mbpqs

package module
v0.0.0-...-a2c7d47 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 11, 2019 License: MIT Imports: 12 Imported by: 0

README

MBPQS

Multi-Blockchain Post-Quantum Signatures (MBPQS) is a hash-based post-quantum secure cryptographic digtal signature scheme specifically designed for multi-chain blockchain systems. The scheme is designed for private/consortium blockchain where orderers are predefined network peers, and sign blocks in segregated chains (channels).

Parameters

The parameters for MBPQS are as following:

  • n, chosen from {32,64}: security parameter in bytes. For n=32, SHA-256 is used throughout the scheme, and for n=64, SHA-512 is used.
  • w, chosen from {4,16,256}: Winternitz parameter.
  • rootH, integer < 20: height of the root tree, defines the maximum amount of channels which can be added (which is 2^rootH).
  • chanH, integer < 2^32: height of the initial chain tree in a channel.
  • gf, integer < (2^32-chanH): growing factor for subsequent chain trees relative to the previous chain tree in the channel. gf=0 results in no relative growth of chain trees.

Disclaimer

This code is meant to showcase the workings of MBPQS, cross-validation, and experimenting. Do NOT use this code any software deployment as cryptographic code requires careful consideration of the specific deployment environment.

Installation

go get -u github.com/Breus/mbpqs

References

The scheme design uses ideas from XMSS-T to reach quantum-resistance, and the ChainTree structure from BPQS.

The implementation of WOTS+ (including multi-target resistance from WOTS-T) and parts of the XMSS tree generation, including the corresponding unit tests, are taken from Go-XMSS-MT from Bas Westerbaan.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenKeyPair 

func GenKeyPair(n, rtH, chanH uint32, c uint16, w uint16) (*PrivateKey, *PublicKey, error)

GenKeyPair generates a keypair for the given parameters.

func GenerateKeyPair 

func GenerateKeyPair(p *Params, t int) (*PrivateKey, *PublicKey, error)

GenerateKeyPair generates a new MBPQS keypair for given parameters.

Types

type Channel 

type Channel struct {
	// contains filtered or unexported fields
}

Channel is a key channel within the MBPQS tree, are stacked chain trees with the same Tree address.

type Context 

type Context struct {
	// contains filtered or unexported fields
}

Context including a full MBPQS instance.

func NewContextFromOid 

func NewContextFromOid(oid uint32) *Context

NewContextFromOid returns a new context for the given Root tree.

type GrowSignature 

type GrowSignature struct {
	// contains filtered or unexported fields
}

GrowSignature is a signature of the last OTS key in a chain tree over the next chain tree root node.

func (*GrowSignature) NextAuthNode 

func (gs *GrowSignature) NextAuthNode(prevAuthNode ...[]byte) []byte

NextAuthNode returns the growSig root hash field from the GrowSignature. This is the chainTree root signed in this signature.

type MsgSignature 

type MsgSignature struct {
	// contains filtered or unexported fields
}

MsgSignature holds a signature on a message in a channel.

func (MsgSignature) NextAuthNode 

func (ms MsgSignature) NextAuthNode(prevAuthNode ...[]byte) []byte

NextAuthNode returns the authentication node for the next signature from the current MsgSignature.

type Params 

type Params struct {
	// contains filtered or unexported fields
}

Params includes the MBPQS parameters.

func InitParam 

func InitParam(n, rtH, chanH, gf uint32, c, w uint16) *Params

InitParam returns a pointer to a Params struct with parameters initialized to given arguments.

type PrivateKey 

type PrivateKey struct {
	Channels []*Channel // Channel states in the private key.
	// contains filtered or unexported fields
}

PrivateKey is a MBPQS private key */

func (*PrivateKey) AddChannel 

func (sk *PrivateKey) AddChannel() (uint32, *RootSignature, error)

AddChannel returns the ID of the added channel, and the signature of its initial chain tree root node.

func (*PrivateKey) ChainSeqNo 

func (sk *PrivateKey) ChainSeqNo(chIdx uint32) uint32

ChainSeqNo retrieves the current cahinSeqNo and increases it with one.

func (*PrivateKey) ChannelSeqNos 

func (sk *PrivateKey) ChannelSeqNos(chIdx uint32) (uint32, SignatureSeqNo, error)

ChannelSeqNos retrieves the current chainSeqNo and the current channelSeqNo.

func (*PrivateKey) GetSeqNo 

func (sk *PrivateKey) GetSeqNo() (SignatureSeqNo, error)

GetSeqNo retrieves the current index of the first unusued channel signing key in the RootTree.

func (*PrivateKey) GrowChannel 

func (sk *PrivateKey) GrowChannel(chIdx uint32) (*GrowSignature, error)

GrowChannel adds a chainTree to the channel.

func (*PrivateKey) SignChannelMsg 

func (sk *PrivateKey) SignChannelMsg(chIdx uint32, msg []byte) (*MsgSignature, error)

SignChannelMsg signs the message 'msg' in the channel with index chIdx. Be cautious: this

func (*PrivateKey) SignChannelRoot 

func (sk *PrivateKey) SignChannelRoot(chRt []byte) (*RootSignature, error)

SignChannelRoot is used to sign the n-byte channel root hash with the PrivateKey

func (*PrivateKey) SignMsg 

func (sk *PrivateKey) SignMsg(chIdx uint32, msg []byte) (*MsgSignature, error)

SignMsg returns the signature over the message in channel with index chIdx.

type PublicKey 

type PublicKey struct {
	// contains filtered or unexported fields
}

PublicKey is a MBPQS public key.

func (*PublicKey) Verify 

func (pk *PublicKey) Verify(sig Signature, msgAuthNode ...[]byte) (bool, error)

Verify is the generic verification function for all signature types. First parameter: signature of any type Second (optional) parameter: message, plus additionally a authentication node as third. Authnod of growsignature and msgsignature should be CurAuthNode of previous signature.

func (*PublicKey) VerifyChannel 

func (pk *PublicKey) VerifyChannel(rt *RootSignature) (bool, error)

VerifyChannel verifies that a channel is signed by a certain PublicKey.

func (*PublicKey) VerifyChannelMsg 

func (pk *PublicKey) VerifyChannelMsg(sig *MsgSignature, msg, authNode []byte) (bool, error)

VerifyChannelMsg return true if the signature/message pair is valid.

func (*PublicKey) VerifyChannelRoot 

func (pk *PublicKey) VerifyChannelRoot(rtSig *RootSignature, chRt []byte) (bool, error)

VerifyChannelRoot is used to verify the signature on the channel root.

func (*PublicKey) VerifyGrow 

func (pk *PublicKey) VerifyGrow(sig *GrowSignature, authNode []byte) (bool, error)

VerifyGrow verifies the growing signature.

func (*PublicKey) VerifyMsg 

func (pk *PublicKey) VerifyMsg(sig *MsgSignature, msg, authNode []byte) (
	bool, error)

VerifyMsg returns if the signature/message pair verifies to the previous authNode.

type RootSignature 

type RootSignature struct {
	// contains filtered or unexported fields
}

RootSignature holds a signature on a channel by a rootTree leaf.

func (*RootSignature) GetSignedRoot 

func (rtSig *RootSignature) GetSignedRoot() []byte

GetSignedRoot returns the root hash field from the the RootSignature. This is the channel root signed by this signature.

func (*RootSignature) NextAuthNode 

func (rtSig *RootSignature) NextAuthNode(prevAuthNode ...[]byte) []byte

NextAuthNode returns the authentication path for the RootSignature.

type Signature 

type Signature interface {
	NextAuthNode(prevAuthNode ...[]byte) []byte // Retrieve the current Authentication root after this signature is verified.
}

Signature is the interface type for RootSignature, MsgSignature, and GrowSignature.

type SignatureSeqNo 

type SignatureSeqNo uint32

SignatureSeqNo is the sequence number (index) of signatures and wotsKeys in channels and the root tree.

type SubTreeAddress 

type SubTreeAddress struct {
	// The root tree has layer 0.
	// The top-level chain tree has layer 1, etc.
	Layer uint32

	// The offset in the subtree.
	// The root has tree index = 0.
	// The leftmost chaintrees have tree = 0.
	Tree uint64
}

SubTreeAddress represents the position of a subtree in the full MBPQS tree.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.