tss_sign

package
v0.0.0-...-05508b9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 24, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	InvalidInputParamsError = errors.New("Invalid input params")
	EmptyMessageError       = errors.New("Message to be sign should not be nil")
	NotValidSignatureError  = errors.New("Signature is invalid")
)

Functions

func GenerateTssSignSignature 

func GenerateTssSignSignature(s []byte, r []byte) ([]byte, error)

生成门限签名的流程如下:

  1. 各方分别生成自己的随机数Ki(K1, K2, ..., Kn) --- func getRandomBytes() ([]byte, error) Compute k = H(m || x), m is the msg to be signed and x is the private key of the node. This makes k unpredictable for anyone who do not know x, therefor it's impossible for the attacker to retrive x by breaking the random number generator of the system, which has happend in the Sony PlayStation 3 firmware attack. 不再使用临时随机数,而改用H(m || x)来计算k
  2. 各方计算自己的 Ri = Ki*G,G代表基点 --- func getRiUsingRandomBytes(key *ecdsa.PublicKey, k []byte) []byte
  3. 发起者收集Ri,计算:R = sum(Ri) --- func getRUsingAllRi(key *ecdsa.PublicKey, arrayOfRi [][]byte) []byte
  4. 发起者收集验证节点,计算公共公钥:C = VP(1) + VP(2) + ... + VP(i)
  5. 各方根据自己的index值,和本次计算所有参与方的index集合,计算出自己的Coef
  6. 各方计算自己的S(i):S(i) = K(i) + HASH(C,R,m) * Coef(i) * X(i),X代表私钥中的参数大数D

--- func getSiUsingKCRM(key *ecdsa.PrivateKey, k []byte, c []byte, r []byte, message []byte) []byte 7. 发起者收集Si,生成门限签名:(s1 + s2 + ... + sn, R) GenerateTssSignSignature生成对特定消息的门限签名,所有参与签名的私钥必须使用同一条椭圆曲线

func GetRUsingAllRi 

func GetRUsingAllRi(key *ecdsa.PublicKey, arrayOfRi [][]byte) []byte

计算:R = k1*G + k2*G + ... + kn*G

func GetRandom32Bytes 

func GetRandom32Bytes() ([]byte, error)

生成默认随机数Ki

func GetRiUsingRandomBytes 

func GetRiUsingRandomBytes(key *ecdsa.PublicKey, k []byte) []byte

计算:Ri = Ki*G

func GetSUsingAllSi 

func GetSUsingAllSi(arrayOfSi [][]byte) []byte

计算:S = sum(si)

func GetSiUsingKCRMWithCoef 

func GetSiUsingKCRMWithCoef(k []byte, c []byte, r []byte, message []byte, coef *big.Int) []byte

计算 s(i) = k(i) + HASH(C,R,m) * x(i) * coef(i) x代表大数D,也就是私钥的关键参数

func GetSiUsingKCRMWithCoefNoKi 

func GetSiUsingKCRMWithCoefNoKi(c []byte, r []byte, message []byte, coef *big.Int) []byte

计算 s(i) = HASH(C,R,m) * x(i) * coef(i) x代表大数D,也就是私钥的关键参数

func GetXiWithcoef 

func GetXiWithcoef(xs []*big.Int, xpos int, key *ecdsa.PrivateKey) *big.Int

获取Si中的(coefi*Xi),注意,在门限签名中,S(i) = K(i) + HASH(C,R,m) * Coef(i) * X(i) 每个实际参与节点再次计算自己的系数Coef(i),为下一步的S(i)计算做准备 indexSet是指所有实际参与节点的index所组成的集合 localIndexPos是本节点在indexSet中的位置 key是在DKG过程中,自己计算出的私钥 func GetXiWithcoef(coef, xi *big.Int) *big.Int {

func VerifyTssSig 

func VerifyTssSig(p *ecdsa.PublicKey, signature []byte, message []byte) (bool, error)

验签算法如下: 1. 计算:e = hash(C,R,m) 2. 计算:Rv = sG - eC 3. 如果Rv == R则返回true,否则返回false Because sG = Sum( K(i) + e*X(i)*Coef(i) ) * G = Sum(K(i))*G + Sum(e*X(i)*Coef(i))*G = Sum(K(i)*G) + e*Sum(X(i)*Coef(i))*G = R + e*X*G = R + eC 门限签名的一个核心数学理论是:Sum(e*X(i)*Coef(i)) = X,这个X对应的就是DKG算出的公钥对应的私钥的秘密值 因为公钥使用的是所有验证点之和,那么私钥就需要是所有秘密的之和,Coef(i)是为了保证在不泄漏X(i)的情况下, 通过计算出自己的系数,最终可以去中心化完成X的计算

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.