Documentation ¶
Index ¶
- Variables
- func HashToInt(hash []byte, c elliptic.Curve) *big.Int
- func MarshalSignature(r, s *big.Int) ([]byte, error)
- func NewKey(l, k uint8, curveName string, params *NewKeyParams) (keyShares []*KeyShare, keyMeta *KeyMeta, err error)
- func RandomFieldElement(c elliptic.Curve) (k *big.Int, err error)
- func RandomInRange(min, max *big.Int) (r *big.Int, err error)
- func UnmarshalSignature(sigByte []byte) (r, s *big.Int, err error)
- type KeyGenZKProof
- type KeyInitMessage
- type KeyInitMessageList
- type KeyMeta
- type KeyShare
- type NewKeyParams
- type Point
- func (p *Point) Add(curve elliptic.Curve, pList ...*Point) *Point
- func (p *Point) BaseMul(curve elliptic.Curve, k *big.Int) *Point
- func (p *Point) Bytes(curve elliptic.Curve) []byte
- func (p *Point) Clone() *Point
- func (p *Point) Cmp(p2 *Point) int
- func (p *Point) Mul(curve elliptic.Curve, p1 *Point, k *big.Int) *Point
- func (p *Point) Neg(p2 *Point) *Point
- func (p *Point) SetBytes(curve elliptic.Curve, b []byte) (p2 *Point, err error)
- func (p *Point) String() string
- type Round1Message
- type Round1MessageList
- type Round2Message
- type Round2MessageList
- type Round3Message
- type Round3MessageList
- type SigSession
- func (state *SigSession) GetSignature(msgs Round3MessageList) (r, s *big.Int, err error)
- func (state *SigSession) Round1() (msg *Round1Message, err error)
- func (state *SigSession) Round2(msgs Round1MessageList) (msg *Round2Message, err error)
- func (state *SigSession) Round3(msgs Round2MessageList) (msg *Round3Message, err error)
- type SigZKProof
- type SigZKProofParams
- type Signature
- type Status
- type ZKProofMeta
Constants ¶
This section is empty.
Variables ¶
Functions ¶
func HashToInt ¶
HashToInt converts a hash value to an integer. There is some disagreement about how this is done. [NSA] suggests that this is done in the obvious manner, but [SECG] truncates the hash to the bit-length of the curve order first. We follow [SECG] because that'S what OpenSSL does. Additionally, OpenSSL right shifts excess bits from the number if the hash is too large and we mirror that too. This function was borrowed from crypto/ecdsa package, and was copied because it was not exported, but it is used on ecdsa signatures in Go.
func NewKey ¶
func NewKey(l, k uint8, curveName string, params *NewKeyParams) (keyShares []*KeyShare, keyMeta *KeyMeta, err error)
NewKey returns a new distributed key share list, using the specified l (total number of nodes), k (threshold), curveName (elliptic curve name, between those Go supports by default) and params (additional params) If the params are nil, it creates them.
func RandomFieldElement ¶
RandomFieldElement returns A random element of the field underlying the given curve using the procedure given in [NSA] A.2.1. Taken from Golang ECDSA implementation
func RandomInRange ¶
RandomInRange returns a number between an interval [min, max).
Types ¶
type KeyGenZKProof ¶
KeyGenZKProof represents the parameters for the Key Generation ZKProof.
func (*KeyGenZKProof) Verify ¶
func (p *KeyGenZKProof) Verify(meta *KeyMeta, vals ...interface{}) error
Verify verifies a ZKProof of KeyGenZKProof type. It receives the key metainfo and 2 arguments, representing the public key share (a point), and the encrypted private key share.
type KeyInitMessage ¶
type KeyInitMessage struct { AlphaI *l2fhe.EncryptedL1 // Encrypted private key share by the node Yi *Point // Public key share by the node Proof *KeyGenZKProof // ZKProof that the value in AlphaI is a valid private key share }
KeyInitMessage defines a message sent on key generation
type KeyInitMessageList ¶
type KeyInitMessageList []*KeyInitMessage
KeyInitMessageList represents a list of KeyInitMessage
func (KeyInitMessageList) Join ¶
func (msgs KeyInitMessageList) Join(meta *KeyMeta) (alpha *l2fhe.EncryptedL1, y *Point, err error)
Join joins a list of KeyInitMessages and returns the encrypted public key and private keys.
type KeyMeta ¶
type KeyMeta struct { *l2fhe.PubKey // L2FHE Public Key *ZKProofMeta // Parameters used by ZK Proofs CurveName string // contains filtered or unexported fields }
KeyMeta represents a set of parameters that are used by every key share.
func (*KeyMeta) GetPublicKey ¶
func (meta *KeyMeta) GetPublicKey(msgs KeyInitMessageList) (pk *ecdsa.PublicKey, err error)
GetPublicKey parses the key init messages and returns the public key of the Signature scheme.
type KeyShare ¶
type KeyShare struct {}
KeyShare represents a "piece" of the key held by a participant of the distributed protocol.
func (*KeyShare) Init ¶
func (p *KeyShare) Init(meta *KeyMeta) (msg *KeyInitMessage, err error)
Init generates the needed initial parameters and creates the KeyInitMessage that needs to be broadcasted to other participants.
func (*KeyShare) NewSigSession ¶
func (p *KeyShare) NewSigSession(meta *KeyMeta, h []byte) (state *SigSession, err error)
NewSigSession creates a new signing session, related to a specific non-empty document. It returns the new signing session and the hashed document, using the hash function defined in keyMeta. The error returned on this function could only be related to the hash encryption.
type NewKeyParams ¶
type NewKeyParams struct {
PaillierFixed *tcpaillier.FixedParams // Paillier Fixed Params.
}
NewKeyParams represents a group of params that the metod NewKey can use.
type Point ¶
Point represents a point in a discrete elliptic curve.
func (*Point) BaseMul ¶
BaseMul multiplies the curve base point by a scalar, using a given elliptic curve.
func (*Point) Bytes ¶
Bytes transforms the point in a unique byte representation, based in Gob.Encode.
func (*Point) Cmp ¶
Cmp returns -1 if the first point is smaller than the second one (comparing x, then y coordinates), 0 if they are equal and 1 if the second point is smaller than the first one.
type Round1Message ¶
type Round1Message struct { Ri *Point // Random point related to the signing process Ui, Vi, Wi *l2fhe.EncryptedL1 // Encrypted u, V and W shares Proof *SigZKProof // ZLProof that the values encrypted are valid }
Round1Message defines a message sent on Signature Initialization (Round1 on this implementation)
type Round1MessageList ¶
type Round1MessageList []*Round1Message
Round1MessageList represents a list of Round1Message
func (Round1MessageList) Join ¶
func (msgs Round1MessageList) Join(meta *KeyMeta) (R *Point, u, v, w *l2fhe.EncryptedL1, err error)
Join joins a list of Round1Messages and returns the values R, u, v and w.
type Round2Message ¶
type Round2Message struct { PDZ *l2fhe.DecryptedShareL2 // Z Decrypt share. Proof *l2fhe.DecryptedShareL2ZK // Proof that PDZ is a partial decryption of Z }
Round2Message defines a message sent on Round 2
type Round2MessageList ¶
type Round2MessageList []*Round2Message
Round2MessageList represents a list of Round2Message
func (Round2MessageList) Join ¶
func (msgs Round2MessageList) Join(meta *KeyMeta, z *l2fhe.EncryptedL2) (nu *big.Int, err error)
Join joins a list of Round2Messages and returns the value nu. The Z value required is to check the ZKProofs.
type Round3Message ¶
type Round3Message struct { PDSigma *l2fhe.DecryptedShareL2 // sigma Decrypt share. Proof *l2fhe.DecryptedShareL2ZK // Proof that PDSigma is a partial decryption of sigma }
Round3Message defines a message sent on Round 3
type Round3MessageList ¶
type Round3MessageList []*Round3Message
Round3MessageList represents a list of Round3Message
func (Round3MessageList) Join ¶
func (msgs Round3MessageList) Join(meta *KeyMeta, sigma *l2fhe.EncryptedL2) (s *big.Int, err error)
Join joins a list of Round3Messages and returns the value S. the sigma value required is to check the ZKProofs.
type SigSession ¶
type SigSession struct {
// contains filtered or unexported fields
}
SigSession represents a set of values saved and used by the participants to generate an specific Signature. It is an ephimeral structure and it lives only while the Signature is being created.
func (*SigSession) GetSignature ¶
func (state *SigSession) GetSignature(msgs Round3MessageList) (r, s *big.Int, err error)
GetSignature joins the last values and returns the Signature. It is described in the paper as the joining process of partially decrypted values.
func (*SigSession) Round1 ¶
func (state *SigSession) Round1() (msg *Round1Message, err error)
Round1 starts the signing process generating a set of random values and the ZKProof of them. It represents Round 1 and Round 2 in paper, because our implementation doesn't consider the usage of commits.
func (*SigSession) Round2 ¶
func (state *SigSession) Round2(msgs Round1MessageList) (msg *Round2Message, err error)
Round2 uses the values generated in Round1 to generate R and u, a value that is needed for GetSignature It is Round 3 in paper.
func (*SigSession) Round3 ¶
func (state *SigSession) Round3(msgs Round2MessageList) (msg *Round3Message, err error)
Round3 joins the partially decrypted Z of the last round and generates a partial decryption of sigma. It is Round 4 in paper
type SigZKProof ¶
type SigZKProof struct { U1 *Point U2, U3, U4 *big.Int Z1, Z2, Z3 *big.Int V1, V2, V3 *big.Int S1, S3, S4, S5, S6, S7 *big.Int T1, T2, T3 *big.Int E *big.Int }
SigZKProof represents the parameters for the Signature ZKProof.
func NewSigZKProof ¶
func NewSigZKProof(meta *KeyMeta, p *SigZKProofParams) (proof *SigZKProof, err error)
NewSigZKProof creates the SigZKProof used by the protocol. This implementation is based on the original one by the authors of the paper.
func (*SigZKProof) Verify ¶
func (p *SigZKProof) Verify(meta *KeyMeta, vals ...interface{}) error
Verify verifies a ZKProof of SigZKProof type. It receives the key metainfo and 4 arguments, representing a random point share used in the signing process, and a three random values encrypted and used as shares of other values of the protocol.
type SigZKProofParams ¶
type SigZKProofParams struct { Ri *Point Eta1, Eta2, Eta3 *big.Int RandVi, RandUi, RandWi *big.Int EncVi, EncUi, EncWi *l2fhe.EncryptedL1 }
SigZKProofParams groups all the params used on Signing ZKProof.
type Status ¶
type Status uint8
Status represents the current state of a SigSession
const ( NotInited Status = iota // Session was created. Round1 // Session has passed Round 1. Round2 // Session has passed Round 2. Round3 // Session has passed Round 3. Finished // Session is finished. Undefined Status = iota // Undefined status. )
The following consts represent the different status a session could be.