rsablind

package module
v0.0.0-...-14f9913 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 25, 2017 License: BSD-3-Clause Imports: 6 Imported by: 13

README

RSA Blind

RSA Blind Signing using a Full Domain Hash

Build Status Build Status Go Report Card Coverage Status Scrutinizer Issues GoDoc

This library implements a Full-Domain-Hash RSA Blind Signature Scheme.

In cryptography, a blind signature is a form of digital signature in which the content of a message is disguised (blinded) before it is signed. The entity signing the message does not know the contents of the message being signed.

Caveats

  1. This library has not undergone a security review or audit and should not be used in production code.

  2. The key used to sign the blinded messages should not be used for any other purpose. Re-using this key in other contexts opens it up to attack.

  3. Use the Full-Domain-Hash package (https://github.com/cryptoballot/fdh) to expand the size of your hash to a secure size. You should use a full-domain-hash size of at least 1024 bits, but bigger is better. However, this hash size needs to remain significantly smaller than your key size to avoid RSA verification failures. A good rule of thumb is to use 2048 bit keys and 1536 bit hashes, or 4096 bit keys and 3072 bit hashes (hash size is 3/4 the key size). You may also opt to use a SHA-3 SHAKE hash (SHAKE-128 or SHAKE-256) in lieu of a full-domain-hash.

  4. To prevent against an Index Calculation Attack (see http://www.jscoron.fr/publications/isodcc.pdf), be sure to use a properly sized RSA key and hash digest. The RSA key should be at least 2048 bits (larger is better) and the hash digest should be at least 1024 bits (larger is better).

Example
package main

import (
	"crypto"
	"crypto/rand"
	"crypto/rsa"
	_ "crypto/sha256"
	"fmt"
	"github.com/cryptoballot/fdh"
	"github.com/cryptoballot/rsablind"
)

func main() {
	message := []byte("ATTACKATDAWN")

	keysize := 2048
	hashize := 1536

	// We do a SHA256 full-domain-hash expanded to 1536 bits (3/4 the key size)
	hashed := fdh.Sum(crypto.SHA256, hashize, message)

	// Generate a key
	key, _ := rsa.GenerateKey(rand.Reader, keysize)

	// Blind the hashed message
	blinded, unblinder, err := rsablind.Blind(&key.PublicKey, hashed)
	if err != nil {
		panic(err)
	}

	// Blind sign the blinded message
	sig, err := rsablind.BlindSign(key, blinded)
	if err != nil {
		panic(err)
	}

	// Unblind the signature
	unblindedSig := rsablind.Unblind(&key.PublicKey, sig, unblinder)

	// Verify the original hashed message against the unblinded signature
	if err := rsablind.VerifyBlindSignature(&key.PublicKey, hashed, unblindedSig); err != nil {
		panic("failed to verify signature")
	} else {
		fmt.Println("ALL IS WELL")
	}
}

Documentation

Overview

Package rsablind is the RSA Blind.

RSA Blind Signing using a Full Domain Hash 

This library implements a Full-Domain-Hash RSA Blind Signature Scheme.

In cryptography, a blind signature is a form of digital signature in which the content of a message is disguised (blinded) before it is signed. The entity signing the message does not know the contents of the message being signed.

Caveats

• This library has not undergone a security review or audit and should not be used in production code.

• The key used to sign the blinded messages should not be used for any other purpose. Re-using this key in other contexts opens it up to attack.

• Use the Full-Domain-Hash package (https://github.com/cryptoballot/fdh (https://github.com/cryptoballot/fdh)) to expand the size of your hash to a secure size. You should use a full-domain-hash size of at least 1024 bits, but bigger is better. However, this hash size needs to remain significantly smaller than your key size to avoid RSA verification failures. A good rule of thumb is to use 2048 bit keys and 1536 bit hashes, or 4096 bit keys and 3072 bit hashes (hash size is 3/4 the key size).

• Because we use a full-domain hash size that is less than the key size, this scheme is theoretically open to an Index Calculation Attack (see http://www.jscoron.fr/publications/isodcc.pdf (http://www.jscoron.fr/publications/isodcc.pdf)). However, with a large enough RSA key (recommended 2048 bits or larger), and a large enough full-domain-hash (1024 bits or larger) this attack in infeasable.

Example 

package main

import (
	"crypto"
	"crypto/rand"
	"crypto/rsa"
	_ "crypto/sha256"
	"fmt"
	"github.com/cryptoballot/fdh"
	"github.com/cryptoballot/rsablind"
)

func main() {
	message := []byte("ATTACKATDAWN")

	keysize := 2048
	hashize := 1536

	// We do a SHA256 full-domain-hash expanded to 1536 bits (3/4 the key size)
	hashed := fdh.Sum(crypto.SHA256, hashize, message)

	// Generate a key
	key, _ := rsa.GenerateKey(rand.Reader, keysize)

	// Blind the hashed message
	blinded, unblinder, err := rsablind.Blind(&key.PublicKey, hashed)
	if err != nil {
		panic(err)
	}

	// Blind sign the blinded message
	sig, err := rsablind.BlindSign(key, blinded)
	if err != nil {
		panic(err)
	}

	// Unblind the signature
	unblindedSig := rsablind.Unblind(&key.PublicKey, sig, unblinder)

	// Verify the original hashed message against the unblinded signature
	if err := rsablind.VerifyBlindSignature(&key.PublicKey, hashed, unblindedSig); err != nil {
		panic("failed to verify signature")
	} else {
		fmt.Println("ALL IS WELL")
	}
}

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Blind 

func Blind(key *rsa.PublicKey, hashed []byte) (blindedData []byte, unblinder []byte, err error)

Blind blinds the hashes message.

Given the Public Key of the signing entity and a hashed message, blind the message so it cannot be inspected by the signing entity.

Use the Full-Domain-Hash package (https://github.com/cryptoballot/fdh) to expand the size of your hash to a secure size. You should use a full-domain-hash size of at least 1024 bits, but bigger is better. However, this hash size needs to remain significantly smaller than your key size to avoid RSA verification failures. A good rule of thumb is to use 2048 bit keys and 1536 bit hashes, or 4096 bit keys and 3072 bit hashes (hash size is 3/4 the key size).

This function returns the blinded message and an unblinding factor that can be used in conjunction with the `Unblind()` function to unblind the signature after the message has been signed.

func BlindSign 

func BlindSign(key *rsa.PrivateKey, hashed []byte) ([]byte, error)

BlindSign signs the provided hashed message blindly.

The private key used here should not be used for any other purpose other than blind signing (use for other purposes is insecure when also using it for blind signatures)

func Unblind 

func Unblind(pub *rsa.PublicKey, blindedSig, unblinder []byte) []byte

Unblind unblinds the blind signature.

Given the Public Key of the signing entity, the blind signature, and the unblinding factor (obtained from `Blind()`), recover a new signature that will validate against the original hashed message.

func VerifyBlindSignature 

func VerifyBlindSignature(pub *rsa.PublicKey, hashed, sig []byte) error

VerifyBlindSignature verifies an unblinded blind signature.

Verify that the unblinded signature properly signs the non-blinded (original) hashed message

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.