ec2

package
v0.0.0-...-4c49fd5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 18, 2023 License: GPL-2.0, GPL-3.0 Imports: 24 Imported by: 0

Documentation

Overview

Package ec2 MPC gg18 algorithm

Index

Constants

View Source 
const (
	HoeffdingBoundParam = 128
)
View Source 
const (
	// Iterations iter times
	Iterations = 128
)
View Source 
const (
	PDLwSlackMarshalledParts = 11
)
View Source 
const (
	// PrimeTestTimes the times to try to juede weather is prime
	PrimeTestTimes = 30
)

Variables

View Source 
var ErrMessageTooLong = errors.New("[ERROR]: message is too long")

ErrMessageTooLong error info to print

View Source 
var File_int_proto protoreflect.FileDescriptor
View Source 
var (
	// SafePrimeCh the channel to save safeprime
	SafePrimeCh = make(chan SafePrime, 4)
)

Functions

func CalcHPoint 

func CalcHPoint(keytype string) (*big.Int, *big.Int, error)

CalcHPoint returns a shared point of unknown discrete logarithm for the curve Mimics the KZen-networks/curv impl: https://git.io/JfwSa Not so efficient due to 3x sha256 but it's only used once during a signing round.

func CalcRoh 

func CalcRoh(n *big.Int, num *big.Int) []*big.Int

CalcRoh return m random int: ROHi belong to JN len(ROHi) = n.BitLen() n is the paillier pubKey.N or Ntilde ....

func CalcX 

func CalcX(n *big.Int, num *big.Int) []*big.Int

CalcX return m random int: Xi belong to ZN* len(Xi) == n.BitLen() n is the paillier pubKey.N

func CheckPrime 

func CheckPrime(Ntilde *big.Int) bool

CheckPrime Check Ntilde: 1. Ntilde > 0 2. Ntilde is odd 3. Ntilde is not a prime 4. Ntilde is not a prime perfect power

func Combine2 

func Combine2(keytype string, shares []*ShareStruct2) (*big.Int, error)

Combine2 Calculating Lagrange interpolation formula

func ContainsDuplicate 

func ContainsDuplicate(ids []*big.Int) (bool, error)

ContainsDuplicate judge weather contain duplicate element in ids array

func CreatPair 

func CreatPair(length int) (*PublicKey, *PrivateKey)

CreatPair create paillier pubkey/private key

func EuclideanAlgorithm 

func EuclideanAlgorithm(a *big.Int, b *big.Int) (*big.Int, *big.Int, *big.Int)

EuclideanAlgorithm get (d,x,y) such as: d = gcd(a,b) and ax + by = d a >= b, x and y are integer

func GenRandomSafePrime 

func GenRandomSafePrime()

GenRandomSafePrime Generate 4 random large host primes

func GenerateKeyPair 

func GenerateKeyPair(length int) (*PublicKey, *PrivateKey, *big.Int, *big.Int)

GenerateKeyPair create paillier pubkey and private key

func GetHoeffdingBound 

func GetHoeffdingBound() *big.Int

GetHoeffdingBound get hoeffding bound m = T κ·32·ln2 T k default set 128

func GetP 

func GetP(q *big.Int) *big.Int

GetP get p

func GetRandomPositiveInt 

func GetRandomPositiveInt(upper *big.Int) *big.Int

GetRandomPositiveInt get a random number in (0,upper)

func GetRandomPositiveRelativelyPrimeInt 

func GetRandomPositiveRelativelyPrimeInt(n *big.Int) *big.Int

GetRandomPositiveRelativelyPrimeInt Generate a random element in the group of all the elements in Z/nZ that has a multiplicative inverse.

func GetRandomPrime 

func GetRandomPrime() (*big.Int, *big.Int)

GetRandomPrime add for go test

func GetRandomValuesFromJN 

func GetRandomValuesFromJN(N *big.Int) []*big.Int

GetRandomValuesFromJN get m random values from JN

func GetSharesID 

func GetSharesID(ss *ShareStruct2) *big.Int

GetSharesID get ID

func GetTheQuadraticResidueInt 

func GetTheQuadraticResidueInt(roh *big.Int, N *big.Int, p *big.Int, q *big.Int) (*big.Int, *big.Int, *big.Int, *big.Int)

GetTheQuadraticResidueInt get the roots of x^2 = roh (mod N) N = p*q , p and q are odd prime, p >= q gcd(roh,N) = 1, 1 <= roh < N return 4 roots: (x,-x,y,-y) x^2 = roh (mod p) -------------> r x^2 = roh (mod q) -------------> s get g,c,d by Euclidean Algorithm,such as: g = gcd(p,q),pc + qd = g so: x = r*d*q + s*c*p y = r*d*q − s*c*p

func HvVerify 

func HvVerify(n *big.Int, num *big.Int, proof *HvProof) bool

HvVerify for N = p*q verifier check: 1. Ni > 0 2. Ni is a positive odd integer and is not a prime or a prime power 3. the count of xij != 0 >= 3*m/8 4. xij^2 = ROHij (mod Ni) for every xij != 0 (j = 1,2,...m) (i = 0,1,2,3,4) 5 nodes for example.

func IsNumberInMultiplicativeGroup 

func IsNumberInMultiplicativeGroup(n, v *big.Int) bool

IsNumberInMultiplicativeGroup judge weather gcd(n,v) = 1

func IsPerfectPower 

func IsPerfectPower(Ntilde *big.Int) *big.Int

IsPerfectPower find two integers a and b,such as: Ntilde = a ^ b,and return a ( 2 =< b <= logNtilde ) if not found a,return nil

func IsPerfectPowerOfPrime 

func IsPerfectPowerOfPrime(Ntilde *big.Int) bool

Ntilde == p ^ k ?? p is prime 2 <= k <= logNtilde

func ModInt 

func ModInt(mod *big.Int) *modInt

func MustGetRandomInt 

func MustGetRandomInt(bits int) *big.Int

MustGetRandomInt panics if it is unable to gather entropy from `rand.Reader` or when `bits` is <= 0

func PDLwSlackVerify 

func PDLwSlackVerify(keytype string, st *PDLwSlackStatement, p *PDLwSlackProof) bool

PDLwSlackVerify verify PDLwSlackProof

func ProtoDecode 

func ProtoDecode(data []byte) (string, error)

func ProtoEncode 

func ProtoEncode(num string) ([]byte, error)

func STVerify 

func STVerify(keytype string, S1X *big.Int, S1Y *big.Int, T1X *big.Int, T1Y *big.Int, Rx *big.Int, Ry *big.Int, hGx *big.Int, hGy *big.Int, stpf *STProof) bool

func Sha512_256 

func Sha512_256(in ...*big.Int) *big.Int

Sha512_256 get a hash value with input and add the custom domain separator to hash computations.

func SquareFreeVerify 

func SquareFreeVerify(n *big.Int, num *big.Int, proof *SquareFreeProof) bool

SquareFreeVerify check: N > 0 , N mod p != 0, p is prime, p < alpha N > sigmai > 0 verifier check sigmai^N = Xi (mod N)

func TVerify 

func TVerify(keytype string, t1X *big.Int, t1Y *big.Int, hx *big.Int, hy *big.Int, proof *TProof) bool

TVerify add for gg20: calculate T_i = g^sigma_i * h^l_i = sigma_i*G + l_i*h*G

func Vss2Init 

func Vss2Init(keytype string, secret *big.Int, t int) (*PolyStruct2, *PolyGStruct2, error)

Vss2Init Initialize Lagrange polynomial coefficients

func ZkUVerify 

func ZkUVerify(keytype string, uG []*big.Int, zkUProof *ZkUProof) bool

ZkUVerify verify ZkUProof

func ZkXiVerify 

func ZkXiVerify(keytype string, xiG []*big.Int, zkXiProof *ZkXiProof) bool

ZkXiVerify verify ZkXiProof

Types

type BigInt 

type BigInt struct {
	Bigint string `protobuf:"bytes,1,opt,name=bigint,proto3" json:"bigint,omitempty"`
	// contains filtered or unexported fields
}

this is a comment

func (*BigInt) Descriptor deprecated 

func (*BigInt) Descriptor() ([]byte, []int)

Deprecated: Use BigInt.ProtoReflect.Descriptor instead.

func (*BigInt) GetBigint 

func (x *BigInt) GetBigint() string

func (*BigInt) ProtoMessage 

func (*BigInt) ProtoMessage()

func (*BigInt) ProtoReflect 

func (x *BigInt) ProtoReflect() protoreflect.Message

func (*BigInt) Reset 

func (x *BigInt) Reset()

func (*BigInt) String 

func (x *BigInt) String() string

type Commitment 

type Commitment struct {
	C *big.Int
	D []*big.Int
}

Commitment commitment data

func (*Commitment) Commit 

func (commitment *Commitment) Commit(secrets ...*big.Int) *Commitment

Commit Generate commitment data by secrets

func (*Commitment) DeCommit 

func (commitment *Commitment) DeCommit(keytype string) (bool, []*big.Int)

DeCommit get commitment data secrets

func (*Commitment) Verify 

func (commitment *Commitment) Verify(keytype string) bool

Verify Verify commitment data

type HvProof 

type HvProof struct {
	Sigma []*big.Int
}

HvProof see Paper: Attacking Threshold Wallets* JP Aumasson and Omer Shlomovits Taurus Group, Switzerland ZenGo X, Israel section 5 The Golden Shoe Attack Mitigation: The fix is simple: Ntilde,h1,h2 must be validated on the receiving end.For Ntilde,the sender must attach a proof that Ntilde is a valid RSA modulus from two safe primes.For h1,h2, there is a nice trick in [FO97]: pick h1 at random and h2 = h1^alpha and prove to the receiver the knowledge of alpha with respect to h1, h2. see Paper : Efficient Noninteractive Certification of RSA Moduli and Beyond Sharon Goldberg*, Leonid Reyzin*, Omar Sagga*, and Foteini Baldimtsi Boston University, Boston, MA, USA George Mason University, Fairfax, VA, USA foteini@gmu.edu October 3, 2019 section 3.4 HVZK Proof for a Product of Two Primes

func HvProve 

func HvProve(n *big.Int, num *big.Int, p *big.Int, q *big.Int) *HvProof

HvProve get quadratic residue x for ROH1,ROH2,ROH3 ..... ROHm For every ROHj belong to QRn,the Prover sends back xj(belong to Z*) such that xj^2 mod N = ROHj, Of the four square roots, the Prover chooses one at random. For other ROHj,the prover sends back 0.

func (*HvProof) MarshalJSON 

func (hvpf *HvProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal HvProof to json bytes

func (*HvProof) UnmarshalJSON 

func (hvpf *HvProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to HvProof

type MtARangeProof 

type MtARangeProof struct {
	Z  *big.Int
	U  *big.Int
	W  *big.Int
	S  *big.Int
	S1 *big.Int
	S2 *big.Int
}

MtARangeProof GG18 A.1 Range Proof in MtA protocol

func MtARangeProofProve 

func MtARangeProofProve(keytype string, c *big.Int, m *big.Int, r *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) *MtARangeProof

MtARangeProofProve GG18 A.1 Range Proof in MtA protocol This proof is run by Alice (the initiator) in both MtA and MtAwc protocols. The input for this proof is a Paillier public key (N,G) and a value c ∈ ZN^2.The prover knows m ∈ Zq and r ∈ Z* such that c = G^m*r^N mod N^2,where q is the order of the DSA group. At the end of the protocol the Verifier is convinced that m ∈ [−q^3 , q^3]

func (*MtARangeProof) MarshalJSON 

func (mtAZKProof *MtARangeProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal MtARangeProof to json bytes

func (*MtARangeProof) MtARangeProofVerify 

func (mtAZKProof *MtARangeProof) MtARangeProofVerify(keytype string, c *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) bool

MtARangeProofVerify GG18 A.1 Range Proof in MtA protocol This proof is run by Alice (the initiator) in both MtA and MtAwc protocols. The input for this proof is a Paillier public key (N,G) and a value c ∈ ZN^2.The prover knows m ∈ Zq and r ∈ Z* such that c = G^m*r^N mod N^2,where q is the order of the DSA group. At the end of the protocol the Verifier is convinced that m ∈ [−q^3 , q^3] The Verifier checks that s1 ≤ q^3, u = G^s1*s^N*c^-e mod N^2, h1^s1*h2^s2*z^-e = w mod Ntilde

func (*MtARangeProof) UnmarshalJSON 

func (mtAZKProof *MtARangeProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to MtARangeProof

type MtARespZKProof 

type MtARespZKProof struct {
	Z    *big.Int
	ZBar *big.Int
	T    *big.Int
	V    *big.Int
	W    *big.Int
	S    *big.Int
	S1   *big.Int
	S2   *big.Int
	T1   *big.Int
	T2   *big.Int
}

MtARespZKProof GG18 A.3 Respondent ZK Proof for MtA

func MtARespZKProofProve 

func MtARespZKProofProve(keytype string, x *big.Int, y *big.Int, r *big.Int, c1 *big.Int, c2 *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) *MtARespZKProof

MtARespZKProofProve GG18 A.3 Respondent ZK Proof for MtA This proof is run by Bob (the responder) in the MtA protocol where Bob only proves that x is small (without proving that it is the discrete log of any public value). The input for this proof is a Paillier public key (N,G) and two values c1 , c2 ∈ ZN2. The Prover knows x ∈ Zq , y ∈ ZN and r ∈ Z*,such that c2 = c1^x*G^y*r^N mod N^2, where q is the order of the DSA group. At the end of the protocol the Verifier is convinced of the above and that x ∈ [−q^3 , q^3].

func (*MtARespZKProof) MarshalJSON 

func (mtAZK2Proof *MtARespZKProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal MtARespZKProof to json bytes

func (*MtARespZKProof) MtARespZKProofVerify 

func (mtAZK2Proof *MtARespZKProof) MtARespZKProofVerify(keytype string, c1 *big.Int, c2 *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) bool

MtARespZKProofVerify GG18 A.3 Respondent ZK Proof for MtA This proof is run by Bob (the responder) in the MtA protocol where Bob only proves that x is small (without proving that it is the discrete log of any public value). The input for this proof is a Paillier public key (N,G) and two values c1 , c2 ∈ ZN2. The Prover knows x ∈ Zq , y ∈ ZN and r ∈ Z*,such that c2 = c1^x*G^y*r^N mod N^2, where q is the order of the DSA group. At the end of the protocol the Verifier is convinced of the above and that x ∈ [−q^3 , q^3]. The Verifier checks that s1 ≤ q^3, h1^s1*h2^s2 = z^e*zBar mod Ntilde, h1^t1*h2^t2 = t^e*w mode Ntilde, c1^s1*s^N*G^t1 = c2^e*v mod N^2

func (*MtARespZKProof) UnmarshalJSON 

func (mtAZK2Proof *MtARespZKProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to MtARespZKProof

type MtAwcRespZKProof 

type MtAwcRespZKProof struct {
	Ux   *big.Int
	Uy   *big.Int
	Z    *big.Int
	ZBar *big.Int
	T    *big.Int
	V    *big.Int
	W    *big.Int
	S    *big.Int
	S1   *big.Int
	S2   *big.Int
	T1   *big.Int
	T2   *big.Int
}

MtAwcRespZKProof GG18 A.2 Respondent ZK Proof for MtAwc

func MtAwcRespZKProofProve 

func MtAwcRespZKProofProve(keytype string, x *big.Int, y *big.Int, r *big.Int, c1 *big.Int, c2 *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) *MtAwcRespZKProof

MtAwcRespZKProofProve GG18 A.2 Respondent ZK Proof for MtAwc This proof is run by Bob (the responder) in the MtAwc protocol. The input for this proof is a Paillier public key (N,G) and two values c1, c2 ∈ ZN2, together with a value X in curve the DSA group. The Prover knows x ∈ Zq , y ∈ ZN and r ∈ Z* such that c2 = c1^x*G^y*r^N mod N^2, and X = g^x on the curve, where q is the order of the DSA group. At the end of the protocol the Verifier is convinced of the above and that x ∈ [−q^3 , q^3].

func (*MtAwcRespZKProof) MarshalJSON 

func (mtAZK3Proof *MtAwcRespZKProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal MtAZK3Proofnhh to json bytes

func (*MtAwcRespZKProof) MtAwcRespZKProofVefify 

func (mtAZK3Proof *MtAwcRespZKProof) MtAwcRespZKProofVefify(keytype string, xG []*big.Int, c1 *big.Int, c2 *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) bool

MtAwcRespZKProofVefify GG18 A.2 Respondent ZK Proof for MtAwc This proof is run by Bob (the responder) in the MtAwc protocol. The input for this proof is a Paillier public key (N,G) and two values c1, c2 ∈ ZN2, together with a value X in curve the DSA group. The Prover knows x ∈ Zq , y ∈ ZN and r ∈ Z* such that c2 = c1^x*G^y*r^N mod N^2, and X = g^x on the curve, where q is the order of the DSA group. At the end of the protocol the Verifier is convinced of the above and that x ∈ [−q^3 , q^3]. The Verifier checks that s1 ≤ q^3, g^s1 = X^e*u on the curve, h1^s1*h2^s2 = z^e*zBar mode Ntilde, h1^t1*h2^t2 = t^e*w mod Ntilde, and c1^s1*s^N*G^t1 = c2^e*v mod N^2.

func (*MtAwcRespZKProof) UnmarshalJSON 

func (mtAZK3Proof *MtAwcRespZKProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to MtAZK3Proofnhh

type NtildeH1H2 

type NtildeH1H2 struct {
	Ntilde *big.Int
	H1     *big.Int
	H2     *big.Int
}

NtildeH1H2 ntilde data

func CreateNt 

func CreateNt(length int) (*NtildeH1H2, *big.Int, *big.Int, *big.Int, *big.Int)

CreateNt create data for Nt zk proof

func GenerateNtildeH1H2 

func GenerateNtildeH1H2(length int) (*NtildeH1H2, *big.Int, *big.Int, *big.Int, *big.Int, *big.Int, *big.Int)

GenerateNtildeH1H2 create ntilde data

func (*NtildeH1H2) MarshalJSON 

func (ntilde *NtildeH1H2) MarshalJSON() ([]byte, error)

MarshalJSON marshal NtildeH1H2 to json bytes

func (*NtildeH1H2) UnmarshalJSON 

func (ntilde *NtildeH1H2) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to NtildeH1H2

type NtildePrivData 

type NtildePrivData struct {
	Alpha *big.Int
	Beta  *big.Int
	Q1    *big.Int
	Q2    *big.Int
}

func (*NtildePrivData) MarshalJSON 

func (priv *NtildePrivData) MarshalJSON() ([]byte, error)

MarshalJSON marshal PrivateKey to json bytes

func (*NtildePrivData) UnmarshalJSON 

func (priv *NtildePrivData) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to PrivateKey

type NtildeProof 

type NtildeProof struct {
	Alpha,
	T [Iterations]*big.Int
}

NtildeProof ntilde zk proof

func NewNtildeProof 

func NewNtildeProof(h1, h2, x, p, q, N *big.Int) *NtildeProof

NewNtildeProof create ntilde proof

func (*NtildeProof) MarshalJSON 

func (p *NtildeProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal NtildeProof to json bytes

func (*NtildeProof) UnmarshalJSON 

func (p *NtildeProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to NtildeProof

func (*NtildeProof) Verify 

func (p *NtildeProof) Verify(h1, h2, N *big.Int) bool

Verify Verify ntilde proof

type PDLwSlackProof 

type PDLwSlackProof struct {
	Z   *big.Int
	U1X *big.Int
	U1Y *big.Int
	U2, U3,
	S1, S2, S3 *big.Int
}

func NewPDLwSlackProof 

func NewPDLwSlackProof(keytype string, wit *PDLwSlackWitness, st *PDLwSlackStatement) *PDLwSlackProof

NewPDLwSlackProof new PDLwSlackProof

func (*PDLwSlackProof) MarshalJSON 

func (p *PDLwSlackProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal PDLwSlackProof to json bytes

func (*PDLwSlackProof) UnmarshalJSON 

func (p *PDLwSlackProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to PDLwSlackProof

type PDLwSlackStatement 

type PDLwSlackStatement struct {
	CipherText     *big.Int
	PK             *PublicKey
	K1RX           *big.Int //Q
	K1RY           *big.Int
	Rx             *big.Int //G
	Ry             *big.Int
	H1, H2, NTilde *big.Int
}

type PDLwSlackWitness 

type PDLwSlackWitness struct {
	K1, K1Ra *big.Int // X R
	SK       *PrivateKey
}

type PolyGStruct2 

type PolyGStruct2 struct {
	PolyG [][]*big.Int //x and y
}

PolyGStruct2 (x,y)

type PolyStruct2 

type PolyStruct2 struct {
	Poly []*big.Int // coefficient set
}

PolyStruct2 coefficient set

func (*PolyStruct2) Vss2 

func (polyStruct *PolyStruct2) Vss2(keytype string, ids []*big.Int) ([]*ShareStruct2, error)

Vss2 Calculate Lagrange polynomial value

type PrivateKey 

type PrivateKey struct {
	Length string `json:"Length"`
	PublicKey
	L *big.Int `json:"L"` // (p-1)*(q-1)
	U *big.Int `json:"U"` // L^-1 mod N
}

PrivateKey the paillier private key

func (*PrivateKey) Decrypt 

func (privateKey *PrivateKey) Decrypt(cipherBigInt *big.Int) (*big.Int, error)

Decrypt paillier decrypt by private key

func (*PrivateKey) MarshalJSON 

func (privateKey *PrivateKey) MarshalJSON() ([]byte, error)

MarshalJSON marshal PrivateKey to json bytes

func (*PrivateKey) UnmarshalJSON 

func (privateKey *PrivateKey) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to PrivateKey

type PublicKey 

type PublicKey struct {
	Length string   `json:"Length"`
	N      *big.Int `json:"N"`  // n = p*q, where p and q are prime
	G      *big.Int `json:"G"`  // in practical, G = N + 1
	N2     *big.Int `json:"N2"` // N2 = N * N
}

PublicKey the paillier pubkey

func (*PublicKey) Encrypt 

func (publicKey *PublicKey) Encrypt(mBigInt *big.Int) (*big.Int, *big.Int, error)

Encrypt paillier encrypt by public key

func (*PublicKey) HomoAdd 

func (publicKey *PublicKey) HomoAdd(c1, c2 *big.Int) *big.Int

HomoAdd Homomorphic addition

func (*PublicKey) HomoMul 

func (publicKey *PublicKey) HomoMul(cipher, k *big.Int) *big.Int

HomoMul Homomorphic multiplication

func (*PublicKey) MarshalJSON 

func (publicKey *PublicKey) MarshalJSON() ([]byte, error)

MarshalJSON marshal PublicKey to json bytes

func (*PublicKey) UnmarshalJSON 

func (publicKey *PublicKey) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to PublicKey

type RohData 

type RohData struct {
	Index int64
	Roh   *big.Int
}

type STProof 

type STProof struct {
	AlphaX *big.Int
	AlphaY *big.Int
	BetaX  *big.Int
	BetaY  *big.Int
	T      *big.Int
	U      *big.Int
}

ZK proof for knowledge of sigma_i, l_i such that S_i = R^sigma_i, T_i = g^sigma_i h^l_i (GG20)

func NewSTProof 

func NewSTProof(keytype string, T1X *big.Int, T1Y *big.Int, S1X *big.Int, S1Y *big.Int, Rx *big.Int, Ry *big.Int, hGx *big.Int, hGy *big.Int, sigma1 *big.Int, l1 *big.Int) *STProof

NewSTProof new STProof

func (*STProof) MarshalJSON 

func (stpf *STProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal STProof to json bytes

func (*STProof) UnmarshalJSON 

func (stpf *STProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to STProof

type SafePrime 

type SafePrime struct {
	// contains filtered or unexported fields
}

SafePrime prime

func (*SafePrime) CheckValidate 

func (sp *SafePrime) CheckValidate() bool

CheckValidate check p < 2^(L/2) ? p = 2*q + 1

func (*SafePrime) P 

func (sp *SafePrime) P() *big.Int

P get p

func (*SafePrime) Q 

func (sp *SafePrime) Q() *big.Int

Q get q

func (*SafePrime) SetP 

func (sp *SafePrime) SetP(p *big.Int)

SetP set p

func (*SafePrime) SetQ 

func (sp *SafePrime) SetQ(q *big.Int)

SetQ set q

type ShareStruct2 

type ShareStruct2 struct {
	ID    *big.Int // ID, x coordinate
	Share *big.Int
}

ShareStruct2 f(xi)

func (*ShareStruct2) Verify2 

func (share *ShareStruct2) Verify2(keytype string, polyG *PolyGStruct2) bool

Verify2 Verify Lagrange polynomial value

type SquareFreeProof 

type SquareFreeProof struct {
	Sigma []*big.Int
}

SquareFreeProof add for GG20: keygen phase 3. Each player Pi proves in ZK that Ni is square-free using the proof of Gennaro, Micciancio, and Rabin [30] An Efficient Non-Interactive Statistical Zero-Knowledge Proof System for Quasi-Safe Prime Products, section 3.1

func SquareFreeProve 

func SquareFreeProve(n *big.Int, num *big.Int, l *big.Int) *SquareFreeProof

SquareFreeProve chooses m random value Xi belong to ZN* prover compute M = N^-1 mod OuLa(N) and output sigmai = Xi^M mod N for every Xi

func (*SquareFreeProof) MarshalJSON 

func (sfpf *SquareFreeProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal SquareFreeProof to json bytes

func (*SquareFreeProof) UnmarshalJSON 

func (sfpf *SquareFreeProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to SquareFreeProof

type TProof 

type TProof struct {
	AlphaX *big.Int
	AlphaY *big.Int
	T      *big.Int
	U      *big.Int
}

ZK proof of knowledge of sigma_i, l_i such that T_i = g^sigma_i, h^l_i (GG20)

func TProve 

func TProve(keytype string, t1X *big.Int, t1Y *big.Int, hx *big.Int, hy *big.Int, sigma1 *big.Int, l1 *big.Int) *TProof

TProve add for gg20: calculate T_i = g^sigma_i * h^l_i = sigma_i*G + l_i*h*G

func (*TProof) MarshalJSON 

func (tpf *TProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal TProof to json bytes

func (*TProof) UnmarshalJSON 

func (tpf *TProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to TProof

type ZkUProof 

type ZkUProof struct {
	E *big.Int
	S *big.Int
}

ZkUProof the ZK that he knows u using Schnorr’s protocol

func ZkUProve 

func ZkUProve(keytype string, u *big.Int) *ZkUProof

ZkUProve create ZkUProof

func (*ZkUProof) MarshalJSON 

func (zku *ZkUProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal ZkUProof to json bytes

func (*ZkUProof) UnmarshalJSON 

func (zku *ZkUProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to ZkUProof

type ZkXiProof 

type ZkXiProof struct {
	E *big.Int
	S *big.Int
}

ZkXiProof the ZK that he knows xi using Schnorr’s protocol

func ZkXiProve 

func ZkXiProve(keytype string, sku1 *big.Int) *ZkXiProof

ZkXiProve create ZkXiProof

func (*ZkXiProof) MarshalJSON 

func (zkx *ZkXiProof) MarshalJSON() ([]byte, error)

MarshalJSON marshal ZkXiProof to json bytes

func (*ZkXiProof) UnmarshalJSON 

func (zkx *ZkXiProof) UnmarshalJSON(raw []byte) error

UnmarshalJSON unmarshal raw to ZkXiProof

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.