threshcrypto

package

v0.2.0 Latest Latest Go to latest Published: Jan 13, 2023 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/filecoin-project/mir

Links

Open Source Insights

Documentation ¶

Overview ¶

Package threshcrypto provides an implementation of the MirModule module. It supports TBLS signatures.

Index ¶

Variables
type DummyCrypto
type MirModule
- func New(threshCrypto ThreshCrypto) *MirModule
type TBLSInst
- func TBLS12381Keygen(T int, members []t.NodeID, randSource cipher.Stream) []*TBLSInst
type ThreshCrypto
- func TBLSPseudo(nodes []t.NodeID, threshold int, ownID t.NodeID, seed int64) (ThreshCrypto, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// DefaultPseudoSeed is an arbitrary number that the nodes can use as a seed when instantiating their MirModule modules.
	// This is not secure, but helps during testing, as it obviates the exchange of public keys among nodes.
	DefaultPseudoSeed int64 = 12345
)

Functions ¶

This section is empty.

Types ¶

type DummyCrypto ¶

type DummyCrypto struct {
	// The only accepted signature share suffix
	DummySigShareSuffix []byte

	// Current node ID
	Self t.NodeID

	// The only accepted full signature
	DummySigFull []byte
}

DummyCrypto represents a dummy MirModule module that always produces the same dummy byte slices specified at instantiation as the full signature. Signature shares always consist of the nodeID followed by a preset suffix (DummySigShareSuffix) Verification of these dummy signatures always succeeds. This is intended as a stub for testing purposes.

func (*DummyCrypto) Recover ¶

func (dc *DummyCrypto) Recover(data [][]byte, sigShares [][]byte) ([]byte, error)

Recovers full signature from signature shares if they are valid, otherwise an error is returned. data is ignored.

func (*DummyCrypto) SignShare ¶

func (dc *DummyCrypto) SignShare(data [][]byte) ([]byte, error)

SignShare always returns the dummy signature DummySig, regardless of the data.

func (*DummyCrypto) VerifyFull ¶

func (dc *DummyCrypto) VerifyFull(data [][]byte, signature []byte) error

VerifyFull returns nil (i.e. success) only if signature equals DummySig. data is ignored.

func (*DummyCrypto) VerifyShare ¶

func (dc *DummyCrypto) VerifyShare(data [][]byte, sigShare []byte, nodeID t.NodeID) error

VerifyShare returns nil (i.e. success) only if signature share equals nodeID||DummySigShareSuffix. data is ignored.

type MirModule ¶

type MirModule struct {
	// contains filtered or unexported fields
}

func New ¶

func New(threshCrypto ThreshCrypto) *MirModule

func (*MirModule) ApplyEvent ¶

func (c *MirModule) ApplyEvent(event *eventpb.Event) (*events.EventList, error)

func (*MirModule) ApplyEvents ¶

func (c *MirModule) ApplyEvents(eventsIn *events.EventList) (*events.EventList, error)

func (*MirModule) ImplementsModule ¶

func (c *MirModule) ImplementsModule()

The ImplementsModule method only serves the purpose of indicating that this is a Module and must not be called.

type TBLSInst ¶

type TBLSInst struct {
	// contains filtered or unexported fields
}

TBLSInst an instance of a BLS-based (t, len(members))-threshold signature scheme It is capable of creating signature shares with its (single) private key share, and validating/recovering signatures involving all group members.

func TBLS12381Keygen ¶

func TBLS12381Keygen(T int, members []t.NodeID, randSource cipher.Stream) []*TBLSInst

TBLS12381Keygen constructs a set TBLSInst for a given set of member nodes and threshold T with nByz byzantine nodes, using the BLS12-381 pairing, with signatures being points on curve G1, and keys points on curve G2.

func (*TBLSInst) MarshalTo ¶

func (inst *TBLSInst) MarshalTo(w io.Writer) (int, error)

MarshalTo writes the properties of a TBLSInst to an io.Writer. Can be read with TBLSInst.UnmarshalFrom.

func (*TBLSInst) Recover ¶

func (inst *TBLSInst) Recover(msg [][]byte, sigShares [][]byte) ([]byte, error)

Recover recovers a full signature from a set of (previously validated) shares, that are known to be from distinct nodes.

func (*TBLSInst) SignShare ¶

func (inst *TBLSInst) SignShare(msg [][]byte) ([]byte, error)

SignShare constructs a signature share for the message.

func (*TBLSInst) UnmarshalFrom ¶

func (inst *TBLSInst) UnmarshalFrom(r io.Reader) (int, error)

UnmarshalFrom sets the properties of a TBLSInst from an io.Reader. The property stream can be created from TBLSInst.MarshalTo. NOTE: Currently assumes the underlying scheme is the same as in TBLS12381Keygen().

func (*TBLSInst) VerifyFull ¶

func (inst *TBLSInst) VerifyFull(msg [][]byte, sigFull []byte) error

VerifyFull verifies that a (full) signature is valid for a given message.

func (*TBLSInst) VerifyShare ¶

func (inst *TBLSInst) VerifyShare(msg [][]byte, sigShare []byte, nodeID t.NodeID) error

VerifyShare verifies that a signature share is for a given message from a given node.

type ThreshCrypto ¶

type ThreshCrypto interface {
	// SignShare signs the provided data and returns the resulting signature share.
	// The data to be signed is the concatenation of all the passed byte slices.
	// A signature share produced by SignShare is verifiable using VerifyShare.
	// After obtaining signature shares from T group members, the full signature can be constructed with Recover.
	// Returns the signature (and a nil error) on success, and a non-nil error otherwise.
	SignShare(data [][]byte) ([]byte, error)

	// VerifyShare verifies that a signature share is valid for the given data and node (if applicable).
	// Returns nil on success (i.e., if the given signature share is valid) and a non-nil error otherwise.
	VerifyShare(data [][]byte, signatureShare []byte, nodeID t.NodeID) error

	// Recover constructs a full signature from signature shares over data.
	// All signature shares MUST have been previously verified with VerifyShare, and must come from
	// different nodes.
	// Returns the full signature (and a nil error) on success and a non-nil error otherwise.
	// Signatures returned by Recover are guaranteed to be valid.
	Recover(data [][]byte, signatureShares [][]byte) ([]byte, error)

	// VerifyFull verifies a full signature from the group over data.
	// Returns nil on success (i.e., if the given signature is valid) and a non-nil error otherwise.
	VerifyFull(data [][]byte, signature []byte) error
}

The ThreshCrypto interface represents an implementation of threshold cryptography primitives inside the MirModule module. It is responsible for producing and verifying cryptographic threshold signatures, which disperses the authority to sign among a group of N members, where T must sign their share for a full signature to be produced. It internally stores information about the group, its public key and shares, and the node's private key share.

func TBLSPseudo ¶

func TBLSPseudo(nodes []t.NodeID, threshold int, ownID t.NodeID, seed int64) (ThreshCrypto, error)

TBLSPseudo returns a ThreshCryptoImpl module to be used by a Node, generating new keys in a pseudo-random manner. It is initialized and populated deterministically, based on a given configuration and a random seed. NodePseudo is not secure. Intended for testing purposes and assuming a static membership known to all nodes, NodePseudo can be invoked by each Node independently (specifying the same seed, e.g. DefaultPseudoSeed) and generates the same set of keys for the whole system at each node, obviating the exchange of public keys.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
dsl
events

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL