schnorr

package
v0.17.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 29, 2022 License: GPL-3.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ProveEquality

func ProveEquality(secret, g1, g2, t1, t2 *big.Int, group *Group) bool

ProveEquality demonstrates how prover can prove the knowledge of log_g1(t1), log_g2(t2) and that log_g1(t1) = log_g2(t2).

func ProvePartialDLogKnowledge

func ProvePartialDLogKnowledge(group *Group, secret1, a1, a2, b2 *big.Int) bool

ProvePartialDLogKnowledge demonstrates how prover can prove that he knows dlog_a2(b2) and the verifier does not know whether knowledge of dlog_a1(b1) or knowledge of dlog_a2(b2) was proved.

Types

type BTEqualityProver

type BTEqualityProver struct {
	Group *Group
	// contains filtered or unexported fields
}

func NewBTEqualityProver

func NewBTEqualityProver(group *Group) *BTEqualityProver

func (*BTEqualityProver) GetProofData

func (p *BTEqualityProver) GetProofData(challenge *big.Int) *big.Int

func (*BTEqualityProver) GetProofRandomData

func (p *BTEqualityProver) GetProofRandomData(secret, g1, g2 *big.Int) (*big.Int,
	*big.Int)

Prove that you know dlog_g1(h1), dlog_g2(h2) and that dlog_g1(h1) = dlog_g2(h2).

type BTEqualityVerifier

type BTEqualityVerifier struct {
	Group *Group
	// contains filtered or unexported fields
}

func NewBTEqualityVerifier

func NewBTEqualityVerifier(group *Group,
	gamma *big.Int) *BTEqualityVerifier

func (*BTEqualityVerifier) GetChallenge

func (v *BTEqualityVerifier) GetChallenge(g1, g2, t1, t2, x1, x2 *big.Int) *big.Int

func (*BTEqualityVerifier) Verify

func (v *BTEqualityVerifier) Verify(z *big.Int) (bool, *BlindedTrans,
	*big.Int, *big.Int)

It receives z = r + secret * challenge. It returns true if g1^z = g1^r * (g1^secret) ^ challenge and g2^z = g2^r * (g2^secret) ^ challenge.

type BlindedTrans

type BlindedTrans struct {
	A      *big.Int
	B      *big.Int
	Hash   *big.Int
	ZAlpha *big.Int
}

BlindedTrans represents a blinded transcript.

func NewBlindedTrans

func NewBlindedTrans(a, b, hash, zAlpha *big.Int) *BlindedTrans

func (*BlindedTrans) Verify

func (t *BlindedTrans) Verify(group *Group, g1, t1, G2, T2 *big.Int) bool

Verifies that the blinded transcript is valid. That means the knowledge of log_g1(t1), log_G2(T2) and log_g1(t1) = log_G2(T2). Note that G2 = g2^gamma, T2 = t2^gamma where gamma was chosen by verifier.

type EqualityProver

type EqualityProver struct {
	Group *Group
	// contains filtered or unexported fields
}

func NewEqualityProver

func NewEqualityProver(group *Group) *EqualityProver

func (*EqualityProver) GetProofData

func (p *EqualityProver) GetProofData(challenge *big.Int) *big.Int

func (*EqualityProver) GetProofRandomData

func (p *EqualityProver) GetProofRandomData(secret, g1, g2 *big.Int) (*big.Int, *big.Int)

type EqualityVerifier

type EqualityVerifier struct {
	Group *Group
	// contains filtered or unexported fields
}

func NewEqualityVerifier

func NewEqualityVerifier(group *Group) *EqualityVerifier

func (*EqualityVerifier) GetChallenge

func (v *EqualityVerifier) GetChallenge(g1, g2, t1, t2, x1, x2 *big.Int) *big.Int

func (*EqualityVerifier) Verify

func (v *EqualityVerifier) Verify(z *big.Int) bool

It receives z = r + secret * challenge. It returns true if g1^z = g1^r * (g1^secret) ^ challenge and g2^z = g2^r * (g2^secret) ^ challenge.

type Group

type Group struct {
	P *big.Int // modulus of the group
	G *big.Int // generator of subgroup
	Q *big.Int // order of G
}

Group is a cyclic group in modular arithmetic. It holds P = Q * R + 1 for some R. The actual value R is never used (although a random element from this group could be computed by a^R for some random a from Z_p* - this element would have order Q and would be thus from this group), the important thing is that Q divides P-1.

func NewGroup

func NewGroup(qBitLength int) (*Group, error)

NewGroup generates random Group with generator G and parameters P and Q where P = R * Q + 1 for some R. Order of G is Q.

func NewGroupFromParams

func NewGroupFromParams(p, g, q *big.Int) *Group

func (*Group) Add

func (g *Group) Add(x, y *big.Int) *big.Int

Add computes x + y in Group. This means x + y mod group.P.

func (*Group) Exp

func (g *Group) Exp(base, exponent *big.Int) *big.Int

Exp computes base^exponent in Group. This means base^exponent mod group.P.

func (*Group) GetRandomElement

func (g *Group) GetRandomElement() *big.Int

GetRandomElement returns a random element from this group. Note that elements from this group are integers smaller than group.P, but not all - only Q of them. GetRandomElement returns one (random) of these Q elements.

func (*Group) Inv

func (g *Group) Inv(x *big.Int) *big.Int

Inv computes inverse of x in Group. This means xInv such that x * xInv = 1 mod group.P.

func (*Group) IsElementInGroup

func (g *Group) IsElementInGroup(x *big.Int) bool

IsElementInGroup returns true if x is in the group and false otherwise. Note that an element x is in Schnorr group when x^group.Q = 1 mod group.P.

func (*Group) Mul

func (g *Group) Mul(x, y *big.Int) *big.Int

Mul computes x * y in Group. This means x * y mod group.P.

type PartialProver

type PartialProver struct {
	Group *Group
	// contains filtered or unexported fields
}

Proving that it knows either secret1 such that a1^secret1 = b1 (mod p1) or

secret2 such that a2^secret2 = b2 (mod p2).

func NewPartialProver

func NewPartialProver(group *Group) *PartialProver

func (*PartialProver) GetProofData

func (p *PartialProver) GetProofData(challenge *big.Int) (*big.Int, *big.Int,
	*big.Int, *big.Int)

func (*PartialProver) GetProofRandomData

func (p *PartialProver) GetProofRandomData(secret1, a1, b1, a2,
	b2 *big.Int) (*common.Triple, *common.Triple)

type PartialVerifier

type PartialVerifier struct {
	Group *Group
	// contains filtered or unexported fields
}

func NewPartialVerifier

func NewPartialVerifier(group *Group) *PartialVerifier

func (*PartialVerifier) GetChallenge

func (v *PartialVerifier) GetChallenge() *big.Int

func (*PartialVerifier) SetProofRandomData

func (v *PartialVerifier) SetProofRandomData(triple1, triple2 *common.Triple)

func (*PartialVerifier) Verify

func (v *PartialVerifier) Verify(c1, z1, c2, z2 *big.Int) bool

type Proof

type Proof struct {
	ProofRandomData *big.Int
	Challenge       *big.Int
	ProofData       []*big.Int
}

Proof presents all three messages in sigma protocol - useful when challenge is generated by prover via Fiat-Shamir.

func NewProof

func NewProof(proofRandomData, challenge *big.Int,
	proofData []*big.Int) *Proof

type Prover

type Prover struct {
	Group *Group
	// contains filtered or unexported fields
}

Prover is a generalized Schnorr - while usually Schnorr proof is executed with one base, Prover for a given y enables proof of knowledge of secrets x_1,...,x_k such that y = g_1^x_1 * ... * g_k^x_k where g_i are given generators (bases) of Schnorr group. For a "normal" Schnorr just use bases and secrets arrays with only one element.

func NewProver

func NewProver(group *Group, secrets,
	bases []*big.Int, y *big.Int) (*Prover, error)

func (*Prover) GetProofData

func (p *Prover) GetProofData(challenge *big.Int) []*big.Int

func (*Prover) GetProofRandomData

func (p *Prover) GetProofRandomData() *big.Int

type Verifier

type Verifier struct {
	Group *Group
	// contains filtered or unexported fields
}

func NewVerifier

func NewVerifier(group *Group) *Verifier

func (*Verifier) GetChallenge

func (v *Verifier) GetChallenge() *big.Int

func (*Verifier) SetChallenge

func (v *Verifier) SetChallenge(challenge *big.Int)

SetChallenge is used when Fiat-Shamir is used - when challenge is generated using hash by the prover.

func (*Verifier) SetProofRandomData

func (v *Verifier) SetProofRandomData(proofRandomData *big.Int, bases []*big.Int,
	y *big.Int)

TODO: SetProofRandomData name is not ok - it is not only setting proofRandomData, but also bases and y. It might be split (a, b for example set in Verifier constructor).

func (*Verifier) Verify

func (v *Verifier) Verify(proofData []*big.Int) bool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL