blindrsa

Documentation

Overview

Package blindrsa implements the RSA Blind Signature Protocol as defined in [RFC9474].

The RSA Blind Signature protocol, and its variant RSABSSA (RSA Blind Signature Scheme with Appendix) is a two-party protocol between a Client and Server where they interact to compute

sig = Sign(sk, input_msg),

where `input_msg = Prepare(msg)` is a prepared version of a private message `msg` provided by the Client, and `sk` is the private signing key provided by the server.

Supported Variants

This package is compliant with the RFC-9474 document and supports the following variants:

• RSABSSA-SHA384-PSS-Deterministic
• RSABSSA-SHA384-PSSZERO-Deterministic
• RSABSSA-SHA384-PSS-Randomized
• RSABSSA-SHA384-PSSZERO-Randomized

Example (Blindrsa)

// Setup (offline)

// Server: generate an RSA keypair.
sk, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
	fmt.Printf("failed to generate RSA key: %v", err)
	return
}
pk := &sk.PublicKey
server := NewSigner(sk)

// Client: stores Server's public key.
client, err := NewClient(SHA384PSSRandomized, pk)
if err != nil {
	fmt.Printf("failed to invoke a client: %v", err)
	return
}

// Protocol (online)

// Client prepares the message to be signed.
msg := []byte("alice and bob")
preparedMessage, err := client.Prepare(rand.Reader, msg)
if err != nil {
	fmt.Printf("client failed to prepare the message: %v", err)
	return
}

// Client blinds a message.
blindedMsg, state, err := client.Blind(rand.Reader, preparedMessage)
if err != nil {
	fmt.Printf("client failed to generate blinded message: %v", err)
	return
}

// Server signs a blinded message, and produces a blinded signature.
blindedSignature, err := server.BlindSign(blindedMsg)
if err != nil {
	fmt.Printf("server failed to sign: %v", err)
	return
}

// Client build a signature from the previous state and blinded signature.
signature, err := client.Finalize(state, blindedSignature)
if err != nil {
	fmt.Printf("client failed to obtain signature: %v", err)
	return
}

// Client build a signature from the previous state and blinded signature.
ok := client.Verify(preparedMessage, signature)

fmt.Printf("Valid signature: %v", ok == nil)

Output:

Valid signature: true

Index

• Variables
• type Client
  • func NewClient(v Variant, pk *rsa.PublicKey) (Client, error)
  • func (c Client) Blind(random io.Reader, preparedMessage []byte) (blindedMsg []byte, state State, err error)
  • func (c Client) Finalize(state State, blindedSig []byte) ([]byte, error)
  • func (c Client) Prepare(random io.Reader, message []byte) ([]byte, error)
  • func (c Client) Verify(message, signature []byte) error
• type Signer
  • func NewSigner(sk *rsa.PrivateKey) Signer
  • func (signer Signer) BlindSign(data []byte) ([]byte, error)
• type State
• type Variant
  • func (v Variant) String() string
• type Verifier
  • func NewVerifier(v Variant, pk *rsa.PublicKey) (Verifier, error)
  • func (v Verifier) Verify(message, signature []byte) error

Examples

• Package (Blindrsa)

Variables

var (
	ErrInvalidVariant          = common.ErrInvalidVariant
	ErrUnexpectedSize          = common.ErrUnexpectedSize
	ErrInvalidMessageLength    = common.ErrInvalidMessageLength
	ErrInvalidBlind            = common.ErrInvalidBlind
	ErrInvalidRandomness       = common.ErrInvalidRandomness
	ErrUnsupportedHashFunction = common.ErrUnsupportedHashFunction
)

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client is a type that implements the client side of the blind RSA protocol, described in https://www.rfc-editor.org/rfc/rfc9474.html#name-rsabssa-variants

func NewClient

func NewClient(v Variant, pk *rsa.PublicKey) (Client, error)

func (Client) Blind

func (c Client) Blind(random io.Reader, preparedMessage []byte) (blindedMsg []byte, state State, err error)

Blind initializes the blind RSA protocol using an input message and source of randomness. This function fails if randomness was not provided.

func (Client) Finalize

func (c Client) Finalize(state State, blindedSig []byte) ([]byte, error)

func (Client) Prepare

func (c Client) Prepare(random io.Reader, message []byte) ([]byte, error)

Prepare is the process by which the message to be signed and verified is prepared for input to the blind signing protocol.

func (Client) Verify

func (c Client) Verify(message, signature []byte) error

Verify verifies the input (message, signature) pair and produces an error upon failure.

type Signer

type Signer struct {
	// contains filtered or unexported fields
}

Signer structure represents the signing server in the blind RSA protocol. It carries the raw RSA private key used for signing blinded messages.

func NewSigner

func NewSigner(sk *rsa.PrivateKey) Signer

NewSigner creates a new Signer for the blind RSA protocol using an RSA private key.

func (Signer) BlindSign

func (signer Signer) BlindSign(data []byte) ([]byte, error)

BlindSign blindly computes the RSA operation using the Signer's private key on the blinded message input, if it's of valid length, and returns an error should the function fail.

See the specification for more details: https://www.rfc-editor.org/rfc/rfc9474.html#name-blindsign

type State

type State struct {
	// contains filtered or unexported fields
}

type Variant

type Variant int

const (
	SHA384PSSRandomized        Variant = iota // RSABSSA-SHA384_PSS_Randomized
	SHA384PSSZeroRandomized                   // RSABSSA-SHA384_PSSZero_Randomized
	SHA384PSSDeterministic                    // RSABSSA-SHA384_PSS_Deterministic
	SHA384PSSZeroDeterministic                // RSABSSA-SHA384_PSSZero_Deterministic
)

func (Variant) String

func (v Variant) String() string

type Verifier

type Verifier struct {
	rsa.PSSOptions
	// contains filtered or unexported fields
}

func NewVerifier

func NewVerifier(v Variant, pk *rsa.PublicKey) (Verifier, error)

func (Verifier) Verify

func (v Verifier) Verify(message, signature []byte) error

Verify verifies the input (message, signature) pair and produces an error upon failure.