crypto

package
v0.0.0-...-15eb78e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 30, 2022 License: AGPL-3.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// FalconSeedSize Represents the size in bytes of the random bytes used to generate Falcon keys
	FalconSeedSize = 48

	// FalconMaxSignatureSize Represents the max possible size in bytes of a falcon signature
	FalconMaxSignatureSize = cfalcon.CTSignatureSize
)
View Source 
const (
	Sha512_256Size    = sha512.Size256
	SumhashDigestSize = sumhash.Sumhash512DigestSize
)

size of each hash

View Source 
const DigestSize = sha512.Size256

DigestSize is the number of bytes in the preferred hash Digest used here.

View Source 
const MaxHashDigestSize = SumhashDigestSize

MaxHashDigestSize is used to bound the max digest size. it is important to change it if a hash with a longer output is introduced.

Variables

View Source 
var (
	ErrBatchVerificationFailed = errors.New("At least one signature didn't pass verification")
	ErrZeroTransactionInBatch  = errors.New("Could not validate empty signature set")
)

Batch verifications errors

View Source 
var BlankSignature = Signature{}

BlankSignature is an empty signature structure, containing nothing but zeroes

View Source 
var SystemRNG = &systemRNG{}

SystemRNG implements the RNG interface using the system-wide randomness source (from Go's crypto/rand).

Functions

func GenericHashObj 

func GenericHashObj(hsh hash.Hash, h Hashable) []byte

GenericHashObj Makes it easier to sum using hash interface and Hashable interface

func HashRep 

func HashRep(h Hashable) []byte

HashRep appends the correct hashid before the message to be hashed.

func MultisigAdd 

func MultisigAdd(unisig []MultisigSig, msig *MultisigSig) (err error)

MultisigAdd adds unisig to an existing msig

func MultisigBatchVerify 

func MultisigBatchVerify(msg Hashable, addr Digest, sig MultisigSig, batchVerifier *BatchVerifier) (verified bool, err error)

MultisigBatchVerify verifies an assembled MultisigSig. it is the caller responsibility to call batchVerifier.verify()

func MultisigVerify 

func MultisigVerify(msg Hashable, addr Digest, sig MultisigSig) (verified bool, err error)

MultisigVerify verifies an assembled MultisigSig

func NewHash 

func NewHash() hash.Hash

NewHash returns a sha512-256 object to do the same operation as Hash()

func RandBytes 

func RandBytes(buf []byte)

RandBytes fills the provided structure with a set of random bytes

func RandUint63 

func RandUint63() uint64

RandUint63 returns a random 64-bit unsigned integer which can be stored in a 64-bit signed integer without any data loss.

func RandUint64 

func RandUint64() uint64

RandUint64 returns a random 64-bit unsigned integer

func VrfKeygen 

func VrfKeygen() (pub VrfPubkey, priv VrfPrivkey)

VrfKeygen generates a random VRF keypair.

func VrfKeygenFromSeed 

func VrfKeygenFromSeed(seed [32]byte) (pub VrfPubkey, priv VrfPrivkey)

VrfKeygenFromSeed deterministically generates a VRF keypair from 32 bytes of (secret) entropy.

Types

type BatchVerifier 

type BatchVerifier struct {
	// contains filtered or unexported fields
}

BatchVerifier enqueues signatures to be validated in batch.

func MakeBatchVerifier 

func MakeBatchVerifier(hint int, enableBatchVerification bool) *BatchVerifier

MakeBatchVerifier create a BatchVerifier instance. This function pre-allocates a given space so it will not expaned the storage

func MakeBatchVerifierDefaultSize 

func MakeBatchVerifierDefaultSize(enableBatchVerification bool) *BatchVerifier

MakeBatchVerifierDefaultSize create a BatchVerifier instance. This function pre-allocates amount of free space to enqueue signatures without expanding

func MakeBatchVerifierWithAlgorithmDefaultSize 

func MakeBatchVerifierWithAlgorithmDefaultSize() *BatchVerifier

MakeBatchVerifierWithAlgorithmDefaultSize create a BatchVerifier instance. This function pre-allocates amount of free space to enqueue signatures without expanding. this function always use the batch verification algorithm

func (*BatchVerifier) EnqueueSignature 

func (b *BatchVerifier) EnqueueSignature(sigVerifier SignatureVerifier, message Hashable, sig Signature)

EnqueueSignature enqueues a signature to be enqueued

func (*BatchVerifier) GetNumberOfEnqueuedSignatures 

func (b *BatchVerifier) GetNumberOfEnqueuedSignatures() int

GetNumberOfEnqueuedSignatures returns the number of signatures current enqueue onto the bacth verifier object

func (*BatchVerifier) Verify 

func (b *BatchVerifier) Verify() error

Verify verifies that all the signatures are valid. in that case nil is returned if the batch is zero an appropriate error is return.

type Digest 

type Digest [DigestSize]byte

Digest represents a 32-byte value holding the 256-bit Hash digest.

func DigestFromString 

func DigestFromString(str string) (d Digest, err error)

DigestFromString converts a string to a Digest

func Hash 

func Hash(data []byte) Digest

Hash computes the SHASum512_256 hash of an array of bytes

func HashObj 

func HashObj(h Hashable) Digest

HashObj computes a hash of a Hashable object and its type

func MultisigAddrGen 

func MultisigAddrGen(version, threshold uint8, pk []PublicKey) (addr Digest, err error)

MultisigAddrGen identifes the exact group, version, and devices (Public keys) that it requires to sign Hash("MultisigAddr" || version uint8 || threshold uint8 || PK1 || PK2 || ...)

func MultisigAddrGenWithSubsigs 

func MultisigAddrGenWithSubsigs(version uint8, threshold uint8,
	subsigs []MultisigSubsig) (addr Digest, err error)

MultisigAddrGenWithSubsigs is similar to MultisigAddrGen except the input is []Subsig rather than []PublicKey

func (*Digest) CanMarshalMsg 

func (_ *Digest) CanMarshalMsg(z interface{}) bool

func (*Digest) CanUnmarshalMsg 

func (_ *Digest) CanUnmarshalMsg(z interface{}) bool

func (Digest) IsZero 

func (d Digest) IsZero() bool

IsZero return true if the digest contains only zeros, false otherwise

func (*Digest) MarshalMsg 

func (z *Digest) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*Digest) MsgIsZero 

func (z *Digest) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*Digest) Msgsize 

func (z *Digest) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (Digest) String 

func (d Digest) String() string

String returns the digest in a human-readable Base32 string

func (Digest) ToSlice 

func (d Digest) ToSlice() []byte

ToSlice converts Digest to slice, is used by bookkeeping.PaysetCommit

func (Digest) TrimUint64 

func (d Digest) TrimUint64() uint64

TrimUint64 returns the top 64 bits of the digest and converts to uint64

func (*Digest) UnmarshalMsg 

func (z *Digest) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type FalconPrivateKey 

type FalconPrivateKey [cfalcon.PrivateKeySize]byte

FalconPrivateKey is a wrapper for cfalcon.PrivateKeySize (used for packing)

func (*FalconPrivateKey) CanMarshalMsg 

func (_ *FalconPrivateKey) CanMarshalMsg(z interface{}) bool

func (*FalconPrivateKey) CanUnmarshalMsg 

func (_ *FalconPrivateKey) CanUnmarshalMsg(z interface{}) bool

func (*FalconPrivateKey) MarshalMsg 

func (z *FalconPrivateKey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*FalconPrivateKey) MsgIsZero 

func (z *FalconPrivateKey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*FalconPrivateKey) Msgsize 

func (z *FalconPrivateKey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*FalconPrivateKey) UnmarshalMsg 

func (z *FalconPrivateKey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type FalconPublicKey 

type FalconPublicKey [cfalcon.PublicKeySize]byte

FalconPublicKey is a wrapper for cfalcon.PublicKeySizey (used for packing)

func (*FalconPublicKey) CanMarshalMsg 

func (_ *FalconPublicKey) CanMarshalMsg(z interface{}) bool

func (*FalconPublicKey) CanUnmarshalMsg 

func (_ *FalconPublicKey) CanUnmarshalMsg(z interface{}) bool

func (*FalconPublicKey) MarshalMsg 

func (z *FalconPublicKey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*FalconPublicKey) MsgIsZero 

func (z *FalconPublicKey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*FalconPublicKey) Msgsize 

func (z *FalconPublicKey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*FalconPublicKey) UnmarshalMsg 

func (z *FalconPublicKey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type FalconSeed 

type FalconSeed [FalconSeedSize]byte

FalconSeed represents the seed which is being used to generate Falcon keys

func (*FalconSeed) CanMarshalMsg 

func (_ *FalconSeed) CanMarshalMsg(z interface{}) bool

func (*FalconSeed) CanUnmarshalMsg 

func (_ *FalconSeed) CanUnmarshalMsg(z interface{}) bool

func (*FalconSeed) MarshalMsg 

func (z *FalconSeed) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*FalconSeed) MsgIsZero 

func (z *FalconSeed) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*FalconSeed) Msgsize 

func (z *FalconSeed) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*FalconSeed) UnmarshalMsg 

func (z *FalconSeed) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type FalconSignature 

type FalconSignature []byte

FalconSignature represents a Falcon signature in a compressed-form

func (FalconSignature) CanMarshalMsg 

func (_ FalconSignature) CanMarshalMsg(z interface{}) bool

func (*FalconSignature) CanUnmarshalMsg 

func (_ *FalconSignature) CanUnmarshalMsg(z interface{}) bool

func (FalconSignature) MarshalMsg 

func (z FalconSignature) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (FalconSignature) MsgIsZero 

func (z FalconSignature) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (FalconSignature) Msgsize 

func (z FalconSignature) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*FalconSignature) UnmarshalMsg 

func (z *FalconSignature) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type FalconSigner 

type FalconSigner struct {
	PublicKey  FalconPublicKey  `codec:"pk"`
	PrivateKey FalconPrivateKey `codec:"sk"`
	// contains filtered or unexported fields
}

FalconSigner is the implementation of Signer for the Falcon signature scheme.

func GenerateFalconSigner 

func GenerateFalconSigner(seed FalconSeed) (FalconSigner, error)

GenerateFalconSigner Generates a Falcon Signer.

func NewFalconSigner 

func NewFalconSigner() (*FalconSigner, error)

NewFalconSigner creates a falconSinger that is used to sign and verify falcon signatures

func (*FalconSigner) CanMarshalMsg 

func (_ *FalconSigner) CanMarshalMsg(z interface{}) bool

func (*FalconSigner) CanUnmarshalMsg 

func (_ *FalconSigner) CanUnmarshalMsg(z interface{}) bool

func (*FalconSigner) GetVerifyingKey 

func (d *FalconSigner) GetVerifyingKey() *FalconVerifier

GetVerifyingKey Outputs a verifying key object which is serializable.

func (*FalconSigner) MarshalMsg 

func (z *FalconSigner) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*FalconSigner) MsgIsZero 

func (z *FalconSigner) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*FalconSigner) Msgsize 

func (z *FalconSigner) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*FalconSigner) Sign 

func (d *FalconSigner) Sign(message Hashable) (FalconSignature, error)

Sign receives a message and generates a signature over that message.

func (*FalconSigner) SignBytes 

func (d *FalconSigner) SignBytes(data []byte) (FalconSignature, error)

SignBytes receives bytes and signs over them.

func (*FalconSigner) UnmarshalMsg 

func (z *FalconSigner) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type FalconVerifier 

type FalconVerifier struct {
	PublicKey FalconPublicKey `codec:"k"`
	// contains filtered or unexported fields
}

FalconVerifier implements the type Verifier interface for the falcon signature scheme.

func (*FalconVerifier) CanMarshalMsg 

func (_ *FalconVerifier) CanMarshalMsg(z interface{}) bool

func (*FalconVerifier) CanUnmarshalMsg 

func (_ *FalconVerifier) CanUnmarshalMsg(z interface{}) bool

func (*FalconVerifier) GetFixedLengthHashableRepresentation 

func (d *FalconVerifier) GetFixedLengthHashableRepresentation() []byte

GetFixedLengthHashableRepresentation is used to fetch a plain serialized version of the public data (without the use of the msgpack).

func (*FalconVerifier) GetSignatureFixedLengthHashableRepresentation 

func (d *FalconVerifier) GetSignatureFixedLengthHashableRepresentation(signature FalconSignature) ([]byte, error)

GetSignatureFixedLengthHashableRepresentation returns a serialized version of the signature

func (*FalconVerifier) MarshalMsg 

func (z *FalconVerifier) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*FalconVerifier) MsgIsZero 

func (z *FalconVerifier) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*FalconVerifier) Msgsize 

func (z *FalconVerifier) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*FalconVerifier) UnmarshalMsg 

func (z *FalconVerifier) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

func (*FalconVerifier) Verify 

func (d *FalconVerifier) Verify(message Hashable, sig FalconSignature) error

Verify follows falcon algorithm to verify a signature.

func (*FalconVerifier) VerifyBytes 

func (d *FalconVerifier) VerifyBytes(data []byte, sig FalconSignature) error

VerifyBytes follows falcon algorithm to verify a signature.

type GenericDigest 

type GenericDigest []byte

GenericDigest is a digest that implements CustomSizeDigest, and can be used as hash output.

func (GenericDigest) CanMarshalMsg 

func (_ GenericDigest) CanMarshalMsg(z interface{}) bool

func (*GenericDigest) CanUnmarshalMsg 

func (_ *GenericDigest) CanUnmarshalMsg(z interface{}) bool

func (GenericDigest) IsEmpty 

func (d GenericDigest) IsEmpty() bool

IsEmpty checks wether the generic digest is an empty one or not

func (GenericDigest) IsEqual 

func (d GenericDigest) IsEqual(other GenericDigest) bool

IsEqual compare two digests

func (GenericDigest) MarshalMsg 

func (z GenericDigest) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (GenericDigest) MsgIsZero 

func (z GenericDigest) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (GenericDigest) Msgsize 

func (z GenericDigest) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (GenericDigest) ToSlice 

func (d GenericDigest) ToSlice() []byte

ToSlice is used inside the Tree itself when interacting with TreeDigest

func (*GenericDigest) UnmarshalMsg 

func (z *GenericDigest) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type HashFactory 

type HashFactory struct {
	HashType HashType `codec:"t"`
	// contains filtered or unexported fields
}

HashFactory is responsible for generating new hashes accordingly to the type it stores.

func (*HashFactory) CanMarshalMsg 

func (_ *HashFactory) CanMarshalMsg(z interface{}) bool

func (*HashFactory) CanUnmarshalMsg 

func (_ *HashFactory) CanUnmarshalMsg(z interface{}) bool

func (*HashFactory) MarshalMsg 

func (z *HashFactory) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*HashFactory) MsgIsZero 

func (z *HashFactory) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*HashFactory) Msgsize 

func (z *HashFactory) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (HashFactory) NewHash 

func (z HashFactory) NewHash() hash.Hash

NewHash generates a new hash.Hash to use.

func (*HashFactory) UnmarshalMsg 

func (z *HashFactory) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

func (*HashFactory) Validate 

func (z *HashFactory) Validate() error

Validate states whether the HashFactory is valid, and is safe to use.

type HashType 

type HashType uint16

HashType represents different hash functions 

const (
	Sha512_256 HashType = iota
	Sumhash

	MaxHashType
)

types of hashes

func UnmarshalHashType 

func UnmarshalHashType(s string) (HashType, error)

UnmarshalHashType decodes a string into the HashType enum

func (HashType) CanMarshalMsg 

func (_ HashType) CanMarshalMsg(z interface{}) bool

func (*HashType) CanUnmarshalMsg 

func (_ *HashType) CanUnmarshalMsg(z interface{}) bool

func (HashType) MarshalMsg 

func (z HashType) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (HashType) MsgIsZero 

func (z HashType) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (HashType) Msgsize 

func (z HashType) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (HashType) String 

func (h HashType) String() string

func (*HashType) UnmarshalMsg 

func (z *HashType) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

func (HashType) Validate 

func (h HashType) Validate() error

Validate verifies that the hash type is in a valid range.

type Hashable 

type Hashable interface {
	ToBeHashed() (protocol.HashID, []byte)
}

Hashable is an interface implemented by an object that can be represented with a sequence of bytes to be hashed or signed, together with a type ID to distinguish different types of objects.

type MasterDerivationKey 

type MasterDerivationKey [masterDerivationKeyLenBytes]byte

MasterDerivationKey is used to derive ed25519 keys for use in wallets

func (*MasterDerivationKey) CanMarshalMsg 

func (_ *MasterDerivationKey) CanMarshalMsg(z interface{}) bool

func (*MasterDerivationKey) CanUnmarshalMsg 

func (_ *MasterDerivationKey) CanUnmarshalMsg(z interface{}) bool

func (*MasterDerivationKey) MarshalMsg 

func (z *MasterDerivationKey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*MasterDerivationKey) MsgIsZero 

func (z *MasterDerivationKey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*MasterDerivationKey) Msgsize 

func (z *MasterDerivationKey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*MasterDerivationKey) UnmarshalMsg 

func (z *MasterDerivationKey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type MultisigSig 

type MultisigSig struct {
	Version   uint8            `codec:"v"`
	Threshold uint8            `codec:"thr"`
	Subsigs   []MultisigSubsig `codec:"subsig,allocbound=maxMultisig"`
	// contains filtered or unexported fields
}

MultisigSig is the structure that holds multiple Subsigs

func MultisigAssemble 

func MultisigAssemble(unisig []MultisigSig) (msig MultisigSig, err error)

MultisigAssemble assembles multiple MultisigSig

func MultisigMerge 

func MultisigMerge(msig1 MultisigSig, msig2 MultisigSig) (msigt MultisigSig, err error)

MultisigMerge merges two Multisigs msig1 and msig2 into msigt

func MultisigPreimageFromPKs 

func MultisigPreimageFromPKs(version, threshold uint8, pks []PublicKey) MultisigSig

MultisigPreimageFromPKs makes an empty MultisigSig for a given preimage. It should be renamed. TODO separate preimage type from sig type

func MultisigSign 

func MultisigSign(msg Hashable, addr Digest, version, threshold uint8, pk []PublicKey, sk SecretKey) (sig MultisigSig, err error)

MultisigSign is for each device individually signs the digest

func (MultisigSig) Blank 

func (msig MultisigSig) Blank() bool

Blank returns true iff the msig is empty. We need this instead of just comparing with == MultisigSig{}, because Subsigs is a slice.

func (*MultisigSig) CanMarshalMsg 

func (_ *MultisigSig) CanMarshalMsg(z interface{}) bool

func (*MultisigSig) CanUnmarshalMsg 

func (_ *MultisigSig) CanUnmarshalMsg(z interface{}) bool

func (MultisigSig) Equal 

func (msig MultisigSig) Equal(other MultisigSig) bool

Equal compares two MultisigSig structs for equality

func (*MultisigSig) MarshalMsg 

func (z *MultisigSig) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*MultisigSig) MsgIsZero 

func (z *MultisigSig) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*MultisigSig) Msgsize 

func (z *MultisigSig) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (MultisigSig) Preimage 

func (msig MultisigSig) Preimage() (version, threshold uint8, pks []PublicKey)

Preimage returns the version, threshold, and list of all public keys in a (partial) multisig address

func (*MultisigSig) UnmarshalMsg 

func (z *MultisigSig) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type MultisigSubsig 

type MultisigSubsig struct {
	Key PublicKey `codec:"pk"` // all public keys that are possible signers for this address
	Sig Signature `codec:"s"`  // may be either empty or a signature
	// contains filtered or unexported fields
}

MultisigSubsig is a struct that holds a pair of public key and signatures signatures may be empty

func (*MultisigSubsig) CanMarshalMsg 

func (_ *MultisigSubsig) CanMarshalMsg(z interface{}) bool

func (*MultisigSubsig) CanUnmarshalMsg 

func (_ *MultisigSubsig) CanUnmarshalMsg(z interface{}) bool

func (*MultisigSubsig) MarshalMsg 

func (z *MultisigSubsig) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*MultisigSubsig) MsgIsZero 

func (z *MultisigSubsig) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*MultisigSubsig) Msgsize 

func (z *MultisigSubsig) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*MultisigSubsig) UnmarshalMsg 

func (z *MultisigSubsig) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignature 

type OneTimeSignature struct {

	// Sig is a signature of msg under the key PK.
	Sig ed25519Signature `codec:"s"`
	PK  ed25519PublicKey `codec:"p"`

	// Old-style signature that does not use proper domain separation.
	// PKSigOld is unused; however, unfortunately we forgot to mark it
	// `codec:omitempty` and so it appears (with zero value) in certs.
	// This means we can't delete the field without breaking catchup.
	PKSigOld ed25519Signature `codec:"ps"`

	// Used to verify a new-style two-level ephemeral signature.
	// PK1Sig is a signature of OneTimeSignatureSubkeyOffsetID(PK, Batch, Offset) under the key PK2.
	// PK2Sig is a signature of OneTimeSignatureSubkeyBatchID(PK2, Batch) under the master key (OneTimeSignatureVerifier).
	PK2    ed25519PublicKey `codec:"p2"`
	PK1Sig ed25519Signature `codec:"p1s"`
	PK2Sig ed25519Signature `codec:"p2s"`
	// contains filtered or unexported fields
}

A OneTimeSignature is a cryptographic signature that is produced a limited number of times and provides forward integrity.

Specifically, a OneTimeSignature is generated from an ephemeral secret. After some number of messages is signed under a given OneTimeSignatureIdentifier identifier, the corresponding secret is deleted. This prevents the secret-holder from signing a contradictory message in the future in the event of a secret-key compromise.

func (*OneTimeSignature) CanMarshalMsg 

func (_ *OneTimeSignature) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignature) CanUnmarshalMsg 

func (_ *OneTimeSignature) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignature) MarshalMsg 

func (z *OneTimeSignature) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignature) MsgIsZero 

func (z *OneTimeSignature) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignature) Msgsize 

func (z *OneTimeSignature) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*OneTimeSignature) UnmarshalMsg 

func (z *OneTimeSignature) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureIdentifier 

type OneTimeSignatureIdentifier struct {
	// Batch represents the most-significant part of the identifier.
	Batch uint64

	// Offset represents the least-significant part of the identifier.
	// When moving to a new Batch, the Offset values restart from 0.
	Offset uint64
}

A OneTimeSignatureIdentifier is an identifier under which a OneTimeSignature is produced on a given message. This identifier is represented using a two-level structure, which corresponds to two levels of our ephemeral key tree.

func (OneTimeSignatureIdentifier) BatchBytes 

func (id OneTimeSignatureIdentifier) BatchBytes() []byte

BatchBytes converts a OneTimeSignatureIdentifier into a byte slice representing the 64-bit batch number. This is used for the old-style way of signing an ephemeral subkey identifier.

type OneTimeSignatureSecrets 

type OneTimeSignatureSecrets struct {
	OneTimeSignatureSecretsPersistent
	// contains filtered or unexported fields
}

OneTimeSignatureSecrets are used to produced unforgeable signatures over a message.

When the method OneTimeSignatureSecrets.DeleteBefore(ID) is called, ephemeral secrets corresponding to OneTimeSignatureIdentifiers preceding ID are deleted. Thereafter, an entity can no longer sign different messages with old OneTimeSignatureIdentifiers, protecting the integrity of the messages signed under those identifiers.

OneTimeSignatureSecrets는 메시지에 대해 위조할 수 없는 서명을 생성하는 데 사용됩니다. OneTimeSignatureSecrets.DeleteBefore(ID) 메서드가 호출되면 ID 앞의 OneTimeSignatureIdentifiers에 해당하는 임시 암호가 삭제됩니다. 그 후 엔터티는 이전 OneTimeSignatureIdentifiers를 사용하여 더 이상 다른 메시지에 서명할 수 없으므로 해당 식별자로 서명된 메시지의 무결성을 보호합니다.

func GenerateOneTimeSignatureSecrets 

func GenerateOneTimeSignatureSecrets(startBatch uint64, numBatches uint64) *OneTimeSignatureSecrets

GenerateOneTimeSignatureSecrets is a version of GenerateOneTimeSignatureSecretsRNG that uses the system-wide randomness source.

func GenerateOneTimeSignatureSecretsRNG 

func GenerateOneTimeSignatureSecretsRNG(startBatch uint64, numBatches uint64, rng RNG) *OneTimeSignatureSecrets

GenerateOneTimeSignatureSecretsRNG creates a limited number of secrets that sign messages under OneTimeSignatureIdentifiers in the range [startBatch, startBatch+numBatches).

This range includes startBatch and excludes startBatch+numBatches.

Randomness comes from the supplied RNG.

func (*OneTimeSignatureSecrets) CanMarshalMsg 

func (_ *OneTimeSignatureSecrets) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureSecrets) CanUnmarshalMsg 

func (_ *OneTimeSignatureSecrets) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureSecrets) DeleteBeforeFineGrained 

func (s *OneTimeSignatureSecrets) DeleteBeforeFineGrained(current OneTimeSignatureIdentifier, numKeysPerBatch uint64)

DeleteBeforeFineGrained deletes ephemeral keys before (but not including) the given id.

func (*OneTimeSignatureSecrets) MarshalMsg 

func (z *OneTimeSignatureSecrets) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureSecrets) MsgIsZero 

func (z *OneTimeSignatureSecrets) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureSecrets) Msgsize 

func (z *OneTimeSignatureSecrets) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*OneTimeSignatureSecrets) Sign 

func (s *OneTimeSignatureSecrets) Sign(id OneTimeSignatureIdentifier, message Hashable) OneTimeSignature

Sign produces a OneTimeSignature of some Hashable message under some OneTimeSignatureIdentifier.

func (*OneTimeSignatureSecrets) Snapshot 

func (s *OneTimeSignatureSecrets) Snapshot() OneTimeSignatureSecrets

Snapshot returns a copy of OneTimeSignatureSecrets consistent with respect to concurrent mutating calls (specifically, DeleteBefore*). This snapshot can be used for serializing the OneTimeSignatureSecrets to persistent storage.

func (*OneTimeSignatureSecrets) UnmarshalMsg 

func (z *OneTimeSignatureSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureSecretsPersistent 

type OneTimeSignatureSecretsPersistent struct {
	OneTimeSignatureVerifier

	// FirstBatch denotes the first batch whose subkey appears in Batches.
	// The odd `codec:` name is for backwards compatibility with previous
	// stored keys where we failed to give any explicit `codec:` name.
	FirstBatch uint64            `codec:"First"`
	Batches    []ephemeralSubkey `codec:"Sub,allocbound=-"`

	// FirstOffset denotes the first offset whose subkey appears in Offsets.
	// These subkeys correspond to batch FirstBatch-1.
	FirstOffset uint64            `codec:"firstoff"`
	Offsets     []ephemeralSubkey `codec:"offkeys,allocbound=-"` // the bound is keyDilution

	// When Offsets is non-empty, OffsetsPK2 is the intermediate-level public
	// key that can be used to verify signatures on the subkeys in Offsets, and
	// OffsetsPK2Sig is the signature from the master key (OneTimeSignatureVerifier)
	// on OneTimeSignatureSubkeyBatchID(OffsetsPK2, FirstBatch-1).
	OffsetsPK2    ed25519PublicKey `codec:"offpk2"`
	OffsetsPK2Sig ed25519Signature `codec:"offpk2sig"`
	// contains filtered or unexported fields
}

OneTimeSignatureSecretsPersistent denotes the fields of a OneTimeSignatureSecrets that get stored to persistent storage (through reflection on exported fields).

func (*OneTimeSignatureSecretsPersistent) CanMarshalMsg 

func (_ *OneTimeSignatureSecretsPersistent) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureSecretsPersistent) CanUnmarshalMsg 

func (_ *OneTimeSignatureSecretsPersistent) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureSecretsPersistent) MarshalMsg 

func (z *OneTimeSignatureSecretsPersistent) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureSecretsPersistent) MsgIsZero 

func (z *OneTimeSignatureSecretsPersistent) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureSecretsPersistent) Msgsize 

func (z *OneTimeSignatureSecretsPersistent) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*OneTimeSignatureSecretsPersistent) UnmarshalMsg 

func (z *OneTimeSignatureSecretsPersistent) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureSubkeyBatchID 

type OneTimeSignatureSubkeyBatchID struct {
	SubKeyPK ed25519PublicKey `codec:"pk"`
	Batch    uint64           `codec:"batch"`
	// contains filtered or unexported fields
}

A OneTimeSignatureSubkeyBatchID identifies an ephemeralSubkey of a batch for the purposes of signing it with the top-level master key.

func (*OneTimeSignatureSubkeyBatchID) CanMarshalMsg 

func (_ *OneTimeSignatureSubkeyBatchID) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureSubkeyBatchID) CanUnmarshalMsg 

func (_ *OneTimeSignatureSubkeyBatchID) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureSubkeyBatchID) MarshalMsg 

func (z *OneTimeSignatureSubkeyBatchID) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureSubkeyBatchID) MsgIsZero 

func (z *OneTimeSignatureSubkeyBatchID) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureSubkeyBatchID) Msgsize 

func (z *OneTimeSignatureSubkeyBatchID) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (OneTimeSignatureSubkeyBatchID) ToBeHashed 

func (batch OneTimeSignatureSubkeyBatchID) ToBeHashed() (protocol.HashID, []byte)

ToBeHashed implements the Hashable interface for a OneTimeSignatureSubkeyBatchID. This is used to sign an intermediate subkey for a batch, in the new style (contrast with OneTimeSignatureIdentifier.BatchBytes).

func (*OneTimeSignatureSubkeyBatchID) UnmarshalMsg 

func (z *OneTimeSignatureSubkeyBatchID) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureSubkeyOffsetID 

type OneTimeSignatureSubkeyOffsetID struct {
	SubKeyPK ed25519PublicKey `codec:"pk"`
	Batch    uint64           `codec:"batch"`
	Offset   uint64           `codec:"off"`
	// contains filtered or unexported fields
}

A OneTimeSignatureSubkeyOffsetID identifies an ephemeralSubkey of a specific offset within a batch, for the purposes of signing it with the batch subkey.

func (*OneTimeSignatureSubkeyOffsetID) CanMarshalMsg 

func (_ *OneTimeSignatureSubkeyOffsetID) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureSubkeyOffsetID) CanUnmarshalMsg 

func (_ *OneTimeSignatureSubkeyOffsetID) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureSubkeyOffsetID) MarshalMsg 

func (z *OneTimeSignatureSubkeyOffsetID) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureSubkeyOffsetID) MsgIsZero 

func (z *OneTimeSignatureSubkeyOffsetID) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureSubkeyOffsetID) Msgsize 

func (z *OneTimeSignatureSubkeyOffsetID) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (OneTimeSignatureSubkeyOffsetID) ToBeHashed 

func (off OneTimeSignatureSubkeyOffsetID) ToBeHashed() (protocol.HashID, []byte)

ToBeHashed implements the Hashable interface for a OneTimeSignatureSubkeyOffsetID. This is used to sign a subkey for a specific offset in a batch.

func (*OneTimeSignatureSubkeyOffsetID) UnmarshalMsg 

func (z *OneTimeSignatureSubkeyOffsetID) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureVerifier 

type OneTimeSignatureVerifier ed25519PublicKey

A OneTimeSignatureVerifier is used to identify the holder of OneTimeSignatureSecrets and prove the authenticity of OneTimeSignatures against some OneTimeSignatureIdentifier.

func (*OneTimeSignatureVerifier) CanMarshalMsg 

func (_ *OneTimeSignatureVerifier) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureVerifier) CanUnmarshalMsg 

func (_ *OneTimeSignatureVerifier) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureVerifier) MarshalMsg 

func (z *OneTimeSignatureVerifier) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureVerifier) MsgIsZero 

func (z *OneTimeSignatureVerifier) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureVerifier) Msgsize 

func (z *OneTimeSignatureVerifier) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*OneTimeSignatureVerifier) UnmarshalMsg 

func (z *OneTimeSignatureVerifier) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

func (OneTimeSignatureVerifier) Verify 

func (v OneTimeSignatureVerifier) Verify(id OneTimeSignatureIdentifier, message Hashable, sig OneTimeSignature, batchVersionCompatible bool) bool

Verify verifies that some Hashable signature was signed under some OneTimeSignatureVerifier and some OneTimeSignatureIdentifier.

It returns true if this is the case; otherwise, it returns false.

type OneTimeSigner 

type OneTimeSigner struct {
	*OneTimeSignatureSecrets
	OptionalKeyDilution uint64
}

OneTimeSigner is a wrapper for OneTimeSignatureSecrets that also includes the appropriate KeyDilution value. If zero, the value should be inherited from ConsensusParams.DefaultKeyDilution.

func (OneTimeSigner) KeyDilution 

func (ots OneTimeSigner) KeyDilution(defaultKeyDilution uint64) uint64

KeyDilution returns the appropriate key dilution value for a OneTimeSigner.

type PRNG 

type PRNG struct {
	// contains filtered or unexported fields
}

PRNG is a pseudo-random implementation of RNG, used for deterministic testing.

func MakePRNG 

func MakePRNG(seed []byte) *PRNG

MakePRNG creates a new PRNG from an initial seed. The implementation is based on HMAC_DRBG. All random bytes from the PRNG will be determined by the initial seed value. Used by test code only.

func (*PRNG) RandBytes 

func (prng *PRNG) RandBytes(buf []byte)

RandBytes implements the RNG interface for the PRNG. Used by test code only.

type PrivateKey 

type PrivateKey ed25519PrivateKey

PrivateKey is an exported ed25519PrivateKey

func (*PrivateKey) CanMarshalMsg 

func (_ *PrivateKey) CanMarshalMsg(z interface{}) bool

func (*PrivateKey) CanUnmarshalMsg 

func (_ *PrivateKey) CanUnmarshalMsg(z interface{}) bool

func (*PrivateKey) MarshalMsg 

func (z *PrivateKey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*PrivateKey) MsgIsZero 

func (z *PrivateKey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*PrivateKey) Msgsize 

func (z *PrivateKey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*PrivateKey) UnmarshalMsg 

func (z *PrivateKey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type PublicKey 

type PublicKey ed25519PublicKey

PublicKey is an exported ed25519PublicKey

func SecretKeyToPublicKey 

func SecretKeyToPublicKey(secret PrivateKey) (PublicKey, error)

SecretKeyToPublicKey derives a public key from a secret key. This is very efficient since ed25519 private keys literally contain their public key

func (*PublicKey) CanMarshalMsg 

func (_ *PublicKey) CanMarshalMsg(z interface{}) bool

func (*PublicKey) CanUnmarshalMsg 

func (_ *PublicKey) CanUnmarshalMsg(z interface{}) bool

func (*PublicKey) MarshalMsg 

func (z *PublicKey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*PublicKey) MsgIsZero 

func (z *PublicKey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*PublicKey) Msgsize 

func (z *PublicKey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*PublicKey) UnmarshalMsg 

func (z *PublicKey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type RNG 

type RNG interface {
	RandBytes([]byte)
}

RNG represents a randomness source. This could be either a system-wide randomness source (like what gets exposed by crypto/rand), or a PRNG that we use for testing.

type SecretKey 

type SecretKey = SignatureSecrets

SecretKey is casted from SignatureSecrets

type Seed 

type Seed ed25519Seed

A Seed holds the entropy needed to generate cryptographic keys.

func SecretKeyToSeed 

func SecretKeyToSeed(secret PrivateKey) (Seed, error)

SecretKeyToSeed derives the seed from a secret key. This is very efficient since ed25519 private keys literally contain their seed

func (*Seed) CanMarshalMsg 

func (_ *Seed) CanMarshalMsg(z interface{}) bool

func (*Seed) CanUnmarshalMsg 

func (_ *Seed) CanUnmarshalMsg(z interface{}) bool

func (*Seed) MarshalMsg 

func (z *Seed) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*Seed) MsgIsZero 

func (z *Seed) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*Seed) Msgsize 

func (z *Seed) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*Seed) UnmarshalMsg 

func (z *Seed) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type Signature 

type Signature ed25519Signature

A Signature is a cryptographic signature. It proves that a message was produced by a holder of a cryptographic secret.

func (*Signature) Blank 

func (s *Signature) Blank() bool

Blank tests to see if the given signature contains only zeros

func (*Signature) CanMarshalMsg 

func (_ *Signature) CanMarshalMsg(z interface{}) bool

func (*Signature) CanUnmarshalMsg 

func (_ *Signature) CanUnmarshalMsg(z interface{}) bool

func (*Signature) MarshalMsg 

func (z *Signature) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*Signature) MsgIsZero 

func (z *Signature) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*Signature) Msgsize 

func (z *Signature) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*Signature) UnmarshalMsg 

func (z *Signature) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type SignatureSecrets 

type SignatureSecrets struct {
	SignatureVerifier
	SK ed25519PrivateKey
	// contains filtered or unexported fields
}

SignatureSecrets are used by an entity to produce unforgeable signatures over a message.

func GenerateSignatureSecrets 

func GenerateSignatureSecrets(seed Seed) *SignatureSecrets

GenerateSignatureSecrets creates SignatureSecrets from a source of entropy.

func SecretKeyToSignatureSecrets 

func SecretKeyToSignatureSecrets(sk PrivateKey) (secrets *SignatureSecrets, err error)

SecretKeyToSignatureSecrets converts a private key into a SignatureSecrets and returns a pointer

func (*SignatureSecrets) CanMarshalMsg 

func (_ *SignatureSecrets) CanMarshalMsg(z interface{}) bool

func (*SignatureSecrets) CanUnmarshalMsg 

func (_ *SignatureSecrets) CanUnmarshalMsg(z interface{}) bool

func (*SignatureSecrets) MarshalMsg 

func (z *SignatureSecrets) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*SignatureSecrets) MsgIsZero 

func (z *SignatureSecrets) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*SignatureSecrets) Msgsize 

func (z *SignatureSecrets) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*SignatureSecrets) Sign 

func (s *SignatureSecrets) Sign(message Hashable) Signature

Sign produces a cryptographic Signature of a Hashable message, given cryptographic secrets.

func (*SignatureSecrets) SignBytes 

func (s *SignatureSecrets) SignBytes(message []byte) Signature

SignBytes signs a message directly, without first hashing. Caller is responsible for domain separation.

func (*SignatureSecrets) UnmarshalMsg 

func (z *SignatureSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type SignatureVerifier 

type SignatureVerifier = PublicKey

A SignatureVerifier is used to identify the holder of SignatureSecrets and verify the authenticity of Signatures.

func (SignatureVerifier) Verify 

func (v SignatureVerifier) Verify(message Hashable, sig Signature, useBatchVerificationCompatibleVersion bool) bool

Verify verifies that some holder of a cryptographic secret authentically signed a Hashable message.

It returns true if this is the case; otherwise, it returns false.

func (SignatureVerifier) VerifyBytes 

func (v SignatureVerifier) VerifyBytes(message []byte, sig Signature, useBatchVerificationCompatibleVersion bool) bool

VerifyBytes verifies a signature, where the message is not hashed first. Caller is responsible for domain separation. If the message is a Hashable, Verify() can be used instead.

type VRFProof 

type VRFProof = VrfProof

VRFProof is a deprecated name for VrfProof

type VRFSecrets 

type VRFSecrets struct {
	PK VrfPubkey
	SK VrfPrivkey
	// contains filtered or unexported fields
}

VRFSecrets is a wrapper for a VRF keypair. Use *VrfPrivkey instead

func GenerateVRFSecrets 

func GenerateVRFSecrets() *VRFSecrets

GenerateVRFSecrets is deprecated, use VrfKeygen or VrfKeygenFromSeed instead

func (*VRFSecrets) CanMarshalMsg 

func (_ *VRFSecrets) CanMarshalMsg(z interface{}) bool

func (*VRFSecrets) CanUnmarshalMsg 

func (_ *VRFSecrets) CanUnmarshalMsg(z interface{}) bool

func (*VRFSecrets) MarshalMsg 

func (z *VRFSecrets) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VRFSecrets) MsgIsZero 

func (z *VRFSecrets) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VRFSecrets) Msgsize 

func (z *VRFSecrets) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*VRFSecrets) UnmarshalMsg 

func (z *VRFSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type VRFVerifier 

type VRFVerifier = VrfPubkey

VRFVerifier is a deprecated name for VrfPubkey

type VrfOutput 

type VrfOutput [64]byte

VrfOutput is a 64-byte pseudorandom value that can be computed from a VrfProof. The VRF scheme guarantees that such output will be unique

func (*VrfOutput) CanMarshalMsg 

func (_ *VrfOutput) CanMarshalMsg(z interface{}) bool

func (*VrfOutput) CanUnmarshalMsg 

func (_ *VrfOutput) CanUnmarshalMsg(z interface{}) bool

func (*VrfOutput) MarshalMsg 

func (z *VrfOutput) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VrfOutput) MsgIsZero 

func (z *VrfOutput) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VrfOutput) Msgsize 

func (z *VrfOutput) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*VrfOutput) UnmarshalMsg 

func (z *VrfOutput) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type VrfPrivkey 

type VrfPrivkey [64]byte

A VrfPrivkey is a private key used for producing VRF proofs. Specifically, we use a 64-byte ed25519 private key (the latter 32-bytes are the precomputed public key)

func (*VrfPrivkey) CanMarshalMsg 

func (_ *VrfPrivkey) CanMarshalMsg(z interface{}) bool

func (*VrfPrivkey) CanUnmarshalMsg 

func (_ *VrfPrivkey) CanUnmarshalMsg(z interface{}) bool

func (*VrfPrivkey) MarshalMsg 

func (z *VrfPrivkey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VrfPrivkey) MsgIsZero 

func (z *VrfPrivkey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VrfPrivkey) Msgsize 

func (z *VrfPrivkey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (VrfPrivkey) Prove 

func (sk VrfPrivkey) Prove(message Hashable) (proof VrfProof, ok bool)

Prove constructs a VRF Proof for a given Hashable. ok will be false if the private key is malformed.

func (VrfPrivkey) Pubkey 

func (sk VrfPrivkey) Pubkey() (pk VrfPubkey)

Pubkey returns the public key that corresponds to the given private key.

func (*VrfPrivkey) UnmarshalMsg 

func (z *VrfPrivkey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type VrfProof 

type VrfProof [80]byte

A VrfProof for a message can be generated with a secret key and verified against a public key, like a signature. Proofs are malleable, however, for a given message and public key, the VRF output that can be computed from a proof is unique. 

메시지에 대한 VrfProof는 비밀 키로 생성되고 서명과 같은 공개 키에 대해 확인할 수 있습니다.
증명은 가변적이지만 주어진 메시지와 공개 키에 대해 증명에서 계산할 수 있는 VRF 출력은 고유합니다

func (*VrfProof) CanMarshalMsg 

func (_ *VrfProof) CanMarshalMsg(z interface{}) bool

func (*VrfProof) CanUnmarshalMsg 

func (_ *VrfProof) CanUnmarshalMsg(z interface{}) bool

func (VrfProof) Hash 

func (proof VrfProof) Hash() (hash VrfOutput, ok bool)

Hash converts a VRF proof to a VRF output without verifying the proof. TODO: Consider removing so that we don't accidentally hash an unverified proof

func (*VrfProof) MarshalMsg 

func (z *VrfProof) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VrfProof) MsgIsZero 

func (z *VrfProof) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VrfProof) Msgsize 

func (z *VrfProof) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*VrfProof) UnmarshalMsg 

func (z *VrfProof) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type VrfPubkey 

type VrfPubkey [32]byte

A VrfPubkey is a public key that can be used to verify VRF proofs.

func (*VrfPubkey) CanMarshalMsg 

func (_ *VrfPubkey) CanMarshalMsg(z interface{}) bool

func (*VrfPubkey) CanUnmarshalMsg 

func (_ *VrfPubkey) CanUnmarshalMsg(z interface{}) bool

func (*VrfPubkey) MarshalMsg 

func (z *VrfPubkey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VrfPubkey) MsgIsZero 

func (z *VrfPubkey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VrfPubkey) Msgsize 

func (z *VrfPubkey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*VrfPubkey) UnmarshalMsg 

func (z *VrfPubkey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

func (VrfPubkey) Verify 

func (pk VrfPubkey) Verify(p VrfProof, message Hashable) (bool, VrfOutput)

Verify checks a VRF proof of a given Hashable. If the proof is valid the pseudorandom VrfOutput will be returned. For a given public key and message, there are potentially multiple valid proofs. However, given a public key and message, all valid proofs will yield the same output. Moreover, the output is indistinguishable from random to anyone without the proof or the secret key.

Source Files

View all Source files

Directories

Path Synopsis
Package secp256k1 wraps the bitcoin secp256k1 C library.
 Package secp256k1 wraps the bitcoin secp256k1 C library.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.