tss

package
v3.0.0-rc0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 6, 2024 License: GPL-3.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ContextString = "BAND-TSS-secp256k1-v0"
)

Variables

View Source
var (
	ErrParseError            = ErrorKind("parse error")
	ErrInvalidLength         = ErrorKind("invalid length")
	ErrInvalidOrder          = ErrorKind("invalid order")
	ErrGenerateKeyPairFailed = ErrorKind("generate key pair failed")
	ErrPrivateKeyZero        = ErrorKind("private key zero")
	ErrNotOnCurve            = ErrorKind("not on curve")
	ErrInvalidSecretShare    = ErrorKind("invalid secret share")
	ErrValidSecretShare      = ErrorKind("valid secret share")
	ErrInvalidSignature      = ErrorKind("invalid signature")
	ErrNotInOrder            = ErrorKind("not in order")
	ErrInvalidPubkeyFormat   = ErrorKind("invalid pubkey format")
	ErrRandomError           = ErrorKind("random error")
)

Predefined error kinds

View Source
var ContextStringConst = "TSSLib-secp256k1-SHA256-v0"

Functions

func ComputeCommitment

func ComputeCommitment(mids []MemberID, pubDs Points, pubEs Points) ([]byte, error)

ComputeCommitment calculates the bytes that consists of memberID, public D, and public E.

func ConcatBytes

func ConcatBytes(data ...[]byte) []byte

ConcatBytes concatenates multiple byte slices into a single byte slice.

func DecryptHKDF

func DecryptHKDF(e EncSecretShare, aesKey []byte) ([]byte, error)

DecryptHKDF decrypts the given encrypted secret share using an AES key derived from the provided aesKey. It uses the HKDF algorithm for key derivation and AES in CTR mode for decryption.

func EncryptHKDF

func EncryptHKDF(shareBytes, aesKey, nonceBytes []byte) ([]byte, error)

EncryptHKDF encrypts the given shareBytes using an AES key derived from the provided aesKey and nonceBytes using the HKDF algorithm.

func ExpandMessageXMD

func ExpandMessageXMD(h func(data ...[]byte) []byte, msg []byte, dst []byte, len_in_bytes int) ([]byte, error)

ExpandMessageXMD generates a uniformly random byte string using a cryptographic hash function H that outputs b bits.

Requirements:

  • H should output b bits where b >= 2 * k (k is the target security level in bits) and b is divisible by 8. This ensures k-bit collision resistance and uniformity of output.
  • H could be a Merkle-Damgaard hash function like SHA-2, a sponge-based hash function like SHA-3 or BLAKE2, or any hash function that is indifferentiable from a random oracle.
  • Recommended choices for H are SHA-2 and SHA-3. For a 128-bit security level, b >= 256 bits and either SHA-256 or SHA3-256 would be appropriate.
  • H should ingest fixed-length blocks of data. The length in bits of these blocks is the input block size (s). H requires b <= s for correctness.

Parameters: - H: A hash function. - msg: Input byte string. - DST: Domain Separation Tag, a byte string of at most 255 bytes. - lenInBytes: Length of the requested output in bytes, not greater than the lesser of (255 * b_in_bytes) or 2^16-1.

This function returns a byte string of length lenInBytes that is uniformly random and independent of msg, provided H meets the requirements above.

https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-16#name-expand_message_xmd

func GenerateDKGNonce

func GenerateDKGNonce() (Scalar, Point, error)

GenerateDKGNonce generates a DKG (Distributed Key Generation) nonce consisting of a scalar and a point.

func H1

func H1(msg []byte) ([]byte, error)

Implemented as hash_to_field(m, 1) using expand_message_xmd with SHA-256 with parameters DST = contextString || "rho", F set to the scalar field, p set to G.Order(), m = 1, and L = 48.

func H2

func H2(msg []byte) ([]byte, error)

H2(m): Implemented as hash_to_field(m, 1) using expand_message_xmd with SHA-256 with parameters DST = contextString || "chal", F set to the scalar field, p set to G.Order(), m = 1, and L = 48.

func H3

func H3(msg []byte) ([]byte, error)

H3(m): Implemented as hash_to_field(m, 1) using expand_message_xmd with SHA-256 with parameters DST = contextString || "nonce", F set to the scalar field, p set to G.Order(), m = 1, and L = 48.

func H4

func H4(msg []byte) []byte

H4(m): Implemented by computing H(contextString || "msg" || m).

func H5

func H5(msg []byte) []byte

H5(m): Implemented by computing H(contextString || "com" || m).

func H_M1_L48

func H_M1_L48(
	h func(data ...[]byte) []byte,
	count int,
	p *big.Int,
	msg []byte,
	contextString string,
) ([][]*big.Int, error)

H_M1_L48 is a helper function that hashes an input message into a set of field elements. It uses a hash function H and an expand function defined by the ExpandMessageXMD method.

Parameters:

  • H: A function that takes a variable number of byte slices and returns a byte slice. This function is used as the hash function in the ExpandMessageXMD method.
  • count: The number of field elements to produce.
  • p: The prime number defining the finite field.
  • msg: The input message to be hashed.
  • contextString: A domain separation string for the ExpandMessageXMD method.

The function first defines an expand function that uses the provided hash function H and the domain separation string. It then calls the HashToField function with this expand function and the other parameters to produce the field elements.

Returns: - A slice of field elements, each represented as a *big.Int. - An error if the HashToField function returns an error.

func Hash

func Hash(data ...[]byte) []byte

H(m) Hash calculates the Keccak-256 hash of the given data. It returns the hash value as a byte slice.

func HashSignCommitment

func HashSignCommitment(data []byte) []byte

H6(m) HashSignCommitment computes a hash of commitment and returns the hash as a byte slice.

func HashSignMsg

func HashSignMsg(data []byte) []byte

H5(m) HashSignMsg computes a hash of the message for signing purposes and returns the hash as a byte slice.

func HashToField

func HashToField(
	msg []byte,
	count int,
	p *big.Int,
	m int,
	l int,
	expand func([]byte, int) ([]byte, error),
) ([][]*big.Int, error)

HashToField is a function that hashes an input message into a set of field elements. It is designed to be efficient for certain extension fields, specifically fields of the form GF(p^m).

Parameters: - msg: The input message to be hashed. - count: The number of field elements to output. - p: The characteristic of the finite field F. - m: The extension degree of the finite field F. - L: A parameter defined as ceil((ceil(log2(p)) + k) / 8), where k is the security parameter of the suite. - expand: A function that expands a byte string into a uniformly random byte string.

The function generates field elements that are uniformly random except with bias at most 2^-k, where k is the security parameter. It does not use rejection sampling and is designed to be amenable to straight line implementations.

The function may fail (abort) if the expand function fails.

Returns: - A slice of field elements, each represented as a *big.Int. - An error if the expand function returns an error.

https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-16#section-5.1

func I2OSP

func I2OSP(x, xLen int) ([]byte, error)

I2OSP - Integer-to-Octet-String primitive converts a nonnegative integer to an octet string of a specified length `len(buf)`, and stores it in `buf`. Reference: https://datatracker.ietf.org/doc/html/rfc8017#section-4.1

func OS2IP

func OS2IP(buf []byte) *big.Int

OS2IP - Octet-String-to-Integer primitive converts an octet string to a nonnegative integer. Reference: https://datatracker.ietf.org/doc/html/rfc8017#section-4.2

func PaddingBytes

func PaddingBytes(data []byte, length int) []byte

PaddingBytes pads a byte slice with zero bytes to a specified length.

func RandomBytes

func RandomBytes(length int) ([]byte, error)

RandomBytes generates random bytes.

func SignComplaint

func SignComplaint(
	oneTimePubI Point,
	oneTimePubJ Point,
	oneTimePrivI Scalar,
) (ComplaintSignature, Point, error)

SignComplaint generates a signature and related parameters for complaining against a misbehaving member.

func Verify

func Verify(
	rawSignatureR Point,
	rawSignatureS Scalar,
	rawChallenge Scalar,
	rawPubKey Point,
	rawGenerator Point,
	rawLagrange Scalar,
) error

Verify verifies the given schnorr signature against the challenge, public key, generator point, and optional override signature R value. It returns an error if the verification process fails.

func VerifyA0Signature

func VerifyA0Signature(
	mid MemberID,
	dkgContext []byte,
	signature Signature,
	a0Pub Point,
) error

VerifyA0Signature verifies the signature for the A0 in round 1.

func VerifyComplaint

func VerifyComplaint(
	oneTimePubI Point,
	oneTimePubJ Point,
	keySym Point,
	complaintSignature ComplaintSignature,
	encSecretShare EncSecretShare,
	midI MemberID,
	commits Points,
) error

VerifyComplaint verifies the complaint using the complaint signature and encrypted secret share.

func VerifyComplaintSignature

func VerifyComplaintSignature(
	oneTimePubI Point,
	oneTimePubJ Point,
	keySym Point,
	complaintSignature ComplaintSignature,
) error

VerifyComplaintSignature verifies the signature of a complaint using the given parameters.

func VerifyGroupSigningSignature

func VerifyGroupSigningSignature(
	groupPubKey Point,
	data []byte,
	signature Signature,
) error

VerifyGroupSigning verifies the group signing using the group public key, data, and signature.

func VerifyOneTimeSignature

func VerifyOneTimeSignature(
	mid MemberID,
	dkgContext []byte,
	signature Signature,
	oneTimePub Point,
) error

VerifyOneTimeSignature verifies the signature for the one-time in round 1.

func VerifyOwnPubKeySignature

func VerifyOwnPubKeySignature(
	mid MemberID,
	dkgContext []byte,
	signature Signature,
	ownPub Point,
) error

VerifyOwnPubKeySignature verifies the signature of an own public key using the given DKG context, own public key, and signature.

func VerifySecretShare

func VerifySecretShare(mid MemberID, rawSecretShare Scalar, rawCommits Points) error

VerifySecretShare verifies the validity of a secret share for a given member. It compares the computed yG from the secret share with the yG computed from the commits.

func VerifySigningSignature

func VerifySigningSignature(
	groupPubNonce Point,
	groupPubKey Point,
	data []byte,
	rawLagrange Scalar,
	signature Signature,
	ownPubKey Point,
) error

VerifySigning verifies the signing using the group public nonce, group public key, data, Lagrange coefficient, signature, and own public key.

Types

type CommitmentIDE

type CommitmentIDE struct {
	ID MemberID
	D  Point
	E  Point
}

CommitmentIDE represents a commitment issued by a participant in the signing process

Fields: - ID: A NonZeroScalar identifier for the participant (uint64) - D: The hiding nonce commitment is represented by the type Point - E: The binding nonce commitment is represented by the type Point

type CommitmentIDEList

type CommitmentIDEList []CommitmentIDE

CommitmentIDEList is a slice of CommitmentIDE structs.

This type represents a list of commitments issued by each participant in the signing process. Each element in the list indicates an identifier and two commitment PublicKey values as a tuple <i, hiding_nonce_commitment, binding_nonce_commitment>.

Please note that this list must be sorted in ascending order by identifier

func (CommitmentIDEList) Len

func (b CommitmentIDEList) Len() int

Len returns the number of elements in the CommitmentIDEList.

func (CommitmentIDEList) Sort

func (b CommitmentIDEList) Sort() error

Sort sorts the CommitmentIDEList in ascending order by the identifier (ID) of each CommitmentIDE. It also checks for repeated elements and returns an error if any are found.

type ComplaintSignature

type ComplaintSignature []byte

ComplaintSignature represents a signature (a1, a2, z) stored as bytes. It uses schnorr.ComplaintSignature as a base implementation for serialization and parsing.

func NewComplaintSignature

func NewComplaintSignature(bytes []byte) (ComplaintSignature, error)

NewComplaintSignature constructs a ComplaintSignature from bytes.

func NewComplaintSignatureFromComponents

func NewComplaintSignatureFromComponents(rawA1 Point, rawA2 Point, rawZ Scalar) (ComplaintSignature, error)

NewComplaintSignatureFromComponents generates a complaint signature from 2 Points (A1, A2) and Scalar (Z). It returns a ComplaintSignature and an error, if any.

func NewComplaintSignatureFromType

func NewComplaintSignatureFromType(signature *schnorr.ComplaintSignature) ComplaintSignature

NewComplaintSignatureFromType parses a schnorr.ComplaintSignature into a ComplaintSignature.

func (ComplaintSignature) A1

func (cs ComplaintSignature) A1() Point

A1 returns the A1 part of the complaint signature.

func (ComplaintSignature) A2

func (cs ComplaintSignature) A2() Point

A2 returns the A2 part of the complaint signature.

func (ComplaintSignature) Bytes

func (cs ComplaintSignature) Bytes() []byte

Bytes returns the underlying byte slice of the ComplaintSignature.

func (ComplaintSignature) Marshal

func (cs ComplaintSignature) Marshal() ([]byte, error)

Marshal needed for protobuf compatibility

func (ComplaintSignature) MarshalJSON

func (cs ComplaintSignature) MarshalJSON() ([]byte, error)

MarshalJSON converts the ComplaintSignature to its JSON representation.

func (ComplaintSignature) String

func (cs ComplaintSignature) String() string

String returns the hexadecimal representation of the ComplaintSignature in uppercase.

func (*ComplaintSignature) Unmarshal

func (cs *ComplaintSignature) Unmarshal(data []byte) error

Unmarshal needed for protobuf compatibility

func (*ComplaintSignature) UnmarshalJSON

func (cs *ComplaintSignature) UnmarshalJSON(data []byte) error

UnmarshalJSON parses a JSON string into a ComplaintSignature.

func (ComplaintSignature) Validate

func (cs ComplaintSignature) Validate() error

Validate returns an error if the value is invalid.

func (ComplaintSignature) Z

func (cs ComplaintSignature) Z() Scalar

Z returns the Z part of the complaint signature.

type ComplaintSignatures

type ComplaintSignatures []ComplaintSignature

ComplaintSignatures represents a slice of ComplaintSignature values.

type DefaultNonce16Generator

type DefaultNonce16Generator struct{}

DefaultNonce16Generator is a struct that implements the INonce16Generator interface. It provides a default mechanism to generate a slice of 16 random bytes.

func (DefaultNonce16Generator) RandBytes16

func (dng DefaultNonce16Generator) RandBytes16() ([]byte, error)

RandBytes16 generates a 16-byte random nonce. It returns a slice of 16 cryptographically secure random bytes and an error if the random byte generation fails. This method satisfies the INonce16Generator interface.

type EncSecretShare

type EncSecretShare []byte

EncSecretShare represents a structure for storing an encrypted secret share. It contains the encrypted value `Value` and the corresponding nonce `Nonce` used in the Elgamal encryption process. The `Value` field holds the encrypted data, and `Nonce` is used to ensure the security and uniqueness of the encryption.

func Encrypt

func Encrypt(value Scalar, key Point, n16g INonce16Generator) (EncSecretShare, error)

Encrypt takes a scalar value and a point key and returns an encrypted secret share. It uses a INonce16Generator to generate a nonce for the encryption process.

func NewEncSecretShare

func NewEncSecretShare(value []byte, nonce []byte) (EncSecretShare, error)

func (EncSecretShare) Bytes

func (e EncSecretShare) Bytes() []byte

Bytes returns the underlying byte slice of the EncSecretShare.

func (EncSecretShare) Clone

func (e EncSecretShare) Clone() EncSecretShare

Clone creates a deep copy of the EncSecretShare instance.

func (EncSecretShare) Marshal

func (e EncSecretShare) Marshal() ([]byte, error)

Marshal needed for protobuf compatibility

func (EncSecretShare) MarshalJSON

func (e EncSecretShare) MarshalJSON() ([]byte, error)

MarshalJSON converts the EncSecretShare to its JSON representation.

func (EncSecretShare) Nonce

func (e EncSecretShare) Nonce() []byte

Nonce return the nonce part of EncSecretShare

func (EncSecretShare) String

func (e EncSecretShare) String() string

String returns the hexadecimal representation of the EncSecretShare in uppercase.

func (*EncSecretShare) Unmarshal

func (e *EncSecretShare) Unmarshal(data []byte) error

Unmarshal needed for protobuf compatibility

func (*EncSecretShare) UnmarshalJSON

func (e *EncSecretShare) UnmarshalJSON(data []byte) error

UnmarshalJSON parses a JSON string into a EncSecretShare.

func (EncSecretShare) Validate

func (e EncSecretShare) Validate() error

Validate checks the integrity and validity of the EncSecretShare instance. It ensures that the encrypted value and nonce have the correct expected sizes.

func (EncSecretShare) Value

func (e EncSecretShare) Value() []byte

Value return the value part of EncSecretShare

type EncSecretShares

type EncSecretShares []EncSecretShare

EncSecretShares is a slice of EncSecretShare. It's used for storing multiple encrypted secret shares. This type is particularly useful when dealing with scenarios where multiple pieces of data need to be encrypted, such as in threshold cryptography or secure multiparty computations, where each participant might have their own encrypted share of a secret.

func ComputeEncryptedSecretShares

func ComputeEncryptedSecretShares(
	mid MemberID,
	rawPrivKey Scalar,
	rawPubKeys Points,
	rawCoeffcients Scalars,
	n16g INonce16Generator,
) (EncSecretShares, error)

ComputeEncryptedSecretShares computes the encrypted secret shares for a member.

func EncryptSecretShares

func EncryptSecretShares(
	secretShares Scalars,
	keySyms Points,
	n16g INonce16Generator,
) (EncSecretShares, error)

EncryptSecretShares encrypts secret shares using key syms.

func (EncSecretShares) Clone

func (es EncSecretShares) Clone() EncSecretShares

Clone creates a deep copy of the EncSecretShares slice. It iterates through the slice, cloning each EncSecretShare to ensure that modifications to the cloned slice do not affect the original EncSecretShares.

func (EncSecretShares) Validate

func (es EncSecretShares) Validate() error

Validate iterates through each EncSecretShare in the EncSecretShares slice, performing validation checks on each EncSecretShare.

type Error

type Error struct {
	// contains filtered or unexported fields
}

Error represents a TSS error.

func NewError

func NewError(err error, format string, args ...interface{}) *Error

NewError creates a new TSS error with the given wrapped error and description.

func (*Error) Error

func (e *Error) Error() string

Error returns the string representation of the error.

func (*Error) Unwrap

func (e *Error) Unwrap() error

Unwrap returns the underlying wrapped error.

type ErrorKind

type ErrorKind string

ErrorKind represents a specific kind of TSS error.

func (ErrorKind) Error

func (e ErrorKind) Error() string

Error returns the string representation of the ErrorKind.

type GroupID

type GroupID uint64

GroupID represents the ID of a group.

type INonce16Generator

type INonce16Generator interface {
	RandBytes16() ([]byte, error)
}

INonce16Generator defines an interface for generating a 16-byte nonce.

type KeyPair

type KeyPair struct {
	PrivKey Scalar
	PubKey  Point
}

KeyPair represents a key pair consisting of a private key and a public key.

func GenerateKeyPair

func GenerateKeyPair() (KeyPair, error)

GenerateKeyPair generates a new key pair. It returns a KeyPair value and an error, if any.

type KeyPairs

type KeyPairs []KeyPair

KeyPairs represents a slice of KeyPair values.

func GenerateKeyPairs

func GenerateKeyPairs(n uint64) (KeyPairs, error)

GenerateKeyPairs generates a specified number of key pairs. It returns a slice of KeyPair values and an error, if any.

type MemberID

type MemberID uint64

MemberID represents the ID of a member. Please note that the MemberID can only be 1, 2, 3, ..., 2**64 - 1

func MemberIDZero

func MemberIDZero() MemberID

MemberIDZero returns a MemberID with a value of 0. This is outside the valid range for MemberID values, and thus should not be used as a valid MemberID in any operational context. It is primarily intended for use in scenarios where a placeholder or default value is needed.

func NewMemberID

func NewMemberID(value interface{}) MemberID

NewMemberID creates a new MemberID from any value, ensuring it is within the valid range. Panic if the input value cannot be converted to a uint64 or if it is less than 1.

type Point

type Point []byte

Point represents a point (x, y, z) stored as bytes. It uses secp256k1.JacobianPoint and secp256k1.PublicKey as base implementations for serialization and parsing.

func ComputeGroupPublicKey

func ComputeGroupPublicKey(rawA0Commits ...Point) (Point, error)

ComputeGroupPublicKey computes the group public key from a set of A0 commits. The formula used is: Y = Σ(i=1 to n) (Commit_j0)

func ComputeGroupPublicNonce

func ComputeGroupPublicNonce(rawOwnPubNonces ...Point) (Point, error)

ComputeGroupPublicNonce calculates the group public nonce for a given slice of own public nonces. Formula: Sum(PubNonce1, PubNonce2, ..., PubNonceN)

func ComputeOwnPubNonce

func ComputeOwnPubNonce(rawPubD Point, rawPubE Point, rawBindingFactor Scalar) (Point, error)

ComputeOwnPubNonce calculates the own public nonce for a given public D, public E, and binding factor. Formula: D + bindingFactor * E

func ComputeOwnPublicKey

func ComputeOwnPublicKey(rawSumCommits Points, mid MemberID) (Point, error)

ComputeOwnPublicKey computes the own public key for a given set of sum commits and x. The formula used is: Yi = Σ(k=0 to t-1) (i^k * Σ(j=1 to n) (Commit_jk))

func ComputeSecretShareCommit

func ComputeSecretShareCommit(rawCommits Points, mid MemberID) (Point, error)

ComputeSecretShareCommit computes the secret share commit for a given set of commits and x. The formula used is: y * G = f_ij(x) * G = c_0 + c_1 * x^1 + ... + c_n-1 * x^(n-1) + c_n * x^n rawCommits represents the commits c_0, c_1, ..., c_n-1, c_n = a_0 * G, a_1 * G, ..., a_n-1 * G, a_n * G rawX represents x, the index of the shared secret commit.

func ComputeSecretSym

func ComputeSecretSym(rawSecretKey Scalar, rawPubKeyJ Point) (Point, error)

ComputeSecretSym computes the symmetry value between a secret value and a public key. It returns the computed symmetry value as a PublicKey and an error, if any.

func NewPoint

func NewPoint(bytes []byte) (Point, error)

NewPoint constructs a Point from bytes.

func NewPointFromJacobianPoint

func NewPointFromJacobianPoint(point *secp256k1.JacobianPoint) Point

NewPointFromJacobianPoint parses a secp256k1.JacobianPoint into a Point.

func NewPointFromPublicKey

func NewPointFromPublicKey(pubKey *secp256k1.PublicKey) Point

NewPointFromPublicKey parses a secp256k1.PublicKey into a Point.

func SolvePointPolynomial

func SolvePointPolynomial(rawCoefficientCommits Points, rawX Scalar) (Point, error)

SolvePointPolynomial solves a point polynomial equation. It takes points as coefficient commits and a value x, and returns the result as a point and an error, if any.

func SumPoints

func SumPoints(rawPoints ...Point) (Point, error)

SumPoints computes the sum of multiple points. It returns the computed sum as a Point and an error, if any.

func (Point) Address

func (p Point) Address() ([]byte, error)

Address returns an ethereum address of the point

func (Point) Bytes

func (p Point) Bytes() []byte

Bytes returns the underlying byte slice of the Point.

func (Point) Marshal

func (p Point) Marshal() ([]byte, error)

Marshal needed for protobuf compatibility

func (Point) MarshalJSON

func (p Point) MarshalJSON() ([]byte, error)

MarshalJSON converts the Point to its JSON representation.

func (Point) String

func (p Point) String() string

String returns the hexadecimal representation of the Point in uppercase.

func (*Point) Unmarshal

func (p *Point) Unmarshal(data []byte) error

Unmarshal needed for protobuf compatibility

func (*Point) UnmarshalJSON

func (p *Point) UnmarshalJSON(data []byte) error

UnmarshalJSON parses a JSON string into a Point.

func (Point) Validate

func (p Point) Validate() error

Validate returns an error if the value is invalid.

type Points

type Points []Point

Points represents a slice of Point values.

type Round1Info

type Round1Info struct {
	OneTimePrivKey     Scalar
	OneTimePubKey      Point
	OneTimeSignature   Signature
	A0PrivKey          Scalar
	A0PubKey           Point
	A0Signature        Signature
	Coefficients       Scalars
	CoefficientCommits Points
}

Round1Info contains the data for round 1 of the DKG process of TSS

func GenerateRound1Info

func GenerateRound1Info(
	mid MemberID,
	threshold uint64,
	dkgContext []byte,
) (*Round1Info, error)

GenerateRound1Info generates the data of round 1 for a member in the DKG process of TSS

type Scalar

type Scalar []byte

Scalar represents a scalar value stored as bytes. It uses secp256k1.ModNScalar and secp256k1.PrivateKey as a base implementation for serialization and parsing.

func ComputeLagrangeCoefficient

func ComputeLagrangeCoefficient(mid MemberID, memberList []MemberID) (Scalar, error)

ComputeLagrangeCoefficient calculates the Lagrange coefficient for a given member ID and total number of members.

func ComputeOwnBindingFactor

func ComputeOwnBindingFactor(mid MemberID, data []byte, commitment []byte) (Scalar, error)

ComputeOwnBindingFactor calculates the own binding factor (Lo) value for a given member ID, data, and commitment. bindingFactor = HashBindingFactor(i, data , B) B = <<i,Di,Ei>,...>

func ComputeOwnPrivNonce

func ComputeOwnPrivNonce(rawPrivD Scalar, rawPrivE Scalar, rawBindingFactor Scalar) (Scalar, error)

ComputeOwnPrivNonce calculates the own private nonce for a given private d, private e, and binding factor. Formula: d + bindingFactor * e

func ComputeOwnPrivateKey

func ComputeOwnPrivateKey(rawSecretShares ...Scalar) (Scalar, error)

ComputeOwnPrivateKey computes the own private key from a set of secret shares. The formula used is: si = Σ(j=1 to n) (f_j(i))

func ComputeSecretShare

func ComputeSecretShare(rawCoeffcients Scalars, mid MemberID) (Scalar, error)

ComputeSecretShare computes the secret share for a given set of coefficients and x.

func Decrypt

func Decrypt(e EncSecretShare, key Point) (Scalar, error)

Decrypt takes an encrypted secret share and a point key, and returns the decrypted scalar value. It delegates the decryption process to the DecryptHKDF function.

func DecryptSecretShare

func DecryptSecretShare(
	encSecretShare EncSecretShare,
	keySym Point,
) (Scalar, error)

DecryptSecretShare decrypts a encrypted secret share using the key sym.

func GenerateSigningNonce

func GenerateSigningNonce(secret Scalar) (Scalar, error)

GenerateSigningNonce is a function responsible for producing a signing nonce derived from a given private key. This nonce generation ensures a uniform distribution of hash values over the span of the elliptic curve's order.

func HashBindingFactor

func HashBindingFactor(mid MemberID, data []byte, commitment []byte) (Scalar, error)

H7(m) HashBindingFactor computes a hash to generate binding factor and returns it as a scalar.

func HashChallenge

func HashChallenge(rawGroupPubNonce, rawGroupPubKey Point, data []byte) (Scalar, error)

H8(m) HashChallenge computes a hash to generate challenge of signing a signature and returns it as a scalar.

func HashNonce

func HashNonce(random []byte, secretKey Scalar) (Scalar, error)

H9(m) HashNonce computes a hash of the provided data for the nonce and returns it as a scalar.

func HashRound1A0

func HashRound1A0(pubNonce Point, mid MemberID, dkgContext []byte, a0Pub Point) (Scalar, error)

H1(m) HashRound1A0 computes a hash of the provided data for Round1A0 and returns it as a scalar.

func HashRound1OneTime

func HashRound1OneTime(pubNonce Point, mid MemberID, dkgContext []byte, oneTimePub Point) (Scalar, error)

H2(m) HashRound1OneTime computes a hash of the provided data for Round1OneTime and returns it as a scalar.

func HashRound3Complain

func HashRound3Complain(
	pubNonce Point,
	nonceSym Point,
	oneTimePubI Point,
	oneTimePubJ Point,
	keySym Point,
) (Scalar, error)

H3(m) HashRound3Complain computes a hash of the provided data for Round3Complain and returns it as a scalar.

func HashRound3OwnPubKey

func HashRound3OwnPubKey(pubNonce Point, mid MemberID, dkgContext []byte, ownPub Point) (Scalar, error)

H4(m) HashRound3OwnPubKey computes a hash of the provided data for Round3OwnPubKey and returns it as a scalar.

func NewScalar

func NewScalar(bytes []byte) (Scalar, error)

NewScalar constructs a Scalar from bytes.

func NewScalarFromModNScalar

func NewScalarFromModNScalar(scalar *secp256k1.ModNScalar) Scalar

NewScalarFromModNScalar parses a secp256k1.ModNScalar into a Scalar.

func NewScalarFromPrivateKey

func NewScalarFromPrivateKey(privKey *secp256k1.PrivateKey) Scalar

NewScalarFromPrivateKey parses a secp256k1.PrivateKey into a Scalar.

func RandomScalar

func RandomScalar() (Scalar, error)

RandomScalar is a function that creates a random scalar value. This method ensures a uniform distribution of generated scalars across the span of the elliptic curve's order.

func SolveScalarPolynomial

func SolveScalarPolynomial(rawCoefficients Scalars, rawX Scalar) Scalar

SolveScalarPolynomial solves a scalar polynomial equation. It takes scalars as coefficients and a value x, and returns the result as a scalar and an error, if any.

func SumScalars

func SumScalars(rawScalars ...Scalar) Scalar

SumScalars computes the sum of multiple scalars. It returns the computed sum as a Scalar.

func (Scalar) Bytes

func (s Scalar) Bytes() []byte

Bytes returns the underlying byte slice of the Scalar.

func (Scalar) Marshal

func (s Scalar) Marshal() ([]byte, error)

Marshal needed for protobuf compatibility

func (Scalar) MarshalJSON

func (s Scalar) MarshalJSON() ([]byte, error)

MarshalJSON converts the Scalar to its JSON representation.

func (Scalar) Point

func (s Scalar) Point() Point

Point converts a Scalar to a Point.

func (Scalar) String

func (s Scalar) String() string

String returns the hexadecimal representation of the Scalar in uppercase.

func (*Scalar) Unmarshal

func (s *Scalar) Unmarshal(data []byte) error

Unmarshal needed for protobuf compatibility

func (*Scalar) UnmarshalJSON

func (s *Scalar) UnmarshalJSON(data []byte) error

UnmarshalJSON parses a JSON string into a Scalar.

func (Scalar) Validate

func (s Scalar) Validate() error

Validate returns an error if the scalar value is invalid.

type Scalars

type Scalars []Scalar

Scalars represents a slice of Scalar values.

func DecryptSecretShares

func DecryptSecretShares(
	encSecretShares []EncSecretShare,
	keySyms Points,
) (Scalars, error)

DecryptSecretShares decrypts a set of encrypted secret shares using the corresponding key syms.

type Signature

type Signature []byte

Signature represents a signature (r, s) stored as bytes. It uses schnorr.Signature as a base implementation for serialization and parsing.

func CombineSignatures

func CombineSignatures(rawSignatures ...Signature) (Signature, error)

CombineSignatures performs combining all signatures by sum up R and sum up S.

func NewSignature

func NewSignature(bytes []byte) (Signature, error)

NewSignature constructs a Signature from bytes.

func NewSignatureFromComponents

func NewSignatureFromComponents(rawR Point, rawS Scalar) (Signature, error)

NewSignatureFromComponents generates a signature from Point (R) and Scalar (S). It returns a Signature and an error, if any.

func NewSignatureFromType

func NewSignatureFromType(signature *schnorr.Signature) Signature

NewSignatureFromType parses a schnorr.Signature into a Signature.

func Sign

func Sign(
	rawPrivKey Scalar,
	rawChallenge Scalar,
	rawNonce Scalar,
	rawLagrange Scalar,
) (Signature, error)

Sign generates a schnorr signature for the given private key, challenge, and nonce. It returns the signature and an error if the signing process fails.

func SignA0

func SignA0(
	mid MemberID,
	dkgContext []byte,
	a0Pub Point,
	a0Priv Scalar,
) (Signature, error)

SignA0 generates a signature for the A0 in round 1.

func SignOneTime

func SignOneTime(
	mid MemberID,
	dkgContext []byte,
	oneTimePub Point,
	onetimePriv Scalar,
) (Signature, error)

SignOneTime generates a signature for the one-time in round 1.

func SignOwnPubKey

func SignOwnPubKey(
	mid MemberID,
	dkgContext []byte,
	ownPub Point,
	ownPriv Scalar,
) (Signature, error)

SignOwnPubKey signs the own public key using the given DKG context, own public key, and own private key.

func SignSigning

func SignSigning(
	groupPubNonce Point,
	groupPubKey Point,
	data []byte,
	rawLagrange Scalar,
	ownPrivNonce Scalar,
	ownPrivKey Scalar,
) (Signature, error)

SignSigning performs signing using the group public nonce, group public key, data, Lagrange coefficient, own private nonce, and own private key.

func (Signature) Bytes

func (s Signature) Bytes() []byte

Bytes returns the underlying byte slice of the Signature.

func (Signature) Marshal

func (s Signature) Marshal() ([]byte, error)

Marshal needed for protobuf compatibility

func (Signature) MarshalJSON

func (s Signature) MarshalJSON() ([]byte, error)

MarshalJSON converts the Signature to its JSON representation.

func (Signature) R

func (s Signature) R() Point

R returns the R part of the signature.

func (Signature) S

func (s Signature) S() Scalar

S returns the S part of the signature.

func (Signature) String

func (s Signature) String() string

String returns the hexadecimal representation of the Signature in uppercase.

func (*Signature) Unmarshal

func (s *Signature) Unmarshal(data []byte) error

Unmarshal needed for protobuf compatibility

func (*Signature) UnmarshalJSON

func (s *Signature) UnmarshalJSON(data []byte) error

UnmarshalJSON parses a JSON string into a Signature.

func (Signature) Validate

func (s Signature) Validate() error

Validate returns an error if the value is invalid.

type Signatures

type Signatures []Signature

Signatures represents a slice of Signature values.

type SigningID

type SigningID uint64

SigningID represents the ID of a signing.

Directories

Path Synopsis
internal

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL