Documentation
¶
Overview ¶
Package bdn implements the Boneh-Drijvers-Neven signature scheme which is an implementation of the bls package which is robust against rogue public-key attacks. Those attacks could allow an attacker to forge a public-key and then make a verifiable signature for an aggregation of signatures. It fixes the situation by adding coefficients to the aggregate.
See the papers: https://eprint.iacr.org/2018/483.pdf https://crypto.stanford.edu/~dabo/pubs/papers/BLSmultisig.html
Index ¶
- func AggregatePublicKeys(suite pairing.Suite, mask *sign.Mask) (kyber.Point, error)
- func AggregateSignatures(suite pairing.Suite, sigs [][]byte, mask *sign.Mask) (kyber.Point, error)
- func NewKeyPair(suite pairing.Suite, random cipher.Stream) (kyber.Scalar, kyber.Point)
- func Sign(suite pairing.Suite, x kyber.Scalar, msg []byte) ([]byte, error)
- func Verify(suite pairing.Suite, x kyber.Point, msg, sig []byte) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AggregatePublicKeys ¶
AggregatePublicKeys aggregates a set of public keys (similarly to AggregateSignatures for signatures) using the hash function H: G2 -> R with R = {1, ..., 2^128}.
func AggregateSignatures ¶
AggregateSignatures aggregates the signatures using a coefficient for each one of them where c = H(pk) and H: G2 -> R with R = {1, ..., 2^128}
func NewKeyPair ¶
NewKeyPair creates a new BLS signing key pair. The private key x is a scalar and the public key X is a point on curve G2.
func Sign ¶
Sign creates a BLS signature S = x * H(m) on a message m using the private key x. The signature S is a point on curve G1.
Types ¶
This section is empty.
Source Files