Documentation ¶
Overview ¶
Package cosi is the Collective Signing implementation according to the paper of Bryan Ford: http://arxiv.org/pdf/1503.08768v1.pdf .
Stages of CoSi ¶
The CoSi-protocol has 4 stages:
1. Announcement: The leader multicasts an announcement of the start of this round down through the spanning tree, optionally including the statement S to be signed.
2. Commitment: Each node i picks a random secret vi and computes its individual commit Vi = Gvi . In a bottom-up process, each node i waits for an aggregate commit Vˆj from each immediate child j, if any. Node i then computes its own aggregate commit Vˆi = Vi \prod{j ∈ Cj}{Vˆj}, where Ci is the set of i’s immediate children. Finally, i passes Vi up to its parent, unless i is the leader (node 0).
3. Challenge: The leader computes a collective challenge c = H(Vˆ0 ∥ S), then multicasts c down through the tree, along with the statement S to be signed if it was not already announced in phase 1.
4. Response: In a final bottom-up phase, each node i waits to receive a partial aggregate response rˆj from each of its immediate children j ∈ Ci. Node i now computes its individual response ri = vi − cxi, and its partial aggregate response rˆi = ri + \sum{j ∈ Cj}{rˆj} . Node i finally passes rˆi up to its parent, unless i is the root.
Index ¶
- func VerifyCosiSignatureWithException(suite abstract.Suite, public abstract.Point, msg []byte, signature *Signature, ...) error
- func VerifySignature(suite abstract.Suite, msg []byte, public abstract.Point, ...) error
- func VerifySignatureWithException(suite abstract.Suite, public abstract.Point, msg []byte, ...) error
- type Announcement
- type Challenge
- type Commitment
- type Cosi
- func (c *Cosi) Announce(in *Announcement) *Announcement
- func (c *Cosi) Challenge(ch *Challenge) *Challenge
- func (c *Cosi) Commit(comms []*Commitment) *Commitment
- func (c *Cosi) CreateAnnouncement() *Announcement
- func (c *Cosi) CreateChallenge(msg []byte) (*Challenge, error)
- func (c *Cosi) CreateCommitment() *Commitment
- func (c *Cosi) CreateResponse() (*Response, error)
- func (c *Cosi) GetAggregateResponse() abstract.Secret
- func (c *Cosi) GetChallenge() abstract.Secret
- func (c *Cosi) GetCommitment() abstract.Point
- func (c *Cosi) Response(responses []*Response) (*Response, error)
- func (c *Cosi) Signature() *Signature
- func (c *Cosi) VerifyResponses(aggregatedPublic abstract.Point) error
- type Exception
- type Response
- type Signature
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func VerifyCosiSignatureWithException ¶
func VerifyCosiSignatureWithException(suite abstract.Suite, public abstract.Point, msg []byte, signature *Signature, exceptions []Exception) error
VerifyCosiSignatureWithException is a wrapper around VerifySignatureWithException but it takes a Signature instead of the Challenge/Response
func VerifySignature ¶
func VerifySignature(suite abstract.Suite, msg []byte, public abstract.Point, challenge, secret abstract.Secret) error
VerifySignature verifies if the challenge and the secret (from the response phase) form a correct signature for this message using the aggregated public key.
func VerifySignatureWithException ¶
func VerifySignatureWithException(suite abstract.Suite, public abstract.Point, msg []byte, challenge, secret abstract.Secret, exceptions []Exception) error
VerifySignatureWithException will verify the signature taking into account the exceptions given. An exception is the pubilc key + commitment of a peer that did not sign. NOTE: No exception mechanism for "before" commitment has been yet coded.
Types ¶
type Announcement ¶
type Announcement struct {
Timestamp int64
}
Announcement holds only the timestamp for that round
type Commitment ¶
Commitment sends it's own commit Vi and the aggregate children's commit V^i
type Cosi ¶
type Cosi struct {
// contains filtered or unexported fields
}
Cosi is the struct that implements the basic cosi.
func (*Cosi) Announce ¶
func (c *Cosi) Announce(in *Announcement) *Announcement
Announce stores the timestamp and relays the message.
func (*Cosi) Commit ¶
func (c *Cosi) Commit(comms []*Commitment) *Commitment
Commit creates the commitment / secret + aggregate children commitments from the children's messages.
func (*Cosi) CreateAnnouncement ¶
func (c *Cosi) CreateAnnouncement() *Announcement
CreateAnnouncement creates an Announcement message with the timestamp set to the current time.
func (*Cosi) CreateChallenge ¶
CreateChallenge creates the challenge out of the message it has been given. This is typically called by Root.
func (*Cosi) CreateCommitment ¶
func (c *Cosi) CreateCommitment() *Commitment
CreateCommitment creates the commitment out of the random secret and returns the message to pass up in the tree. This is typically called by the leaves.
func (*Cosi) CreateResponse ¶
CreateResponse is called by a leaf to create its own response from the challenge + commitment + private key. It returns the response to send up to the tree.
func (*Cosi) GetAggregateResponse ¶
GetAggregateResponse returns the aggregated response that this cosi has accumulated.
func (*Cosi) GetChallenge ¶
GetChallenge returns the challenge that were passed down to this cosi.
func (*Cosi) GetCommitment ¶
GetCommitment returns the commitment generated by this CoSi (not aggregated).
func (*Cosi) Response ¶
Response generates the response from the commitment, challenge and the responses of its children.
type Exception ¶
Exception is what a node that does not want to sign should include when passing up a response