schnorr

package
v0.0.0-...-82e7055 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 19, 2024 License: ISC Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// ErrBadInputSize indicates that input to a signature was of the wrong size.
	ErrBadInputSize = iota

	// ErrInputValue indicates that the value of an input was wrong (e.g. zero).
	ErrInputValue

	// ErrSchnorrHashValue indicates that the hash of (R || m) was too large
	// and so a new k value (nonce) should be used.
	ErrSchnorrHashValue

	// ErrPointNotOnCurve indicates that a point was not on the given
	// elliptic curve.
	ErrPointNotOnCurve

	// ErrBadSigRYValue indicates that the calculated Y value of R was odd,
	// which is not allowed.
	ErrBadSigRYValue

	// ErrBadSigRNotOnCurve indicates that the calculated or given point R for some
	// signature was not on the curve.
	ErrBadSigRNotOnCurve

	// ErrUnequalRValues indicates that the calculated point R for some
	// signature was not the same as the given R value for the signature.
	ErrUnequalRValues

	// ErrRegenerateRPoint indicates that a point could not be regenerated
	// from r.
	ErrRegenerateRPoint

	// ErrPubKeyOffCurve indicates that a regenerated pubkey was off the curve.
	ErrPubKeyOffCurve

	// ErrRegenSig indicates that a regenerated pubkey could not be validated
	// against the signature.
	ErrRegenSig

	// ErrBadNonce indicates that a generated nonce from some algorithm was
	// unusable.
	ErrBadNonce

	// ErrZeroSigS indates a zero signature S value, which is invalid.
	ErrZeroSigS

	// ErrNonmatchingR indicates that all signatures to be combined in a
	// threshold signature failed to have a matching R value.
	ErrNonmatchingR
)

These constants are used to identify a specific RuleError.

View Source
const (
	PubKeyBytesLen = 33
)

These constants define the lengths of serialized public keys.

View Source
const SignatureSize = 64

SignatureSize is the size of an encoded Schnorr signature.

Variables

View Source
var BlakeVersionStringRFC6979 = []byte("Schnorr+BLAKE256")

BlakeVersionStringRFC6979 is the RFC6979 nonce version for a Schnorr signature over the secp256k1 curve using BLAKE256 as the hash function.

View Source
var Sha256VersionStringRFC6979 = []byte("Schnorr+SHA256  ")

Sha256VersionStringRFC6979 is the RFC6979 nonce version for a Schnorr signature over the secp256k1 curve using SHA256 as the hash function.

Functions

func BigIntToEncodedBytes

func BigIntToEncodedBytes(a *big.Int) *[32]byte

BigIntToEncodedBytes converts a big integer into its corresponding 32 byte little endian representation.

func CombinePubkeys

func CombinePubkeys(curve *secp256k1.KoblitzCurve,
	pks []*secp256k1.PublicKey) *secp256k1.PublicKey

CombinePubkeys combines a slice of public keys into a single public key by adding them together with point addition.

func EncodedBytesToBigInt

func EncodedBytesToBigInt(s *[32]byte) *big.Int

EncodedBytesToBigInt converts a 32 byte big endian representation of an integer into a big integer.

func GenerateNoncePair

func GenerateNoncePair(curve *secp256k1.KoblitzCurve, msg []byte,
	privkey *secp256k1.PrivateKey, extra []byte,
	version []byte) (*secp256k1.PrivateKey, *secp256k1.PublicKey, error)

GenerateNoncePair is the generalized and exported version of generateNoncePair.

func ParsePubKey

func ParsePubKey(curve *secp256k1.KoblitzCurve,
	pubKeyStr []byte) (key *secp256k1.PublicKey, err error)

ParsePubKey parses a public key for a koblitz curve from a bytestring into a ecdsa.Publickey, verifying that it is valid. It supports compressed, uncompressed and hybrid signature formats.

func RecoverPubkey

func RecoverPubkey(curve *secp256k1.KoblitzCurve, sig,
	msg []byte) (*secp256k1.PublicKey, bool, error)

RecoverPubkey is the exported and generalized version of schnorrRecover. It recovers a public key given a signature and a message, using BLAKE256 as the hashing function.

func Sign

func Sign(curve *secp256k1.KoblitzCurve, priv *secp256k1.PrivateKey,
	hash []byte) (r, s *big.Int, err error)

Sign is the exported version of sign. It uses RFC6979 and Blake256 to produce a Schnorr signature.

func Verify

func Verify(curve *secp256k1.KoblitzCurve, pubkey *secp256k1.PublicKey,
	msg []byte, r *big.Int, s *big.Int) bool

Verify is the generalized and exported function for the verification of a secp256k1 Schnorr signature. BLAKE256 is used as the hashing function.

Types

type Error

type Error struct {
	ErrorCode   ErrorCode // Describes the kind of error
	Description string    // Human readable description of the issue
}

Error identifies a violation.

func (Error) Error

func (e Error) Error() string

Error satisfies the error interface and prints human-readable errors.

func (Error) GetCode

func (e Error) GetCode() ErrorCode

GetCode satisfies the error interface and prints human-readable errors.

type ErrorCode

type ErrorCode int

ErrorCode identifies a kind of error.

func (ErrorCode) String

func (e ErrorCode) String() string

String returns the ErrorCode as a human-readable name.

type Signature

type Signature struct {
	R *big.Int
	S *big.Int
}

Signature is a type representing a Schnorr signature.

func CombineSigs

func CombineSigs(curve *secp256k1.KoblitzCurve,
	sigs []*Signature) (*Signature, error)

CombineSigs is the generalized and exported version of generateNoncePair.

func NewSignature

func NewSignature(r, s *big.Int) *Signature

NewSignature instantiates a new signature given some R,S values.

func ParseSignature

func ParseSignature(sigStr []byte) (*Signature, error)

ParseSignature parses a signature in BER format for the curve type `curve' into a Signature type, perfoming some basic sanity checks.

func PartialSign

func PartialSign(curve *secp256k1.KoblitzCurve, msg []byte,
	priv *secp256k1.PrivateKey, privNonce *secp256k1.PrivateKey,
	pubSum *secp256k1.PublicKey) (*Signature, error)

PartialSign is the generalized and exported version of schnorrPartialSign.

func (Signature) GetR

func (sig Signature) GetR() *big.Int

GetR satisfies the chainec PublicKey interface.

func (Signature) GetS

func (sig Signature) GetS() *big.Int

GetS satisfies the chainec PublicKey interface.

func (Signature) GetType

func (sig Signature) GetType() int

GetType satisfies the chainec Signature interface.

func (Signature) Serialize

func (sig Signature) Serialize() []byte

Serialize returns the Schnorr signature in the more strict format.

The signatures are encoded as

sig[0:32]  R, a point encoded as big endian
sig[32:64] S, scalar multiplication/addition results = (ab+c) mod l
  encoded also as big endian

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL