babyjub

package
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 15, 2023 License: Apache-2.0, MIT Imports: 13 Imported by: 0

Documentation

Overview

Package babyjub eddsa implements the EdDSA over the BabyJubJub curve

Index

Constants

This section is empty.

Variables

View Source 
var A *big.Int

A is one of the babyjub constants.

View Source 
var Aff *ff.Element

Aff is A value in *ff.Element representation

View Source 
var D *big.Int

D is one of the babyjub constants.

View Source 
var Dff *ff.Element

Dff is D value in *ff.Element representation

View Source 
var Order *big.Int

Order of the babyjub curve.

View Source 
var SubOrder *big.Int

SubOrder is the order of the subgroup of the babyjub curve that contains the points that we use.

Functions

func Blake512 

func Blake512(m []byte) []byte

Blake512 performs the blake-512 hash over the buffer m. Note that this is the original blake from the SHA3 competition and not the new blake2 version.

func PackSignY 

func PackSignY(sign bool, y *big.Int) [32]byte

PackSignY packs the given sign and the coordinate Y of a point into a 32 byte array. This method does not check that the values belong to a valid Point in the curve.

func PointCoordSign 

func PointCoordSign(c *big.Int) bool

PointCoordSign returns the sign of the curve point coordinate. It returns false if the sign is positive and false if the sign is negative.

func SkToBigInt 

func SkToBigInt(k *PrivateKey) *big.Int

SkToBigInt converts a private key into the *big.Int value following the EdDSA standard, and using blake-512 hash

func UnpackSignY 

func UnpackSignY(leBuf [32]byte) (bool, *big.Int)

UnpackSignY returns the sign and coordinate Y from a given compressed point. This method does not check that the Point belongs to the BabyJubJub curve, thus does not return error in such case. This method is intended to obtain the sign and the Y coordinate without checking if the point belongs to the curve, if the objective is to uncompress a point, Decompress method should be used instead.

Types

type BjjWrappedPrivateKey 

type BjjWrappedPrivateKey struct {
	// contains filtered or unexported fields
}

BjjWrappedPrivateKey is a wrapper for PrivateKey.

func NewBjjWrappedKey 

func NewBjjWrappedKey(privKey *PrivateKey) *BjjWrappedPrivateKey

NewBjjWrappedKey creates a new BjjWrappedPrivateKey.

func RandomBjjWrappedKey 

func RandomBjjWrappedKey() *BjjWrappedPrivateKey

RandomBjjWrappedKey creates a new BjjWrappedPrivateKey with a random private key.

func (*BjjWrappedPrivateKey) Equal 

func (w *BjjWrappedPrivateKey) Equal(x crypto.PrivateKey) bool

Equal returns true if the private keys are equal.

func (*BjjWrappedPrivateKey) Public 

func (w *BjjWrappedPrivateKey) Public() crypto.PublicKey

Public returns the public key of the private key.

func (*BjjWrappedPrivateKey) Sign 

func (w *BjjWrappedPrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign signs the digest with the private key.

type BjjWrappedPublicKey 

type BjjWrappedPublicKey struct {
	// contains filtered or unexported fields
}

BjjWrappedPublicKey is a wrapper for PublicKey.

func (*BjjWrappedPublicKey) Equal 

func (pub *BjjWrappedPublicKey) Equal(x crypto.PublicKey) bool

Equal returns true if the public keys are equal.

type Point 

type Point struct {
	X *big.Int
	Y *big.Int
}

Point represents a point of the babyjub curve. 

var B8 *Point

B8 is a base point of the babyjub multiplied by 8 to make it a base point of the subgroup in the curve.

func NewPoint 

func NewPoint() *Point

NewPoint creates a new Point.

func PointFromSignAndY 

func PointFromSignAndY(sign bool, y *big.Int) (*Point, error)

PointFromSignAndY returns a Point from a Sign and the Y coordinate

func (*Point) Compress 

func (p *Point) Compress() [32]byte

Compress the point into a 32 byte array that contains the y coordinate in little endian and the sign of the x coordinate.

func (*Point) Decompress 

func (p *Point) Decompress(leBuf [32]byte) (*Point, error)

Decompress a compressed Point into p, and also returns the decompressed Point. Returns error if the compressed Point is invalid.

func (*Point) InCurve 

func (p *Point) InCurve() bool

InCurve returns true when the Point p is in the babyjub curve.

func (*Point) InSubGroup 

func (p *Point) InSubGroup() bool

InSubGroup returns true when the Point p is in the subgroup of the babyjub curve.

func (*Point) Mul 

func (p *Point) Mul(s *big.Int, q *Point) *Point

Mul multiplies the Point q by the scalar s and stores the result in p, which is also returned.

func (*Point) Projective 

func (p *Point) Projective() *PointProjective

Projective returns a PointProjective from the Point

func (*Point) Set 

func (p *Point) Set(c *Point) *Point

Set copies a Point c into the Point p

type PointProjective 

type PointProjective struct {
	X *ff.Element
	Y *ff.Element
	Z *ff.Element
}

PointProjective is the Point representation in projective coordinates

func NewPointProjective 

func NewPointProjective() *PointProjective

NewPointProjective creates a new Point in projective coordinates.

func (*PointProjective) Add 

func (p *PointProjective) Add(q, o *PointProjective) *PointProjective

Add computes the addition of two points in projective coordinates representation

func (*PointProjective) Affine 

func (p *PointProjective) Affine() *Point

Affine returns the Point from the projective representation

type PrivKeyScalar 

type PrivKeyScalar big.Int

PrivKeyScalar represents the scalar s output of a private key

func NewPrivKeyScalar 

func NewPrivKeyScalar(s *big.Int) *PrivKeyScalar

NewPrivKeyScalar creates a new PrivKeyScalar from a big.Int

func (*PrivKeyScalar) BigInt 

func (s *PrivKeyScalar) BigInt() *big.Int

BigInt returns the big.Int corresponding to a PrivKeyScalar.

func (*PrivKeyScalar) Public 

func (s *PrivKeyScalar) Public() *PublicKey

Public returns the public key corresponding to the scalar value s of a private key.

type PrivateKey 

type PrivateKey [32]byte

PrivateKey is an EdDSA private key, which is a 32byte buffer.

func NewRandPrivKey 

func NewRandPrivKey() PrivateKey

NewRandPrivKey generates a new random private key (using cryptographically secure randomness).

func (*PrivateKey) Public 

func (k *PrivateKey) Public() *PublicKey

Public returns the public key corresponding to a private key.

func (*PrivateKey) Scalar 

func (k *PrivateKey) Scalar() *PrivKeyScalar

Scalar converts a private key into the scalar value s following the EdDSA standard, and using blake-512 hash.

func (*PrivateKey) SignMimc7 

func (k *PrivateKey) SignMimc7(msg *big.Int) *Signature

SignMimc7 signs a message encoded as a big.Int in Zq using blake-512 hash for buffer hashing and mimc7 for big.Int hashing.

func (*PrivateKey) SignPoseidon 

func (k *PrivateKey) SignPoseidon(msg *big.Int) *Signature

SignPoseidon signs a message encoded as a big.Int in Zq using blake-512 hash for buffer hashing and Poseidon for big.Int hashing.

type PublicKey 

type PublicKey Point

PublicKey represents an EdDSA public key, which is a curve point.

func (*PublicKey) Compress 

func (pk *PublicKey) Compress() PublicKeyComp

Compress returns the PublicKeyCompr for the given PublicKey

func (PublicKey) MarshalText 

func (pk PublicKey) MarshalText() ([]byte, error)

MarshalText implements the marshaler for PublicKey

func (*PublicKey) Point 

func (pk *PublicKey) Point() *Point

Point returns the Point corresponding to a PublicKey.

func (*PublicKey) Scan 

func (pk *PublicKey) Scan(src interface{}) error

Scan implements Scanner for database/sql.

func (PublicKey) String 

func (pk PublicKey) String() string

String returns the string representation of the PublicKey

func (*PublicKey) UnmarshalText 

func (pk *PublicKey) UnmarshalText(h []byte) error

UnmarshalText implements the unmarshaler for the PublicKey

func (PublicKey) Value 

func (pk PublicKey) Value() (driver.Value, error)

Value implements valuer for database/sql.

func (*PublicKey) VerifyMimc7 

func (pk *PublicKey) VerifyMimc7(msg *big.Int, sig *Signature) bool

VerifyMimc7 verifies the signature of a message encoded as a big.Int in Zq using blake-512 hash for buffer hashing and mimc7 for big.Int hashing.

func (*PublicKey) VerifyPoseidon 

func (pk *PublicKey) VerifyPoseidon(msg *big.Int, sig *Signature) bool

VerifyPoseidon verifies the signature of a message encoded as a big.Int in Zq using blake-512 hash for buffer hashing and Poseidon for big.Int hashing.

type PublicKeyComp 

type PublicKeyComp [32]byte

PublicKeyComp represents a compressed EdDSA Public key; it's a compressed curve point.

func (*PublicKeyComp) Decompress 

func (pkComp *PublicKeyComp) Decompress() (*PublicKey, error)

Decompress returns the PublicKey for the given PublicKeyComp

func (PublicKeyComp) MarshalText 

func (pkComp PublicKeyComp) MarshalText() ([]byte, error)

MarshalText implements the marshaler for the PublicKeyComp

func (*PublicKeyComp) Scan 

func (pkComp *PublicKeyComp) Scan(src interface{}) error

Scan implements Scanner for database/sql.

func (PublicKeyComp) String 

func (pkComp PublicKeyComp) String() string

String returns the string representation of the PublicKeyComp

func (*PublicKeyComp) UnmarshalText 

func (pkComp *PublicKeyComp) UnmarshalText(h []byte) error

UnmarshalText implements the unmarshaler for the PublicKeyComp

func (PublicKeyComp) Value 

func (pkComp PublicKeyComp) Value() (driver.Value, error)

Value implements valuer for database/sql.

type Signature 

type Signature struct {
	R8 *Point
	S  *big.Int
}

Signature represents an EdDSA uncompressed signature.

func DecompressSig 

func DecompressSig(commpresedSig []byte) (*Signature, error)

DecompressSig decompresses a compressed signature.

func (*Signature) Compress 

func (s *Signature) Compress() SignatureComp

Compress an EdDSA signature by concatenating the compression of the point R8 and the Little-Endian encoding of S.

func (*Signature) Decompress 

func (s *Signature) Decompress(buf [64]byte) (*Signature, error)

Decompress a compressed signature into s, and also returns the decompressed signature. Returns error if the Point decompression fails.

func (*Signature) Scan 

func (s *Signature) Scan(src interface{}) error

Scan implements Scanner for database/sql.

func (Signature) Value 

func (s Signature) Value() (driver.Value, error)

Value implements valuer for database/sql.

type SignatureComp 

type SignatureComp [64]byte

SignatureComp represents a compressed EdDSA signature.

func (*SignatureComp) Decompress 

func (sComp *SignatureComp) Decompress() (*Signature, error)

Decompress a compressed signature. Returns error if the Point decompression fails.

func (SignatureComp) MarshalText 

func (sComp SignatureComp) MarshalText() ([]byte, error)

MarshalText implements the marshaler for the SignatureComp

func (*SignatureComp) Scan 

func (sComp *SignatureComp) Scan(src interface{}) error

Scan implements Scanner for database/sql.

func (SignatureComp) String 

func (sComp SignatureComp) String() string

String returns the string representation of the SignatureComp

func (*SignatureComp) UnmarshalText 

func (sComp *SignatureComp) UnmarshalText(h []byte) error

UnmarshalText implements the unmarshaler for the SignatureComp

func (SignatureComp) Value 

func (sComp SignatureComp) Value() (driver.Value, error)

Value implements valuer for database/sql.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.