schnorr_ring_sign

package
v0.0.0-...-05508b9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 24, 2023 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MinimumParticipant = 2
)

Variables

View Source 
var (
	GenerateRingSignatureError     = errors.New("failed to generate ring signature")
	TooSmallNumOfkeysError         = errors.New("The total num of keys should be greater than one")
	CurveParamNilError             = errors.New("curve input param is nil")
	NotExactTheSameCurveInputError = errors.New("the curve is not same as curve of members")
	InvalidInputParamsError        = errors.New("invalid input")
	KeyParamNotMatchError          = errors.New("key param not match")
)

Functions

func Sign 

func Sign(keys []*ecdsa.PublicKey, privateKey *ecdsa.PrivateKey, message []byte) ([]byte, error)

Schnorr Ring Signature use a particular function, the same as Schnorr signatures, defined as: H'(m, s(i), e(i)) = H(m || s(i)*G + e(i)*P(i))

To verify the ring signature, check that the result of H'(m, s(i), e(i)) is equal to e((i+1) % R). Which means that: H(m || s(i)*G + e(i)*P(i)) = e((i+1) % R)

P is the public key. P(i) = x(i)*G ---- x is the scalar factor of the private key R is the total number of P(0), P(1), ..., P(R-1) which are all the public keys participate in generating the ring signature. H is a hash function, for instance SHA256 or SM3. N is the order of the curve. r is the index of the actual signer located in the public keys of the ring.

This is the process:

  1. Signer choose a random int index r within [0:lenOfRing-1] to hide his public key
  2. Signer choose a random number k within [1:N-1]
  3. Signer use k to compute the next index e: e((r+1)%R) = H(m || k*G), %R in case of (r+1) == R
  4. Then repeat the procedure to compute every e within the ring until reach index r for i := (r+1)%R; i != r; i++%R: Choose a random number s((r+1)%R), i.e. s(i) within [1:N-1] Then compute e((r+2)%R), i.e. e((i+1) % R) = H(m || s(i)*G + e(i)*P(i))

5. Now we get e((r+1)%R), s((r+1)%R), ..., e(r), except s(r), which means the ring has a gap. 

In order to close the ring, or say fulfill the gap, someone must have a private key which
corresponding public key exists within the public key set.

Finally we use e(r), k and x(r) to compute corresponding s(r):
   Compute s(r) = k - e(r)*x(r)
  1. Now we get everything, the ring is closed. The Output signature: (P(0), ..., P(R-1), e(0), s(0), ..., s(R-1))

It is impossible for us to know who signed the signature, as everyone can use his private key to fulfill the gap and close the ring.

func Verify 

func Verify(keys []*ecdsa.PublicKey, signature, message []byte) (bool, error)

check the ring signature func Verify(sig *RingSignature, message []byte) bool {

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.