cosi

package

v0.0.0-...-53feb6c Latest Latest Go to latest Published: Jun 3, 2016 License: GPL-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package cosi is the Collective Signing implementation according to the paper of Bryan Ford: http://arxiv.org/pdf/1503.08768v1.pdf .

Stages of CoSi ¶

The CoSi-protocol has 4 stages:

1. Announcement: The leader multicasts an announcement of the start of this round down through the spanning tree, optionally including the statement S to be signed.

2. Commitment: Each node i picks a random secret vi and computes its individual commit Vi = Gvi . In a bottom-up process, each node i waits for an aggregate commit Vˆj from each immediate child j, if any. Node i then computes its own aggregate commit Vˆi = Vi \prod{j ∈ Cj}{Vˆj}, where Ci is the set of i’s immediate children. Finally, i passes Vi up to its parent, unless i is the leader (node 0).

3. Challenge: The leader computes a collective challenge c = H(Vˆ0 ∥ S), then multicasts c down through the tree, along with the statement S to be signed if it was not already announced in phase 1.

4. Response: In a final bottom-up phase, each node i waits to receive a partial aggregate response rˆj from each of its immediate children j ∈ Ci. Node i now computes its individual response ri = vi − cxi, and its partial aggregate response rˆi = ri + \sum{j ∈ Cj}{rˆj} . Node i finally passes rˆi up to its parent, unless i is the root.

Index ¶

func VerifyCosiSignatureWithException(suite abstract.Suite, public abstract.Point, msg []byte, signature *Signature, ...) error
func VerifySignature(suite abstract.Suite, msg []byte, public abstract.Point, ...) error
func VerifySignatureWithException(suite abstract.Suite, public abstract.Point, msg []byte, ...) error
type Announcement
type Challenge
type Commitment
type Cosi
- func NewCosi(suite abstract.Suite, private abstract.Secret) *Cosi
type Exception
type Response
type Signature

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func VerifyCosiSignatureWithException ¶

func VerifyCosiSignatureWithException(suite abstract.Suite, public abstract.Point, msg []byte, signature *Signature, exceptions []Exception) error

VerifyCosiSignatureWithException is a wrapper around VerifySignatureWithException but it takes a Signature instead of the Challenge/Response

func VerifySignature ¶

func VerifySignature(suite abstract.Suite, msg []byte, public abstract.Point, challenge, secret abstract.Secret) error

VerifySignature verifies if the challenge and the secret (from the response phase) form a correct signature for this message using the aggregated public key.

func VerifySignatureWithException ¶

func VerifySignatureWithException(suite abstract.Suite, public abstract.Point, msg []byte, challenge, secret abstract.Secret, exceptions []Exception) error

VerifySignatureWithException will verify the signature taking into account the exceptions given. An exception is the pubilc key + commitment of a peer that did not sign. NOTE: No exception mechanism for "before" commitment has been yet coded.

Types ¶

type Announcement ¶

type Announcement struct {
	Timestamp int64
}

Announcement holds only the timestamp for that round

type Challenge ¶

type Challenge struct {
	Challenge abstract.Secret
}

Challenge is the Hash of V^0 || S, where S is the Timestamp and the message

type Commitment ¶

type Commitment struct {
	Commitment     abstract.Point
	ChildrenCommit abstract.Point
}

Commitment sends it's own commit Vi and the aggregate children's commit V^i

type Cosi ¶

type Cosi struct {
	// contains filtered or unexported fields
}

Cosi is the struct that implements the basic cosi.

func NewCosi ¶

func NewCosi(suite abstract.Suite, private abstract.Secret) *Cosi

NewCosi returns a new Cosi struct given the suite + longterm secret.

func (*Cosi) Announce ¶

func (c *Cosi) Announce(in *Announcement) *Announcement

Announce stores the timestamp and relays the message.

func (*Cosi) Challenge ¶

func (c *Cosi) Challenge(ch *Challenge) *Challenge

Challenge keeps in memory the Challenge from the message.

func (*Cosi) Commit ¶

func (c *Cosi) Commit(comms []*Commitment) *Commitment

Commit creates the commitment / secret + aggregate children commitments from the children's messages.

func (*Cosi) CreateAnnouncement ¶

func (c *Cosi) CreateAnnouncement() *Announcement

CreateAnnouncement creates an Announcement message with the timestamp set to the current time.

func (*Cosi) CreateChallenge ¶

func (c *Cosi) CreateChallenge(msg []byte) (*Challenge, error)

CreateChallenge creates the challenge out of the message it has been given. This is typically called by Root.

func (*Cosi) CreateCommitment ¶

func (c *Cosi) CreateCommitment() *Commitment

CreateCommitment creates the commitment out of the random secret and returns the message to pass up in the tree. This is typically called by the leaves.

func (*Cosi) CreateResponse ¶

func (c *Cosi) CreateResponse() (*Response, error)

CreateResponse is called by a leaf to create its own response from the challenge + commitment + private key. It returns the response to send up to the tree.

func (*Cosi) GetAggregateResponse ¶

func (c *Cosi) GetAggregateResponse() abstract.Secret

GetAggregateResponse returns the aggregated response that this cosi has accumulated.

func (*Cosi) GetChallenge ¶

func (c *Cosi) GetChallenge() abstract.Secret

GetChallenge returns the challenge that were passed down to this cosi.

func (*Cosi) GetCommitment ¶

func (c *Cosi) GetCommitment() abstract.Point

GetCommitment returns the commitment generated by this CoSi (not aggregated).

func (*Cosi) Response ¶

func (c *Cosi) Response(responses []*Response) (*Response, error)

Response generates the response from the commitment, challenge and the responses of its children.

func (*Cosi) Signature ¶

func (c *Cosi) Signature() *Signature

Signature returns a cosi Signature <=> a Schnorr signature. CAREFUL: you must call that when you are sure you have all the aggregated respones (i.e. the root of the tree if you use a tree).

func (*Cosi) VerifyResponses ¶

func (c *Cosi) VerifyResponses(aggregatedPublic abstract.Point) error

VerifyResponses verifies the response this CoSi has against the aggregated public key the tree is using. Check that: base**r_hat * X_hat**c == V_hat

type Exception ¶

type Exception struct {
	Public     abstract.Point
	Commitment abstract.Point
}

Exception is what a node that does not want to sign should include when passing up a response

type Response ¶

type Response struct {
	Response     abstract.Secret
	ChildrenResp abstract.Secret
}

Response holds the actual node's response ri and the aggregate response r^i

type Signature ¶

type Signature struct {
	Challenge abstract.Secret
	Response  abstract.Secret
}

Signature is the final message out of the Cosi-protocol. It can be used together with the message and the aggregate public key to verify that it's valid.

Source Files ¶

View all Source files

cosi.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL