package module
Version: v0.0.0-...-bb9ccd8 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Oct 23, 2018 License: MIT Imports: 5 Imported by: 0



Implementation of the eXtended Naor-Yung Signature Scheme. It was specifically designed for use in blockchain technologies.

XNYSS uses a modified form of Naor-Yung chaining to transform a One-Time Signature (OTS) scheme into a many-time scheme. This is achieved by including the hashes of two public keys, to be used for future signatures, in every created signature. Thus every signature in the resulting binary tree can be traced back to the first one.

This implementation is part of my master's thesis, which can be found here.



Implements the eXtended Naor-Yung Signature Scheme (XNYSS). Note that the NYTree struct is not thread safe.



View Source
const (
	MsgLen    = 32
	SigLen    = wotsp.SigLen
	PubKeyLen = wotsp.PubKeyLen


View Source
var (
	ErrInvalidSigEncoding = errors.New("invalid signature encoding")
	ErrSigMsgNotSet       = errors.New("signature message is not set")
View Source
var (
	ErrInvalidMsgLen     = errors.New("invalid message length (must be 32 bytes)")
	ErrTreeInvalidInput  = errors.New("invalid input, must contain at least a private and a public seed")
	ErrTreeNoneAvailable = errors.New("no signature nodes available")
	ErrTreeBackupOneTime = errors.New("cannot create a backup of a one-time tree")
	ErrTreeBackupFailed  = errors.New("more backup nodes requested than are available")
View Source
var Branches = 3

Denotes the branching factor when using long-term keys

View Source
var ConfirmsRequired uint8 = 1

Denotes the amount of confirmations (or block depth) that are required before a node can be used to create new signatures.

View Source
var (
	ErrNodeInvalidInput = errors.New("input is not a valid node")


This section is empty.


type NYTree

type NYTree struct {
	// contains filtered or unexported fields

func Load

func Load(b []byte) (*NYTree, error)

Loads an existing Naor-Yung chain tree from bytes.

func New

func New(seed, pubSeed []byte, ots bool) *NYTree

Creates a new Naor-Yung chain tree using the given secret and public seeds.

func (*NYTree) Available

func (t *NYTree) Available(txid []byte) (n int)

Returns the amount of signatures that can be created with the tree t. If txid is not nil, nodes with a matching txid are counted as valid even if they do not have enough confirmations. This is useful when a transaction includes multiple inputs: these can all be signed in one subtree.

func (*NYTree) Backup

func (t *NYTree) Backup(count int) (*NYTree, error)

Create a backup of the tree t by moving 'count' nodes of t to a new tree. A backup can only be created if the original tree contains more than one node that is available for signing (i.e. has at least ConfirmsRequired confirmations).

func (*NYTree) Bytes

func (t *NYTree) Bytes() []byte

Returns a byte representation of the tree t.

func (*NYTree) Confirm

func (t *NYTree) Confirm(pkh []byte, confirms uint8)

Sets the confirmation count of all nodes in the tree with the given txid to the given number of confirmations.

Because we have to calculate the public key hash for every node on the fly, this function can be a performance hog if you need to confirm many nodes. We can speed this up by saving the public key hash of every (unconfirmed) node, which would increase the size of every node with 32 bytes. Depending on the amount of (unconfirmed) nodes that are in the state, this could be an acceptable tradeoff. An ameliorating factor is that when we are confirming a batch of nodes, the performance of this function will improve after every call since each time an additional node will be confirmed.

func (*NYTree) PublicKey

func (t *NYTree) PublicKey() []byte

Returns the long-term public key of a tree.

func (*NYTree) Sign

func (t *NYTree) Sign(msg, txid []byte) (*Signature, error)

Creates a signature for the given message. The txid and input are used to create new nodes in the tree. Returns an error if no nodes are available to create new signatures, of if the input message is longer than 32 bytes.

Whenever a signature is created, two new nodes are added to the tree. These new nodes can be used in the future to create new signatures. The returned signature signs the message H(msg||H(pk1)||H(pk2)) where msg is the original message passed to this function. Both H(pk1) and H(pk2) are included in the returned signature structure.

func (*NYTree) Unconfirmed

func (t *NYTree) Unconfirmed() (pkhashes [][]byte)

Returns a list of public key hashes of unconfirmed nodes present in the tree.

func (*NYTree) Wipe

func (t *NYTree) Wipe()

Wipes secret data.

type Signature

type Signature struct {
	PubSeed     []byte
	Message     []byte
	ChildHashes [][]byte
	SigBytes    []byte

func NewSignature

func NewSignature(sigBytes, msg []byte) (sig *Signature, err error)

func (*Signature) Bytes

func (sig *Signature) Bytes() []byte

func (*Signature) PublicKey

func (sig *Signature) PublicKey() ([]byte, error)


Path Synopsis
Implements WOTSP-SHA2_256 as documented in the IETF XMSS draft (https://datatracker.ietf.org/doc/draft-irtf-cfrg-xmss-hash-based-signatures/)
Implements WOTSP-SHA2_256 as documented in the IETF XMSS draft (https://datatracker.ietf.org/doc/draft-irtf-cfrg-xmss-hash-based-signatures/)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL