README ¶
bbs
import "github.com/coinbase/kryptology/pkg/signatures/bbs"
Index
- func NewKeys(curve *curves.PairingCurve) (*PublicKey, *SecretKey, error)
- type BlindSignature
- type BlindSignatureContext
- func NewBlindSignatureContext(curve *curves.PairingCurve, msgs map[int]curves.Scalar, generators *MessageGenerators, nonce common.Nonce, reader io.Reader) (*BlindSignatureContext, common.SignatureBlinding, error)
- func (bsc *BlindSignatureContext) Init(curve *curves.PairingCurve) *BlindSignatureContext
- func (bsc BlindSignatureContext) MarshalBinary() ([]byte, error)
- func (bsc BlindSignatureContext) ToBlindSignature(msgs map[int]curves.Scalar, sk *SecretKey, generators *MessageGenerators, nonce common.Nonce) (*BlindSignature, error)
- func (bsc *BlindSignatureContext) UnmarshalBinary(in []byte) error
- func (bsc BlindSignatureContext) Verify(knownMsgs []int, generators *MessageGenerators, nonce common.Nonce) error
- type MessageGenerators
- type PokSignature
- func NewPokSignature(sig *Signature, generators *MessageGenerators, msgs []common.ProofMessage, reader io.Reader) (*PokSignature, error)
- func (pok *PokSignature) GenerateProof(challenge curves.Scalar) (*PokSignatureProof, error)
- func (pok *PokSignature) GetChallengeContribution(transcript *merlin.Transcript)
- type PokSignatureProof
- func (pok PokSignatureProof) GetChallengeContribution(generators *MessageGenerators, revealedMessages map[int]curves.Scalar, challenge common.Challenge, transcript *merlin.Transcript)
- func (pok *PokSignatureProof) Init(curve *curves.PairingCurve) *PokSignatureProof
- func (pok *PokSignatureProof) MarshalBinary() ([]byte, error)
- func (pok *PokSignatureProof) UnmarshalBinary(in []byte) error
- func (pok PokSignatureProof) Verify(revealedMsgs map[int]curves.Scalar, pk *PublicKey, generators *MessageGenerators, nonce common.Nonce, challenge common.Challenge, transcript *merlin.Transcript) bool
- func (pok PokSignatureProof) VerifySigPok(pk *PublicKey) bool
- type PublicKey
- type SecretKey
- func NewSecretKey(curve *curves.PairingCurve) (*SecretKey, error)
- func (sk *SecretKey) Init(curve *curves.PairingCurve) *SecretKey
- func (sk SecretKey) MarshalBinary() ([]byte, error)
- func (sk *SecretKey) PublicKey() *PublicKey
- func (sk *SecretKey) Sign(generators *MessageGenerators, msgs []curves.Scalar) (*Signature, error)
- func (sk *SecretKey) UnmarshalBinary(in []byte) error
- type Signature
func NewKeys
func NewKeys(curve *curves.PairingCurve) (*PublicKey, *SecretKey, error)
type BlindSignature
BlindSignature is a BBS+ blind signature structurally identical to `Signature` but is used to help avoid misuse and confusion.
1 or more message have been hidden by the potential signature holder so the signer only knows a subset of the messages to be signed
type BlindSignature struct {
// contains filtered or unexported fields
}
func (*BlindSignature) Init
func (sig *BlindSignature) Init(curve *curves.PairingCurve) *BlindSignature
Init creates an empty signature to a specific curve which should be followed by UnmarshalBinary
func (BlindSignature) MarshalBinary
func (sig BlindSignature) MarshalBinary() ([]byte, error)
func (BlindSignature) ToUnblinded
func (sig BlindSignature) ToUnblinded(blinder common.SignatureBlinding) *Signature
func (*BlindSignature) UnmarshalBinary
func (sig *BlindSignature) UnmarshalBinary(data []byte) error
type BlindSignatureContext
BlindSignatureContext contains the data used for computing a blind signature and verifying proof of hidden messages from a future signature holder. A potential holder commits to messages that the signer will not know during the signing process rendering them hidden, but requires the holder to prove knowledge of those messages so a malicious party doesn't add just random data from anywhere.
type BlindSignatureContext struct {
// contains filtered or unexported fields
}
func NewBlindSignatureContext
func NewBlindSignatureContext(curve *curves.PairingCurve, msgs map[int]curves.Scalar, generators *MessageGenerators, nonce common.Nonce, reader io.Reader) (*BlindSignatureContext, common.SignatureBlinding, error)
NewBlindSignatureContext creates the data needed to send to a signer to complete a blinded signature `msgs` is an index to message map where the index corresponds to the index in `generators` msgs are hidden from the signer but can also be empty if no messages are hidden but a blind signature is still desired because the signer should have no knowledge of the signature
func (*BlindSignatureContext) Init
func (bsc *BlindSignatureContext) Init(curve *curves.PairingCurve) *BlindSignatureContext
func (BlindSignatureContext) MarshalBinary
func (bsc BlindSignatureContext) MarshalBinary() ([]byte, error)
MarshalBinary store the generators as a sequence of bytes where each point is compressed. Needs (N + 1) * ScalarSize + PointSize
func (BlindSignatureContext) ToBlindSignature
func (bsc BlindSignatureContext) ToBlindSignature(msgs map[int]curves.Scalar, sk *SecretKey, generators *MessageGenerators, nonce common.Nonce) (*BlindSignature, error)
ToBlindSignature converts a blind signature where msgs are known to the signer `msgs` is an index to message map where the index corresponds to the index in `generators`
func (*BlindSignatureContext) UnmarshalBinary
func (bsc *BlindSignatureContext) UnmarshalBinary(in []byte) error
func (BlindSignatureContext) Verify
func (bsc BlindSignatureContext) Verify(knownMsgs []int, generators *MessageGenerators, nonce common.Nonce) error
Verify validates a proof of hidden messages
type MessageGenerators
MessageGenerators are used to sign a vector of commitments for a BBS+ signature. These must be the same generators used by sign, verify, prove, and open
These are generated in a deterministic manner. By using MessageGenerators in this way, the generators do not need to be stored alongside the public key and the same key can be used to sign an arbitrary number of messages Generators are created by computing H_i = H_G1(W || I2OSP(0, 4) || I2OSP(0, 1) || I2OSP(length, 4)) where I2OSP means Integer to Octet Stream Primitive and I2OSP represents an integer in a statically sized byte array. `W` is the BBS+ public key. Internally we store the 201 byte state since the only value that changes is the index
type MessageGenerators struct {
// contains filtered or unexported fields
}
func (MessageGenerators) Get
func (msgg MessageGenerators) Get(i int) curves.PairingPoint
func (*MessageGenerators) Init
func (msgg *MessageGenerators) Init(w *PublicKey, length int) *MessageGenerators
Init set the message generators to the default state
type PokSignature
PokSignature a.k.a. Proof of Knowledge of a Signature is used by the prover to convince a verifier that they possess a valid signature and can selectively disclose a set of signed messages
type PokSignature struct {
// contains filtered or unexported fields
}
func NewPokSignature
func NewPokSignature(sig *Signature, generators *MessageGenerators, msgs []common.ProofMessage, reader io.Reader) (*PokSignature, error)
NewPokSignature creates the initial proof data before a Fiat-Shamir calculation
func (*PokSignature) GenerateProof
func (pok *PokSignature) GenerateProof(challenge curves.Scalar) (*PokSignatureProof, error)
GenerateProof converts the blinding factors and secrets into Schnorr proofs
func (*PokSignature) GetChallengeContribution
func (pok *PokSignature) GetChallengeContribution(transcript *merlin.Transcript)
GetChallengeContribution returns the bytes that should be added to a sigma protocol transcript for generating the challenge
type PokSignatureProof
PokSignatureProof is the actual proof sent from a prover to a verifier that contains a proof of knowledge of a signature and the selective disclosure proof
type PokSignatureProof struct {
// contains filtered or unexported fields
}
func (PokSignatureProof) GetChallengeContribution
func (pok PokSignatureProof) GetChallengeContribution(generators *MessageGenerators, revealedMessages map[int]curves.Scalar, challenge common.Challenge, transcript *merlin.Transcript)
GetChallengeContribution converts the committed values to bytes for the Fiat-Shamir challenge
func (*PokSignatureProof) Init
func (pok *PokSignatureProof) Init(curve *curves.PairingCurve) *PokSignatureProof
Init creates an empty proof to a specific curve which should be followed by UnmarshalBinary
func (*PokSignatureProof) MarshalBinary
func (pok *PokSignatureProof) MarshalBinary() ([]byte, error)
func (*PokSignatureProof) UnmarshalBinary
func (pok *PokSignatureProof) UnmarshalBinary(in []byte) error
func (PokSignatureProof) Verify
func (pok PokSignatureProof) Verify(revealedMsgs map[int]curves.Scalar, pk *PublicKey, generators *MessageGenerators, nonce common.Nonce, challenge common.Challenge, transcript *merlin.Transcript) bool
Verify checks a signature proof of knowledge and selective disclosure proof
func (PokSignatureProof) VerifySigPok
func (pok PokSignatureProof) VerifySigPok(pk *PublicKey) bool
VerifySigPok only validates the signature proof, the selective disclosure proof is checked by verifying pok.challenge == computedChallenge
type PublicKey
PublicKey is a BBS+ verification key
type PublicKey struct {
// contains filtered or unexported fields
}
func (*PublicKey) Init
func (pk *PublicKey) Init(curve *curves.PairingCurve) *PublicKey
func (PublicKey) MarshalBinary
func (pk PublicKey) MarshalBinary() ([]byte, error)
func (*PublicKey) UnmarshalBinary
func (pk *PublicKey) UnmarshalBinary(in []byte) error
func (PublicKey) Verify
func (pk PublicKey) Verify(signature *Signature, generators *MessageGenerators, msgs []curves.Scalar) error
Verify checks a signature where all messages are known to the verifier
type SecretKey
SecretKey is a BBS+ signing key
type SecretKey struct {
// contains filtered or unexported fields
}
func NewSecretKey
func NewSecretKey(curve *curves.PairingCurve) (*SecretKey, error)
func (*SecretKey) Init
func (sk *SecretKey) Init(curve *curves.PairingCurve) *SecretKey
func (SecretKey) MarshalBinary
func (sk SecretKey) MarshalBinary() ([]byte, error)
func (*SecretKey) PublicKey
func (sk *SecretKey) PublicKey() *PublicKey
PublicKey returns the corresponding public key
func (*SecretKey) Sign
func (sk *SecretKey) Sign(generators *MessageGenerators, msgs []curves.Scalar) (*Signature, error)
Sign generates a new signature where all messages are known to the signer
func (*SecretKey) UnmarshalBinary
func (sk *SecretKey) UnmarshalBinary(in []byte) error
type Signature
Signature is a BBS+ signature as described in 4.3 in <https://eprint.iacr.org/2016/663.pdf>
type Signature struct {
// contains filtered or unexported fields
}
func (*Signature) Init
func (sig *Signature) Init(curve *curves.PairingCurve) *Signature
Init creates an empty signature to a specific curve which should be followed by UnmarshalBinary or Create
func (Signature) MarshalBinary
func (sig Signature) MarshalBinary() ([]byte, error)
func (*Signature) UnmarshalBinary
func (sig *Signature) UnmarshalBinary(data []byte) error
Generated by gomarkdoc
Documentation ¶
Index ¶
- func NewKeys(curve *curves.PairingCurve) (*PublicKey, *SecretKey, error)
- type BlindSignature
- type BlindSignatureContext
- func (bsc *BlindSignatureContext) Init(curve *curves.PairingCurve) *BlindSignatureContext
- func (bsc BlindSignatureContext) MarshalBinary() ([]byte, error)
- func (bsc BlindSignatureContext) ToBlindSignature(msgs map[int]curves.Scalar, sk *SecretKey, generators *MessageGenerators, ...) (*BlindSignature, error)
- func (bsc *BlindSignatureContext) UnmarshalBinary(in []byte) error
- func (bsc BlindSignatureContext) Verify(knownMsgs []int, generators *MessageGenerators, nonce common.Nonce) error
- type MessageGenerators
- type PokSignature
- type PokSignatureProof
- func (pok PokSignatureProof) GetChallengeContribution(generators *MessageGenerators, revealedMessages map[int]curves.Scalar, ...)
- func (pok *PokSignatureProof) Init(curve *curves.PairingCurve) *PokSignatureProof
- func (pok *PokSignatureProof) MarshalBinary() ([]byte, error)
- func (pok *PokSignatureProof) UnmarshalBinary(in []byte) error
- func (pok PokSignatureProof) Verify(revealedMsgs map[int]curves.Scalar, pk *PublicKey, ...) bool
- func (pok PokSignatureProof) VerifySigPok(pk *PublicKey) bool
- type PublicKey
- type SecretKey
- func (sk *SecretKey) Init(curve *curves.PairingCurve) *SecretKey
- func (sk SecretKey) MarshalBinary() ([]byte, error)
- func (sk *SecretKey) PublicKey() *PublicKey
- func (sk *SecretKey) Sign(generators *MessageGenerators, msgs []curves.Scalar) (*Signature, error)
- func (sk *SecretKey) UnmarshalBinary(in []byte) error
- type Signature
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type BlindSignature ¶
type BlindSignature struct {
// contains filtered or unexported fields
}
BlindSignature is a BBS+ blind signature structurally identical to `Signature` but is used to help avoid misuse and confusion.
1 or more message have been hidden by the potential signature holder so the signer only knows a subset of the messages to be signed
func (*BlindSignature) Init ¶
func (sig *BlindSignature) Init(curve *curves.PairingCurve) *BlindSignature
Init creates an empty signature to a specific curve which should be followed by UnmarshalBinary
func (BlindSignature) MarshalBinary ¶
func (sig BlindSignature) MarshalBinary() ([]byte, error)
func (BlindSignature) ToUnblinded ¶
func (sig BlindSignature) ToUnblinded(blinder common.SignatureBlinding) *Signature
func (*BlindSignature) UnmarshalBinary ¶
func (sig *BlindSignature) UnmarshalBinary(data []byte) error
type BlindSignatureContext ¶
type BlindSignatureContext struct {
// contains filtered or unexported fields
}
BlindSignatureContext contains the data used for computing a blind signature and verifying proof of hidden messages from a future signature holder. A potential holder commits to messages that the signer will not know during the signing process rendering them hidden, but requires the holder to prove knowledge of those messages so a malicious party doesn't add just random data from anywhere.
func NewBlindSignatureContext ¶
func NewBlindSignatureContext(curve *curves.PairingCurve, msgs map[int]curves.Scalar, generators *MessageGenerators, nonce common.Nonce, reader io.Reader) (*BlindSignatureContext, common.SignatureBlinding, error)
NewBlindSignatureContext creates the data needed to send to a signer to complete a blinded signature `msgs` is an index to message map where the index corresponds to the index in `generators` msgs are hidden from the signer but can also be empty if no messages are hidden but a blind signature is still desired because the signer should have no knowledge of the signature
func (*BlindSignatureContext) Init ¶
func (bsc *BlindSignatureContext) Init(curve *curves.PairingCurve) *BlindSignatureContext
func (BlindSignatureContext) MarshalBinary ¶
func (bsc BlindSignatureContext) MarshalBinary() ([]byte, error)
MarshalBinary store the generators as a sequence of bytes where each point is compressed. Needs (N + 1) * ScalarSize + PointSize
func (BlindSignatureContext) ToBlindSignature ¶
func (bsc BlindSignatureContext) ToBlindSignature(msgs map[int]curves.Scalar, sk *SecretKey, generators *MessageGenerators, nonce common.Nonce) (*BlindSignature, error)
ToBlindSignature converts a blind signature where msgs are known to the signer `msgs` is an index to message map where the index corresponds to the index in `generators`
func (*BlindSignatureContext) UnmarshalBinary ¶
func (bsc *BlindSignatureContext) UnmarshalBinary(in []byte) error
func (BlindSignatureContext) Verify ¶
func (bsc BlindSignatureContext) Verify(knownMsgs []int, generators *MessageGenerators, nonce common.Nonce) error
Verify validates a proof of hidden messages
type MessageGenerators ¶
type MessageGenerators struct {
// contains filtered or unexported fields
}
MessageGenerators are used to sign a vector of commitments for a BBS+ signature. These must be the same generators used by sign, verify, prove, and open
These are generated in a deterministic manner. By using MessageGenerators in this way, the generators do not need to be stored alongside the public key and the same key can be used to sign an arbitrary number of messages Generators are created by computing H_i = H_G1(W || I2OSP(0, 4) || I2OSP(0, 1) || I2OSP(length, 4)) where I2OSP means Integer to Octet Stream Primitive and I2OSP represents an integer in a statically sized byte array. `W` is the BBS+ public key. Internally we store the 201 byte state since the only value that changes is the index
func (MessageGenerators) Get ¶
func (msgg MessageGenerators) Get(i int) curves.PairingPoint
func (*MessageGenerators) Init ¶
func (msgg *MessageGenerators) Init(w *PublicKey, length int) *MessageGenerators
Init set the message generators to the default state
type PokSignature ¶
type PokSignature struct {
// contains filtered or unexported fields
}
PokSignature a.k.a. Proof of Knowledge of a Signature is used by the prover to convince a verifier that they possess a valid signature and can selectively disclose a set of signed messages
func NewPokSignature ¶
func NewPokSignature(sig *Signature, generators *MessageGenerators, msgs []common.ProofMessage, reader io.Reader) (*PokSignature, error)
NewPokSignature creates the initial proof data before a Fiat-Shamir calculation
func (*PokSignature) GenerateProof ¶
func (pok *PokSignature) GenerateProof(challenge curves.Scalar) (*PokSignatureProof, error)
GenerateProof converts the blinding factors and secrets into Schnorr proofs
func (*PokSignature) GetChallengeContribution ¶
func (pok *PokSignature) GetChallengeContribution(transcript *merlin.Transcript)
GetChallengeContribution returns the bytes that should be added to a sigma protocol transcript for generating the challenge
type PokSignatureProof ¶
type PokSignatureProof struct {
// contains filtered or unexported fields
}
PokSignatureProof is the actual proof sent from a prover to a verifier that contains a proof of knowledge of a signature and the selective disclosure proof
func (PokSignatureProof) GetChallengeContribution ¶
func (pok PokSignatureProof) GetChallengeContribution( generators *MessageGenerators, revealedMessages map[int]curves.Scalar, challenge common.Challenge, transcript *merlin.Transcript, )
GetChallengeContribution converts the committed values to bytes for the Fiat-Shamir challenge
func (*PokSignatureProof) Init ¶
func (pok *PokSignatureProof) Init(curve *curves.PairingCurve) *PokSignatureProof
Init creates an empty proof to a specific curve which should be followed by UnmarshalBinary
func (*PokSignatureProof) MarshalBinary ¶
func (pok *PokSignatureProof) MarshalBinary() ([]byte, error)
func (*PokSignatureProof) UnmarshalBinary ¶
func (pok *PokSignatureProof) UnmarshalBinary(in []byte) error
func (PokSignatureProof) Verify ¶
func (pok PokSignatureProof) Verify( revealedMsgs map[int]curves.Scalar, pk *PublicKey, generators *MessageGenerators, nonce common.Nonce, challenge common.Challenge, transcript *merlin.Transcript, ) bool
Verify checks a signature proof of knowledge and selective disclosure proof
func (PokSignatureProof) VerifySigPok ¶
func (pok PokSignatureProof) VerifySigPok(pk *PublicKey) bool
VerifySigPok only validates the signature proof, the selective disclosure proof is checked by verifying pok.challenge == computedChallenge
type PublicKey ¶
type PublicKey struct {
// contains filtered or unexported fields
}
PublicKey is a BBS+ verification key
func (PublicKey) MarshalBinary ¶
func (*PublicKey) UnmarshalBinary ¶
type SecretKey ¶
type SecretKey struct {
// contains filtered or unexported fields
}
SecretKey is a BBS+ signing key
func NewSecretKey ¶
func NewSecretKey(curve *curves.PairingCurve) (*SecretKey, error)
func (SecretKey) MarshalBinary ¶
func (*SecretKey) UnmarshalBinary ¶
type Signature ¶
type Signature struct {
// contains filtered or unexported fields
}
Signature is a BBS+ signature as described in 4.3 in <https://eprint.iacr.org/2016/663.pdf>
func (*Signature) Init ¶
func (sig *Signature) Init(curve *curves.PairingCurve) *Signature
Init creates an empty signature to a specific curve which should be followed by UnmarshalBinary or Create