Version: v0.10.6 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Sep 29, 2021 License: ISC Imports: 6 Imported by: 0




View Source
const (
	// ErrBadInputSize indicates that input to a signature was of the wrong size.
	ErrBadInputSize = iota

	// ErrInputValue indicates that the value of an input was wrong (e.g. zero).

	// ErrSchnorrHashValue indicates that the hash of (R || m) was too large
	// and so a new k value (nonce) should be used.

	// ErrPointNotOnCurve indicates that a point was not on the given
	// elliptic curve.

	// ErrBadSigRYValue indicates that the calculated Y value of R was odd,
	// which is not allowed.

	// ErrBadSigRNotOnCurve indicates that the calculated or given point R for some
	// signature was not on the curve.

	// ErrUnequalRValues indicates that the calculated point R for some
	// signature was not the same as the given R value for the signature.

	// ErrRegenerateRPoint indicates that a point could not be regenerated
	// from r.

	// ErrPubKeyOffCurve indicates that a regenerated pubkey was off the curve.

	// ErrRegenSig indicates that a regenerated pubkey could not be validated
	// against the signature.

	// ErrBadNonce indicates that a generated nonce from some algorithm was
	// unusable.

	// ErrZeroSigS indates a zero signature S value, which is invalid.

	// ErrNonmatchingR indicates that all signatures to be combined in a
	// threshold signature failed to have a matching R value.

These constants are used to identify a specific RuleError.

View Source
const (
	PubKeyBytesLen = 33

These constants define the lengths of serialized public keys.

View Source
const SignatureSize = 64

SignatureSize is the size of an encoded Schnorr signature.


View Source
var BlakeVersionStringRFC6979 = []byte("Schnorr+BLAKE256")

BlakeVersionStringRFC6979 is the RFC6979 nonce version for a Schnorr signature over the secp256k1 curve using BLAKE256 as the hash function.

View Source
var Sha256VersionStringRFC6979 = []byte("Schnorr+SHA256  ")

Sha256VersionStringRFC6979 is the RFC6979 nonce version for a Schnorr signature over the secp256k1 curve using SHA256 as the hash function.


func BigIntToEncodedBytes

func BigIntToEncodedBytes(a *big.Int) *[32]byte

BigIntToEncodedBytes converts a big integer into its corresponding 32 byte little endian representation.

func CombinePubkeys

func CombinePubkeys(pks []*secp256k1.PublicKey) *secp256k1.PublicKey

CombinePubkeys combines a slice of public keys into a single public key by adding them together with point addition.

func EncodedBytesToBigInt

func EncodedBytesToBigInt(s *[32]byte) *big.Int

EncodedBytesToBigInt converts a 32 byte big endian representation of an integer into a big integer.

func GenerateNoncePair

func GenerateNoncePair(curve *secp256k1.KoblitzCurve, msg []byte,
	privkey *secp256k1.PrivateKey, extra []byte,
	version []byte) (*secp256k1.PrivateKey, *secp256k1.PublicKey, error)

GenerateNoncePair is the generalized and exported version of generateNoncePair.

func ParsePubKey

func ParsePubKey(curve *secp256k1.KoblitzCurve,
	pubKeyStr []byte) (key *secp256k1.PublicKey, err error)

ParsePubKey parses a public key for a koblitz curve from a bytestring into a ecdsa.Publickey, verifying that it is valid. It supports compressed signature formats only.

func RecoverPubkey

func RecoverPubkey(sig,
	msg []byte) (*secp256k1.PublicKey, bool, error)

RecoverPubkey is the exported and generalized version of schnorrRecover. It recovers a public key given a signature and a message, using BLAKE256 as the hashing function.

func Sign

func Sign(priv *secp256k1.PrivateKey,
	hash []byte) (r, s *big.Int, err error)

Sign is the exported version of sign. It uses RFC6979 and Blake256 to produce a Schnorr signature.

func Verify

func Verify(pubkey *secp256k1.PublicKey,
	msg []byte, r *big.Int, s *big.Int) bool

Verify is the generalized and exported function for the verification of a secp256k1 Schnorr signature. BLAKE256 is used as the hashing function.


type Error

type Error struct {
	ErrorCode   ErrorCode // Describes the kind of error
	Description string    // Human readable description of the issue

Error identifies a violation.

func (Error) Error

func (e Error) Error() string

Error satisfies the error interface and prints human-readable errors.

func (Error) GetCode

func (e Error) GetCode() ErrorCode

GetCode satisfies the error interface and prints human-readable errors.

type ErrorCode

type ErrorCode int

ErrorCode identifies a kind of error.

func (ErrorCode) String

func (e ErrorCode) String() string

String returns the ErrorCode as a human-readable name.

type Signature

type Signature struct {
	R *big.Int
	S *big.Int

Signature is a type representing a Schnorr signature.

func CombineSigs

func CombineSigs(curve *secp256k1.KoblitzCurve,
	sigs []*Signature) (*Signature, error)

CombineSigs is the generalized and exported version of generateNoncePair.

func NewSignature

func NewSignature(r, s *big.Int) *Signature

NewSignature instantiates a new signature given some R,S values.

func ParseSignature

func ParseSignature(sigStr []byte) (*Signature, error)

ParseSignature parses a signature in BER format for the curve type `curve' into a Signature type, perfoming some basic sanity checks.

func PartialSign

func PartialSign(curve *secp256k1.KoblitzCurve, msg []byte,
	priv *secp256k1.PrivateKey, privNonce *secp256k1.PrivateKey,
	pubSum *secp256k1.PublicKey) (*Signature, error)

PartialSign is the generalized and exported version of schnorrPartialSign.

func (Signature) GetR

func (sig Signature) GetR() *big.Int

GetR satisfies the chainec PublicKey interface.

func (Signature) GetS

func (sig Signature) GetS() *big.Int

GetS satisfies the chainec PublicKey interface.

func (Signature) GetType

func (sig Signature) GetType() int

GetType satisfies the chainec Signature interface.

func (Signature) Serialize

func (sig Signature) Serialize() []byte

Serialize returns the Schnorr signature in the more strict format.

The signatures are encoded as

sig[0:32]  R, a point encoded as big endian
sig[32:64] S, scalar multiplication/addition results = (ab+c) mod l
  encoded also as big endian

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL