ec2

package
v0.0.0-...-4f94b01 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 2, 2023 License: GPL-2.0, GPL-3.0 Imports: 24 Imported by: 0

Documentation

Overview

Package ec2 MPC gg18 algorithm

Index

Constants

View Source
const (
	HoeffdingBoundParam = 128
)
View Source
const (
	// Iterations iter times
	Iterations = 128
)
View Source
const (
	PDLwSlackMarshalledParts = 11
)
View Source
const (
	// PrimeTestTimes the times to try to juede weather is prime
	PrimeTestTimes = 30
)

Variables

View Source
var ErrMessageTooLong = errors.New("[ERROR]: message is too long")

ErrMessageTooLong error info to print

View Source
var (
	// SafePrimeCh the channel to save safeprime
	SafePrimeCh = make(chan SafePrime, 4)
)

Functions

func CalcHPoint

func CalcHPoint(keytype string) (*big.Int, *big.Int, error)

CalcHPoint returns a shared point of unknown discrete logarithm for the curve Mimics the KZen-networks/curv impl: https://git.io/JfwSa Not so efficient due to 3x sha256 but it's only used once during a signing round.

func CalcRoh

func CalcRoh(n *big.Int, num *big.Int) []*big.Int

CalcRoh return m random int: ROHi belong to JN len(ROHi) = n.BitLen() n is the paillier pubKey.N or Ntilde ....

func CalcX

func CalcX(n *big.Int, num *big.Int) []*big.Int

CalcX return m random int: Xi belong to ZN* len(Xi) == n.BitLen() n is the paillier pubKey.N

func CheckPrime

func CheckPrime(Ntilde *big.Int) bool

CheckPrime Check Ntilde: 1. Ntilde > 0 2. Ntilde is odd 3. Ntilde is not a prime 4. Ntilde is not a prime perfect power

func Combine2

func Combine2(keytype string, shares []*ShareStruct2) (*big.Int, error)

Combine2 Calculating Lagrange interpolation formula

func ContainsDuplicate

func ContainsDuplicate(ids []*big.Int) (bool, error)

ContainsDuplicate judge weather contain duplicate element in ids array

func CreatPair

func CreatPair(length int) (*PublicKey, *PrivateKey)

CreatPair create paillier pubkey/private key

func EuclideanAlgorithm

func EuclideanAlgorithm(a *big.Int, b *big.Int) (*big.Int, *big.Int, *big.Int)

EuclideanAlgorithm get (d,x,y) such as: d = gcd(a,b) and ax + by = d a >= b, x and y are integer

func GenRandomSafePrime

func GenRandomSafePrime()

GenRandomSafePrime Generate 4 random large host primes

func GenerateKeyPair

func GenerateKeyPair(length int) (*PublicKey, *PrivateKey, *big.Int, *big.Int)

GenerateKeyPair create paillier pubkey and private key

func GetHoeffdingBound

func GetHoeffdingBound() *big.Int

GetHoeffdingBound get hoeffding bound m = T κ·32·ln2 T k default set 128

func GetP

func GetP(q *big.Int) *big.Int

GetP get p

func GetRandomPositiveInt

func GetRandomPositiveInt(upper *big.Int) *big.Int

GetRandomPositiveInt get a random number in (0,upper)

func GetRandomPositiveRelativelyPrimeInt

func GetRandomPositiveRelativelyPrimeInt(n *big.Int) *big.Int

GetRandomPositiveRelativelyPrimeInt Generate a random element in the group of all the elements in Z/nZ that has a multiplicative inverse.

func GetRandomPrime

func GetRandomPrime() (*big.Int, *big.Int)

GetRandomPrime add for go test

func GetRandomValuesFromJN

func GetRandomValuesFromJN(N *big.Int) []*big.Int

GetRandomValuesFromJN get m random values from JN

func GetSharesID

func GetSharesID(ss *ShareStruct2) *big.Int

GetSharesID get ID

func GetTheQuadraticResidueInt

func GetTheQuadraticResidueInt(roh *big.Int, N *big.Int, p *big.Int, q *big.Int) (*big.Int, *big.Int, *big.Int, *big.Int)

GetTheQuadraticResidueInt get the roots of x^2 = roh (mod N) N = p*q , p and q are odd prime, p >= q gcd(roh,N) = 1, 1 <= roh < N return 4 roots: (x,-x,y,-y) x^2 = roh (mod p) -------------> r x^2 = roh (mod q) -------------> s get g,c,d by Euclidean Algorithm,such as: g = gcd(p,q),pc + qd = g so: x = r*d*q + s*c*p y = r*d*q − s*c*p

func HvVerify

func HvVerify(n *big.Int, num *big.Int, proof *HvProof) bool

HvVerify for N = p*q verifier check: 1. Ni > 0 2. Ni is a positive odd integer and is not a prime or a prime power 3. the count of xij != 0 >= 3*m/8 4. xij^2 = ROHij (mod Ni) for every xij != 0 (j = 1,2,...m) (i = 0,1,2,3,4) 5 nodes for example.

func IsNumberInMultiplicativeGroup

func IsNumberInMultiplicativeGroup(n, v *big.Int) bool

IsNumberInMultiplicativeGroup judge weather gcd(n,v) = 1

func IsPerfectPower

func IsPerfectPower(Ntilde *big.Int) *big.Int

IsPerfectPower find two integers a and b,such as: Ntilde = a ^ b,and return a ( 2 =< b <= logNtilde ) if not found a,return nil

func IsPerfectPowerOfPrime

func IsPerfectPowerOfPrime(Ntilde *big.Int) bool

Ntilde == p ^ k ?? p is prime 2 <= k <= logNtilde

func ModInt

func ModInt(mod *big.Int) *modInt

func MustGetRandomInt

func MustGetRandomInt(bits int) *big.Int

MustGetRandomInt panics if it is unable to gather entropy from `rand.Reader` or when `bits` is <= 0

func PDLwSlackVerify

func PDLwSlackVerify(keytype string, st *PDLwSlackStatement, p *PDLwSlackProof) bool

PDLwSlackVerify verify PDLwSlackProof

func ProtoDecode

func ProtoDecode(data []byte) (string, error)

func ProtoEncode

func ProtoEncode(num string) ([]byte, error)

func STVerify

func STVerify(keytype string, S1X *big.Int, S1Y *big.Int, T1X *big.Int, T1Y *big.Int, Rx *big.Int, Ry *big.Int, hGx *big.Int, hGy *big.Int, stpf *STProof) bool

func Sha512_256

func Sha512_256(in ...*big.Int) *big.Int

Sha512_256 get a hash value with input and add the custom domain separator to hash computations.

func SquareFreeVerify

func SquareFreeVerify(n *big.Int, num *big.Int, proof *SquareFreeProof) bool

SquareFreeVerify check: N > 0 , N mod p != 0, p is prime, p < alpha N > sigmai > 0 verifier check sigmai^N = Xi (mod N)

func TVerify

func TVerify(keytype string, t1X *big.Int, t1Y *big.Int, hx *big.Int, hy *big.Int, proof *TProof) bool

TVerify add for gg20: calculate T_i = g^sigma_i * h^l_i = sigma_i*G + l_i*h*G

func Vss2Init

func Vss2Init(keytype string, secret *big.Int, t int) (*PolyStruct2, *PolyGStruct2, error)

Vss2Init Initialize Lagrange polynomial coefficients

func ZkUVerify

func ZkUVerify(keytype string, uG []*big.Int, zkUProof *ZkUProof) bool

ZkUVerify verify ZkUProof

func ZkXiVerify

func ZkXiVerify(keytype string, xiG []*big.Int, zkXiProof *ZkXiProof) bool

ZkXiVerify verify ZkXiProof

Types

type BigInt

type BigInt struct {
	Bigint string `protobuf:"bytes,1,opt,name=bigint,proto3" json:"bigint,omitempty"`
	// contains filtered or unexported fields
}

this is a comment

func (*BigInt) Descriptor deprecated

func (*BigInt) Descriptor() ([]byte, []int)

Deprecated: Use BigInt.ProtoReflect.Descriptor instead.

func (*BigInt) GetBigint

func (x *BigInt) GetBigint() string

func (*BigInt) ProtoMessage

func (*BigInt) ProtoMessage()

func (*BigInt) ProtoReflect

func (x *BigInt) ProtoReflect() protoreflect.Message

func (*BigInt) Reset

func (x *BigInt) Reset()

func (*BigInt) String

func (x *BigInt) String() string

type Commitment

type Commitment struct {
	C *big.Int
	D []*big.Int
}

Commitment commitment data

func (*Commitment) Commit

func (commitment *Commitment) Commit(secrets ...*big.Int) *Commitment

Commit Generate commitment data by secrets

func (*Commitment) DeCommit

func (commitment *Commitment) DeCommit(keytype string) (bool, []*big.Int)

DeCommit get commitment data secrets

func (*Commitment) Verify

func (commitment *Commitment) Verify(keytype string) bool

Verify Verify commitment data

type HvProof

type HvProof struct {
	Sigma []*big.Int
}

HvProof see Paper: Attacking Threshold Wallets* JP Aumasson and Omer Shlomovits Taurus Group, Switzerland ZenGo X, Israel section 5 The Golden Shoe Attack Mitigation: The fix is simple: Ntilde,h1,h2 must be validated on the receiving end.For Ntilde,the sender must attach a proof that Ntilde is a valid RSA modulus from two safe primes.For h1,h2, there is a nice trick in [FO97]: pick h1 at random and h2 = h1^alpha and prove to the receiver the knowledge of alpha with respect to h1, h2. see Paper : Efficient Noninteractive Certification of RSA Moduli and Beyond Sharon Goldberg*, Leonid Reyzin*, Omar Sagga*, and Foteini Baldimtsi Boston University, Boston, MA, USA George Mason University, Fairfax, VA, USA foteini@gmu.edu October 3, 2019 section 3.4 HVZK Proof for a Product of Two Primes

func HvProve

func HvProve(n *big.Int, num *big.Int, p *big.Int, q *big.Int) *HvProof

HvProve get quadratic residue x for ROH1,ROH2,ROH3 ..... ROHm For every ROHj belong to QRn,the Prover sends back xj(belong to Z*) such that xj^2 mod N = ROHj, Of the four square roots, the Prover chooses one at random. For other ROHj,the prover sends back 0.

func (*HvProof) MarshalJSON

func (hvpf *HvProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal HvProof to json bytes

func (*HvProof) UnmarshalJSON

func (hvpf *HvProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to HvProof

type MtARangeProof

type MtARangeProof struct {
	Z  *big.Int
	U  *big.Int
	W  *big.Int
	S  *big.Int
	S1 *big.Int
	S2 *big.Int
}

MtARangeProof GG18 A.1 Range Proof in MtA protocol

func MtARangeProofProve

func MtARangeProofProve(keytype string, c *big.Int, m *big.Int, r *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) *MtARangeProof

MtARangeProofProve GG18 A.1 Range Proof in MtA protocol This proof is run by Alice (the initiator) in both MtA and MtAwc protocols. The input for this proof is a Paillier public key (N,G) and a value c ∈ ZN^2.The prover knows m ∈ Zq and r ∈ Z* such that c = G^m*r^N mod N^2,where q is the order of the DSA group. At the end of the protocol the Verifier is convinced that m ∈ [−q^3 , q^3]

func (*MtARangeProof) MarshalJSON

func (mtAZKProof *MtARangeProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal MtARangeProof to json bytes

func (*MtARangeProof) MtARangeProofVerify

func (mtAZKProof *MtARangeProof) MtARangeProofVerify(keytype string, c *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) bool

MtARangeProofVerify GG18 A.1 Range Proof in MtA protocol This proof is run by Alice (the initiator) in both MtA and MtAwc protocols. The input for this proof is a Paillier public key (N,G) and a value c ∈ ZN^2.The prover knows m ∈ Zq and r ∈ Z* such that c = G^m*r^N mod N^2,where q is the order of the DSA group. At the end of the protocol the Verifier is convinced that m ∈ [−q^3 , q^3] The Verifier checks that s1 ≤ q^3, u = G^s1*s^N*c^-e mod N^2, h1^s1*h2^s2*z^-e = w mod Ntilde

func (*MtARangeProof) UnmarshalJSON

func (mtAZKProof *MtARangeProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to MtARangeProof

type MtARespZKProof

type MtARespZKProof struct {
	Z    *big.Int
	ZBar *big.Int
	T    *big.Int
	V    *big.Int
	W    *big.Int
	S    *big.Int
	S1   *big.Int
	S2   *big.Int
	T1   *big.Int
	T2   *big.Int
}

MtARespZKProof GG18 A.3 Respondent ZK Proof for MtA

func MtARespZKProofProve

func MtARespZKProofProve(keytype string, x *big.Int, y *big.Int, r *big.Int, c1 *big.Int, c2 *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) *MtARespZKProof

MtARespZKProofProve GG18 A.3 Respondent ZK Proof for MtA This proof is run by Bob (the responder) in the MtA protocol where Bob only proves that x is small (without proving that it is the discrete log of any public value). The input for this proof is a Paillier public key (N,G) and two values c1 , c2 ∈ ZN2. The Prover knows x ∈ Zq , y ∈ ZN and r ∈ Z*,such that c2 = c1^x*G^y*r^N mod N^2, where q is the order of the DSA group. At the end of the protocol the Verifier is convinced of the above and that x ∈ [−q^3 , q^3].

func (*MtARespZKProof) MarshalJSON

func (mtAZK2Proof *MtARespZKProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal MtARespZKProof to json bytes

func (*MtARespZKProof) MtARespZKProofVerify

func (mtAZK2Proof *MtARespZKProof) MtARespZKProofVerify(keytype string, c1 *big.Int, c2 *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) bool

MtARespZKProofVerify GG18 A.3 Respondent ZK Proof for MtA This proof is run by Bob (the responder) in the MtA protocol where Bob only proves that x is small (without proving that it is the discrete log of any public value). The input for this proof is a Paillier public key (N,G) and two values c1 , c2 ∈ ZN2. The Prover knows x ∈ Zq , y ∈ ZN and r ∈ Z*,such that c2 = c1^x*G^y*r^N mod N^2, where q is the order of the DSA group. At the end of the protocol the Verifier is convinced of the above and that x ∈ [−q^3 , q^3]. The Verifier checks that s1 ≤ q^3, h1^s1*h2^s2 = z^e*zBar mod Ntilde, h1^t1*h2^t2 = t^e*w mode Ntilde, c1^s1*s^N*G^t1 = c2^e*v mod N^2

func (*MtARespZKProof) UnmarshalJSON

func (mtAZK2Proof *MtARespZKProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to MtARespZKProof

type MtAwcRespZKProof

type MtAwcRespZKProof struct {
	Ux   *big.Int
	Uy   *big.Int
	Z    *big.Int
	ZBar *big.Int
	T    *big.Int
	V    *big.Int
	W    *big.Int
	S    *big.Int
	S1   *big.Int
	S2   *big.Int
	T1   *big.Int
	T2   *big.Int
}

MtAwcRespZKProof GG18 A.2 Respondent ZK Proof for MtAwc

func MtAwcRespZKProofProve

func MtAwcRespZKProofProve(keytype string, x *big.Int, y *big.Int, r *big.Int, c1 *big.Int, c2 *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) *MtAwcRespZKProof

MtAwcRespZKProofProve GG18 A.2 Respondent ZK Proof for MtAwc This proof is run by Bob (the responder) in the MtAwc protocol. The input for this proof is a Paillier public key (N,G) and two values c1, c2 ∈ ZN2, together with a value X in curve the DSA group. The Prover knows x ∈ Zq , y ∈ ZN and r ∈ Z* such that c2 = c1^x*G^y*r^N mod N^2, and X = g^x on the curve, where q is the order of the DSA group. At the end of the protocol the Verifier is convinced of the above and that x ∈ [−q^3 , q^3].

func (*MtAwcRespZKProof) MarshalJSON

func (mtAZK3Proof *MtAwcRespZKProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal MtAZK3Proofnhh to json bytes

func (*MtAwcRespZKProof) MtAwcRespZKProofVefify

func (mtAZK3Proof *MtAwcRespZKProof) MtAwcRespZKProofVefify(keytype string, xG []*big.Int, c1 *big.Int, c2 *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) bool

MtAwcRespZKProofVefify GG18 A.2 Respondent ZK Proof for MtAwc This proof is run by Bob (the responder) in the MtAwc protocol. The input for this proof is a Paillier public key (N,G) and two values c1, c2 ∈ ZN2, together with a value X in curve the DSA group. The Prover knows x ∈ Zq , y ∈ ZN and r ∈ Z* such that c2 = c1^x*G^y*r^N mod N^2, and X = g^x on the curve, where q is the order of the DSA group. At the end of the protocol the Verifier is convinced of the above and that x ∈ [−q^3 , q^3]. The Verifier checks that s1 ≤ q^3, g^s1 = X^e*u on the curve, h1^s1*h2^s2 = z^e*zBar mode Ntilde, h1^t1*h2^t2 = t^e*w mod Ntilde, and c1^s1*s^N*G^t1 = c2^e*v mod N^2.

func (*MtAwcRespZKProof) UnmarshalJSON

func (mtAZK3Proof *MtAwcRespZKProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to MtAZK3Proofnhh

type NtildeH1H2

type NtildeH1H2 struct {
	Ntilde *big.Int
	H1     *big.Int
	H2     *big.Int
}

NtildeH1H2 ntilde data

func CreateNt

func CreateNt(length int) (*NtildeH1H2, *big.Int, *big.Int, *big.Int, *big.Int)

CreateNt create data for Nt zk proof

func GenerateNtildeH1H2

func GenerateNtildeH1H2(length int) (*NtildeH1H2, *big.Int, *big.Int, *big.Int, *big.Int, *big.Int, *big.Int)

GenerateNtildeH1H2 create ntilde data

func (*NtildeH1H2) MarshalJSON

func (ntilde *NtildeH1H2) MarshalJSON() ([]byte, error)

MarshalJSON marshal NtildeH1H2 to json bytes

func (*NtildeH1H2) UnmarshalJSON

func (ntilde *NtildeH1H2) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to NtildeH1H2

type NtildePrivData

type NtildePrivData struct {
	Alpha *big.Int
	Beta  *big.Int
	Q1    *big.Int
	Q2    *big.Int
}

func (*NtildePrivData) MarshalJSON

func (priv *NtildePrivData) MarshalJSON() ([]byte, error)

MarshalJSON marshal PrivateKey to json bytes

func (*NtildePrivData) UnmarshalJSON

func (priv *NtildePrivData) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to PrivateKey

type NtildeProof

type NtildeProof struct {
	Alpha,
	T [Iterations]*big.Int
}

NtildeProof ntilde zk proof

func NewNtildeProof

func NewNtildeProof(h1, h2, x, p, q, N *big.Int) *NtildeProof

NewNtildeProof create ntilde proof

func (*NtildeProof) MarshalJSON

func (p *NtildeProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal NtildeProof to json bytes

func (*NtildeProof) UnmarshalJSON

func (p *NtildeProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to NtildeProof

func (*NtildeProof) Verify

func (p *NtildeProof) Verify(h1, h2, N *big.Int) bool

Verify Verify ntilde proof

type PDLwSlackProof

type PDLwSlackProof struct {
	Z   *big.Int
	U1X *big.Int
	U1Y *big.Int
	U2, U3,
	S1, S2, S3 *big.Int
}

func NewPDLwSlackProof

func NewPDLwSlackProof(keytype string, wit *PDLwSlackWitness, st *PDLwSlackStatement) *PDLwSlackProof

NewPDLwSlackProof new PDLwSlackProof

func (*PDLwSlackProof) MarshalJSON

func (p *PDLwSlackProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal PDLwSlackProof to json bytes

func (*PDLwSlackProof) UnmarshalJSON

func (p *PDLwSlackProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to PDLwSlackProof

type PDLwSlackStatement

type PDLwSlackStatement struct {
	CipherText     *big.Int
	PK             *PublicKey
	K1RX           *big.Int //Q
	K1RY           *big.Int
	Rx             *big.Int //G
	Ry             *big.Int
	H1, H2, NTilde *big.Int
}

type PDLwSlackWitness

type PDLwSlackWitness struct {
	K1, K1Ra *big.Int // X R
	SK       *PrivateKey
}

type PolyGStruct2

type PolyGStruct2 struct {
	PolyG [][]*big.Int //x and y
}

PolyGStruct2 (x,y)

type PolyStruct2

type PolyStruct2 struct {
	Poly []*big.Int // coefficient set
}

PolyStruct2 coefficient set

func (*PolyStruct2) Vss2

func (polyStruct *PolyStruct2) Vss2(keytype string, ids []*big.Int) ([]*ShareStruct2, error)

Vss2 Calculate Lagrange polynomial value

type PrivateKey

type PrivateKey struct {
	Length string `json:"Length"`
	PublicKey
	L *big.Int `json:"L"` // (p-1)*(q-1)
	U *big.Int `json:"U"` // L^-1 mod N
}

PrivateKey the paillier private key

func (*PrivateKey) Decrypt

func (privateKey *PrivateKey) Decrypt(cipherBigInt *big.Int) (*big.Int, error)

Decrypt paillier decrypt by private key

func (*PrivateKey) MarshalJSON

func (privateKey *PrivateKey) MarshalJSON() ([]byte, error)

MarshalJSON marshal PrivateKey to json bytes

func (*PrivateKey) UnmarshalJSON

func (privateKey *PrivateKey) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to PrivateKey

type PublicKey

type PublicKey struct {
	Length string   `json:"Length"`
	N      *big.Int `json:"N"`  // n = p*q, where p and q are prime
	G      *big.Int `json:"G"`  // in practical, G = N + 1
	N2     *big.Int `json:"N2"` // N2 = N * N
}

PublicKey the paillier pubkey

func (*PublicKey) Encrypt

func (publicKey *PublicKey) Encrypt(mBigInt *big.Int) (*big.Int, *big.Int, error)

Encrypt paillier encrypt by public key

func (*PublicKey) HomoAdd

func (publicKey *PublicKey) HomoAdd(c1, c2 *big.Int) *big.Int

HomoAdd Homomorphic addition

func (*PublicKey) HomoMul

func (publicKey *PublicKey) HomoMul(cipher, k *big.Int) *big.Int

HomoMul Homomorphic multiplication

func (*PublicKey) MarshalJSON

func (publicKey *PublicKey) MarshalJSON() ([]byte, error)

MarshalJSON marshal PublicKey to json bytes

func (*PublicKey) UnmarshalJSON

func (publicKey *PublicKey) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to PublicKey

type RohData

type RohData struct {
	Index int64
	Roh   *big.Int
}

type STProof

type STProof struct {
	AlphaX *big.Int
	AlphaY *big.Int
	BetaX  *big.Int
	BetaY  *big.Int
	T      *big.Int
	U      *big.Int
}

ZK proof for knowledge of sigma_i, l_i such that S_i = R^sigma_i, T_i = g^sigma_i h^l_i (GG20)

func NewSTProof

func NewSTProof(keytype string, T1X *big.Int, T1Y *big.Int, S1X *big.Int, S1Y *big.Int, Rx *big.Int, Ry *big.Int, hGx *big.Int, hGy *big.Int, sigma1 *big.Int, l1 *big.Int) *STProof

NewSTProof new STProof

func (*STProof) MarshalJSON

func (stpf *STProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal STProof to json bytes

func (*STProof) UnmarshalJSON

func (stpf *STProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to STProof

type SafePrime

type SafePrime struct {
	// contains filtered or unexported fields
}

SafePrime prime

func (*SafePrime) CheckValidate

func (sp *SafePrime) CheckValidate() bool

CheckValidate check p < 2^(L/2) ? p = 2*q + 1

func (*SafePrime) P

func (sp *SafePrime) P() *big.Int

P get p

func (*SafePrime) Q

func (sp *SafePrime) Q() *big.Int

Q get q

func (*SafePrime) SetP

func (sp *SafePrime) SetP(p *big.Int)

SetP set p

func (*SafePrime) SetQ

func (sp *SafePrime) SetQ(q *big.Int)

SetQ set q

type ShareStruct2

type ShareStruct2 struct {
	ID    *big.Int // ID, x coordinate
	Share *big.Int
}

ShareStruct2 f(xi)

func (*ShareStruct2) Verify2

func (share *ShareStruct2) Verify2(keytype string, polyG *PolyGStruct2) bool

Verify2 Verify Lagrange polynomial value

type SquareFreeProof

type SquareFreeProof struct {
	Sigma []*big.Int
}

SquareFreeProof add for GG20: keygen phase 3. Each player Pi proves in ZK that Ni is square-free using the proof of Gennaro, Micciancio, and Rabin [30] An Efficient Non-Interactive Statistical Zero-Knowledge Proof System for Quasi-Safe Prime Products, section 3.1

func SquareFreeProve

func SquareFreeProve(n *big.Int, num *big.Int, l *big.Int) *SquareFreeProof

SquareFreeProve chooses m random value Xi belong to ZN* prover compute M = N^-1 mod OuLa(N) and output sigmai = Xi^M mod N for every Xi

func (*SquareFreeProof) MarshalJSON

func (sfpf *SquareFreeProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal SquareFreeProof to json bytes

func (*SquareFreeProof) UnmarshalJSON

func (sfpf *SquareFreeProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to SquareFreeProof

type TProof

type TProof struct {
	AlphaX *big.Int
	AlphaY *big.Int
	T      *big.Int
	U      *big.Int
}

ZK proof of knowledge of sigma_i, l_i such that T_i = g^sigma_i, h^l_i (GG20)

func TProve

func TProve(keytype string, t1X *big.Int, t1Y *big.Int, hx *big.Int, hy *big.Int, sigma1 *big.Int, l1 *big.Int) *TProof

TProve add for gg20: calculate T_i = g^sigma_i * h^l_i = sigma_i*G + l_i*h*G

func (*TProof) MarshalJSON

func (tpf *TProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal TProof to json bytes

func (*TProof) UnmarshalJSON

func (tpf *TProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to TProof

type ZkUProof

type ZkUProof struct {
	E *big.Int
	S *big.Int
}

ZkUProof the ZK that he knows u using Schnorr’s protocol

func ZkUProve

func ZkUProve(keytype string, u *big.Int) *ZkUProof

ZkUProve create ZkUProof

func (*ZkUProof) MarshalJSON

func (zku *ZkUProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal ZkUProof to json bytes

func (*ZkUProof) UnmarshalJSON

func (zku *ZkUProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to ZkUProof

type ZkXiProof

type ZkXiProof struct {
	E *big.Int
	S *big.Int
}

ZkXiProof the ZK that he knows xi using Schnorr’s protocol

func ZkXiProve

func ZkXiProve(keytype string, sku1 *big.Int) *ZkXiProof

ZkXiProve create ZkXiProof

func (*ZkXiProof) MarshalJSON

func (zkx *ZkXiProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal ZkXiProof to json bytes

func (*ZkXiProof) UnmarshalJSON

func (zkx *ZkXiProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to ZkXiProof

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL