Documentation ¶
Overview ¶
Package secp256k1 wraps the bitcoin secp256k1 C library.
Index ¶
- Variables
- func CompressPubkey(x, y *big.Int) []byte
- func ComputeC(keys ...[]byte) []byte
- func DecompressPubkey(pubkey []byte) (x, y *big.Int)
- func RecoverPubkey(msg []byte, sig []byte) ([]byte, error)
- func ScAdd(a, b []byte) []byte
- func ScBaseMul(a []byte) []byte
- func ScMul(a, b []byte) []byte
- func ScPointMul(point, a []byte) []byte
- func ScSub(a, b []byte) []byte
- func SchnorrSignMultiBootstrap(G *BitCurve, msg, privateKey, publicKey []byte, othersPublicKeys ...[]byte) (Q, R, y []byte)
- func SchnorrSignMultiComputeS(msg, P, R, y []byte) []byte
- func SchnorrSignSingle(G *BitCurve, msg, x, P []byte) ([]byte, []byte)
- func SchnorrVerify(G *BitCurve, msg, R, s, P []byte) bool
- func SchnorrVerifyNative(message, R, s, P []byte) bool
- func Sign(msg []byte, seckey []byte) ([]byte, error)
- func VerifySignature(pubkey, msg, signature []byte) bool
- type BitCurve
- func (BitCurve *BitCurve) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int)
- func (BitCurve *BitCurve) Double(x1, y1 *big.Int) (*big.Int, *big.Int)
- func (BitCurve *BitCurve) IsOnCurve(x, y *big.Int) bool
- func (BitCurve *BitCurve) Marshal(x, y *big.Int) []byte
- func (BitCurve *BitCurve) Params() *elliptic.CurveParams
- func (BitCurve *BitCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int)
- func (BitCurve *BitCurve) ScalarMult(Bx, By *big.Int, scalar []byte) (*big.Int, *big.Int)
- func (BitCurve *BitCurve) Unmarshal(data []byte) (x, y *big.Int)
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidMsgLen = errors.New("invalid message length, need 32 bytes") ErrInvalidSignatureLen = errors.New("invalid signature length") ErrInvalidRecoveryID = errors.New("invalid signature recovery id") ErrInvalidKey = errors.New("invalid private key") ErrInvalidPubkey = errors.New("invalid public key") ErrSignFailed = errors.New("signing failed") ErrRecoverFailed = errors.New("recovery failed") )
Functions ¶
func CompressPubkey ¶
CompressPubkey encodes a public key to 33-byte compressed format.
func DecompressPubkey ¶
DecompressPubkey parses a public key in the 33-byte compressed format. It returns non-nil coordinates if the public key is valid.
func RecoverPubkey ¶
RecoverPubkey returns the public key of the signer. msg must be the 32-byte hash of the message to be signed. sig must be a 65-byte compact ECDSA signature containing the recovery id as the last element.
func ScBaseMul ¶
ScBaseMul is a simple C-binding performing a * G where a is an input scalar and G is SECP256k1 curve.
func ScPointMul ¶
ScPointMul is a simple C-binding performing multiplication between a curve point and a scalar. Returns a point in the uncompressed format.
func SchnorrSignMultiBootstrap ¶
func SchnorrSignMultiBootstrap(G *BitCurve, msg, privateKey, publicKey []byte, othersPublicKeys ...[]byte) (Q, R, y []byte)
SchnorrSignMultiBootstrap computes an individual share of a Schnorr multi-signature given all public keys. Q: a dedicated, security hardened public key for this multi-signature party R: a part of the generating multi-signature for the input publickey y: a dedicated, security hardened private key for this multi-signature party
func SchnorrSignMultiComputeS ¶
SchnorrSignMultiComputeS computes the s part of a Schnorr multi-signature (i.e., s in (R, s)).
func SchnorrSignSingle ¶
SchnorrSignSingle digitally signs the input message using Schnorr signature scheme.
func SchnorrVerify ¶
SchnorrVerifySingle verifies a Schnorr signature. Note that this implementation is relatively slow compared to the C implementation. Use this sparingly.
func SchnorrVerifyNative ¶
SchnorrVerifyMulti verifies a Schnorr signature. Returns true iff (R, s) is a valid signature verifiable by P; false otherwise. R and P should be uncompressed points on SECP256k1 curve with proper padding in front (i.e., starting with 0x04). P can be a single key or a combined public key s.t. P = P0 + P1 + ... + PN where Pi is a public key for i = 0..N. s is a 32-byte scalar.
func Sign ¶
Sign creates a recoverable ECDSA signature. The produced signature is in the 65-byte [R || S || V] format where V is 0 or 1.
The caller is responsible for ensuring that msg cannot be chosen directly by an attacker. It is usually preferable to use a cryptographic hash function on any input before handing it to this function.
func VerifySignature ¶
VerifySignature checks that the given pubkey created signature over message. The signature should be in [R || S] format.
Types ¶
type BitCurve ¶
type BitCurve struct { P *big.Int // the order of the underlying field N *big.Int // the order of the base point B *big.Int // the constant of the BitCurve equation Gx, Gy *big.Int // (x,y) of the base point BitSize int // the size of the underlying field }
A BitCurve represents a Koblitz Curve with a=0. See http://www.hyperelliptic.org/EFD/g1p/auto-shortw.html
func (*BitCurve) Marshal ¶
Marshal converts a point into the form specified in section 4.3.6 of ANSI X9.62.
func (*BitCurve) Params ¶
func (BitCurve *BitCurve) Params() *elliptic.CurveParams
func (*BitCurve) ScalarBaseMult ¶
ScalarBaseMult returns k*G, where G is the base point of the group and k is an integer in big-endian form.