secp256k1

package
Version: v1.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 19, 2021 License: GPL-3.0, BSD-3-Clause Imports: 9 Imported by: 14

Documentation

Overview

Package secp256k1 wraps the bitcoin secp256k1 C library.

secp256k1 refers to the parameters of the elliptic curve used in Bitcoin's public-key cryptography and is defined in Standards for Efficient Cryptography (SEC)(Certicom Research, http://www.secg.org/sec2-v2.pdf).

Package secp256k1 provides wrapper functions to utilize the library functions in Go.

Source Files

Each source file has the following contents

- secp256.go  : Provides wrapper functions to utilize the secp256k1 library written in C
- curve.go    : Implements Koblitz elliptic curves
- panic_cb.go : Provides callbacks for converting libsecp256k1 internal faults into recoverable Go panics
- schnorr.go  : Implements Schnorr signature algorithm. It is planned to be used in Klaytn

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidMsgLen       = errors.New("invalid message length, need 32 bytes")
	ErrInvalidSignatureLen = errors.New("invalid signature length")
	ErrInvalidRecoveryID   = errors.New("invalid signature recovery id")
	ErrInvalidKey          = errors.New("invalid private key")
	ErrInvalidPubkey       = errors.New("invalid public key")
	ErrSignFailed          = errors.New("signing failed")
	ErrRecoverFailed       = errors.New("recovery failed")
)

Functions

func CompressPubkey

func CompressPubkey(x, y *big.Int) []byte

CompressPubkey encodes a public key to 33-byte compressed format.

func ComputeC

func ComputeC(keys ...[]byte) []byte

ComputeC derives the common value for multiple public keys.

func DecompressPubkey

func DecompressPubkey(pubkey []byte) (x, y *big.Int)

DecompressPubkey parses a public key in the 33-byte compressed format. It returns non-nil coordinates if the public key is valid.

func RecoverPubkey

func RecoverPubkey(msg []byte, sig []byte) ([]byte, error)

RecoverPubkey returns the public key of the signer. msg must be the 32-byte hash of the message to be signed. sig must be a 65-byte compact ECDSA signature containing the recovery id as the last element.

func ScAdd

func ScAdd(a, b []byte) []byte

ScAdd is a simple C-binding performing addition between two input scalars.

func ScBaseMul

func ScBaseMul(a []byte) []byte

ScBaseMul is a simple C-binding performing a * G where a is an input scalar and G is SECP256k1 curve.

func ScMul

func ScMul(a, b []byte) []byte

ScMul is a simple C-binding performing multiplication for two input scalars.

func ScPointMul

func ScPointMul(point, a []byte) []byte

ScPointMul is a simple C-binding performing multiplication between a curve point and a scalar. Returns a point in the uncompressed format.

func ScSub

func ScSub(a, b []byte) []byte

ScSub is a simple C-binding performing subtraction between two input scalars.

func SchnorrSignMultiBootstrap

func SchnorrSignMultiBootstrap(G *BitCurve, msg, privateKey, publicKey []byte, othersPublicKeys ...[]byte) (Q, R, y []byte)

SchnorrSignMultiBootstrap computes an individual share of a Schnorr multi-signature given all public keys. Q: a dedicated, security hardened public key for this multi-signature party R: a part of the generating multi-signature for the input publickey y: a dedicated, security hardened private key for this multi-signature party

func SchnorrSignMultiComputeS

func SchnorrSignMultiComputeS(msg, P, R, y []byte) []byte

SchnorrSignMultiComputeS computes the s part of a Schnorr multi-signature (i.e., s in (R, s)).

func SchnorrSignSingle

func SchnorrSignSingle(G *BitCurve, msg, x, P []byte) ([]byte, []byte)

SchnorrSignSingle digitally signs the input message using Schnorr signature scheme.

func SchnorrVerify

func SchnorrVerify(G *BitCurve, msg, R, s, P []byte) bool

SchnorrVerifySingle verifies a Schnorr signature. Note that this implementation is relatively slow compared to the C implementation. Use this sparingly.

func SchnorrVerifyNative

func SchnorrVerifyNative(message, R, s, P []byte) bool

SchnorrVerifyMulti verifies a Schnorr signature. Returns true iff (R, s) is a valid signature verifiable by P; false otherwise. R and P should be uncompressed points on SECP256k1 curve with proper padding in front (i.e., starting with 0x04). P can be a single key or a combined public key s.t. P = P0 + P1 + ... + PN where Pi is a public key for i = 0..N. s is a 32-byte scalar.

func Sign

func Sign(msg []byte, seckey []byte) ([]byte, error)

Sign creates a recoverable ECDSA signature. The produced signature is in the 65-byte [R || S || V] format where V is 0 or 1.

The caller is responsible for ensuring that msg cannot be chosen directly by an attacker. It is usually preferable to use a cryptographic hash function on any input before handing it to this function.

func VerifySignature

func VerifySignature(pubkey, msg, signature []byte) bool

VerifySignature checks that the given pubkey created signature over message. The signature should be in [R || S] format.

Types

type BitCurve

type BitCurve struct {
	P       *big.Int // the order of the underlying field
	N       *big.Int // the order of the base point
	B       *big.Int // the constant of the BitCurve equation
	Gx, Gy  *big.Int // (x,y) of the base point
	BitSize int      // the size of the underlying field
}

A BitCurve represents a Koblitz Curve with a=0. See http://www.hyperelliptic.org/EFD/g1p/auto-shortw.html

func S256

func S256() *BitCurve

S256 returns a BitCurve which implements secp256k1.

func (*BitCurve) Add

func (BitCurve *BitCurve) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int)

Add returns the sum of (x1,y1) and (x2,y2)

func (*BitCurve) Double

func (BitCurve *BitCurve) Double(x1, y1 *big.Int) (*big.Int, *big.Int)

Double returns 2*(x,y)

func (*BitCurve) IsOnCurve

func (BitCurve *BitCurve) IsOnCurve(x, y *big.Int) bool

IsOnCurve returns true if the given (x,y) lies on the BitCurve.

func (*BitCurve) Marshal

func (BitCurve *BitCurve) Marshal(x, y *big.Int) []byte

Marshal converts a point into the form specified in section 4.3.6 of ANSI X9.62.

func (*BitCurve) Params

func (BitCurve *BitCurve) Params() *elliptic.CurveParams

func (*BitCurve) ScalarBaseMult

func (BitCurve *BitCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int)

ScalarBaseMult returns k*G, where G is the base point of the group and k is an integer in big-endian form.

func (*BitCurve) ScalarMult

func (BitCurve *BitCurve) ScalarMult(Bx, By *big.Int, scalar []byte) (*big.Int, *big.Int)

func (*BitCurve) Unmarshal

func (BitCurve *BitCurve) Unmarshal(data []byte) (x, y *big.Int)

Unmarshal converts a point, serialised by Marshal, into an x, y pair. On error, x = nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL