vrf

package
v0.0.0-...-4f0ab6e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 29, 2021 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PublicKeySize is the size, in bytes, of public keys as used in this package.
	PublicKeySize = 32
	// PrivateKeySize is the size, in bytes, of private keys as used in this package.
	PrivateKeySize = 64
)
View Source 
const (
	// N2 is a necessary parameter for ed25519 algorithm
	N2 = 32 // ceil(log2(qs) / 8)
	// N is a necessary parameter for ed25519 algorithm
	N = N2 / 2

	NOSIGN = 3
)

Variables

View Source 
var (
	// ErrMalformedInput returns the error of malformed input.
	ErrMalformedInput = errors.New("ECVRF: malformed input")
	// ErrDecodeError returns the error of failed to decode proof.
	ErrDecodeError = errors.New("ECVRF: decode error")
)

Functions

func DecodeProof 

func DecodeProof(pi []byte) (r *ed.ExtendedGroupElement, c *[N2]byte, s *[N2]byte, err error)

DecodeProof decode from bytes to VRF proof.

func ECP2OS 

func ECP2OS(P *ed.ExtendedGroupElement) []byte

func ECP2OSProj 

func ECP2OSProj(P *ed.ProjectiveGroupElement) []byte

func F2IP 

func F2IP(f *[32]byte) *big.Int

F2IP converts a field number (in LittleEndian) to a big int.

func G 

func G() *ed.ExtendedGroupElement

func GeAdd 

func GeAdd(p, qe *ed.ExtendedGroupElement) *ed.ExtendedGroupElement

func GeDouble 

func GeDouble(p *ed.ExtendedGroupElement) *ed.ExtendedGroupElement

func GeScalarMult 

func GeScalarMult(h *ed.ExtendedGroupElement, a *[32]byte) *ed.ExtendedGroupElement

func GeneratePkWithSk 

func GeneratePkWithSk(sk string) (PublicKey, PrivateKey, error)

GeneratePkWithSk generates KeyPair With sk(string)

func I2OSP 

func I2OSP(b *big.Int, n int) []byte

func IP2F 

func IP2F(b *big.Int) *[32]byte

IP2F converts a big int to a field number.

func OS2ECP 

func OS2ECP(os []byte, sign byte) *ed.ExtendedGroupElement

func OS2IP 

func OS2IP(os []byte) *big.Int

func S2OS 

func S2OS(s []byte) []byte

S2OS just prepend the sign octet.

func ToCached 

func ToCached(r *CachedGroupElement, p *ed.ExtendedGroupElement)

Types

type CachedGroupElement 

type CachedGroupElement struct {
	Z, T2d ed.FieldElement
	// contains filtered or unexported fields
}

CachedGroupElement is copied from ed.go and const.go in golang.org/x/crypto/ed25519/internal/ed

type Ed25519VRF 

type Ed25519VRF struct{}

func (Ed25519VRF) Generate 

func (vrf Ed25519VRF) Generate(pk PublicKey, sk PrivateKey, msg []byte) (proof []byte, err error)

Generate proof of given msg.

PublicKey and PrivateKey must be generated from EC25519, i.e. ed25519.GenerateKey()

Steps: 1. h = hash_to_curve(suite, y, seed) 2. h1 = EC2OSP(h) 3. gamma = h^x 4. k = nonce_generation(sk, h1) 5. c = hash_points(h, gamma, g^k, h^k) 6. s = (k + c * x) mod q (* = integer multiplication) 7. output = EC2OSP(gamma) || I2OSP(c, n) || I2OSP(s, 2n)

func (Ed25519VRF) GenerateKey 

func (vrf Ed25519VRF) GenerateKey(rnd io.Reader) (pk PublicKey, sk PrivateKey, err error)

GenerateKey creates a public/private key pair. rnd is used for randomness. If it is nil, `crypto/rand` is used.

func (Ed25519VRF) ProofToHash 

func (vrf Ed25519VRF) ProofToHash(proof []byte) []byte

ProofToHash generates hash from given proof.

Steps: 1. (gamma, c, s) = decode_proof(pi) 2. three = 0x03 = I2OSP(3, 1) 3. preBeta = Hash(suite || three || EC2OSP(gamma ^cofactor)) 4. output = first 2n octets of preBeta

func (Ed25519VRF) VRF 

func (vrf Ed25519VRF) VRF(pk PublicKey, sk PrivateKey, msg []byte) (hash []byte, proof []byte, err error)

VRF returns the proof and its hash.

func (Ed25519VRF) VerifyProof 

func (vrf Ed25519VRF) VerifyProof(pk PublicKey, proof []byte, msg []byte) (bool, error)

VerifyProof verifies the proof given seed.

Steps:

  1. (gamma, c, s) = decode(pi)
  2. u = g^s / y^c (where / denotes EC point subtraction, i.e. the group operation applied to g^s and the inverse of y^c
  3. h = hash_to_curve(suite, y, seed)
  4. v = h^s * gamma^c
  5. c'= hash_points(h, gamma, u, v)
  6. output = (c == c')

type PrivateKey 

type PrivateKey []byte

PrivateKey defines to be private key data structure of MultiVAC account.

type PublicKey 

type PublicKey []byte

PublicKey defines to be public key data structure of MultiVAC account.

type VRF 

type VRF interface {
	// GenerateKey creates a public/private key pair. rnd is used for randomness.
	//
	// If rnd is nil, 'crypto/rand' is used.
	GenerateKey(rnd io.Reader) (pk PublicKey, sk PrivateKey, err error)

	// Generates a proof with given private key and public key.
	//
	// Note: the public key is not necessary. Just for efficiency.
	Generate(pk PublicKey, sk PrivateKey, msg []byte) (proof []byte, err error)

	// Verifies the proof is indeed for given message.
	//
	// Notice that the PublicKey belongs to the broadcaster of the RNG, not the node itself.
	VerifyProof(publicKey PublicKey, pf []byte, msg []byte) (res bool, err error)

	// Renders hash from proof.
	ProofToHash(pf []byte) []byte

	// TODO Clean up the API and update test for this.
	// Generates hash and its proof
	VRF(pk PublicKey, sk PrivateKey, msg []byte) (hash []byte, proof []byte, err error)
}

VRF is named Verifiable Random Function. See https://en.wikipedia.org/wiki//Verifable_random_function for more info.

This class is overall in charge of all functionalities related to VRF, including generating RNG, verification, etc.

VRF is designed to be a stateless oracle(like how it was originally designed). Caller is responsible for rendering the private key.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.