Documentation ¶
Index ¶
- Constants
- Variables
- func MultisigAdd(unisig []MultisigSig, msig *MultisigSig) (err error)
- func MultisigVerify(msg Hashable, addr Digest, sig MultisigSig) (verified bool, err error)
- func NewHash() hash.Hash
- func RandBytes(buf []byte)
- func RandUint63() uint64
- func RandUint64() uint64
- func VrfKeygen() (pub VrfPubkey, priv VrfPrivkey)
- func VrfKeygenFromSeed(seed [32]byte) (pub VrfPubkey, priv VrfPrivkey)
- type Digest
- func DigestFromString(str string) (d Digest, err error)
- func Hash(data []byte) Digest
- func HashObj(h Hashable) Digest
- func MultisigAddrGen(version, threshold uint8, pk []PublicKey) (addr Digest, err error)
- func MultisigAddrGenWithSubsigs(version uint8, threshold uint8, subsigs []MultisigSubsig) (addr Digest, err error)
- func (_ *Digest) CanMarshalMsg(z interface{}) bool
- func (_ *Digest) CanUnmarshalMsg(z interface{}) bool
- func (d Digest) IsZero() bool
- func (z *Digest) MarshalMsg(b []byte) (o []byte)
- func (z *Digest) MsgIsZero() bool
- func (z *Digest) Msgsize() (s int)
- func (d Digest) String() string
- func (d Digest) TrimUint64() uint64
- func (z *Digest) UnmarshalMsg(bts []byte) (o []byte, err error)
- type Hashable
- type MasterDerivationKey
- func (_ *MasterDerivationKey) CanMarshalMsg(z interface{}) bool
- func (_ *MasterDerivationKey) CanUnmarshalMsg(z interface{}) bool
- func (z *MasterDerivationKey) MarshalMsg(b []byte) (o []byte)
- func (z *MasterDerivationKey) MsgIsZero() bool
- func (z *MasterDerivationKey) Msgsize() (s int)
- func (z *MasterDerivationKey) UnmarshalMsg(bts []byte) (o []byte, err error)
- type MultisigSig
- func MultisigAssemble(unisig []MultisigSig) (msig MultisigSig, err error)
- func MultisigMerge(msig1 MultisigSig, msig2 MultisigSig) (msigt MultisigSig, err error)
- func MultisigPreimageFromPKs(version, threshold uint8, pks []PublicKey) MultisigSig
- func MultisigSign(msg Hashable, addr Digest, version, threshold uint8, pk []PublicKey, ...) (sig MultisigSig, err error)
- func (msig MultisigSig) Blank() bool
- func (_ *MultisigSig) CanMarshalMsg(z interface{}) bool
- func (_ *MultisigSig) CanUnmarshalMsg(z interface{}) bool
- func (msig MultisigSig) Equal(other MultisigSig) bool
- func (z *MultisigSig) MarshalMsg(b []byte) (o []byte)
- func (z *MultisigSig) MsgIsZero() bool
- func (z *MultisigSig) Msgsize() (s int)
- func (msig MultisigSig) Preimage() (version, threshold uint8, pks []PublicKey)
- func (z *MultisigSig) UnmarshalMsg(bts []byte) (o []byte, err error)
- type MultisigSubsig
- func (_ *MultisigSubsig) CanMarshalMsg(z interface{}) bool
- func (_ *MultisigSubsig) CanUnmarshalMsg(z interface{}) bool
- func (z *MultisigSubsig) MarshalMsg(b []byte) (o []byte)
- func (z *MultisigSubsig) MsgIsZero() bool
- func (z *MultisigSubsig) Msgsize() (s int)
- func (z *MultisigSubsig) UnmarshalMsg(bts []byte) (o []byte, err error)
- type OneTimeSignature
- func (_ *OneTimeSignature) CanMarshalMsg(z interface{}) bool
- func (_ *OneTimeSignature) CanUnmarshalMsg(z interface{}) bool
- func (z *OneTimeSignature) MarshalMsg(b []byte) (o []byte)
- func (z *OneTimeSignature) MsgIsZero() bool
- func (z *OneTimeSignature) Msgsize() (s int)
- func (z *OneTimeSignature) UnmarshalMsg(bts []byte) (o []byte, err error)
- type OneTimeSignatureIdentifier
- type OneTimeSignatureSecrets
- func (_ *OneTimeSignatureSecrets) CanMarshalMsg(z interface{}) bool
- func (_ *OneTimeSignatureSecrets) CanUnmarshalMsg(z interface{}) bool
- func (s *OneTimeSignatureSecrets) DeleteBeforeFineGrained(current OneTimeSignatureIdentifier, numKeysPerBatch uint64)
- func (z *OneTimeSignatureSecrets) MarshalMsg(b []byte) (o []byte)
- func (z *OneTimeSignatureSecrets) MsgIsZero() bool
- func (z *OneTimeSignatureSecrets) Msgsize() (s int)
- func (s *OneTimeSignatureSecrets) Sign(id OneTimeSignatureIdentifier, message Hashable) OneTimeSignature
- func (s *OneTimeSignatureSecrets) Snapshot() OneTimeSignatureSecrets
- func (z *OneTimeSignatureSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)
- type OneTimeSignatureSecretsPersistent
- func (_ *OneTimeSignatureSecretsPersistent) CanMarshalMsg(z interface{}) bool
- func (_ *OneTimeSignatureSecretsPersistent) CanUnmarshalMsg(z interface{}) bool
- func (z *OneTimeSignatureSecretsPersistent) MarshalMsg(b []byte) (o []byte)
- func (z *OneTimeSignatureSecretsPersistent) MsgIsZero() bool
- func (z *OneTimeSignatureSecretsPersistent) Msgsize() (s int)
- func (z *OneTimeSignatureSecretsPersistent) UnmarshalMsg(bts []byte) (o []byte, err error)
- type OneTimeSignatureSubkeyBatchID
- func (_ *OneTimeSignatureSubkeyBatchID) CanMarshalMsg(z interface{}) bool
- func (_ *OneTimeSignatureSubkeyBatchID) CanUnmarshalMsg(z interface{}) bool
- func (z *OneTimeSignatureSubkeyBatchID) MarshalMsg(b []byte) (o []byte)
- func (z *OneTimeSignatureSubkeyBatchID) MsgIsZero() bool
- func (z *OneTimeSignatureSubkeyBatchID) Msgsize() (s int)
- func (batch OneTimeSignatureSubkeyBatchID) ToBeHashed() (protocol.HashID, []byte)
- func (z *OneTimeSignatureSubkeyBatchID) UnmarshalMsg(bts []byte) (o []byte, err error)
- type OneTimeSignatureSubkeyOffsetID
- func (_ *OneTimeSignatureSubkeyOffsetID) CanMarshalMsg(z interface{}) bool
- func (_ *OneTimeSignatureSubkeyOffsetID) CanUnmarshalMsg(z interface{}) bool
- func (z *OneTimeSignatureSubkeyOffsetID) MarshalMsg(b []byte) (o []byte)
- func (z *OneTimeSignatureSubkeyOffsetID) MsgIsZero() bool
- func (z *OneTimeSignatureSubkeyOffsetID) Msgsize() (s int)
- func (off OneTimeSignatureSubkeyOffsetID) ToBeHashed() (protocol.HashID, []byte)
- func (z *OneTimeSignatureSubkeyOffsetID) UnmarshalMsg(bts []byte) (o []byte, err error)
- type OneTimeSignatureVerifier
- func (_ *OneTimeSignatureVerifier) CanMarshalMsg(z interface{}) bool
- func (_ *OneTimeSignatureVerifier) CanUnmarshalMsg(z interface{}) bool
- func (z *OneTimeSignatureVerifier) MarshalMsg(b []byte) (o []byte)
- func (z *OneTimeSignatureVerifier) MsgIsZero() bool
- func (z *OneTimeSignatureVerifier) Msgsize() (s int)
- func (z *OneTimeSignatureVerifier) UnmarshalMsg(bts []byte) (o []byte, err error)
- func (v OneTimeSignatureVerifier) Verify(id OneTimeSignatureIdentifier, message Hashable, sig OneTimeSignature) bool
- type OneTimeSigner
- type PRNG
- type PrivateKey
- func (_ *PrivateKey) CanMarshalMsg(z interface{}) bool
- func (_ *PrivateKey) CanUnmarshalMsg(z interface{}) bool
- func (z *PrivateKey) MarshalMsg(b []byte) (o []byte)
- func (z *PrivateKey) MsgIsZero() bool
- func (z *PrivateKey) Msgsize() (s int)
- func (z *PrivateKey) UnmarshalMsg(bts []byte) (o []byte, err error)
- type PublicKey
- func (_ *PublicKey) CanMarshalMsg(z interface{}) bool
- func (_ *PublicKey) CanUnmarshalMsg(z interface{}) bool
- func (z *PublicKey) MarshalMsg(b []byte) (o []byte)
- func (z *PublicKey) MsgIsZero() bool
- func (z *PublicKey) Msgsize() (s int)
- func (z *PublicKey) UnmarshalMsg(bts []byte) (o []byte, err error)
- type RNG
- type SecretKey
- type Seed
- type Signature
- func (s *Signature) Blank() bool
- func (_ *Signature) CanMarshalMsg(z interface{}) bool
- func (_ *Signature) CanUnmarshalMsg(z interface{}) bool
- func (z *Signature) MarshalMsg(b []byte) (o []byte)
- func (z *Signature) MsgIsZero() bool
- func (z *Signature) Msgsize() (s int)
- func (z *Signature) UnmarshalMsg(bts []byte) (o []byte, err error)
- type SignatureSecrets
- func (_ *SignatureSecrets) CanMarshalMsg(z interface{}) bool
- func (_ *SignatureSecrets) CanUnmarshalMsg(z interface{}) bool
- func (z *SignatureSecrets) MarshalMsg(b []byte) (o []byte)
- func (z *SignatureSecrets) MsgIsZero() bool
- func (z *SignatureSecrets) Msgsize() (s int)
- func (s *SignatureSecrets) Sign(message Hashable) Signature
- func (s *SignatureSecrets) SignBytes(message []byte) Signature
- func (z *SignatureSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)
- type SignatureVerifier
- type VRFProof
- type VRFSecrets
- func (_ *VRFSecrets) CanMarshalMsg(z interface{}) bool
- func (_ *VRFSecrets) CanUnmarshalMsg(z interface{}) bool
- func (z *VRFSecrets) MarshalMsg(b []byte) (o []byte)
- func (z *VRFSecrets) MsgIsZero() bool
- func (z *VRFSecrets) Msgsize() (s int)
- func (z *VRFSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)
- type VRFVerifier
- type VrfOutput
- func (_ *VrfOutput) CanMarshalMsg(z interface{}) bool
- func (_ *VrfOutput) CanUnmarshalMsg(z interface{}) bool
- func (z *VrfOutput) MarshalMsg(b []byte) (o []byte)
- func (z *VrfOutput) MsgIsZero() bool
- func (z *VrfOutput) Msgsize() (s int)
- func (z *VrfOutput) UnmarshalMsg(bts []byte) (o []byte, err error)
- type VrfPrivkey
- func (_ *VrfPrivkey) CanMarshalMsg(z interface{}) bool
- func (_ *VrfPrivkey) CanUnmarshalMsg(z interface{}) bool
- func (z *VrfPrivkey) MarshalMsg(b []byte) (o []byte)
- func (z *VrfPrivkey) MsgIsZero() bool
- func (z *VrfPrivkey) Msgsize() (s int)
- func (sk VrfPrivkey) Prove(message Hashable) (proof VrfProof, ok bool)
- func (sk VrfPrivkey) Pubkey() (pk VrfPubkey)
- func (z *VrfPrivkey) UnmarshalMsg(bts []byte) (o []byte, err error)
- type VrfProof
- func (_ *VrfProof) CanMarshalMsg(z interface{}) bool
- func (_ *VrfProof) CanUnmarshalMsg(z interface{}) bool
- func (proof VrfProof) Hash() (hash VrfOutput, ok bool)
- func (z *VrfProof) MarshalMsg(b []byte) (o []byte)
- func (z *VrfProof) MsgIsZero() bool
- func (z *VrfProof) Msgsize() (s int)
- func (z *VrfProof) UnmarshalMsg(bts []byte) (o []byte, err error)
- type VrfPubkey
- func (_ *VrfPubkey) CanMarshalMsg(z interface{}) bool
- func (_ *VrfPubkey) CanUnmarshalMsg(z interface{}) bool
- func (z *VrfPubkey) MarshalMsg(b []byte) (o []byte)
- func (z *VrfPubkey) MsgIsZero() bool
- func (z *VrfPubkey) Msgsize() (s int)
- func (z *VrfPubkey) UnmarshalMsg(bts []byte) (o []byte, err error)
- func (pk VrfPubkey) Verify(p VrfProof, message Hashable) (bool, VrfOutput)
Constants ¶
const DigestSize = sha512.Size256
DigestSize is the number of bytes in the preferred hash Digest used here.
Variables ¶
var BlankSignature = Signature{}
BlankSignature is an empty signature structure, containing nothing but zeroes
var SystemRNG = &systemRNG{}
SystemRNG implements the RNG interface using the system-wide randomness source (from Go's crypto/rand).
Functions ¶
func MultisigAdd ¶
func MultisigAdd(unisig []MultisigSig, msig *MultisigSig) (err error)
MultisigAdd adds unisig to an existing msig
func MultisigVerify ¶
func MultisigVerify(msg Hashable, addr Digest, sig MultisigSig) (verified bool, err error)
MultisigVerify verifies an assembled MultisigSig
func RandBytes ¶
func RandBytes(buf []byte)
RandBytes fills the provided structure with a set of random bytes
func RandUint63 ¶
func RandUint63() uint64
RandUint63 returns a random 64-bit unsigned integer which can be stored in a 64-bit signed integer without any data loss.
func VrfKeygen ¶
func VrfKeygen() (pub VrfPubkey, priv VrfPrivkey)
VrfKeygen generates a random VRF keypair.
func VrfKeygenFromSeed ¶
func VrfKeygenFromSeed(seed [32]byte) (pub VrfPubkey, priv VrfPrivkey)
VrfKeygenFromSeed deterministically generates a VRF keypair from 32 bytes of (secret) entropy.
Types ¶
type Digest ¶
type Digest [DigestSize]byte
Digest represents a 32-byte value holding the 256-bit Hash digest.
func DigestFromString ¶
DigestFromString converts a string to a Digest
func MultisigAddrGen ¶
MultisigAddrGen identifes the exact group, version, and devices (Public keys) that it requires to sign Hash("MultisigAddr" || version uint8 || threshold uint8 || PK1 || PK2 || ...)
func MultisigAddrGenWithSubsigs ¶
func MultisigAddrGenWithSubsigs(version uint8, threshold uint8, subsigs []MultisigSubsig) (addr Digest, err error)
MultisigAddrGenWithSubsigs is similiar to MultisigAddrGen except the input is []Subsig rather than []PublicKey
func (*Digest) CanMarshalMsg ¶
func (*Digest) CanUnmarshalMsg ¶
func (*Digest) MarshalMsg ¶
MarshalMsg implements msgp.Marshaler
func (*Digest) Msgsize ¶
Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
func (Digest) TrimUint64 ¶
TrimUint64 returns the top 64 bits of the digest and converts to uint64
type Hashable ¶
Hashable is an interface implemented by an object that can be represented with a sequence of bytes to be hashed or signed, together with a type ID to distinguish different types of objects.
type MasterDerivationKey ¶
type MasterDerivationKey [masterDerivationKeyLenBytes]byte
MasterDerivationKey is used to derive ed25519 keys for use in wallets
func (*MasterDerivationKey) CanMarshalMsg ¶
func (_ *MasterDerivationKey) CanMarshalMsg(z interface{}) bool
func (*MasterDerivationKey) CanUnmarshalMsg ¶
func (_ *MasterDerivationKey) CanUnmarshalMsg(z interface{}) bool
func (*MasterDerivationKey) MarshalMsg ¶
func (z *MasterDerivationKey) MarshalMsg(b []byte) (o []byte)
MarshalMsg implements msgp.Marshaler
func (*MasterDerivationKey) MsgIsZero ¶
func (z *MasterDerivationKey) MsgIsZero() bool
MsgIsZero returns whether this is a zero value
func (*MasterDerivationKey) Msgsize ¶
func (z *MasterDerivationKey) Msgsize() (s int)
Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
func (*MasterDerivationKey) UnmarshalMsg ¶
func (z *MasterDerivationKey) UnmarshalMsg(bts []byte) (o []byte, err error)
UnmarshalMsg implements msgp.Unmarshaler
type MultisigSig ¶
type MultisigSig struct { Version uint8 `codec:"v"` Threshold uint8 `codec:"thr"` Subsigs []MultisigSubsig `codec:"subsig,allocbound=maxMultisig"` // contains filtered or unexported fields }
MultisigSig is the structure that holds multiple Subsigs
func MultisigAssemble ¶
func MultisigAssemble(unisig []MultisigSig) (msig MultisigSig, err error)
MultisigAssemble assembles multiple MultisigSig
func MultisigMerge ¶
func MultisigMerge(msig1 MultisigSig, msig2 MultisigSig) (msigt MultisigSig, err error)
MultisigMerge merges two Multisigs msig1 and msig2 into msigt
func MultisigPreimageFromPKs ¶
func MultisigPreimageFromPKs(version, threshold uint8, pks []PublicKey) MultisigSig
MultisigPreimageFromPKs makes an empty MultisigSig for a given preimage. It should be renamed. TODO separate preimage type from sig type
func MultisigSign ¶
func MultisigSign(msg Hashable, addr Digest, version, threshold uint8, pk []PublicKey, sk SecretKey) (sig MultisigSig, err error)
MultisigSign is for each device individually signs the digest
func (MultisigSig) Blank ¶
func (msig MultisigSig) Blank() bool
Blank returns true iff the msig is empty. We need this instead of just comparing with == MultisigSig{}, because Subsigs is a slice.
func (*MultisigSig) CanMarshalMsg ¶
func (_ *MultisigSig) CanMarshalMsg(z interface{}) bool
func (*MultisigSig) CanUnmarshalMsg ¶
func (_ *MultisigSig) CanUnmarshalMsg(z interface{}) bool
func (MultisigSig) Equal ¶
func (msig MultisigSig) Equal(other MultisigSig) bool
Equal compares two MultisigSig structs for equality
func (*MultisigSig) MarshalMsg ¶
func (z *MultisigSig) MarshalMsg(b []byte) (o []byte)
MarshalMsg implements msgp.Marshaler
func (*MultisigSig) MsgIsZero ¶
func (z *MultisigSig) MsgIsZero() bool
MsgIsZero returns whether this is a zero value
func (*MultisigSig) Msgsize ¶
func (z *MultisigSig) Msgsize() (s int)
Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
func (MultisigSig) Preimage ¶
func (msig MultisigSig) Preimage() (version, threshold uint8, pks []PublicKey)
Preimage returns the version, threshold, and list of all public keys in a (partial) multisig address
func (*MultisigSig) UnmarshalMsg ¶
func (z *MultisigSig) UnmarshalMsg(bts []byte) (o []byte, err error)
UnmarshalMsg implements msgp.Unmarshaler
type MultisigSubsig ¶
type MultisigSubsig struct { Key PublicKey `codec:"pk"` // all public keys that are possible signers for this address Sig Signature `codec:"s"` // may be either empty or a signature // contains filtered or unexported fields }
MultisigSubsig is a struct that holds a pair of public key and signatures signatures may be empty
func (*MultisigSubsig) CanMarshalMsg ¶
func (_ *MultisigSubsig) CanMarshalMsg(z interface{}) bool
func (*MultisigSubsig) CanUnmarshalMsg ¶
func (_ *MultisigSubsig) CanUnmarshalMsg(z interface{}) bool
func (*MultisigSubsig) MarshalMsg ¶
func (z *MultisigSubsig) MarshalMsg(b []byte) (o []byte)
MarshalMsg implements msgp.Marshaler
func (*MultisigSubsig) MsgIsZero ¶
func (z *MultisigSubsig) MsgIsZero() bool
MsgIsZero returns whether this is a zero value
func (*MultisigSubsig) Msgsize ¶
func (z *MultisigSubsig) Msgsize() (s int)
Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
func (*MultisigSubsig) UnmarshalMsg ¶
func (z *MultisigSubsig) UnmarshalMsg(bts []byte) (o []byte, err error)
UnmarshalMsg implements msgp.Unmarshaler
type OneTimeSignature ¶
type OneTimeSignature struct { // Sig is a signature of msg under the key PK. Sig ed25519Signature `codec:"s"` PK ed25519PublicKey `codec:"p"` // Old-style signature that does not use proper domain separation. // PKSigOld is unused; however, unfortunately we forgot to mark it // `codec:omitempty` and so it appears (with zero value) in certs. // This means we can't delete the field without breaking catchup. PKSigOld ed25519Signature `codec:"ps"` // Used to verify a new-style two-level ephemeral signature. // PK1Sig is a signature of OneTimeSignatureSubkeyOffsetID(PK, Batch, Offset) under the key PK2. // PK2Sig is a signature of OneTimeSignatureSubkeyBatchID(PK2, Batch) under the master key (OneTimeSignatureVerifier). PK2 ed25519PublicKey `codec:"p2"` PK1Sig ed25519Signature `codec:"p1s"` PK2Sig ed25519Signature `codec:"p2s"` // contains filtered or unexported fields }
A OneTimeSignature is a cryptographic signature that is produced a limited number of times and provides forward integrity.
Specifically, a OneTimeSignature is generated from an ephemeral secret. After some number of messages is signed under a given OneTimeSignatureIdentifier identifier, the corresponding secret is deleted. This prevents the secret-holder from signing a contradictory message in the future in the event of a secret-key compromise.
func (*OneTimeSignature) CanMarshalMsg ¶
func (_ *OneTimeSignature) CanMarshalMsg(z interface{}) bool
func (*OneTimeSignature) CanUnmarshalMsg ¶
func (_ *OneTimeSignature) CanUnmarshalMsg(z interface{}) bool
func (*OneTimeSignature) MarshalMsg ¶
func (z *OneTimeSignature) MarshalMsg(b []byte) (o []byte)
MarshalMsg implements msgp.Marshaler
func (*OneTimeSignature) MsgIsZero ¶
func (z *OneTimeSignature) MsgIsZero() bool
MsgIsZero returns whether this is a zero value
func (*OneTimeSignature) Msgsize ¶
func (z *OneTimeSignature) Msgsize() (s int)
Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
func (*OneTimeSignature) UnmarshalMsg ¶
func (z *OneTimeSignature) UnmarshalMsg(bts []byte) (o []byte, err error)
UnmarshalMsg implements msgp.Unmarshaler
type OneTimeSignatureIdentifier ¶
type OneTimeSignatureIdentifier struct { // Batch represents the most-significant part of the identifier. Batch uint64 // Offset represents the least-significant part of the identifier. // When moving to a new Batch, the Offset values restart from 0. Offset uint64 }
A OneTimeSignatureIdentifier is an identifier under which a OneTimeSignature is produced on a given message. This identifier is represented using a two-level structure, which corresponds to two levels of our ephemeral key tree.
func (OneTimeSignatureIdentifier) BatchBytes ¶
func (id OneTimeSignatureIdentifier) BatchBytes() []byte
BatchBytes converts a OneTimeSignatureIdentifier into a byte slice representing the 64-bit batch number. This is used for the old-style way of signing an ephemeral subkey identifier.
type OneTimeSignatureSecrets ¶
type OneTimeSignatureSecrets struct { OneTimeSignatureSecretsPersistent // contains filtered or unexported fields }
OneTimeSignatureSecrets are used to produced unforgeable signatures over a message.
When the method OneTimeSignatureSecrets.DeleteBefore(ID) is called, ephemeral secrets corresponding to OneTimeSignatureIdentifiers preceding ID are deleted. Thereafter, an entity can no longer sign different messages with old OneTimeSignatureIdentifiers, protecting the integrity of the messages signed under those identifiers.
func GenerateOneTimeSignatureSecrets ¶
func GenerateOneTimeSignatureSecrets(startBatch uint64, numBatches uint64) *OneTimeSignatureSecrets
GenerateOneTimeSignatureSecrets is a version of GenerateOneTimeSignatureSecretsRNG that uses the system-wide randomness source.
func GenerateOneTimeSignatureSecretsRNG ¶
func GenerateOneTimeSignatureSecretsRNG(startBatch uint64, numBatches uint64, rng RNG) *OneTimeSignatureSecrets
GenerateOneTimeSignatureSecretsRNG creates a limited number of secrets that sign messages under OneTimeSignatureIdentifiers in the range [startBatch, startBatch+numBatches).
This range includes startBatch and excludes startBatch+numBatches.
Randomness comes from the supplied RNG.
func (*OneTimeSignatureSecrets) CanMarshalMsg ¶
func (_ *OneTimeSignatureSecrets) CanMarshalMsg(z interface{}) bool
func (*OneTimeSignatureSecrets) CanUnmarshalMsg ¶
func (_ *OneTimeSignatureSecrets) CanUnmarshalMsg(z interface{}) bool
func (*OneTimeSignatureSecrets) DeleteBeforeFineGrained ¶
func (s *OneTimeSignatureSecrets) DeleteBeforeFineGrained(current OneTimeSignatureIdentifier, numKeysPerBatch uint64)
DeleteBeforeFineGrained deletes ephemeral keys before (but not including) the given id.
func (*OneTimeSignatureSecrets) MarshalMsg ¶
func (z *OneTimeSignatureSecrets) MarshalMsg(b []byte) (o []byte)
MarshalMsg implements msgp.Marshaler
func (*OneTimeSignatureSecrets) MsgIsZero ¶
func (z *OneTimeSignatureSecrets) MsgIsZero() bool
MsgIsZero returns whether this is a zero value
func (*OneTimeSignatureSecrets) Msgsize ¶
func (z *OneTimeSignatureSecrets) Msgsize() (s int)
Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
func (*OneTimeSignatureSecrets) Sign ¶
func (s *OneTimeSignatureSecrets) Sign(id OneTimeSignatureIdentifier, message Hashable) OneTimeSignature
Sign produces a OneTimeSignature of some Hashable message under some OneTimeSignatureIdentifier.
func (*OneTimeSignatureSecrets) Snapshot ¶
func (s *OneTimeSignatureSecrets) Snapshot() OneTimeSignatureSecrets
Snapshot returns a copy of OneTimeSignatureSecrets consistent with respect to concurrent mutating calls (specifically, DeleteBefore*). This snapshot can be used for serializing the OneTimeSignatureSecrets to persistent storage.
func (*OneTimeSignatureSecrets) UnmarshalMsg ¶
func (z *OneTimeSignatureSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)
UnmarshalMsg implements msgp.Unmarshaler
type OneTimeSignatureSecretsPersistent ¶
type OneTimeSignatureSecretsPersistent struct { OneTimeSignatureVerifier // FirstBatch denotes the first batch whose subkey appears in Batches. // The odd `codec:` name is for backwards compatibility with previous // stored keys where we failed to give any explicit `codec:` name. FirstBatch uint64 `codec:"First"` Batches []ephemeralSubkey `codec:"Sub,allocbound=-"` // FirstOffset denotes the first offset whose subkey appears in Offsets. // These subkeys correspond to batch FirstBatch-1. FirstOffset uint64 `codec:"firstoff"` Offsets []ephemeralSubkey `codec:"offkeys,allocbound=-"` // When Offsets is non-empty, OffsetsPK2 is the intermediate-level public // key that can be used to verify signatures on the subkeys in Offsets, and // OffsetsPK2Sig is the signature from the master key (OneTimeSignatureVerifier) // on OneTimeSignatureSubkeyBatchID(OffsetsPK2, FirstBatch-1). OffsetsPK2 ed25519PublicKey `codec:"offpk2"` OffsetsPK2Sig ed25519Signature `codec:"offpk2sig"` // contains filtered or unexported fields }
OneTimeSignatureSecretsPersistent denotes the fields of a OneTimeSignatureSecrets that get stored to persistent storage (through reflection on exported fields).
func (*OneTimeSignatureSecretsPersistent) CanMarshalMsg ¶
func (_ *OneTimeSignatureSecretsPersistent) CanMarshalMsg(z interface{}) bool
func (*OneTimeSignatureSecretsPersistent) CanUnmarshalMsg ¶
func (_ *OneTimeSignatureSecretsPersistent) CanUnmarshalMsg(z interface{}) bool
func (*OneTimeSignatureSecretsPersistent) MarshalMsg ¶
func (z *OneTimeSignatureSecretsPersistent) MarshalMsg(b []byte) (o []byte)
MarshalMsg implements msgp.Marshaler
func (*OneTimeSignatureSecretsPersistent) MsgIsZero ¶
func (z *OneTimeSignatureSecretsPersistent) MsgIsZero() bool
MsgIsZero returns whether this is a zero value
func (*OneTimeSignatureSecretsPersistent) Msgsize ¶
func (z *OneTimeSignatureSecretsPersistent) Msgsize() (s int)
Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
func (*OneTimeSignatureSecretsPersistent) UnmarshalMsg ¶
func (z *OneTimeSignatureSecretsPersistent) UnmarshalMsg(bts []byte) (o []byte, err error)
UnmarshalMsg implements msgp.Unmarshaler
type OneTimeSignatureSubkeyBatchID ¶
type OneTimeSignatureSubkeyBatchID struct { SubKeyPK ed25519PublicKey `codec:"pk"` Batch uint64 `codec:"batch"` // contains filtered or unexported fields }
A OneTimeSignatureSubkeyBatchID identifies an ephemeralSubkey of a batch for the purposes of signing it with the top-level master key.
func (*OneTimeSignatureSubkeyBatchID) CanMarshalMsg ¶
func (_ *OneTimeSignatureSubkeyBatchID) CanMarshalMsg(z interface{}) bool
func (*OneTimeSignatureSubkeyBatchID) CanUnmarshalMsg ¶
func (_ *OneTimeSignatureSubkeyBatchID) CanUnmarshalMsg(z interface{}) bool
func (*OneTimeSignatureSubkeyBatchID) MarshalMsg ¶
func (z *OneTimeSignatureSubkeyBatchID) MarshalMsg(b []byte) (o []byte)
MarshalMsg implements msgp.Marshaler
func (*OneTimeSignatureSubkeyBatchID) MsgIsZero ¶
func (z *OneTimeSignatureSubkeyBatchID) MsgIsZero() bool
MsgIsZero returns whether this is a zero value
func (*OneTimeSignatureSubkeyBatchID) Msgsize ¶
func (z *OneTimeSignatureSubkeyBatchID) Msgsize() (s int)
Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
func (OneTimeSignatureSubkeyBatchID) ToBeHashed ¶
func (batch OneTimeSignatureSubkeyBatchID) ToBeHashed() (protocol.HashID, []byte)
ToBeHashed implements the Hashable interface for a OneTimeSignatureSubkeyBatchID. This is used to sign an intermediate subkey for a batch, in the new style (contrast with OneTimeSignatureIdentifier.BatchBytes).
func (*OneTimeSignatureSubkeyBatchID) UnmarshalMsg ¶
func (z *OneTimeSignatureSubkeyBatchID) UnmarshalMsg(bts []byte) (o []byte, err error)
UnmarshalMsg implements msgp.Unmarshaler
type OneTimeSignatureSubkeyOffsetID ¶
type OneTimeSignatureSubkeyOffsetID struct { SubKeyPK ed25519PublicKey `codec:"pk"` Batch uint64 `codec:"batch"` Offset uint64 `codec:"off"` // contains filtered or unexported fields }
A OneTimeSignatureSubkeyOffsetID identifies an ephemeralSubkey of a specific offset within a batch, for the purposes of signing it with the batch subkey.
func (*OneTimeSignatureSubkeyOffsetID) CanMarshalMsg ¶
func (_ *OneTimeSignatureSubkeyOffsetID) CanMarshalMsg(z interface{}) bool
func (*OneTimeSignatureSubkeyOffsetID) CanUnmarshalMsg ¶
func (_ *OneTimeSignatureSubkeyOffsetID) CanUnmarshalMsg(z interface{}) bool
func (*OneTimeSignatureSubkeyOffsetID) MarshalMsg ¶
func (z *OneTimeSignatureSubkeyOffsetID) MarshalMsg(b []byte) (o []byte)
MarshalMsg implements msgp.Marshaler
func (*OneTimeSignatureSubkeyOffsetID) MsgIsZero ¶
func (z *OneTimeSignatureSubkeyOffsetID) MsgIsZero() bool
MsgIsZero returns whether this is a zero value
func (*OneTimeSignatureSubkeyOffsetID) Msgsize ¶
func (z *OneTimeSignatureSubkeyOffsetID) Msgsize() (s int)
Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
func (OneTimeSignatureSubkeyOffsetID) ToBeHashed ¶
func (off OneTimeSignatureSubkeyOffsetID) ToBeHashed() (protocol.HashID, []byte)
ToBeHashed implements the Hashable interface for a OneTimeSignatureSubkeyOffsetID. This is used to sign a subkey for a specific offset in a batch.
func (*OneTimeSignatureSubkeyOffsetID) UnmarshalMsg ¶
func (z *OneTimeSignatureSubkeyOffsetID) UnmarshalMsg(bts []byte) (o []byte, err error)
UnmarshalMsg implements msgp.Unmarshaler
type OneTimeSignatureVerifier ¶
type OneTimeSignatureVerifier ed25519PublicKey
A OneTimeSignatureVerifier is used to identify the holder of OneTimeSignatureSecrets and prove the authenticity of OneTimeSignatures against some OneTimeSignatureIdentifier.
func (*OneTimeSignatureVerifier) CanMarshalMsg ¶
func (_ *OneTimeSignatureVerifier) CanMarshalMsg(z interface{}) bool
func (*OneTimeSignatureVerifier) CanUnmarshalMsg ¶
func (_ *OneTimeSignatureVerifier) CanUnmarshalMsg(z interface{}) bool
func (*OneTimeSignatureVerifier) MarshalMsg ¶
func (z *OneTimeSignatureVerifier) MarshalMsg(b []byte) (o []byte)
MarshalMsg implements msgp.Marshaler
func (*OneTimeSignatureVerifier) MsgIsZero ¶
func (z *OneTimeSignatureVerifier) MsgIsZero() bool
MsgIsZero returns whether this is a zero value
func (*OneTimeSignatureVerifier) Msgsize ¶
func (z *OneTimeSignatureVerifier) Msgsize() (s int)
Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
func (*OneTimeSignatureVerifier) UnmarshalMsg ¶
func (z *OneTimeSignatureVerifier) UnmarshalMsg(bts []byte) (o []byte, err error)
UnmarshalMsg implements msgp.Unmarshaler
func (OneTimeSignatureVerifier) Verify ¶
func (v OneTimeSignatureVerifier) Verify(id OneTimeSignatureIdentifier, message Hashable, sig OneTimeSignature) bool
Verify verifies that some Hashable signature was signed under some OneTimeSignatureVerifier and some OneTimeSignatureIdentifier.
It returns true if this is the case; otherwise, it returns false.
type OneTimeSigner ¶
type OneTimeSigner struct { *OneTimeSignatureSecrets OptionalKeyDilution uint64 }
OneTimeSigner is a wrapper for OneTimeSignatureSecrets that also includes the appropriate KeyDilution value. If zero, the value should be inherited from ConsensusParams.DefaultKeyDilution.
func (OneTimeSigner) KeyDilution ¶
func (ots OneTimeSigner) KeyDilution(params config.ConsensusParams) uint64
KeyDilution returns the appropriate key dilution value for a OneTimeSigner.
type PRNG ¶
type PRNG struct {
// contains filtered or unexported fields
}
PRNG is a pseudo-random implementation of RNG, used for deterministic testing.
type PrivateKey ¶
type PrivateKey ed25519PrivateKey
PrivateKey is an exported ed25519PrivateKey
func (*PrivateKey) CanMarshalMsg ¶
func (_ *PrivateKey) CanMarshalMsg(z interface{}) bool
func (*PrivateKey) CanUnmarshalMsg ¶
func (_ *PrivateKey) CanUnmarshalMsg(z interface{}) bool
func (*PrivateKey) MarshalMsg ¶
func (z *PrivateKey) MarshalMsg(b []byte) (o []byte)
MarshalMsg implements msgp.Marshaler
func (*PrivateKey) MsgIsZero ¶
func (z *PrivateKey) MsgIsZero() bool
MsgIsZero returns whether this is a zero value
func (*PrivateKey) Msgsize ¶
func (z *PrivateKey) Msgsize() (s int)
Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
func (*PrivateKey) UnmarshalMsg ¶
func (z *PrivateKey) UnmarshalMsg(bts []byte) (o []byte, err error)
UnmarshalMsg implements msgp.Unmarshaler
type PublicKey ¶
type PublicKey ed25519PublicKey
PublicKey is an exported ed25519PublicKey
func SecretKeyToPublicKey ¶
func SecretKeyToPublicKey(secret PrivateKey) (PublicKey, error)
SecretKeyToPublicKey derives a public key from a secret key. This is very efficient since ed25519 private keys literally contain their public key
func (*PublicKey) CanMarshalMsg ¶
func (*PublicKey) CanUnmarshalMsg ¶
func (*PublicKey) MarshalMsg ¶
MarshalMsg implements msgp.Marshaler
type RNG ¶
type RNG interface {
RandBytes([]byte)
}
RNG represents a randomness source. This could be either a system-wide randomness source (like what gets exposed by crypto/rand), or a PRNG that we use for testing.
type Seed ¶
type Seed ed25519Seed
A Seed holds the entropy needed to generate cryptographic keys.
func SecretKeyToSeed ¶
func SecretKeyToSeed(secret PrivateKey) (Seed, error)
SecretKeyToSeed derives the seed from a secret key. This is very efficient since ed25519 private keys literally contain their seed
func (*Seed) CanMarshalMsg ¶
func (*Seed) CanUnmarshalMsg ¶
func (*Seed) MarshalMsg ¶
MarshalMsg implements msgp.Marshaler
type Signature ¶
type Signature ed25519Signature
A Signature is a cryptographic signature. It proves that a message was produced by a holder of a cryptographic secret.
func (*Signature) CanMarshalMsg ¶
func (*Signature) CanUnmarshalMsg ¶
func (*Signature) MarshalMsg ¶
MarshalMsg implements msgp.Marshaler
type SignatureSecrets ¶
type SignatureSecrets struct { SignatureVerifier SK ed25519PrivateKey // contains filtered or unexported fields }
SignatureSecrets are used by an entity to produce unforgeable signatures over a message.
func GenerateSignatureSecrets ¶
func GenerateSignatureSecrets(seed Seed) *SignatureSecrets
GenerateSignatureSecrets creates SignatureSecrets from a source of entropy.
func SecretKeyToSignatureSecrets ¶
func SecretKeyToSignatureSecrets(sk PrivateKey) (secrets *SignatureSecrets, err error)
SecretKeyToSignatureSecrets converts a private key into a SignatureSecrets and returns a pointer
func (*SignatureSecrets) CanMarshalMsg ¶
func (_ *SignatureSecrets) CanMarshalMsg(z interface{}) bool
func (*SignatureSecrets) CanUnmarshalMsg ¶
func (_ *SignatureSecrets) CanUnmarshalMsg(z interface{}) bool
func (*SignatureSecrets) MarshalMsg ¶
func (z *SignatureSecrets) MarshalMsg(b []byte) (o []byte)
MarshalMsg implements msgp.Marshaler
func (*SignatureSecrets) MsgIsZero ¶
func (z *SignatureSecrets) MsgIsZero() bool
MsgIsZero returns whether this is a zero value
func (*SignatureSecrets) Msgsize ¶
func (z *SignatureSecrets) Msgsize() (s int)
Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
func (*SignatureSecrets) Sign ¶
func (s *SignatureSecrets) Sign(message Hashable) Signature
Sign produces a cryptographic Signature of a Hashable message, given cryptographic secrets.
func (*SignatureSecrets) SignBytes ¶
func (s *SignatureSecrets) SignBytes(message []byte) Signature
SignBytes signs a message directly, without first hashing. Caller is responsible for domain separation.
func (*SignatureSecrets) UnmarshalMsg ¶
func (z *SignatureSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)
UnmarshalMsg implements msgp.Unmarshaler
type SignatureVerifier ¶
type SignatureVerifier = PublicKey
A SignatureVerifier is used to identify the holder of SignatureSecrets and verify the authenticity of Signatures.
func (SignatureVerifier) Verify ¶
func (v SignatureVerifier) Verify(message Hashable, sig Signature) bool
Verify verifies that some holder of a cryptographic secret authentically signed a Hashable message.
It returns true if this is the case; otherwise, it returns false.
func (SignatureVerifier) VerifyBytes ¶
func (v SignatureVerifier) VerifyBytes(message []byte, sig Signature) bool
VerifyBytes verifies a signature, where the message is not hashed first. Caller is responsible for domain separation. If the message is a Hashable, Verify() can be used instead.
type VRFSecrets ¶
type VRFSecrets struct { PK VrfPubkey SK VrfPrivkey // contains filtered or unexported fields }
VRFSecrets is a wrapper for a VRF keypair. Use *VrfPrivkey instead
func GenerateVRFSecrets ¶
func GenerateVRFSecrets() *VRFSecrets
GenerateVRFSecrets is deprecated, use VrfKeygen or VrfKeygenFromSeed instead
func (*VRFSecrets) CanMarshalMsg ¶
func (_ *VRFSecrets) CanMarshalMsg(z interface{}) bool
func (*VRFSecrets) CanUnmarshalMsg ¶
func (_ *VRFSecrets) CanUnmarshalMsg(z interface{}) bool
func (*VRFSecrets) MarshalMsg ¶
func (z *VRFSecrets) MarshalMsg(b []byte) (o []byte)
MarshalMsg implements msgp.Marshaler
func (*VRFSecrets) MsgIsZero ¶
func (z *VRFSecrets) MsgIsZero() bool
MsgIsZero returns whether this is a zero value
func (*VRFSecrets) Msgsize ¶
func (z *VRFSecrets) Msgsize() (s int)
Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
func (*VRFSecrets) UnmarshalMsg ¶
func (z *VRFSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)
UnmarshalMsg implements msgp.Unmarshaler
type VrfOutput ¶
type VrfOutput [64]byte
VrfOutput is a 64-byte pseudorandom value that can be computed from a VrfProof. The VRF scheme guarantees that such output will be unique
func (*VrfOutput) CanMarshalMsg ¶
func (*VrfOutput) CanUnmarshalMsg ¶
func (*VrfOutput) MarshalMsg ¶
MarshalMsg implements msgp.Marshaler
type VrfPrivkey ¶
type VrfPrivkey [64]byte
A VrfPrivkey is a private key used for producing VRF proofs. Specifically, we use a 64-byte ed25519 private key (the latter 32-bytes are the precomputed public key)
func (*VrfPrivkey) CanMarshalMsg ¶
func (_ *VrfPrivkey) CanMarshalMsg(z interface{}) bool
func (*VrfPrivkey) CanUnmarshalMsg ¶
func (_ *VrfPrivkey) CanUnmarshalMsg(z interface{}) bool
func (*VrfPrivkey) MarshalMsg ¶
func (z *VrfPrivkey) MarshalMsg(b []byte) (o []byte)
MarshalMsg implements msgp.Marshaler
func (*VrfPrivkey) MsgIsZero ¶
func (z *VrfPrivkey) MsgIsZero() bool
MsgIsZero returns whether this is a zero value
func (*VrfPrivkey) Msgsize ¶
func (z *VrfPrivkey) Msgsize() (s int)
Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
func (VrfPrivkey) Prove ¶
func (sk VrfPrivkey) Prove(message Hashable) (proof VrfProof, ok bool)
Prove constructs a VRF Proof for a given Hashable. ok will be false if the private key is malformed.
func (VrfPrivkey) Pubkey ¶
func (sk VrfPrivkey) Pubkey() (pk VrfPubkey)
Pubkey returns the public key that corresponds to the given private key.
func (*VrfPrivkey) UnmarshalMsg ¶
func (z *VrfPrivkey) UnmarshalMsg(bts []byte) (o []byte, err error)
UnmarshalMsg implements msgp.Unmarshaler
type VrfProof ¶
type VrfProof [80]byte
A VrfProof for a message can be generated with a secret key and verified against a public key, like a signature. Proofs are malleable, however, for a given message and public key, the VRF output that can be computed from a proof is unique.
func (*VrfProof) CanMarshalMsg ¶
func (*VrfProof) CanUnmarshalMsg ¶
func (VrfProof) Hash ¶
Hash converts a VRF proof to a VRF output without verifying the proof. TODO: Consider removing so that we don't accidentally hash an unverified proof
func (*VrfProof) MarshalMsg ¶
MarshalMsg implements msgp.Marshaler
type VrfPubkey ¶
type VrfPubkey [32]byte
A VrfPubkey is a public key that can be used to verify VRF proofs.
func (*VrfPubkey) CanMarshalMsg ¶
func (*VrfPubkey) CanUnmarshalMsg ¶
func (*VrfPubkey) MarshalMsg ¶
MarshalMsg implements msgp.Marshaler
func (*VrfPubkey) Msgsize ¶
Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
func (*VrfPubkey) UnmarshalMsg ¶
UnmarshalMsg implements msgp.Unmarshaler
func (VrfPubkey) Verify ¶
Verify checks a VRF proof of a given Hashable. If the proof is valid the pseudorandom VrfOutput will be returned. For a given public key and message, there are potentially multiple valid proofs. However, given a public key and message, all valid proofs will yield the same output. Moreover, the output is indistinguishable from random to anyone without the proof or the secret key.