Documentation ¶
Index ¶
Constants ¶
const ( // ErrInvalidHashLen indicates that the input hash to sign or verify is not // the required length. ErrInvalidHashLen = ErrorKind("ErrInvalidHashLen") // ErrPrivateKeyIsZero indicates an attempt was made to sign a message with // a private key that is equal to zero. ErrPrivateKeyIsZero = ErrorKind("ErrPrivateKeyIsZero") // ErrSchnorrHashValue indicates that the hash of (R || m) was too large and // so a new nonce should be used. ErrSchnorrHashValue = ErrorKind("ErrSchnorrHashValue") // ErrPubKeyNotOnCurve indicates that a point was not on the given elliptic // curve. ErrPubKeyNotOnCurve = ErrorKind("ErrPubKeyNotOnCurve") // ErrSigRYIsOdd indicates that the calculated Y value of R was odd. ErrSigRYIsOdd = ErrorKind("ErrSigRYIsOdd") // ErrSigRNotOnCurve indicates that the calculated or given point R for some // signature was not on the curve. ErrSigRNotOnCurve = ErrorKind("ErrSigRNotOnCurve") // ErrUnequalRValues indicates that the calculated point R for some // signature was not the same as the given R value for the signature. ErrUnequalRValues = ErrorKind("ErrUnequalRValues") // ErrSigTooShort is returned when a signature that should be a Schnorr // signature is too short. ErrSigTooShort = ErrorKind("ErrSigTooShort") // ErrSigTooLong is returned when a signature that should be a Schnorr // signature is too long. ErrSigTooLong = ErrorKind("ErrSigTooLong") // ErrSigRTooBig is returned when a signature has r with a value that is // greater than or equal to the prime of the field underlying the group. ErrSigRTooBig = ErrorKind("ErrSigRTooBig") // ErrSigSTooBig is returned when a signature has s with a value that is // greater than or equal to the group order. ErrSigSTooBig = ErrorKind("ErrSigSTooBig") )
These constants are used to identify a specific RuleError.
const (
PubKeyBytesLen = 33
)
These constants define the lengths of serialized public keys.
const (
// SignatureSize is the size of an encoded Schnorr signature.
SignatureSize = 64
)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Error ¶
Error identifies an error related to a schnorr signature. It has full support for errors.Is and errors.As, so the caller can ascertain the specific reason for the error by checking the underlying error.
type ErrorKind ¶
type ErrorKind string
ErrorKind identifies a kind of error. It has full support for errors.Is and errors.As, so the caller can directly check against an error kind when determining the reason for an error.
type Signature ¶
type Signature struct {
// contains filtered or unexported fields
}
Signature is a type representing a Schnorr signature.
func NewSignature ¶
func NewSignature(r *secp256k1.FieldVal, s *secp256k1.ModNScalar) *Signature
NewSignature instantiates a new signature given some r and s values.
func ParseSignature ¶
ParseSignature parses a signature according to the EC-Schnorr-DCRv0 specification and enforces the following additional restrictions specific to secp256k1:
- The r component must be in the valid range for secp256k1 field elements - The s component must be in the valid range for secp256k1 scalars
func Sign ¶
func Sign(privKey *secp256k1.PrivateKey, hash []byte) (*Signature, error)
Sign generates an EC-Schnorr-DCRv0 signature over the secp256k1 curve for the provided hash (which should be the result of hashing a larger message) using the given private key. The produced signature is deterministic (same message and same key yield the same signature) and canonical.
Note that the current signing implementation has a few remaining variable time aspects which make use of the private key and the generated nonce, which can expose the signer to constant time attacks. As a result, this function should not be used in situations where there is the possibility of someone having EM field/cache/etc access.
func (Signature) IsEqual ¶
IsEqual compares this Signature instance to the one passed, returning true if both Signatures are equivalent. A signature is equivalent to another, if they both have the same scalar value for R and S.