Documentation
¶
Overview ¶
Package bls implements the compact BLS Multisignature construction which preappends the public key to the signature according to the *plain public-key model*. The form implemented uses an array of distinct keys (as in https://crypto.stanford.edu/~dabo/pubs/papers/BLSmultisig.html) instead of the aggregated form (as in https://eprint.iacr.org/2018/483.pdf where {pk₁,...,pkₙ} would be appended to each pkᵢ according to apk ← ∏ⁿᵢ₌₁ pk^H₁(pkᵢ, {pk₁,...,pkₙ})
Index ¶
- func GenKeyPair(randReader io.Reader) (*PublicKey, *SecretKey, error)
- func Verify(apk *Apk, msg []byte, sigma *Signature) error
- func VerifyBatch(apks []*Apk, msgs [][]byte, sigma *Signature) error
- func VerifyCompressed(pks []*bn256.G2, msgList [][]byte, compressedSig []byte, allowDistinct bool) error
- func VerifyUnsafe(pkey *PublicKey, msg []byte, signature *UnsafeSignature) error
- func VerifyUnsafeBatch(pkeys []*PublicKey, msgList [][]byte, signature *UnsafeSignature) error
- type Apk
- type PublicKey
- type SecretKey
- type Signature
- func (sigma *Signature) Add(pk *PublicKey, sig *UnsafeSignature) error
- func (sigma *Signature) Aggregate(other *Signature) *Signature
- func (sigma *Signature) AggregateBytes(other []byte) error
- func (sigma *Signature) Compress() []byte
- func (sigma *Signature) Decompress(x []byte) error
- func (sigma *Signature) Marshal() []byte
- func (sigma *Signature) Unmarshal(msg []byte) error
- type UnsafeSignature
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenKeyPair ¶
GenKeyPair generates Public and Private Keys
func VerifyBatch ¶
VerifyBatch is the verification step of a batch of aggregated apk signatures TODO: consider adding the possibility to handle non distinct messages (at batch level after aggregating APK)
func VerifyCompressed ¶
func VerifyUnsafe ¶
func VerifyUnsafe(pkey *PublicKey, msg []byte, signature *UnsafeSignature) error
VerifyUnsafe checks the given BLS signature bls on the message m using the public key pkey by verifying that the equality e(H(m), X) == e(H(m), x*B2) == e(x*H(m), B2) == e(S, B2) holds where e is the pairing operation and B2 is the base point from curve G2.
func VerifyUnsafeBatch ¶
func VerifyUnsafeBatch(pkeys []*PublicKey, msgList [][]byte, signature *UnsafeSignature) error
VerifyUnsafeBatch verifies a batch of messages signed with aggregated signature the rogue-key attack is prevented by making all messages distinct
Types ¶
type Apk ¶
type Apk struct {
*PublicKey
}
Apk is the short aggregated public key struct
func AggregateApk ¶
AggregateApk aggregates the public key according to the following formula: apk ← ∏ⁿᵢ₌₁ pk^H₁(pkᵢ)
func UnmarshalApk ¶
func (*Apk) Aggregate ¶
Aggregate a Public Key to the Apk struct according to the formula pk^H₁(pkᵢ)
func (*Apk) AggregateBytes ¶
AggregateBytes is a convenient method to aggregate the unmarshalled form of PublicKey directly
type PublicKey ¶
type PublicKey struct {
// contains filtered or unexported fields
}
PublicKey is calculated as g^x
func UnmarshalPk ¶
func (*PublicKey) Marshal ¶
Marshal returns the binary representation of the G2 point being the public key
func (*PublicKey) MarshalText ¶
MarshalText encodes the string representation of the public key
func (*PublicKey) UnmarshalText ¶
UnmarshalText decode the string/byte representation into the public key
type SecretKey ¶
type SecretKey struct {
// contains filtered or unexported fields
}
SecretKey has "x" as secret for the BLS signature
type Signature ¶
type Signature struct {
// contains filtered or unexported fields
}
Signature is the plain public key model of the BLS signature being resilient to rogue key attack
func UnmarshalSignature ¶
func (*Signature) Add ¶
func (sigma *Signature) Add(pk *PublicKey, sig *UnsafeSignature) error
Add creates an aggregated signature from a normal BLS Signature and related public key
func (*Signature) AggregateBytes ¶
func (*Signature) Decompress ¶
Decompress reconstructs the 64 byte signature from the compressed form
type UnsafeSignature ¶
type UnsafeSignature struct {
// contains filtered or unexported fields
}
UnsafeSignature is the BLS Signature Struct not resilient to rogue-key attack
func UnsafeAggregate ¶
func UnsafeAggregate(one, other *UnsafeSignature) *UnsafeSignature
UnsafeAggregate combines signatures on distinct messages.
func UnsafeBatch ¶
func UnsafeBatch(sigs ...*UnsafeSignature) (*UnsafeSignature, error)
UnsafeBatch is a utility function to aggregate distinct messages (if not distinct the scheme is vulnerable to chosen-key attack)
func UnsafeSign ¶
func UnsafeSign(key *SecretKey, msg []byte) (*UnsafeSignature, error)
UnsafeSign generates an UnsafeSignature being vulnerable to the rogue-key attack and therefore can only be used if the messages are distinct
func (*UnsafeSignature) Compress ¶
func (usig *UnsafeSignature) Compress() []byte
Compress the signature to the 32 byte form
func (*UnsafeSignature) Decompress ¶
func (usig *UnsafeSignature) Decompress(x []byte) error
Decompress reconstructs the 64 byte signature from the compressed form
func (*UnsafeSignature) Marshal ¶
func (usig *UnsafeSignature) Marshal() []byte
Marshal an UnsafeSignature into a byte array
func (*UnsafeSignature) Unmarshal ¶
func (usig *UnsafeSignature) Unmarshal(msg []byte) error
Unmarshal a byte array into an UnsafeSignature
Source Files