Documentation ¶
Overview ¶
This implements the NIZKPK presented in Distributed Key Generation in the Wild with the aims of increasing asynchronicity within AVSS
Index ¶
- func AESdecrypt(key []byte, cipherText []byte) (message *[]byte, err error)
- func AESencrypt(key []byte, plainText []byte) (c *[]byte, err error)
- func AVSSAddCommitment(C1 [][]common.Point, C2 [][]common.Point) ([][]common.Point, error)
- func AVSSVerifyPoint(C [][]common.Point, m big.Int, index big.Int, alpha big.Int, ...) bool
- func AVSSVerifyPoly(C [][]common.Point, index big.Int, a pcmn.PrimaryPolynomial, ...) bool
- func AVSSVerifyShare(C [][]common.Point, m big.Int, sigma big.Int, sigmaprime big.Int) bool
- func AVSSVerifyShareCommitment(C [][]common.Point, m big.Int, gsigmahsigmaprime common.Point) bool
- func AddCommitments(commitments ...[]common.Point) (sumCommit []common.Point)
- func AddPolynomials(poly1 pcmn.PrimaryPolynomial, poly2 pcmn.PrimaryPolynomial) *pcmn.PrimaryPolynomial
- func CreateAndPrepareShares(nodes []pcmn.Node, secret big.Int, threshold int, privKey big.Int) ([]*pcmn.SigncryptedOutput, *[]common.Point, *pcmn.PrimaryPolynomial, error)
- func CreateShares(nodes []pcmn.Node, secret big.Int, threshold int) (*[]pcmn.PrimaryShare, *[]common.Point, error)
- func CreateSharesGen(nodes []pcmn.Node, secret big.Int, threshold int) (*[]pcmn.PrimaryShare, *[]pcmn.PrimaryShare, *[]common.Point, *[]common.Point, ...)
- func ECDSASign(s string, privKey *big.Int) []byte
- func ECDSASignBytes(b []byte, privKey *big.Int) []byte
- func ECDSAVerify(str string, pubKey *common.Point, signature []byte) bool
- func ECDSAVerifyBytes(b []byte, pubKey *common.Point, signature []byte) bool
- func EvaluateBivarPolyAtX(bivarPoly [][]big.Int, index big.Int) pcmn.PrimaryPolynomial
- func EvaluateBivarPolyAtY(bivarPoly [][]big.Int, index big.Int) pcmn.PrimaryPolynomial
- func GenerateNIZKPK(s big.Int, r big.Int) (big.Int, big.Int, big.Int)
- func GenerateNIZKPKWithCommitments(s big.Int, r big.Int) (c big.Int, u1 big.Int, u2 big.Int, gs common.Point, gshr common.Point)
- func GenerateRandomBivariatePolynomial(secret big.Int, threshold int) [][]big.Int
- func GetCommit(polynomial pcmn.PrimaryPolynomial) []common.Point
- func GetCommitH(polynomial pcmn.PrimaryPolynomial) []common.Point
- func GetCommitmentMatrix(f [][]big.Int, fprime [][]big.Int) [][]common.Point
- func LagrangeCurvePts(indexes []int, points []common.Point) *common.Point
- func LagrangeInterpolatePolynomial(points []common.Point) []big.Int
- func LagrangePolys(indexes []int, polys [][]common.Point) (res []common.Point)
- func LagrangeScalar(shares []pcmn.PrimaryShare, target int) *big.Int
- func LagrangeScalarCP(pts []common.Point, target int) *big.Int
- func PolyEval(polynomial pcmn.PrimaryPolynomial, x big.Int) *big.Int
- func RHS(shareCommitment common.Point, pubPoly []common.Point, index big.Int) common.Point
- func RandomBigInt() *big.Int
- func RandomPoly(secret big.Int, threshold int) *pcmn.PrimaryPolynomial
- func Signcrypt(recipientPubKey common.Point, data []byte, privKey big.Int) (*pcmn.Signcryption, error)
- func SumPoints(pts ...common.Point) (sumPt common.Point)
- func SumScalars(scalars ...big.Int) big.Int
- func UnSignCrypt(signcryption pcmn.Signcryption, privKey big.Int, senderPubKey common.Point) (*[]byte, error)
- func UnsigncryptShare(signcryption pcmn.Signcryption, privKey big.Int, ...) (*[]byte, error)
- func VerifyNIZKPK(c, u1, u2 big.Int, gs, gshr common.Point) bool
- func VerifyPedersonCommitment(share pcmn.PrimaryShare, sharePrime pcmn.PrimaryShare, ci []common.Point, ...) bool
- func VerifyShare(share pcmn.PrimaryShare, pubPoly []common.Point, index big.Int) bool
- func VerifyShareCommitment(shareCommitment common.Point, pubPoly []common.Point, index big.Int) bool
- type CSPaillierEC
- func (csp *CSPaillierEC) Abs(a *big.Int) (*big.Int, error)
- func (csp *CSPaillierEC) Decrypt(u, e, v, label *big.Int) (*big.Int, error)
- func (csp *CSPaillierEC) Encrypt(m, label *big.Int) (*big.Int, *big.Int, *big.Int, error)
- func (csp *CSPaillierEC) GetChallenge() *big.Int
- func (csp *CSPaillierEC) GetOpeningMsg(m *big.Int) (*big.Int, *Point)
- func (csp *CSPaillierEC) GetProofData(c *big.Int) (*big.Int, *big.Int, *big.Int)
- func (csp *CSPaillierEC) GetProofRandomData(u, e, label *big.Int) (*big.Int, *big.Int, *big.Int, *Point, *big.Int, error)
- func (csp *CSPaillierEC) SetProofRandomData(u1, e1, v1 *big.Int, delta1 Point, l1, c *big.Int)
- func (csp *CSPaillierEC) SetVerifierEncData(u, e, v *big.Int, delta Point, label, l *big.Int)
- func (csp *CSPaillierEC) Verify(rTilde, sTilde, mTilde *big.Int) bool
- type CSPaillierECProverEncData
- type CSPaillierECProverRandomData
- type CSPaillierECPubKey
- type CSPaillierECSecKey
- type CSPaillierECSecParams
- type CSPaillierECVerifierEncData
- type CSPaillierECVerifierRandomData
- type DLEQProof
- type Point
- type VerifiableEncGroupEC
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AVSSAddCommitment ¶
To add commitments together
func AVSSVerifyPoint ¶
func AVSSVerifyPoint( C [][]common.Point, m big.Int, index big.Int, alpha big.Int, alphaprime big.Int, beta big.Int, betaprime big.Int, ) bool
AVSSVerifyPoint - verify-point as described in Cachin et al 2002
func AVSSVerifyPoly ¶
func AVSSVerifyPoly( C [][]common.Point, index big.Int, a pcmn.PrimaryPolynomial, aprime pcmn.PrimaryPolynomial, b pcmn.PrimaryPolynomial, bprime pcmn.PrimaryPolynomial, ) bool
AVSSVerifyPoly - verify-poly as described in Cachin et al 2002
func AVSSVerifyShare ¶
AVSSVerifyShare - Verify-share from Cachin et al. 2002
func AVSSVerifyShareCommitment ¶
AVSSVerifyShareCommitment to test gsihr against C
func AddPolynomials ¶
func AddPolynomials(poly1 pcmn.PrimaryPolynomial, poly2 pcmn.PrimaryPolynomial) *pcmn.PrimaryPolynomial
AddPolynomials add two polynomials (modulo generator order Q)
func CreateAndPrepareShares ¶
func CreateAndPrepareShares(nodes []pcmn.Node, secret big.Int, threshold int, privKey big.Int) ([]*pcmn.SigncryptedOutput, *[]common.Point, *pcmn.PrimaryPolynomial, error)
deprecated: use CreateShares and let client handle signcryption. Client may need to add more information before signcrypting (eg. broadcast id)
func CreateShares ¶
func CreateShares(nodes []pcmn.Node, secret big.Int, threshold int) (*[]pcmn.PrimaryShare, *[]common.Point, error)
use this instead of CreateAndPrepareShares
func CreateSharesGen ¶
func CreateSharesGen(nodes []pcmn.Node, secret big.Int, threshold int) (*[]pcmn.PrimaryShare, *[]pcmn.PrimaryShare, *[]common.Point, *[]common.Point, error)
CreateSharesGen - Creating shares for gennaro DKG
func ECDSAVerifyBytes ¶
func EvaluateBivarPolyAtX ¶
EvaluateBivarPolyAtX - evaluate bivar poly at given x
func EvaluateBivarPolyAtY ¶
EvaluateBivarPolyAtY - evaluate bivar poly at given y
func GenerateNIZKPK ¶
Generates NIZK Proof with the aims of increasing asynchronicity within AVSS Returns proof in the form of c, u1, u2
func GenerateNIZKPKWithCommitments ¶
func GenerateNIZKPKWithCommitments(s big.Int, r big.Int) (c big.Int, u1 big.Int, u2 big.Int, gs common.Point, gshr common.Point)
Generates NIZK Proof with commitments Returns proof in the form of c, u1, u2 gs and gshr
func GenerateRandomBivariatePolynomial ¶
GenerateRandomBivariatePolynomial - create a bivariate polynomial which is defined by coeffs of all possible combinations of powers of x and y, such that powers of x and y are less than t (threshold). accepts param secret = f(0,0) Example coeff. matrix: f00, f01.y, f02.y^2 f10.x, f11.x.y, f12.x.y^2 f20.x^2, f21.x^2.y f22.x^2.y^2
func GetCommit ¶
func GetCommit(polynomial pcmn.PrimaryPolynomial) []common.Point
Commit creates a public commitment polynomial
func GetCommitH ¶
func GetCommitH(polynomial pcmn.PrimaryPolynomial) []common.Point
Commit creates a public commitment polynomial for the h base point
func GetCommitmentMatrix ¶
GetCommitmentMatrix - get a pedersen commitment matrix from two bivar polys
func LagrangeCurvePts ¶
LagrangeCurvePts finds the ^0 coefficient for points given in points an indexes given
func LagrangePolys ¶
LagrangePolys is used in PSS When each share is subshared, each share is associated with a commitment polynomial we then choose k such subsharings to form the refreshed shares and secrets those refreshed shares are lagrange interpolated, but they also correspond to a langrage interpolated polynomial commitment that is different from the original commitment here, we calculate this interpolated polynomial commitment
func LagrangeScalar ¶
func LagrangeScalar(shares []pcmn.PrimaryShare, target int) *big.Int
func RandomBigInt ¶
func RandomPoly ¶
func RandomPoly(secret big.Int, threshold int) *pcmn.PrimaryPolynomial
func UnSignCrypt ¶
func UnsigncryptShare ¶
func VerifyPedersonCommitment ¶
func VerifyPedersonCommitment(share pcmn.PrimaryShare, sharePrime pcmn.PrimaryShare, ci []common.Point, index big.Int) bool
Verify Pederson commitment, Equation (4) in Gennaro 2006
func VerifyShare ¶
VerifyShare - verifies share against public polynomial
Types ¶
type CSPaillierEC ¶
type CSPaillierEC struct { SecParams *CSPaillierECSecParams PubKey *CSPaillierECPubKey SecKey *CSPaillierECSecKey // contains filtered or unexported fields }
CSPaillierEC represents Camenisch-Shoup variant of Paillier to make it (Paillier) CCA2 secure. http://eprint.iacr.org/2002/161.pdf
func NewCSPaillierEC ¶
func NewCSPaillierEC(secParams *CSPaillierECSecParams) *CSPaillierEC
func NewCSPaillierECFromPubKey ¶
func NewCSPaillierECFromPubKey(pubKey *CSPaillierECPubKey) *CSPaillierEC
func NewCSPaillierECFromSecKey ¶
func NewCSPaillierECFromSecKey(secKey *CSPaillierECSecKey) (*CSPaillierEC, error)
func (*CSPaillierEC) GetChallenge ¶
func (csp *CSPaillierEC) GetChallenge() *big.Int
func (*CSPaillierEC) GetOpeningMsg ¶
Returns l = g1^m * h1^s where s is a random integer smaller than n/4.
func (*CSPaillierEC) GetProofData ¶
Prover should use this function to compute data for second (last) sigma protocol message.
func (*CSPaillierEC) GetProofRandomData ¶
func (csp *CSPaillierEC) GetProofRandomData(u, e, label *big.Int) (*big.Int, *big.Int, *big.Int, *Point, *big.Int, error)
Prover (encryptor) should use this function to generate values for the first sigma protocol message.
func (*CSPaillierEC) SetProofRandomData ¶
Verifier should call this function when it receives proof random data as the second protocol message.
func (*CSPaillierEC) SetVerifierEncData ¶
Verifier should call this function when it receives l = g1^m * h1^s as the first protocol message.
type CSPaillierECPubKey ¶
type CSPaillierECPubKey struct { N *big.Int G *big.Int Y1 *big.Int Y2 *big.Int Y3 *big.Int // the parameters below are for verifiable encryption Gamma *secp256k1.KoblitzCurve // for discrete logarithm VerifiableEncGroupN *big.Int VerifiableEncGroupG1 *big.Int VerifiableEncGroupH1 *big.Int K int K1 int }
CSPaillierECPubKey currently does not use auxiliary parameters/primes - no additional n, p, q parameters (as specified in a paper, original n, p, q can be used).
type CSPaillierECSecKey ¶
type CSPaillierECSecKey struct { N *big.Int G *big.Int X1 *big.Int X2 *big.Int X3 *big.Int // the parameters below are for verifiable encryption Gamma *secp256k1.KoblitzCurve // for discrete logarithm VerifiableEncGroupN *big.Int VerifiableEncGroupG1 *big.Int VerifiableEncGroupH1 *big.Int K int K1 int }
type CSPaillierECSecParams ¶
type DLEQProof ¶
type DLEQProof struct { C big.Int // challenge R big.Int // response VG common.Point // public commitment with respect to base point secp256k1.G VH common.Point // public commitment with respect to base point secp256k1.H }
func GenerateDLEQProof ¶
type VerifiableEncGroupEC ¶
type VerifiableEncGroupEC struct { *qr.RSASpecial G1 *big.Int H1 *big.Int // contains filtered or unexported fields }
func NewVerifiableEncGroupEC ¶
func NewVerifiableEncGroupEC(primes *qr.RSASpecialPrimes) (*VerifiableEncGroupEC, error)