schnorrkel

package module
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 2, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

README

go-schnorrkel

Discord

Go implementation of the sr25519 signature algorithm (schnorr over ristretto25519). The existing rust implementation is here.

This library is currently able to create sr25519 keys, import sr25519 keys, and sign and verify messages. It is interoperable with the rust implementation.

The BIP39 implementation in this library is compatible with the rust substrate-bip39 implementation. Note that this is not a standard bip39 implementation.

dependencies

go 1.13

usage

Example: key generation, signing, and verification

package main 

import (
	"fmt"
	
	schnorrkel "github.com/ginharu/go-schnorrkel"
)

func main() {
	msg := []byte("hello friends")
	signingCtx := []byte("example")

	signingTranscript := schnorrkel.NewSigningContext(signingCtx, msg)
	verifyTranscript := schnorrkel.NewSigningContext(signingCtx, msg)

	priv, pub, err := schnorrkel.GenerateKeypair()
	if err != nil {
		fmt.Println(err)
		return
	}

	sig, err := priv.Sign(signingTranscript)
	if err != nil {
		fmt.Println(err)
		return
	}

	ok := pub.Verify(sig, verifyTranscript)
	if !ok {
		fmt.Println("did not verify :(")
		return
	}
}

Documentation

Index

Constants

View Source 
const ChainCodeLength = 32
View Source 
const (
	// MiniSecretKeyLength is the len in bytes of the MiniSecret Key
	MiniSecretKeyLength = 32
)

Variables

View Source 
var (
	ErrDeriveHardKeyType = errors.New("Failed to derive hard key type, DerivableKey must be a SecretKey")
)
View Source 
var ErrSignatureNotMarkedSchnorrkel = errors.New("signature is not marked as a schnorrkel signature")

ErrSignatureNotMarkedSchnorrkel is returned when attempting to decode a signature that is not marked as schnorrkel

Functions

func GenerateKeypair 

func GenerateKeypair() (*SecretKey, *PublicKey, error)

GenerateKeypair generates a new schnorrkel secret key and public key

func MnemonicToEntropy 

func MnemonicToEntropy(mnemonic string) ([]byte, error)

MnemonicToEntropy takes a mnemonic string and reverses it to the entropy An error is returned if the mnemonic is invalid.

func NewRandomElement 

func NewRandomElement() (*r255.Element, error)

NewRandomElement returns a random ristretto element

func NewRandomScalar 

func NewRandomScalar() (*r255.Scalar, error)

NewRandomScalar returns a random ristretto scalar

func NewSigningContext 

func NewSigningContext(context, msg []byte) *merlin.Transcript

NewSigningContext returns a new transcript initialized with the context for the signature .see: https://github.com/w3f/schnorrkel/blob/db61369a6e77f8074eb3247f9040ccde55697f20/src/context.rs#L183

func ScalarFromBytes 

func ScalarFromBytes(b [32]byte) (*r255.Scalar, error)

ScalarFromBytes returns a ristretto scalar from the input bytes performs input mod l where l is the group order

func SeedFromMnemonic 

func SeedFromMnemonic(mnemonic string, password string) ([64]byte, error)

SeedFromMnemonic returns a 64-byte seed from a bip39 mnemonic

func SetKusamaVRF 

func SetKusamaVRF(k bool)

SetKusama sets the VRF kusama option. Defaults to true.

func TranscriptWithMalleabilityAddressed 

func TranscriptWithMalleabilityAddressed(t *merlin.Transcript, pk *PublicKey) *merlin.Transcript

TranscriptWithMalleabilityAddressed returns the input transcript with the public key commited to it, addressing VRF output malleability.

func VerifyBatch 

func VerifyBatch(transcripts []*merlin.Transcript, signatures []*Signature, pubkeys []*PublicKey) (bool, error)

VerifyBatch batch verifies the given signatures

Types

type BatchVerifier 

type BatchVerifier struct {
	// contains filtered or unexported fields
}

func NewBatchVerifier 

func NewBatchVerifier() *BatchVerifier

func (*BatchVerifier) Add 

func (v *BatchVerifier) Add(t *merlin.Transcript, sig *Signature, pubkey *PublicKey) error

func (*BatchVerifier) Verify 

func (v *BatchVerifier) Verify() bool

type DerivableKey 

type DerivableKey interface {
	Encode() [32]byte
	Decode([32]byte) error
	DeriveKey(*merlin.Transcript, [ChainCodeLength]byte) (*ExtendedKey, error)
}

DerivableKey implements DeriveKey

type ExtendedKey 

type ExtendedKey struct {
	// contains filtered or unexported fields
}

ExtendedKey consists of a DerivableKey which can be a schnorrkel public or private key as well as chain code

func DeriveKeyHard 

func DeriveKeyHard(key DerivableKey, i []byte, cc [ChainCodeLength]byte) (*ExtendedKey, error)

DeriveKeyHard derives a Hard subkey identified by the byte array i and chain code

func DeriveKeySimple 

func DeriveKeySimple(key DerivableKey, i []byte, cc [ChainCodeLength]byte) (*ExtendedKey, error)

DeriveKeySimple derives a Soft subkey identified by byte array i and chain code.

func DeriveKeySoft 

func DeriveKeySoft(key DerivableKey, i []byte, cc [ChainCodeLength]byte) (*ExtendedKey, error)

DerviveKeySoft is an alias for DervieKeySimple() used to derive a Soft subkey identified by the byte array i and chain code

func NewExtendedKey 

func NewExtendedKey(k DerivableKey, cc [ChainCodeLength]byte) *ExtendedKey

NewExtendedKey creates an ExtendedKey given a DerivableKey and chain code

func (*ExtendedKey) ChainCode 

func (ek *ExtendedKey) ChainCode() [ChainCodeLength]byte

ChainCode returns the chain code underlying the ExtendedKey

func (*ExtendedKey) DeriveKey 

func (ek *ExtendedKey) DeriveKey(t *merlin.Transcript) (*ExtendedKey, error)

DeriveKey derives an extended key from an extended key

func (*ExtendedKey) HardDeriveMiniSecretKey 

func (ek *ExtendedKey) HardDeriveMiniSecretKey(i []byte) (*ExtendedKey, error)

HardDeriveMiniSecretKey implements BIP-32 like "hard" derivation of a mini secret from an extended key's secret key

func (*ExtendedKey) Key 

func (ek *ExtendedKey) Key() DerivableKey

Key returns the schnorrkel key underlying the ExtendedKey

func (*ExtendedKey) Public 

func (ek *ExtendedKey) Public() (*PublicKey, error)

Public returns the PublicKey underlying the ExtendedKey

func (*ExtendedKey) Secret 

func (ek *ExtendedKey) Secret() (*SecretKey, error)

Secret returns the SecretKey underlying the ExtendedKey if it's not a secret key, it returns an error

type MiniSecretKey 

type MiniSecretKey struct {
	// contains filtered or unexported fields
}

MiniSecretKey is a secret scalar

func GenerateMiniSecretKey 

func GenerateMiniSecretKey() (*MiniSecretKey, error)

GenerateMiniSecretKey generates a mini secret key from random

func MiniSecretFromMnemonic added in v1.0.3 

func MiniSecretFromMnemonic(mnemonic string, password string) (*MiniSecretKey, error)

MiniSecretFromMnemonic returns a go-schnorrkel MiniSecretKey from a bip39 mnemonic

func NewMiniSecretKey 

func NewMiniSecretKey(b [64]byte) *MiniSecretKey

NewMiniSecretKey derives a mini secret key from a byte array

func NewMiniSecretKeyFromRaw 

func NewMiniSecretKeyFromRaw(b [32]byte) (*MiniSecretKey, error)

NewMiniSecretKeyFromRaw derives a mini secret key from little-endian encoded raw bytes.

func (*MiniSecretKey) Decode 

func (s *MiniSecretKey) Decode(in [32]byte) (err error)

func (*MiniSecretKey) DeriveKey 

func (mk *MiniSecretKey) DeriveKey(t *merlin.Transcript, cc [ChainCodeLength]byte) (*ExtendedKey, error)

DeriveKey derives an Extended Key from the Mini Secret Key

func (*MiniSecretKey) Encode 

func (s *MiniSecretKey) Encode() [32]byte

func (*MiniSecretKey) ExpandEd25519 

func (s *MiniSecretKey) ExpandEd25519() *SecretKey

ExpandEd25519 expands a mini secret key into a secret key https://github.com/w3f/schnorrkel/blob/43f7fc00724edd1ef53d5ae13d82d240ed6202d5/src/keys.rs#L196

func (*MiniSecretKey) ExpandUniform 

func (s *MiniSecretKey) ExpandUniform() *SecretKey

ExpandUniform

func (*MiniSecretKey) HardDeriveMiniSecretKey 

func (mk *MiniSecretKey) HardDeriveMiniSecretKey(i []byte, cc [ChainCodeLength]byte) (
	*MiniSecretKey, [ChainCodeLength]byte, error)

HardDeriveMiniSecretKey implements BIP-32 like "hard" derivation of a mini secret from a mini secret key

func (*MiniSecretKey) Public 

func (s *MiniSecretKey) Public() *PublicKey

Public gets the public key corresponding to this mini secret key

type PublicKey 

type PublicKey struct {
	// contains filtered or unexported fields
}

PublicKey is a field element

func NewPublicKey 

func NewPublicKey(b [32]byte) *PublicKey

NewPublicKey creates a new public key from input bytes

func (*PublicKey) Compress added in v1.0.3 

func (p *PublicKey) Compress() [32]byte

Compress returns the encoding of the point underlying the public key

func (*PublicKey) Decode 

func (p *PublicKey) Decode(in [32]byte) error

func (*PublicKey) DeriveKey 

func (pk *PublicKey) DeriveKey(t *merlin.Transcript, cc [ChainCodeLength]byte) (*ExtendedKey, error)

func (*PublicKey) DeriveScalarAndChaincode 

func (pk *PublicKey) DeriveScalarAndChaincode(t *merlin.Transcript, cc [ChainCodeLength]byte) (*r255.Scalar, [ChainCodeLength]byte)

DeriveScalarAndChaincode derives a new scalar and chain code from an existing public key and chain code

func (*PublicKey) Encode 

func (p *PublicKey) Encode() [32]byte

Encode is a wrapper around compress

func (*PublicKey) Verify 

func (p *PublicKey) Verify(s *Signature, t *merlin.Transcript) bool

Verify verifies a schnorr signature with format: (R, s) where y is the public key 1. k = scalar(transcript.extract_bytes()) 2. R' = -ky + gs 3. return R' == R

func (*PublicKey) VrfVerify 

func (pk *PublicKey) VrfVerify(t *merlin.Transcript, out *VrfOutput, proof *VrfProof) (bool, error)

VrfVerify verifies that the proof and output created are valid given the public key and transcript.

type SecretKey 

type SecretKey struct {
	// contains filtered or unexported fields
}

SecretKey consists of a secret scalar and a signing nonce

func NewSecretKey 

func NewSecretKey(key [32]byte, nonce [32]byte) *SecretKey

NewSecretKey creates a new secret key from input bytes

func (*SecretKey) Decode 

func (s *SecretKey) Decode(in [32]byte) error

Decode forms the secret key from the input bytes

func (*SecretKey) DeriveKey 

func (sk *SecretKey) DeriveKey(t *merlin.Transcript, cc [ChainCodeLength]byte) (*ExtendedKey, error)

DeriveKey derives a new secret key and chain code from an existing secret key and chain code

func (*SecretKey) Encode 

func (s *SecretKey) Encode() [32]byte

Encode returns the secret key as bytes

func (*SecretKey) HardDeriveMiniSecretKey 

func (sk *SecretKey) HardDeriveMiniSecretKey(i []byte, cc [ChainCodeLength]byte) (
	*MiniSecretKey, [ChainCodeLength]byte, error)

HardDeriveMiniSecretKey implements BIP-32 like "hard" derivation of a mini secret from a secret key

func (*SecretKey) Public 

func (s *SecretKey) Public() (*PublicKey, error)

Public gets the public key corresponding to this secret key

func (*SecretKey) Sign 

func (sk *SecretKey) Sign(t *merlin.Transcript) (*Signature, error)

Sign uses the schnorr signature algorithm to sign a message See the following for the transcript message https://github.com/w3f/schnorrkel/blob/db61369a6e77f8074eb3247f9040ccde55697f20/src/sign.rs#L158 Schnorr w/ transcript, secret key x: 1. choose random r from group 2. R = gr 3. k = scalar(transcript.extract_bytes()) 4. s = kx + r signature: (R, s) public key used for verification: y = g^x

func (*SecretKey) VrfSign 

func (sk *SecretKey) VrfSign(t *merlin.Transcript) (*VrfInOut, *VrfProof, error)

VrfSign returns a vrf output and proof given a secret key and transcript.

type Signature 

type Signature struct {
	R *r255.Element
	S *r255.Scalar
}

Signature holds a schnorrkel signature

func (*Signature) Decode 

func (s *Signature) Decode(in [64]byte) error

Decode sets a Signature from bytes see: https://github.com/w3f/schnorrkel/blob/db61369a6e77f8074eb3247f9040ccde55697f20/src/sign.rs#L100

func (*Signature) DecodeNotDistinguishedFromEd25519 

func (s *Signature) DecodeNotDistinguishedFromEd25519(in [64]byte) error

DecodeNotDistinguishedFromEd25519 sets a signature from bytes, not checking if the signature is explicitly marked as a schnorrkel signature

func (*Signature) Encode 

func (s *Signature) Encode() [64]byte

Encode turns a signature into a byte array see: https://github.com/w3f/schnorrkel/blob/db61369a6e77f8074eb3247f9040ccde55697f20/src/sign.rs#L77

type VrfInOut 

type VrfInOut struct {
	// contains filtered or unexported fields
}

func (*VrfInOut) Encode 

func (io *VrfInOut) Encode() []byte

EncodeOutput returns the 64-byte encoding of the input and output concatenated

func (*VrfInOut) MakeBytes 

func (io *VrfInOut) MakeBytes(size int, context []byte) []byte

MakeBytes returns raw bytes output from the VRF It returns a byte slice of the given size see https://github.com/w3f/schnorrkel/blob/master/src/vrf.rs#L334

func (*VrfInOut) Output 

func (io *VrfInOut) Output() *VrfOutput

Output returns a VrfOutput from a VrfInOut

type VrfOutput 

type VrfOutput struct {
	// contains filtered or unexported fields
}

func NewOutput 

func NewOutput(in [32]byte) *VrfOutput

NewOutput creates a new VRF output from a 64-byte element

func (*VrfOutput) AttachInput 

func (out *VrfOutput) AttachInput(pub *PublicKey, t *merlin.Transcript) *VrfInOut

AttachInput returns a VrfInOut pair from an output https://github.com/w3f/schnorrkel/blob/master/src/vrf.rs#L249

func (*VrfOutput) Decode 

func (out *VrfOutput) Decode(in [32]byte) error

Decode sets the VrfOutput to the decoded input

func (*VrfOutput) Encode 

func (out *VrfOutput) Encode() [32]byte

Encode returns the 32-byte encoding of the output

type VrfProof 

type VrfProof struct {
	// contains filtered or unexported fields
}

func (*VrfProof) Decode 

func (p *VrfProof) Decode(in [64]byte) error

Decode sets the VrfProof to the decoded input

func (*VrfProof) Encode 

func (p *VrfProof) Encode() [64]byte

Encode returns a 64-byte encoded VrfProof

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.