EncSecretShares []EncSecretShare

EncSecretShares is a slice of EncSecretShare. It's used for storing multiple encrypted secret shares. This type is particularly useful when dealing with scenarios where multiple pieces of data need to be encrypted, such as in threshold cryptography or secure multiparty computations, where each participant might have their own encrypted share of a secret.

func ComputeEncryptedSecretShares 

func ComputeEncryptedSecretShares(
	mid MemberID,
	rawPrivKey Scalar,
	rawPubKeys Points,
	rawCoeffcients Scalars,
	n16g INonce16Generator,
) (EncSecretShares, error)

ComputeEncryptedSecretShares computes the encrypted secret shares for a member.

func EncryptSecretShares 

func EncryptSecretShares(
	secretShares Scalars,
	keySyms Points,
	n16g INonce16Generator,
) (EncSecretShares, error)

EncryptSecretShares encrypts secret shares using key syms.

func (EncSecretShares) Clone 

func (es EncSecretShares) Clone() EncSecretShares

Clone creates a deep copy of the EncSecretShares slice. It iterates through the slice, cloning each EncSecretShare to ensure that modifications to the cloned slice do not affect the original EncSecretShares.

func (EncSecretShares) Validate 

func (es EncSecretShares) Validate() error

Validate iterates through each EncSecretShare in the EncSecretShares slice, performing validation checks on each EncSecretShare.

type Error 

type Error struct {
	// contains filtered or unexported fields
}

Error represents a TSS error.

func NewError 

func NewError(err error, format string, args ...interface{}) *Error

NewError creates a new TSS error with the given wrapped error and description.

func (*Error) Error 

func (e *Error) Error() string

Error returns the string representation of the error.

func (*Error) Unwrap 

func (e *Error) Unwrap() error

Unwrap returns the underlying wrapped error.

type ErrorKind 

type ErrorKind string

ErrorKind represents a specific kind of TSS error.

func (ErrorKind) Error 

func (e ErrorKind) Error() string

Error returns the string representation of the ErrorKind.

type GroupID 

type GroupID uint64

GroupID represents the ID of a group.

type INonce16Generator 

type INonce16Generator interface {
	RandBytes16() ([]byte, error)
}

INonce16Generator defines an interface for generating a 16-byte nonce.

type KeyPair 

type KeyPair struct {
	PrivKey Scalar
	PubKey  Point
}

KeyPair represents a key pair consisting of a private key and a public key.

func GenerateKeyPair 

func GenerateKeyPair() (KeyPair, error)

GenerateKeyPair generates a new key pair. It returns a KeyPair value and an error, if any.

type KeyPairs 

type KeyPairs []KeyPair

KeyPairs represents a slice of KeyPair values.

func GenerateKeyPairs 

func GenerateKeyPairs(n uint64) (KeyPairs, error)

GenerateKeyPairs generates a specified number of key pairs. It returns a slice of KeyPair values and an error, if any.

type MemberID 

type MemberID uint64

MemberID represents the ID of a member. Please note that the MemberID can only be 1, 2, 3, ..., 2**64 - 1

func MemberIDZero 

func MemberIDZero() MemberID

MemberIDZero returns a MemberID with a value of 0. This is outside the valid range for MemberID values, and thus should not be used as a valid MemberID in any operational context. It is primarily intended for use in scenarios where a placeholder or default value is needed.

func NewMemberID 

func NewMemberID(value interface{}) MemberID

NewMemberID creates a new MemberID from any value, ensuring it is within the valid range. Panic if the input value cannot be converted to a uint64 or if it is less than 1.

type Point 

type Point []byte

Point represents a point (x, y, z) stored as bytes. It uses secp256k1.JacobianPoint and secp256k1.PublicKey as base implementations for serialization and parsing.

func ComputeGroupPublicKey 

func ComputeGroupPublicKey(rawA0Commits ...Point) (Point, error)

ComputeGroupPublicKey computes the group public key from a set of A0 commits. The formula used is: Y = Σ(i=1 to n) (Commit_j0)

func ComputeGroupPublicNonce 

func ComputeGroupPublicNonce(rawOwnPubNonces ...Point) (Point, error)

ComputeGroupPublicNonce calculates the group public nonce for a given slice of own public nonces. Formula: Sum(PubNonce1, PubNonce2, ..., PubNonceN)

func ComputeOwnPubNonce 

func ComputeOwnPubNonce(rawPubD Point, rawPubE Point, rawBindingFactor Scalar) (Point, error)

ComputeOwnPubNonce calculates the own public nonce for a given public D, public E, and binding factor. Formula: D + bindingFactor * E

func ComputeOwnPublicKey 

func ComputeOwnPublicKey(rawSumCommits Points, mid MemberID) (Point, error)

ComputeOwnPublicKey computes the own public key for a given set of sum commits and x. The formula used is: Yi = Σ(k=0 to t-1) (i^k * Σ(j=1 to n) (Commit_jk))

func ComputeSecretShareCommit 

func ComputeSecretShareCommit(rawCommits Points, mid MemberID) (Point, error)

ComputeSecretShareCommit computes the secret share commit for a given set of commits and x. The formula used is: y * G = f_ij(x) * G = c_0 + c_1 * x^1 + ... + c_n-1 * x^(n-1) + c_n * x^n rawCommits represents the commits c_0, c_1, ..., c_n-1, c_n = a_0 * G, a_1 * G, ..., a_n-1 * G, a_n * G rawX represents x, the index of the shared secret commit.

func ComputeSecretSym 

func ComputeSecretSym(rawSecretKey Scalar, rawPubKeyJ Point) (Point, error)

ComputeSecretSym computes the symmetry value between a secret value and a public key. It returns the computed symmetry value as a PublicKey and an error, if any.

func NewPoint 

func NewPoint(bytes []byte) (Point, error)

NewPoint constructs a Point from bytes.

func NewPointFromJacobianPoint 

func NewPointFromJacobianPoint(point *secp256k1.JacobianPoint) Point

NewPointFromJacobianPoint parses a secp256k1.JacobianPoint into a Point.

func NewPointFromPublicKey 

func NewPointFromPublicKey(pubKey *secp256k1.PublicKey) Point

NewPointFromPublicKey parses a secp256k1.PublicKey into a Point.

func SolvePointPolynomial 

func SolvePointPolynomial(rawCoefficientCommits Points, rawX Scalar) (Point, error)

SolvePointPolynomial solves a point polynomial equation. It takes points as coefficient commits and a value x, and returns the result as a point and an error, if any.

func SumPoints 

func SumPoints(rawPoints ...Point) (Point, error)

SumPoints computes the sum of multiple points. It returns the computed sum as a Point and an error, if any.

func (Point) Address 

func (p Point) Address() ([]byte, error)

Address returns an ethereum address of the point

func (Point) Bytes 

func (p Point) Bytes() []byte

Bytes returns the underlying byte slice of the Point.

func (Point) Marshal 

func (p Point) Marshal() ([]byte, error)

Marshal needed for protobuf compatibility

func (Point) MarshalJSON 

func (p Point) MarshalJSON() ([]byte, error)

MarshalJSON converts the Point to its JSON representation.

func (Point) String 

func (p Point) String() string

String returns the hexadecimal representation of the Point in uppercase.

func (*Point) Unmarshal 

func (p *Point) Unmarshal(data []byte) error

Unmarshal needed for protobuf compatibility

func (*Point) UnmarshalJSON 

func (p *Point) UnmarshalJSON(data []byte) error

UnmarshalJSON parses a JSON string into a Point.

func (Point) Validate 

func (p Point) Validate() error

Validate returns an error if the value is invalid.

type Points 

type Points []Point

Points represents a slice of Point values.

type Round1Info 

type Round1Info struct {
	OneTimePrivKey     Scalar
	OneTimePubKey      Point
	OneTimeSignature   Signature
	A0PrivKey          Scalar
	A0PubKey           Point
	A0Signature        Signature
	Coefficients       Scalars
	CoefficientCommits Points
}

Round1Info contains the data for round 1 of the DKG process of TSS

func GenerateRound1Info 

func GenerateRound1Info(
	mid MemberID,
	threshold uint64,
	dkgContext []byte,
) (*Round1Info, error)

GenerateRound1Info generates the data of round 1 for a member in the DKG process of TSS

type Scalar 

type Scalar []byte

Scalar represents a scalar value stored as bytes. It uses secp256k1.ModNScalar and secp256k1.PrivateKey as a base implementation for serialization and parsing.

func ComputeLagrangeCoefficient 

func ComputeLagrangeCoefficient(mid MemberID, memberList []MemberID) (Scalar, error)

ComputeLagrangeCoefficient calculates the Lagrange coefficient for a given member ID and total number of members.

func ComputeOwnBindingFactor 

func ComputeOwnBindingFactor(mid MemberID, data []byte, commitment []byte) (Scalar, error)

ComputeOwnBindingFactor calculates the own binding factor (Lo) value for a given member ID, data, and commitment. bindingFactor = HashBindingFactor(i, data , B) B = <<i,Di,Ei>,...>

func ComputeOwnPrivNonce 

func ComputeOwnPrivNonce(rawPrivD Scalar, rawPrivE Scalar, rawBindingFactor Scalar) (Scalar, error)

ComputeOwnPrivNonce calculates the own private nonce for a given private d, private e, and binding factor. Formula: d + bindingFactor * e

func ComputeOwnPrivateKey 

func ComputeOwnPrivateKey(rawSecretShares ...Scalar) (Scalar, error)

ComputeOwnPrivateKey computes the own private key from a set of secret shares. The formula used is: si = Σ(j=1 to n) (f_j(i))

func ComputeSecretShare 

func ComputeSecretShare(rawCoeffcients Scalars, mid MemberID) (Scalar, error)

ComputeSecretShare computes the secret share for a given set of coefficients and x.

func Decrypt 

func Decrypt(e EncSecretShare, key Point) (Scalar, error)

Decrypt takes an encrypted secret share and a point key, and returns the decrypted scalar value. It delegates the decryption process to the DecryptHKDF function.

func DecryptSecretShare 

func DecryptSecretShare(
	encSecretShare EncSecretShare,
	keySym Point,
) (Scalar, error)

DecryptSecretShare decrypts a encrypted secret share using the key sym.

func GenerateSigningNonce 

func GenerateSigningNonce(secret Scalar) (Scalar, error)

GenerateSigningNonce is a function responsible for producing a signing nonce derived from a given private key. This nonce generation ensures a uniform distribution of hash values over the span of the elliptic curve's order.

func HashBindingFactor 

func HashBindingFactor(mid MemberID, data []byte, commitment []byte) (Scalar, error)

H7(m) HashBindingFactor computes a hash to generate binding factor and returns it as a scalar.

func HashChallenge 

func HashChallenge(rawGroupPubNonce, rawGroupPubKey Point, data []byte) (Scalar, error)

H8(m) HashChallenge computes a hash to generate challenge of signing a signature and returns it as a scalar.

func HashNonce 

func HashNonce(random []byte, secretKey Scalar) (Scalar, error)

H9(m) HashNonce computes a hash of the provided data for the nonce and returns it as a scalar.

func HashRound1A0 

func HashRound1A0(pubNonce Point, mid MemberID, dkgContext []byte, a0Pub Point) (Scalar, error)

H1(m) HashRound1A0 computes a hash of the provided data for Round1A0 and returns it as a scalar.

func HashRound1OneTime 

func HashRound1OneTime(pubNonce Point, mid MemberID, dkgContext []byte, oneTimePub Point) (Scalar, error)

H2(m) HashRound1OneTime computes a hash of the provided data for Round1OneTime and returns it as a scalar.

func HashRound3Complain 

func HashRound3Complain(
	pubNonce Point,
	nonceSym Point,
	oneTimePubI Point,
	oneTimePubJ Point,
	keySym Point,
) (Scalar, error)

H3(m) HashRound3Complain computes a hash of the provided data for Round3Complain and returns it as a scalar.

func HashRound3OwnPubKey 

func HashRound3OwnPubKey(pubNonce Point, mid MemberID, dkgContext []byte, ownPub Point) (Scalar, error)

H4(m) HashRound3OwnPubKey computes a hash of the provided data for Round3OwnPubKey and returns it as a scalar.

func NewScalar 

func NewScalar(bytes []byte) (Scalar, error)

NewScalar constructs a Scalar from bytes.

func NewScalarFromModNScalar 

func NewScalarFromModNScalar(scalar *secp256k1.ModNScalar) Scalar

NewScalarFromModNScalar parses a secp256k1.ModNScalar into a Scalar.

func NewScalarFromPrivateKey 

func NewScalarFromPrivateKey(privKey *secp256k1.PrivateKey) Scalar

NewScalarFromPrivateKey parses a secp256k1.PrivateKey into a Scalar.

func RandomScalar 

func RandomScalar() (Scalar, error)

RandomScalar is a function that creates a random scalar value. This method ensures a uniform distribution of generated scalars across the span of the elliptic curve's order.

func SolveScalarPolynomial 

func SolveScalarPolynomial(rawCoefficients Scalars, rawX Scalar) Scalar

SolveScalarPolynomial solves a scalar polynomial equation. It takes scalars as coefficients and a value x, and returns the result as a scalar and an error, if any.

func SumScalars 

func SumScalars(rawScalars ...Scalar) Scalar

SumScalars computes the sum of multiple scalars. It returns the computed sum as a Scalar.

func (Scalar) Bytes 

func (s Scalar) Bytes() []byte

Bytes returns the underlying byte slice of the Scalar.

func (Scalar) Marshal 

func (s Scalar) Marshal() ([]byte, error)

Marshal needed for protobuf compatibility

func (Scalar) MarshalJSON 

func (s Scalar) MarshalJSON() ([]byte, error)

MarshalJSON converts the Scalar to its JSON representation.

func (Scalar) Point 

func (s Scalar) Point() Point

Point converts a Scalar to a Point.

func (Scalar) String 

func (s Scalar) String() string

String returns the hexadecimal representation of the Scalar in uppercase.

func (*Scalar) Unmarshal 

func (s *Scalar) Unmarshal(data []byte) error

Unmarshal needed for protobuf compatibility

func (*Scalar) UnmarshalJSON 

func (s *Scalar) UnmarshalJSON(data []byte) error

UnmarshalJSON parses a JSON string into a Scalar.

func (Scalar) Validate 

func (s Scalar) Validate() error

Validate returns an error if the scalar value is invalid.

type Scalars 

type Scalars []Scalar

Scalars represents a slice of Scalar values.

func DecryptSecretShares 

func DecryptSecretShares(
	encSecretShares []EncSecretShare,
	keySyms Points,
) (Scalars, error)

DecryptSecretShares decrypts a set of encrypted secret shares using the corresponding key syms.

type Signature 

type Signature []byte

Signature represents a signature (r, s) stored as bytes. It uses schnorr.Signature as a base implementation for serialization and parsing.

func CombineSignatures 

func CombineSignatures(rawSignatures ...Signature) (Signature, error)

CombineSignatures performs combining all signatures by sum up R and sum up S.

func NewSignature 

func NewSignature(bytes []byte) (Signature, error)

NewSignature constructs a Signature from bytes.

func NewSignatureFromComponents 

func NewSignatureFromComponents(rawR Point, rawS Scalar) (Signature, error)

NewSignatureFromComponents generates a signature from Point (R) and Scalar (S). It returns a Signature and an error, if any.

func NewSignatureFromType 

func NewSignatureFromType(signature *schnorr.Signature) Signature

NewSignatureFromType parses a schnorr.Signature into a Signature.

func Sign 

func Sign(
	rawPrivKey Scalar,
	rawChallenge Scalar,
	rawNonce Scalar,
	rawLagrange Scalar,
) (Signature, error)

Sign generates a schnorr signature for the given private key, challenge, and nonce. It returns the signature and an error if the signing process fails.

func SignA0 

func SignA0(
	mid MemberID,
	dkgContext []byte,
	a0Pub Point,
	a0Priv Scalar,
) (Signature, error)

SignA0 generates a signature for the A0 in round 1.

func SignOneTime 

func SignOneTime(
	mid MemberID,
	dkgContext []byte,
	oneTimePub Point,
	onetimePriv Scalar,
) (Signature, error)

SignOneTime generates a signature for the one-time in round 1.

func SignOwnPubKey 

func SignOwnPubKey(
	mid MemberID,
	dkgContext []byte,
	ownPub Point,
	ownPriv Scalar,
) (Signature, error)

SignOwnPubKey signs the own public key using the given DKG context, own public key, and own private key.

func SignSigning 

func SignSigning(
	groupPubNonce Point,
	groupPubKey Point,
	data []byte,
	rawLagrange Scalar,
	ownPrivNonce Scalar,
	ownPrivKey Scalar,
) (Signature, error)

SignSigning performs signing using the group public nonce, group public key, data, Lagrange coefficient, own private nonce, and own private key.

func (Signature) Bytes 

func (s Signature) Bytes() []byte

Bytes returns the underlying byte slice of the Signature.

func (Signature) Marshal 

func (s Signature) Marshal() ([]byte, error)

Marshal needed for protobuf compatibility

func (Signature) MarshalJSON 

func (s Signature) MarshalJSON() ([]byte, error)

MarshalJSON converts the Signature to its JSON representation.

func (Signature) R 

func (s Signature) R() Point

R returns the R part of the signature.

func (Signature) S 

func (s Signature) S() Scalar

S returns the S part of the signature.

func (Signature) String 

func (s Signature) String() string

String returns the hexadecimal representation of the Signature in uppercase.

func (*Signature) Unmarshal 

func (s *Signature) Unmarshal(data []byte) error

Unmarshal needed for protobuf compatibility

func (*Signature) UnmarshalJSON 

func (s *Signature) UnmarshalJSON(data []byte) error

UnmarshalJSON parses a JSON string into a Signature.

func (Signature) Validate 

func (s Signature) Validate() error

Validate returns an error if the value is invalid.

type Signatures 

type Signatures []Signature

Signatures represents a slice of Signature values.

type SigningID 

type SigningID uint64

SigningID represents the ID of a signing.

Source Files

View all Source files

Directories

Path Synopsis
internal
lagrange
schnorr

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.