mixing

package module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 24, 2024 License: ISC Imports: 19 Imported by: 6

Documentation

Index

Constants

View Source 
const Msize = 20

Msize is the size of the message being mixed. This is the size of a HASH160, which allows mixes to be create either all P2PKH or P2SH outputs.

View Source 
const (
	// PRFlagCanSolveRoots describes a bit in the pair request flags field
	// indicating support for solving and publishing factored slot
	// reservation polynomials.
	PRFlagCanSolveRoots byte = 1 << iota
)

Variables

View Source 
var F *big.Int

FieldPrime is the field prime 2**127 - 1.

Functions

func AddVectors 

func AddVectors(vs ...[]*big.Int) []*big.Int

AddVectors sums each vector element over F, returning a new vector. When peers are honest (DC-mix pads sum to zero) this creates the unpadded vector of message power sums.

func Coefficients 

func Coefficients(S []*big.Int) []*big.Int

Coefficients calculates a{0}..a{n} for the polynomial: 

g(x) = a{0} + a{1}x + a{2}x**2 + ... + a{n-1}x**(n-1) + a{n}x**n  (mod F)

where 

a{n}   = -1
a{n-1} = -(1/1) *    a{n}*S{0}
a{n-2} = -(1/2) * (a{n-1}*S{0} +   a{n}*S{1})
a{n-3} = -(1/3) * (a{n-2}*S{0} + a{n-1}*S{1} + a{n}*S{2})
...

The roots of this polynomial are the set of recovered messages.

Note that the returned slice of coefficients is one element larger than the slice of partial sums.

func InField 

func InField(x *big.Int) bool

InField returns whether x is bounded by the field F.

func IntVectorsFromBytes 

func IntVectorsFromBytes(vs [][][]byte) [][]*big.Int

IntVectorsFromBytes creates a 2-dimensional *big.Int slice from their absolute values as bytes.

func IntVectorsToBytes 

func IntVectorsToBytes(ints [][]*big.Int) [][][]byte

IntVectorsToBytes creates a 2-dimensional slice of big.Int absolute values as bytes.

func IsRoot 

func IsRoot(m *big.Int, a []*big.Int) bool

IsRoot checks that the message m is a root of the polynomial with coefficients a (mod F) without solving for every root.

func MaxExpiry 

func MaxExpiry(tipHeight uint32, params *chaincfg.Params) uint32

MaxExpiry returns the maximum allowed expiry for a new pair request message created with a blockchain tip at tipHeight.

func SRMix 

func SRMix(m *big.Int, pads []*big.Int) []*big.Int

SRMix creates the padded {m**1, m**2, ..., m**n} message exponentials vector. Message must be bounded by the field prime and must be unique to every exponential SR run in a mix session to ensure anonymity.

func SRMixPads 

func SRMixPads(kp [][]byte, my uint32) []*big.Int

SRMixPads creates a vector of exponential DC-net pads from a vector of shared secrets with each participating peer in the DC-net.

func SignMessage 

func SignMessage(m Signed, priv *secp256k1.PrivateKey) error

SignMessage creates a signature for the message m and writes the signature into the message.

func SortPRsForSession 

func SortPRsForSession(prs []*wire.MsgMixPairReq, epoch uint64) [32]byte

SortPRsForSession performs an in-place sort of prs, moving each pair request to its original unmixed position in the protocol. Returns the session ID.

func ValidateSession 

func ValidateSession(ke *wire.MsgMixKeyExchange) error

ValidateSession checks whether the original unmixed peer order of a key exchange's pair request hashes is validly sorted for the session ID, and for a run-0 KE, also checks that the session hash is derived from the specified pair requests and epoch.

func VerifySignature 

func VerifySignature(pub, sig, sigHash []byte, command string, sid []byte, run uint32) bool

VerifySignature verifies a message signature from its signature hash and information describing the message type and its place in the protocol. Multiple messages of the same command, sid, and run should not be signed by the same public key, and demonstrating this can be used to prove malicious behavior by sending different versions of messages through the network.

func VerifySignedMessage 

func VerifySignedMessage(m Signed) bool

VerifySignedMessage verifies that a signed message carries a valid signature for the represented identity.

Types

type DecapsulateError 

type DecapsulateError struct {
	SubmittingIndex uint32
}

DecapsulateError identifies the unmixed peer position of a peer who submitted an undecryptable ciphertext.

func (*DecapsulateError) Error 

func (e *DecapsulateError) Error() string

Error satisifies the error interface.

type KX 

type KX struct {
	ECDHPublicKey  *secp256k1.PublicKey
	ECDHPrivateKey *secp256k1.PrivateKey
	PQPublicKey    *PQPublicKey
	PQPrivateKey   *PQPrivateKey
	PQCleartexts   []PQSharedKey
}

KX contains the client public and private keys to perform shared key exchange with other peers.

func NewKX 

func NewKX(csprng io.Reader) (*KX, error)

NewKX generates a mixing identity's public and private keys for a interactive key exchange, with randomness read from a run's CSPRNG.

func (*KX) Encapsulate 

func (kx *KX) Encapsulate(prng io.Reader, pubkeys []*PQPublicKey, my int) ([]PQCiphertext, error)

Encapsulate performs encapsulation for sntrup4591761 key exchanges with each other peer in the DC-net. It populates the PQCleartexts field of kx and returns encrypted cyphertexts of these shared keys.

Encapsulation in the DC-net requires randomness from a CSPRNG seeded by a committed secret; blame assignment is not possible otherwise.

func (*KX) SharedSecrets 

func (kx *KX) SharedSecrets(k *RevealedKeys, sid []byte, run uint32, mcounts []uint32) (SharedSecrets, error)

SharedKeys creates the pairwise SR and DC shared secret keys for mcounts[k.MyIndex] mixes. ecdhPubs, cts, and mcounts must all share the same slice length.

type Message 

type Message interface {
	wire.Message

	Pub() []byte
	Sig() []byte
	WriteHash(hash.Hash)
	Hash() chainhash.Hash
	WriteSignedData(hash.Hash)
	PrevMsgs() []chainhash.Hash // PR, FP returns nil
	Sid() []byte                // PR returns nil
	GetRun() uint32             // PR returns 0
}

Message is a mixing message. In addition to implementing wire encoding, these messages are signed by an ephemeral mixing participant identity, declare the previous messages that have been observed by a peer in a mixing session, and include expiry information to increase resilience to replay and denial-of-service attacks.

All mixing messages satisify this interface, however, the pair request message returns nil for some fields that do not apply, as it is the first message in the protocol.

type PQCiphertext 

type PQCiphertext = [sntrup4591761.CiphertextSize]byte

Aliases for sntrup4591761 types

type PQPrivateKey 

type PQPrivateKey = [sntrup4591761.PrivateKeySize]byte

Aliases for sntrup4591761 types

type PQPublicKey 

type PQPublicKey = [sntrup4591761.PublicKeySize]byte

Aliases for sntrup4591761 types

type PQSharedKey 

type PQSharedKey = [sntrup4591761.SharedKeySize]byte

Aliases for sntrup4591761 types

type RevealedKeys 

type RevealedKeys struct {
	ECDHPublicKeys []*secp256k1.PublicKey
	Ciphertexts    []PQCiphertext
	MyIndex        uint32
}

RevealedKeys records the revealed ECDH public keys of every peer and the ciphertexts created for a single peer at MyIndex.

type ScriptClass 

type ScriptClass string

ScriptClass describes the type and format of scripts that can be used for mixed outputs. A mix may only be performed among all participants who agree on the same script class. 

const (
	ScriptClassP2PKHv0 ScriptClass = "P2PKH-secp256k1-v0"
)

Script class descriptors for the mixed outputs. Only secp256k1 P2PKH is allowed at this time.

type SharedSecrets 

type SharedSecrets struct {
	SRSecrets [][][]byte
	DCSecrets [][]wire.MixVect
}

SharedSecrets is a return value for the KX.SharedSecrets method, housing the slot reservation and XOR DC-Net shared secrets between two peers.

type Signed 

type Signed interface {
	Pub() []byte
	Sig() []byte
	Sid() []byte
	GetRun() uint32
	Command() string
	WriteSignedData(hash.Hash)
}

Signed is an interface describing a signed mixing message.

type Vec 

type Vec [][Msize]byte

Vec is a N-element vector of Msize []byte messages.

func DCMix 

func DCMix(pads Vec, m []byte, slot uint32) Vec

DCMix creates the DC-net vector of message m xor'd into m's reserved anonymous slot position of the pads DC-net pads. Panics if len(m) is not the vector's message size.

func DCMixPads 

func DCMixPads(kp []wire.MixVect, my uint32) Vec

DCMixPads creates the vector of DC-net pads from shared secrets with each mix participant.

func XorVectors 

func XorVectors(vs []Vec) Vec

XorVectors calculates the xor of all vectors. Panics if vectors do not share identical dimensions.

func (Vec) Equals 

func (v Vec) Equals(other Vec) bool

Equals returns whether the two vectors have equal dimensions and data.

func (Vec) String 

func (v Vec) String() string

func (Vec) Xor 

func (v Vec) Xor(src1, src2 Vec)

Xor writes the xor of each vector element of src1 and src2 into v. Source and destination vectors are allowed to be equal. Panics if vectors do not share identical dimensions.

Source Files

View all Source files

Directories

Path Synopsis
internal
chacha20prng
Package mixpool provides an in-memory pool of mixing messages for full nodes that relay these messages and mixing wallets that send and receive them.
 Package mixpool provides an in-memory pool of mixing messages for full nodes that relay these messages and mixing wallets that send and receive them.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.