eddsa

package
v0.0.0-...-69a8e72 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 11, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package eddsa provides EdDSA signature scheme on bn254's twisted edwards curve.

See also

https://en.wikipedia.org/wiki/EdDSA

Example
// instantiate hash function
hFunc := hash.MIMC_BN254.New()

// create a eddsa key pair
privateKey, _ := GenerateKey(crand.Reader)
publicKey := privateKey.PublicKey

// note that the message is on 4 bytes
msg := []byte{0xde, 0xad, 0xf0, 0x0d}

// sign the message
signature, _ := privateKey.Sign(msg, hFunc)

// verifies signature
isValid, _ := publicKey.Verify(signature, msg, hFunc)
if !isValid {
	fmt.Println("1. invalid signature")
} else {
	fmt.Println("1. valid signature")
}
Output:

1. valid signature

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type PrivateKey

type PrivateKey struct {
	PublicKey PublicKey // copy of the associated public key
	// contains filtered or unexported fields
}

PrivateKey private key of an eddsa instance

func GenerateKey

func GenerateKey(r io.Reader) (*PrivateKey, error)

GenerateKey generates a public and private key pair.

func (*PrivateKey) Bytes

func (privKey *PrivateKey) Bytes() []byte

Bytes returns the binary representation of pk, as byte array publicKey||scalar||randSrc where publicKey is as publicKey.Bytes(), and scalar is in big endian, of size sizeFr.

func (*PrivateKey) Public

func (privKey *PrivateKey) Public() signature.PublicKey

Public returns the public key associated to the private key.

func (*PrivateKey) SetBytes

func (privKey *PrivateKey) SetBytes(buf []byte) (int, error)

SetBytes sets pk from buf, where buf is interpreted as publicKey||scalar||randSrc where publicKey is as publicKey.Bytes(), and scalar is in big endian, of size sizeFr. It returns the number byte read.

func (*PrivateKey) Sign

func (privKey *PrivateKey) Sign(message []byte, hFunc hash.Hash) ([]byte, error)

Sign sign a message Pure Eddsa version (see https://tools.ietf.org/html/rfc8032#page-8)

type PublicKey

type PublicKey struct {
	A twistededwards.PointAffine
}

PublicKey eddsa signature object cf https://en.wikipedia.org/wiki/EdDSA for notation

func (*PublicKey) Bytes

func (pk *PublicKey) Bytes() []byte

Bytes returns the binary representation of the public key follows https://tools.ietf.org/html/rfc8032#section-3.1 and returns a compressed representation of the point (x,y)

x, y are the coordinates of the point on the twisted Edwards as big endian integers. compressed representation store x with a parity bit to recompute y

func (*PublicKey) Equal

func (pub *PublicKey) Equal(x signature.PublicKey) bool

Equal compares 2 public keys

func (*PublicKey) SetBytes

func (pk *PublicKey) SetBytes(buf []byte) (int, error)

SetBytes sets p from binary representation in buf. buf represents a public key as x||y where x, y are interpreted as big endian binary numbers corresponding to the coordinates of a point on the twisted Edwards. It returns the number of bytes read from the buffer.

func (*PublicKey) Verify

func (pub *PublicKey) Verify(sigBin, message []byte, hFunc hash.Hash) (bool, error)

Verify verifies an eddsa signature

type Signature

type Signature struct {
	R twistededwards.PointAffine
	S [sizeFr]byte
}

Signature represents an eddsa signature cf https://en.wikipedia.org/wiki/EdDSA for notation

func (*Signature) Bytes

func (sig *Signature) Bytes() []byte

Bytes returns the binary representation of sig as a byte array of size 3*sizeFr x||y||s where

  • x, y are the coordinates of a point on the twisted Edwards represented in big endian
  • s=r+h(r,a,m) mod l, the Hasse bound guarantess that s is smaller than sizeFr (in particular it is supposed s is NOT blinded)

func (*Signature) SetBytes

func (sig *Signature) SetBytes(buf []byte) (int, error)

SetBytes sets sig from a buffer in binary. buf is read interpreted as x||y||s where

  • x,y are the coordinates of a point on the twisted Edwards represented in big endian
  • s=r+h(r,a,m) mod l, the Hasse bound guarantess that s is smaller than sizeFr (in particular it is supposed s is NOT blinded)

It returns the number of bytes read from buf.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL