README
¶
A Go library for the Snowblind blind signature scheme
Snowblind was introduced by Crites, Komlo, Maller, Tessaro, and Zhu in 2023. This Go library implements the plain blind signature scheme with $f(c,y) = c + y^5$, not the threshold version. Snowblind has many advantages compared to other existing blind signature schemes, including:
- concurrent security;
- small signatures;
- fast signing/verification;
- (relative) simplicity.
It's main ''flaw'' is that the security proof is in the Algebraic Group Model, but the only blind signature scheme with concurrent security that avoids any "non-standard" assumptions entirely requires an additional move, ~256x larger signatures, ~768x the communication cost, and is much slower.
This library instantiates Snowblind with ristretto255 (Curve25519) and SHA512. It has not been security audited and is provided without warranty.
Benchmark results
The following table compares this library to my blindschnorr library, which has the same API. Note that unlike blind Schnorr, Snowblind is concurrently secure.
| Operation | Snowblind (ns) | Blind Schnorr (ns) |
|---|---|---|
| KeyGen | 12769 | 12767 |
| NewCommitment | 78859 | 18113 |
| NewChallenge | 169733 | 67051 |
| NewResponse | 225.9 | 18.60 |
| NewSignature | 235564 | 60490 |
| Verify | 114144 | 66431 |
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
PrivateKey is used for signing Snowblind signatures.
func GenerateKey ¶
func GenerateKey(rand io.Reader) (*PrivateKey, error)
GenerateKey returns a PrivateKey using bytes read from rand. Users should basically always use crypto.Rand as an argument here.
func NewPrivateKey ¶
func NewPrivateKey(key []byte) (*PrivateKey, error)
NewPrivateKey returns the Snowblind private key corresponding to the given 32-byte key.
func (*PrivateKey) Bytes ¶
func (sk *PrivateKey) Bytes() []byte
Bytes returns the 32-byte representation of sk.
func (*PrivateKey) Equal ¶
func (sk *PrivateKey) Equal(op crypto.PrivateKey) bool
Equal returns true if op is a Snowblind PrivateKey and is equal to sk
func (*PrivateKey) NewSignerState ¶
func (sk *PrivateKey) NewSignerState() *SignerState
NewSignerState returns a signer state which can be used to sign a Snowblind signature.
func (*PrivateKey) Public ¶
func (sk *PrivateKey) Public() crypto.PublicKey
Public returns the public key corresponding to sk. To meet the crypto library PrivateKey interface, the return type is crypto.PublicKey, so users will need to type assert to PublicKey.
type PublicKey ¶
type PublicKey struct {
// contains filtered or unexported fields
}
PublicKey is used for obtaining and verifying Snowblind signatures.
func NewPublicKey ¶
NewPublicKey returns the Snowblind public key corresponding to the 32-byte key given as an argument.
func (*PublicKey) NewUserState ¶
NewUserState returns a new user state which can be used to obtain a signature from a signer.
type SignerState ¶
type SignerState struct {
// contains filtered or unexported fields
}
SignerState keeps track of information needed to sign a Snowblind signature and can only be used once per signature.
func (*SignerState) NewCommitment ¶
func (ss *SignerState) NewCommitment() ([]byte, error)
NewCommitment returns a commitment which should be sent to the user as the first move of communication in the three move protocol.
func (*SignerState) NewResponse ¶
func (ss *SignerState) NewResponse(chalBytes []byte) ([]byte, error)
NewResponse takes a challenge (chalBytes) and returns a response which should be sent to the user to allow them to obtain the final signature on their message.
type UserState ¶
type UserState struct {
// contains filtered or unexported fields
}
UserState keeps track of information needed to obtain a signature from a signer, and can only be used once per signature.
func (*UserState) NewChallenge ¶
NewChallenge takes a commitment (cmt) from the signer and a message (msg) to be signed, and returns a challenge which should be sent back to the signer as the second move of communication in the three move protocol.
Source Files