qr

package
v0.0.0-...-eab8366 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 7, 2020 License: Apache-2.0 Imports: 4 Imported by: 9

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ProveQR 

func ProveQR(y1 *big.Int, group *schnorr.Group) bool

ProveQR demonstrates how the prover can prove that y1^2 is QR.

Types

type Prover 

type Prover struct {
	Group *schnorr.Group
	Y     *big.Int
	// contains filtered or unexported fields
}

func NewProver 

func NewProver(group *schnorr.Group, y1 *big.Int) *Prover

func (*Prover) GetProofData 

func (p *Prover) GetProofData(challenge *big.Int) (*big.Int, error)

func (*Prover) GetProofRandomData 

func (p *Prover) GetProofRandomData() *big.Int

type RSA 

type RSA struct {
	N     *big.Int // N = P * Q
	P     *big.Int
	Q     *big.Int
	Order *big.Int // Order = (P-1)/2 * (Q-1)/2
}

RSA presents QR_N - group of quadratic residues modulo N where N is a product of two primes. This group is in general NOT cyclic (it is only when (P-1)/2 and (Q-1)/2 are primes, see RSASpecial). The group QR_N is isomorphic to QR_P x QR_Q.

func NewRSA 

func NewRSA(P, Q *big.Int) (*RSA, error)

func NewRSAPublic 

func NewRSAPublic(N *big.Int) *RSA

func (*RSA) Add 

func (g *RSA) Add(x, y *big.Int) *big.Int

Add computes x + y (mod N)

func (*RSA) Exp 

func (g *RSA) Exp(base, exponent *big.Int) *big.Int

Exp computes base^exponent in QR_N. This means base^exponent mod rsa.N.

func (*RSA) Inv 

func (g *RSA) Inv(x *big.Int) *big.Int

Inv computes inverse of x in QR_N. This means xInv such that x * xInv = 1 mod N.

func (*RSA) IsElementInGroup 

func (g *RSA) IsElementInGroup(a *big.Int) (bool, error)

IsElementInGroup returns true if a is in QR_N and false otherwise.

func (*RSA) Mul 

func (g *RSA) Mul(x, y *big.Int) *big.Int

Mul computes x * y in QR_N. This means x * y mod N.

type RSASpecial 

type RSASpecial struct {
	RSA
	P1 *big.Int
	Q1 *big.Int
}

RSASpecial presents QR_N - group of quadratic residues modulo N where N is a product of two SAFE primes. This group is cyclic and a generator is easy to find. The group QR_N is isomorphic to QR_P x QR_Q. The order of QR_P and QR_Q are P1 and Q1 respectively. Because gcd(P1, Q1) = 1, QR_P x QR_Q is cyclic as well. The order of RSASpecial is P1 * Q1.

func NewRSASpecial 

func NewRSASpecial(safePrimeBitLength int) (*RSASpecial, error)

func NewRSASpecialFromParams 

func NewRSASpecialFromParams(specialRSAPrimes *RSASpecialPrimes) (*RSASpecial, error)

func NewRSApecialPublic 

func NewRSApecialPublic(N *big.Int) *RSASpecial

func (*RSASpecial) GetPrimes 

func (rs *RSASpecial) GetPrimes() *RSASpecialPrimes

func (*RSASpecial) GetRandomElement 

func (rs *RSASpecial) GetRandomElement() (*big.Int, error)

GetRandomElement returns a random element from this group. First a random generator is chosen and then it is exponentiated to the random int between 0 and order of QR_N (P1 * Q1).

func (*RSASpecial) GetRandomGenerator 

func (rs *RSASpecial) GetRandomGenerator() (*big.Int, error)

GetRandomGenerator returns a random generator of a group of quadratic residues QR_N.

type RSASpecialPrimes 

type RSASpecialPrimes struct {
	P  *big.Int
	Q  *big.Int
	P1 *big.Int
	Q1 *big.Int
}

func GetRSASpecialPrimes 

func GetRSASpecialPrimes(bits int) (*RSASpecialPrimes, error)

GetRSASpecialPrimes returns primes P, Q, p, q such that P = 2*p + 1 and Q = 2*q + 1.

func NewRSASpecialPrimes 

func NewRSASpecialPrimes(P, Q, p, q *big.Int) *RSASpecialPrimes

type RepresentationProof 

type RepresentationProof struct {
	ProofRandomData *big.Int
	Challenge       *big.Int
	ProofData       []*big.Int
}

RepresentationProof presents all three messages in sigma protocol - useful when challenge is generated by prover via Fiat-Shamir.

func NewRepresentationProof 

func NewRepresentationProof(proofRandomData, challenge *big.Int,
	proofData []*big.Int) *RepresentationProof

type RepresentationProver 

type RepresentationProver struct {
	// contains filtered or unexported fields
}

RepresentationProver is like SchnorrProver but in a RSASpecial group (note that here proof data is computed in Z, not modulo as in Schnorr). Also, RepresentationProver with only one base and one secret is very similar to the DFCommitmentOpeningProver (RepresentationProver does not have a committer though).

func NewRepresentationProver 

func NewRepresentationProver(qrSpecialRSA *RSASpecial,
	secParam int, secrets, bases []*big.Int, y *big.Int) *RepresentationProver

func (*RepresentationProver) GetProofData 

func (p *RepresentationProver) GetProofData(challenge *big.Int) []*big.Int

func (*RepresentationProver) GetProofRandomData 

func (p *RepresentationProver) GetProofRandomData(alsoNeg bool) *big.Int

GetProofRandomData returns t = g_1^r_1 * ... * g_k^r_k where g_i are bases and r_i are random values. If alsoNeg is true values r_i can be negative as well.

func (*RepresentationProver) GetProofRandomDataGivenBoundaries 

func (p *RepresentationProver) GetProofRandomDataGivenBoundaries(boundariesBitLength []int,
	alsoNeg bool) (*big.Int, error)

GetProofRandomDataGivenBoundaries returns t = g_1^r_1 * ... * g_k^r_k where g_i are bases and each r_i is a random value of boundariesBitLength[i] bit length. If alsoNeg is true values r_i can be negative as well.

type RepresentationVerifier 

type RepresentationVerifier struct {
	// contains filtered or unexported fields
}

func NewRepresentationVerifier 

func NewRepresentationVerifier(qrSpecialRSA *RSASpecial,
	challengeSpaceSize int) *RepresentationVerifier

func (*RepresentationVerifier) GetChallenge 

func (v *RepresentationVerifier) GetChallenge() *big.Int

func (*RepresentationVerifier) SetChallenge 

func (v *RepresentationVerifier) SetChallenge(challenge *big.Int)

SetChallenge is used when Fiat-Shamir is used - when challenge is generated using hash by the prover.

func (*RepresentationVerifier) SetProofRandomData 

func (v *RepresentationVerifier) SetProofRandomData(proofRandomData *big.Int, bases []*big.Int,
	y *big.Int)

TODO: SetProofRandomData name is not ok - it is not only setting proofRandomData, but also bases and y.

func (*RepresentationVerifier) Verify 

func (v *RepresentationVerifier) Verify(proofData []*big.Int) bool

type Verifier 

type Verifier struct {
	Group *schnorr.Group
	// contains filtered or unexported fields
}

func NewVerifier 

func NewVerifier(y *big.Int, group *schnorr.Group) *Verifier

func (*Verifier) GetChallenge 

func (v *Verifier) GetChallenge(x *big.Int) *big.Int

func (*Verifier) Verify 

func (v *Verifier) Verify(z *big.Int) bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.