crypto

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 10, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package crypto provides cryptographic primitives for HotStuff-2.

This package implements two signature schemes: 1. BLS12-381 - O(1) aggregate signatures (this file) 2. Ed25519 - O(n) multi-signatures (ed25519.go)

Index

Constants

View Source 
const (
	// Ed25519PublicKeySize is the size of a Ed25519 public key in bytes.
	Ed25519PublicKeySize = ed25519.PublicKeySize // 32 bytes

	// Ed25519PrivateKeySize is the size of a Ed25519 private key in bytes.
	Ed25519PrivateKeySize = ed25519.PrivateKeySize // 64 bytes

	// Ed25519SignatureSize is the size of an Ed25519 signature in bytes.
	Ed25519SignatureSize = ed25519.SignatureSize // 64 bytes
)

Variables

View Source 
var (
	// ErrInvalidSignature indicates signature verification failed.
	ErrInvalidSignature = errors.New("invalid signature")

	// ErrEmptySignatures indicates no signatures provided for aggregation.
	ErrEmptySignatures = errors.New("no signatures to aggregate")

	// ErrEmptyPublicKeys indicates no public keys provided for aggregation.
	ErrEmptyPublicKeys = errors.New("no public keys to aggregate")

	// ErrSignatureCountMismatch indicates signature and public key counts differ.
	ErrSignatureCountMismatch = errors.New("signature count does not match public key count")
)
View Source 
var (
	// ErrInvalidEd25519Signature indicates Ed25519 signature verification failed.
	ErrInvalidEd25519Signature = errors.New("invalid Ed25519 signature")

	// ErrInvalidEd25519KeySize indicates wrong key size.
	ErrInvalidEd25519KeySize = errors.New("invalid Ed25519 key size")
)

Functions

func BatchVerify 

func BatchVerify(messages [][]byte, signatures []*BLSSignature, publicKeys []*BLSPublicKey) error

BatchVerify verifies multiple individual signatures in a batch. More efficient than verifying each signature separately.

func VerifyAggregated 

func VerifyAggregated(message []byte, aggregatedSig *BLSSignature, publicKeys []*BLSPublicKey) error

VerifyAggregated verifies an aggregate signature over the same message signed by multiple public keys.

CRITICAL: This assumes all signers signed the SAME message. For different messages, use VerifyAggregatedDistinct.

func VerifyAggregatedDistinct 

func VerifyAggregatedDistinct(messages [][]byte, aggregatedSig *BLSSignature, publicKeys []*BLSPublicKey) error

VerifyAggregatedDistinct verifies an aggregate signature over DIFFERENT messages signed by multiple public keys.

This is slower than VerifyAggregated but supports different messages per signer. Use this for multi-signature schemes where each validator signs different data.

Types

type BLSPrivateKey 

type BLSPrivateKey struct {
	// contains filtered or unexported fields
}

BLSPrivateKey wraps a BLS12-381 private key.

func BLSPrivateKeyFromBytes 

func BLSPrivateKeyFromBytes(data []byte) (*BLSPrivateKey, error)

BLSPrivateKeyFromBytes reconstructs a private key from bytes.

func GenerateBLSKey 

func GenerateBLSKey() (*BLSPrivateKey, error)

GenerateBLSKey generates a new BLS12-381 key pair.

func (*BLSPrivateKey) Bytes 

func (sk *BLSPrivateKey) Bytes() []byte

Bytes returns the 32-byte scalar representation.

func (*BLSPrivateKey) PublicKey 

func (sk *BLSPrivateKey) PublicKey() *BLSPublicKey

PublicKey returns the public key corresponding to this private key.

func (*BLSPrivateKey) Sign 

func (sk *BLSPrivateKey) Sign(message []byte) (*BLSSignature, error)

Sign signs a message with this private key. Message is hashed to G1, then multiplied by the private key scalar.

type BLSPublicKey 

type BLSPublicKey struct {
	// contains filtered or unexported fields
}

BLSPublicKey wraps a BLS12-381 public key (G2 point).

func AggregatePublicKeys 

func AggregatePublicKeys(publicKeys []*BLSPublicKey) (*BLSPublicKey, error)

AggregatePublicKeys aggregates multiple BLS public keys into one. Used for batch verification of aggregate signatures.

func BLSPublicKeyFromBytes 

func BLSPublicKeyFromBytes(data []byte) (*BLSPublicKey, error)

BLSPublicKeyFromBytes reconstructs a public key from bytes.

func (*BLSPublicKey) Bytes 

func (pk *BLSPublicKey) Bytes() []byte

Bytes returns the compressed 96-byte G2 point representation.

func (*BLSPublicKey) Equals 

func (pk *BLSPublicKey) Equals(other *BLSPublicKey) bool

Equals checks if two public keys are equal.

func (*BLSPublicKey) Verify 

func (pk *BLSPublicKey) Verify(message []byte, signature *BLSSignature) bool

Verify verifies a signature over a message with this public key.

type BLSSignature 

type BLSSignature struct {
	// contains filtered or unexported fields
}

BLSSignature wraps a BLS12-381 signature (G1 point).

func AggregateSignatures 

func AggregateSignatures(signatures []*BLSSignature) (*BLSSignature, error)

AggregateSignatures aggregates multiple BLS signatures into one. This is the key advantage of BLS: O(1) aggregate signature size.

func BLSSignatureFromBytes 

func BLSSignatureFromBytes(data []byte) (*BLSSignature, error)

BLSSignatureFromBytes reconstructs a signature from bytes.

func (*BLSSignature) Bytes 

func (sig *BLSSignature) Bytes() []byte

Bytes returns the compressed 48-byte G1 point representation.

type Ed25519MultiSignature 

type Ed25519MultiSignature struct {
	// contains filtered or unexported fields
}

Ed25519MultiSignature represents multiple Ed25519 signatures concatenated. This is O(n) size, unlike BLS which is O(1).

func Ed25519MultiSignatureFromBytes 

func Ed25519MultiSignatureFromBytes(data []byte) (*Ed25519MultiSignature, error)

Ed25519MultiSignatureFromBytes reconstructs a multi-signature from bytes.

func NewEd25519MultiSignature 

func NewEd25519MultiSignature(signatures [][]byte, signers []uint16) (*Ed25519MultiSignature, error)

NewEd25519MultiSignature creates a multi-signature from individual signatures.

func (*Ed25519MultiSignature) Bytes 

func (ms *Ed25519MultiSignature) Bytes() []byte

Bytes serializes the multi-signature. Format: [signerCount:2][signer1:2][signer2:2]...[sig1:64][sig2:64]...

func (*Ed25519MultiSignature) Count 

func (ms *Ed25519MultiSignature) Count() int

Count returns the number of signatures in this multi-signature.

func (*Ed25519MultiSignature) Signers 

func (ms *Ed25519MultiSignature) Signers() []uint16

Signers returns the list of validator indices who signed.

func (*Ed25519MultiSignature) Verify 

func (ms *Ed25519MultiSignature) Verify(message []byte, publicKeys map[uint16]*Ed25519PublicKey) error

Verify verifies a multi-signature over a message with multiple public keys.

type Ed25519PrivateKey 

type Ed25519PrivateKey struct {
	// contains filtered or unexported fields
}

Ed25519PrivateKey wraps stdlib Ed25519 private key.

func Ed25519PrivateKeyFromBytes 

func Ed25519PrivateKeyFromBytes(data []byte) (*Ed25519PrivateKey, error)

Ed25519PrivateKeyFromBytes reconstructs a private key from bytes.

func GenerateEd25519Key 

func GenerateEd25519Key() (*Ed25519PrivateKey, error)

GenerateEd25519Key generates a new Ed25519 key pair.

func (*Ed25519PrivateKey) Bytes 

func (sk *Ed25519PrivateKey) Bytes() []byte

Bytes returns the 64-byte private key.

func (*Ed25519PrivateKey) PublicKey 

func (sk *Ed25519PrivateKey) PublicKey() interface {
	Bytes() []byte
	Verify(message []byte, signature []byte) bool
	Equals(other interface{ Bytes() []byte }) bool
	String() string
}

PublicKey returns the public key corresponding to this private key. Returns a pointer to Ed25519PublicKey which implements the PublicKey interface.

func (*Ed25519PrivateKey) Sign 

func (sk *Ed25519PrivateKey) Sign(message []byte) ([]byte, error)

Sign signs a message with this private key.

type Ed25519PublicKey 

type Ed25519PublicKey struct {
	// contains filtered or unexported fields
}

Ed25519PublicKey wraps stdlib Ed25519 public key.

func Ed25519PublicKeyFromBytes 

func Ed25519PublicKeyFromBytes(data []byte) (*Ed25519PublicKey, error)

Ed25519PublicKeyFromBytes reconstructs a public key from bytes.

func (*Ed25519PublicKey) Bytes 

func (pk *Ed25519PublicKey) Bytes() []byte

Bytes returns the 32-byte public key.

func (*Ed25519PublicKey) Equals 

func (pk *Ed25519PublicKey) Equals(other interface{ Bytes() []byte }) bool

Equals checks if two public keys are equal by comparing bytes.

func (*Ed25519PublicKey) String 

func (pk *Ed25519PublicKey) String() string

String returns hex representation of the public key (first 8 bytes).

func (*Ed25519PublicKey) Verify 

func (pk *Ed25519PublicKey) Verify(message []byte, signature []byte) bool

Verify verifies a signature over a message with this public key.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.