README
¶
Kryptology
Coinbase's advanced cryptography library
Quickstart
Use the latest version of this library:
go get github.com/blockfi/kryptology
Pin a specific release of this library:
go get github.com/blockfi/kryptology@v1.0.0
Documentation
Public documentations can be found at https://pkg.go.dev/github.com/blockfi/kryptology
To access the documentation of the local version, run godoc -http=:6060 and open
the following url in your browser.
http://localhost:6060/pkg/github.com/blockfi/kryptology/
Developer Setup
Prerequisites: golang 1.16, make
git clone git@github.com/blockfi/kryptology.git && make
Components
The following is the list of primitives and protocols that are implemented in this repository.
Curves
The curve abstraction code can be found at pkg/core/curves/curve.go
The curves that implement this abstraction are as follows.
Protocols
The generic protocol interface pkg/core/protocol/protocol.go. This abstraction is currently only used in DKLs18 implementation.
- Cryptographic Accumulators
- Bulletproof
- Oblivious Transfer
- Threshold ECDSA Signature
- Threshold Schnorr Signature
- Paillier encryption system
- Secret Sharing Schemes
- Verifiable encryption
- ZKP Schnorr
Contributing
- Versioning:
vMajor.Minor.Patch- Major revision indicates breaking API change or significant new features
- Minor revision indicates no API breaking changes and may include significant new features or documentation
- Patch indicates no API breaking changes and may include only fixes
References
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
benchcomp
benchcomp implements a command that receives two benchmarks files as input and flags the benchmarks that have degraded by more than a threshold amount.
|
benchcomp implements a command that receives two benchmarks files as input and flags the benchmarks that have degraded by more than a threshold amount. |
|
pkg
|
|
|
accumulator
Package accumulator implements the cryptographic accumulator as described in https://eprint.iacr.org/2020/777.pdf It also implements the zero knowledge proof of knowledge protocol described in section 7 of the paper.
|
Package accumulator implements the cryptographic accumulator as described in https://eprint.iacr.org/2020/777.pdf It also implements the zero knowledge proof of knowledge protocol described in section 7 of the paper. |
|
core
Package core contains a set of primitives, including but not limited to various elliptic curves, hashes, and commitment schemes.
|
Package core contains a set of primitives, including but not limited to various elliptic curves, hashes, and commitment schemes. |
|
core/curves
Package curves: Field implementation IS NOT constant time as it leverages math/big for big number operations.
|
Package curves: Field implementation IS NOT constant time as it leverages math/big for big number operations. |
|
core/curves/native/k256/fp
Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Go --no-wide-int --relax-primitive-carry-to-bitwidth 32,64 --cmovznz-by-mul --internal-static --package-case flatcase --public-function-case UpperCamelCase --private-function-case camelCase --public-type-case UpperCamelCase --private-type-case camelCase --no-prefix-fiat --doc-newline-in-typedef-bounds --doc-prepend-header 'Code generated by Fiat Cryptography.
|
Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Go --no-wide-int --relax-primitive-carry-to-bitwidth 32,64 --cmovznz-by-mul --internal-static --package-case flatcase --public-function-case UpperCamelCase --private-function-case camelCase --public-type-case UpperCamelCase --private-type-case camelCase --no-prefix-fiat --doc-newline-in-typedef-bounds --doc-prepend-header 'Code generated by Fiat Cryptography. |
|
core/curves/native/k256/fq
Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Go --no-wide-int --relax-primitive-carry-to-bitwidth 32,64 --cmovznz-by-mul --internal-static --package-case flatcase --public-function-case UpperCamelCase --private-function-case camelCase --public-type-case UpperCamelCase --private-type-case camelCase --no-prefix-fiat --doc-newline-in-typedef-bounds --doc-prepend-header 'Code generated by Fiat Cryptography.
|
Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Go --no-wide-int --relax-primitive-carry-to-bitwidth 32,64 --cmovznz-by-mul --internal-static --package-case flatcase --public-function-case UpperCamelCase --private-function-case camelCase --public-type-case UpperCamelCase --private-type-case camelCase --no-prefix-fiat --doc-newline-in-typedef-bounds --doc-prepend-header 'Code generated by Fiat Cryptography. |
|
core/curves/native/p256/fp
Code generated by Fiat Cryptography.
|
Code generated by Fiat Cryptography. |
|
core/curves/native/p256/fq
Code generated by Fiat Cryptography.
|
Code generated by Fiat Cryptography. |
|
core/curves/native/pasta/fp
Autogenerated: './src/ExtractionOCaml/word_by_word_montgomery' --lang Go pasta_fp 64 '2^254 + 45560315531419706090280762371685220353' curve description: pasta_fp machine_wordsize = 64 (from "64") requested operations: (all) m = 0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001 (from "2^254 + 45560315531419706090280762371685220353") NOTE: In addition to the bounds specified above each function, all functions synthesized for this Montgomery arithmetic require the input to be strictly less than the prime modulus (m), and also require the input to be in the unique saturated representation.
|
Autogenerated: './src/ExtractionOCaml/word_by_word_montgomery' --lang Go pasta_fp 64 '2^254 + 45560315531419706090280762371685220353' curve description: pasta_fp machine_wordsize = 64 (from "64") requested operations: (all) m = 0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001 (from "2^254 + 45560315531419706090280762371685220353") NOTE: In addition to the bounds specified above each function, all functions synthesized for this Montgomery arithmetic require the input to be strictly less than the prime modulus (m), and also require the input to be in the unique saturated representation. |
|
core/curves/native/pasta/fq
Autogenerated: './src/ExtractionOCaml/word_by_word_montgomery' --lang Go pasta_fq 64 '2^254 + 45560315531506369815346746415080538113' curve description: pasta_fq machine_wordsize = 64 (from "64") requested operations: (all) m = 0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001 (from "2^254 + 45560315531506369815346746415080538113") NOTE: In addition to the bounds specified above each function, all functions synthesized for this Montgomery arithmetic require the input to be strictly less than the prime modulus (m), and also require the input to be in the unique saturated representation.
|
Autogenerated: './src/ExtractionOCaml/word_by_word_montgomery' --lang Go pasta_fq 64 '2^254 + 45560315531506369815346746415080538113' curve description: pasta_fq machine_wordsize = 64 (from "64") requested operations: (all) m = 0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001 (from "2^254 + 45560315531506369815346746415080538113") NOTE: In addition to the bounds specified above each function, all functions synthesized for this Montgomery arithmetic require the input to be strictly less than the prime modulus (m), and also require the input to be in the unique saturated representation. |
|
dkg/frost
Package frost is an implementation of the DKG part of https://eprint.iacr.org/2020/852.pdf
|
Package frost is an implementation of the DKG part of https://eprint.iacr.org/2020/852.pdf |
|
dkg/gennaro
Package gennaro is an implementation of the DKG part of https://eprint.iacr.org/2020/540.pdf
|
Package gennaro is an implementation of the DKG part of https://eprint.iacr.org/2020/540.pdf |
|
dkg/gennaro2p
Package gennaro2p wraps dkg/genarro and specializes it for the 2-party case.
|
Package gennaro2p wraps dkg/genarro and specializes it for the 2-party case. |
|
ot/base/simplest
Package simplest implements the "Verified Simplest OT", as defined in "protocol 7" of [DKLs18](https://eprint.iacr.org/2018/499.pdf).
|
Package simplest implements the "Verified Simplest OT", as defined in "protocol 7" of [DKLs18](https://eprint.iacr.org/2018/499.pdf). |
|
ot/extension/kos
Package kos in an implementation of maliciously secure OT extension protocol defined in "Protocol 9" of [DKLs18](https://eprint.iacr.org/2018/499.pdf).
|
Package kos in an implementation of maliciously secure OT extension protocol defined in "Protocol 9" of [DKLs18](https://eprint.iacr.org/2018/499.pdf). |
|
ot/ottest
Package ottest contains some utilities to test ot functions.
|
Package ottest contains some utilities to test ot functions. |
|
paillier
Package paillier contains Paillier's cryptosystem (1999) [P99].
|
Package paillier contains Paillier's cryptosystem (1999) [P99]. |
|
sharing
Package sharing is an implementation of shamir secret sharing and implements the following papers.
|
Package sharing is an implementation of shamir secret sharing and implements the following papers. |
|
signatures/bbs
Package bbs is an implementation of BBS+ signature of https://eprint.iacr.org/2016/663.pdf
|
Package bbs is an implementation of BBS+ signature of https://eprint.iacr.org/2016/663.pdf |
|
signatures/bls/bls_sig
Package bls_sig is an implementation of the BLS signature defined in https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03
|
Package bls_sig is an implementation of the BLS signature defined in https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03 |
|
signatures/bls/finitefield
Package finitefield provides a finite field type (Field) that wraps big.Int operations and verifies that all mutations to the value are done within the field.
|
Package finitefield provides a finite field type (Field) that wraps big.Int operations and verifies that all mutations to the value are done within the field. |
|
signatures/bls/shamir
Package shamir is kept for legacy reasons, for our implementation of shamir secret sharing, checkout "pkg/sharing/shamir.go".
|
Package shamir is kept for legacy reasons, for our implementation of shamir secret sharing, checkout "pkg/sharing/shamir.go". |
|
tecdsa/dkls/v0
Package v0 implements the 2-of-2 threshold ECDSA signing algorithm of [Doerner, Kondi, Lee, and shelat](https://eprint.iacr.org/2018/499).
|
Package v0 implements the 2-of-2 threshold ECDSA signing algorithm of [Doerner, Kondi, Lee, and shelat](https://eprint.iacr.org/2018/499). |
|
tecdsa/dkls/v1
Package v1 provides a wrapper around the [DKLs18](https://eprint.iacr.org/2018/499.pdf) sign and dkg and provides serialization, serialization, and versioning for the serialized data.
|
Package v1 provides a wrapper around the [DKLs18](https://eprint.iacr.org/2018/499.pdf) sign and dkg and provides serialization, serialization, and versioning for the serialized data. |
|
tecdsa/dkls/v1/dkg
Package dkg implements the Distributed Key Generation (DKG) protocol of [DKLs18](https://eprint.iacr.org/2018/499.pdf).
|
Package dkg implements the Distributed Key Generation (DKG) protocol of [DKLs18](https://eprint.iacr.org/2018/499.pdf). |
|
tecdsa/dkls/v1/sign
Package sign implements the 2-2 threshold signature protocol of [DKLs18](https://eprint.iacr.org/2018/499.pdf).
|
Package sign implements the 2-2 threshold signature protocol of [DKLs18](https://eprint.iacr.org/2018/499.pdf). |
|
tecdsa/gg20/dealer
Package dealer is an implementation of the `dealer` mode of https://eprint.iacr.org/2020/540.pdf
|
Package dealer is an implementation of the `dealer` mode of https://eprint.iacr.org/2020/540.pdf |
|
tecdsa/gg20/participant
Package participant is an implementation of a `participant` in the t-of-n threshold signature of https://eprint.iacr.org/2020/540.pdf
|
Package participant is an implementation of a `participant` in the t-of-n threshold signature of https://eprint.iacr.org/2020/540.pdf |
|
tecdsa/gg20/proof
Package proof contains the following implementations - proof of discrete logarithm (PDL) subprotocol from [spec] §8 - multiplicative-to-additive (MtA) subprotocol from [spec] §7 - proof of knowledge of a discrete log modulo a composite (fig 16), i.e., ProveCompositeDL and VerifyCompositeDL
|
Package proof contains the following implementations - proof of discrete logarithm (PDL) subprotocol from [spec] §8 - multiplicative-to-additive (MtA) subprotocol from [spec] §7 - proof of knowledge of a discrete log modulo a composite (fig 16), i.e., ProveCompositeDL and VerifyCompositeDL |
|
ted25519/frost
Package frost is an implementation of t-of-n threshold signature of https://eprint.iacr.org/2020/852.pdf
|
Package frost is an implementation of t-of-n threshold signature of https://eprint.iacr.org/2020/852.pdf |
|
ted25519/ted25519
Package ted25519 implements the Ed25519 signature algorithm.
|
Package ted25519 implements the Ed25519 signature algorithm. |
|
verenc/camshoup
Package camshoup Verifiable encryption Verifiable encryption addresses a problem about proving statements for encrypted data.
|
Package camshoup Verifiable encryption Verifiable encryption addresses a problem about proving statements for encrypted data. |
|
zkp/schnorr
Package schnorr implements a Schnorr proof, as described and used in Doerner, et al.
|
Package schnorr implements a Schnorr proof, as described and used in Doerner, et al. |
|
test
|
|
Click to show internal directories.
Click to hide internal directories.