bls_sig

package
v1.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 11, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package bls_sig is an implementation of the BLS signature defined in https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

Index

Constants

View Source
const (
	// Public key size in G2
	PublicKeyVtSize = 96
	// Signature size in G1
	SignatureVtSize = 48
	// Proof of Possession in G1
	ProofOfPossessionVtSize = 48
)
View Source
const (
	// Public key size in G1
	PublicKeySize = 48
	// Signature size in G2
	SignatureSize = 96
	// Proof of Possession in G2
	ProofOfPossessionSize = 96
)
View Source
const SecretKeyShareSize = 33

Secret key share with identifier byte in Fr

View Source
const SecretKeySize = 32

Secret key in Fr

Variables

This section is empty.

Functions

This section is empty.

Types

type BlsScheme

type BlsScheme interface {
	Keygen() (*PublicKey, *SecretKey, error)
	KeygenWithSeed(ikm []byte) (*PublicKey, *SecretKey, error)
	Sign(sk *SecretKey, msg []byte) (*Signature, error)
	Verify(pk *PublicKey, msg []byte, sig *Signature) bool
	AggregateVerify(pks []*PublicKey, msgs [][]byte, sigs []*Signature) bool
}

type BlsSchemeVt

type BlsSchemeVt interface {
	Keygen() (*PublicKeyVt, *SecretKey, error)
	KeygenWithSeed(ikm []byte) (*PublicKeyVt, *SecretKey, error)
	Sign(sk *SecretKey, msg []byte) (*SignatureVt, error)
	Verify(pk *PublicKeyVt, msg []byte, sig *SignatureVt) bool
	AggregateVerify(pks []*PublicKeyVt, msgs [][]byte, sigs []*SignatureVt) bool
}

type MultiPublicKey

type MultiPublicKey struct {
	// contains filtered or unexported fields
}

Represents accumulated multiple Public Keys in G1 for verifying a multisignature

func (*MultiPublicKey) UnmarshalBinary

func (pk *MultiPublicKey) UnmarshalBinary(data []byte) error

Deserialize a public key from a byte array in compressed form. See https://github.com/zcash/librustzcash/blob/master/pairing/src/bls12_381/README.md#serialization https://docs.rs/bls12_381/0.1.1/bls12_381/notes/serialization/index.html If successful, it will assign the public key otherwise it will return an error

type MultiPublicKeyVt

type MultiPublicKeyVt struct {
	// contains filtered or unexported fields
}

Represents accumulated multiple Public Keys in G2 for verifying a multisignature

func (*MultiPublicKeyVt) UnmarshalBinary

func (pk *MultiPublicKeyVt) UnmarshalBinary(data []byte) error

Deserialize a public key from a byte array in compressed form. See https://github.com/zcash/librustzcash/blob/master/pairing/src/bls12_381/README.md#serialization https://docs.rs/bls12_381/0.1.1/bls12_381/notes/serialization/index.html If successful, it will assign the public key otherwise it will return an error

type MultiSignature

type MultiSignature struct {
	// contains filtered or unexported fields
}

Represents an MultiSignature in G2. A multisignature is used when multiple signatures are calculated over the same message vs an aggregate signature where each message signed is a unique.

func (*MultiSignature) UnmarshalBinary

func (sig *MultiSignature) UnmarshalBinary(data []byte) error

Deserialize a signature from a byte array in compressed form. See https://github.com/zcash/librustzcash/blob/master/pairing/src/bls12_381/README.md#serialization https://docs.rs/bls12_381/0.1.1/bls12_381/notes/serialization/index.html If successful, it will assign the Signature otherwise it will return an error

type MultiSignatureVt

type MultiSignatureVt struct {
	// contains filtered or unexported fields
}

Represents an MultiSignature in G1. A multisignature is used when multiple signatures are calculated over the same message vs an aggregate signature where each message signed is a unique.

func (*MultiSignatureVt) UnmarshalBinary

func (sig *MultiSignatureVt) UnmarshalBinary(data []byte) error

Deserialize a signature from a byte array in compressed form. See https://github.com/zcash/librustzcash/blob/master/pairing/src/bls12_381/README.md#serialization https://docs.rs/bls12_381/0.1.1/bls12_381/notes/serialization/index.html If successful, it will assign the Signature otherwise it will return an error

type PartialSignature

type PartialSignature struct {
	Identifier byte
	Signature  *bls12381.PointG2
}

PartialSignature represents threshold Gap Diffie-Hellman BLS signature that can be combined with other partials to yield a completed BLS signature See section 3.2 in <https://www.cc.gatech.edu/~aboldyre/papers/bold.pdf>

type PartialSignatureVt

type PartialSignatureVt struct {
	// contains filtered or unexported fields
}

PartialSignatureVt represents threshold Gap Diffie-Hellman BLS signature that can be combined with other partials to yield a completed BLS signature See section 3.2 in <https://www.cc.gatech.edu/~aboldyre/papers/bold.pdf>

type ProofOfPossession

type ProofOfPossession struct {
	// contains filtered or unexported fields
}

A proof of possession scheme uses a separate public key validation step, called a proof of possession, to defend against rogue key attacks. This enables an optimization to aggregate signature verification for the case that all signatures are on the same message.

func (*ProofOfPossession) UnmarshalBinary

func (pop *ProofOfPossession) UnmarshalBinary(data []byte) error

Deserialize a proof of possession from a byte array in compressed form. See https://github.com/zcash/librustzcash/blob/master/pairing/src/bls12_381/README.md#serialization https://docs.rs/bls12_381/0.1.1/bls12_381/notes/serialization/index.html If successful, it will assign the Signature otherwise it will return an error

type ProofOfPossessionVt

type ProofOfPossessionVt struct {
	// contains filtered or unexported fields
}

A proof of possession scheme uses a separate public key validation step, called a proof of possession, to defend against rogue key attacks. This enables an optimization to aggregate signature verification for the case that all signatures are on the same message.

func (*ProofOfPossessionVt) MarshalBinary

func (pop *ProofOfPossessionVt) MarshalBinary() ([]byte, error)

Serialize a proof of possession to a byte array in compressed form. See https://github.com/zcash/librustzcash/blob/master/pairing/src/bls12_381/README.md#serialization https://docs.rs/bls12_381/0.1.1/bls12_381/notes/serialization/index.html

func (*ProofOfPossessionVt) UnmarshalBinary

func (pop *ProofOfPossessionVt) UnmarshalBinary(data []byte) error

Deserialize a proof of possession from a byte array in compressed form. See https://github.com/zcash/librustzcash/blob/master/pairing/src/bls12_381/README.md#serialization https://docs.rs/bls12_381/0.1.1/bls12_381/notes/serialization/index.html If successful, it will assign the Signature otherwise it will return an error

type PublicKey

type PublicKey struct {
	// contains filtered or unexported fields
}

Represents a public key in G1

func (*PublicKey) UnmarshalBinary

func (pk *PublicKey) UnmarshalBinary(data []byte) error

Deserialize a public key from a byte array in compressed form. See https://github.com/zcash/librustzcash/blob/master/pairing/src/bls12_381/README.md#serialization https://docs.rs/bls12_381/0.1.1/bls12_381/notes/serialization/index.html If successful, it will assign the public key otherwise it will return an error

type PublicKeyVt

type PublicKeyVt struct {
	// contains filtered or unexported fields
}

Represents a public key in G2

func (*PublicKeyVt) UnmarshalBinary

func (pk *PublicKeyVt) UnmarshalBinary(data []byte) error

Deserialize a public key from a byte array in compressed form. See https://github.com/zcash/librustzcash/blob/master/pairing/src/bls12_381/README.md#serialization https://docs.rs/bls12_381/0.1.1/bls12_381/notes/serialization/index.html If successful, it will assign the public key otherwise it will return an error

type SecretKey

type SecretKey struct {
	// contains filtered or unexported fields
}

Represents a value mod r where r is the curve order or order of the subgroups in G1 and G2

func (SecretKey) Generate

func (sk SecretKey) Generate(ikm []byte) (*SecretKey, error)

Creates a new BLS secret key Input key material (ikm) MUST be at least 32 bytes long, but it MAY be longer.

func (SecretKey) GetPublicKey

func (sk SecretKey) GetPublicKey() (*PublicKey, error)

Get the corresponding public key from a secret key Verifies the public key is in the correct subgroup

func (*SecretKey) GetPublicKeyVt

func (sk *SecretKey) GetPublicKeyVt() (*PublicKeyVt, error)

Get the corresponding public key from a secret key Verifies the public key is in the correct subgroup

func (SecretKey) MarshalBinary

func (sk SecretKey) MarshalBinary() ([]byte, error)

Serialize a secret key to raw bytes

func (*SecretKey) UnmarshalBinary

func (sk *SecretKey) UnmarshalBinary(data []byte) error

Deserialize a secret key from raw bytes Cannot be zero. Must be 32 bytes and cannot be all zeroes. https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03#section-2.3

type SecretKeyShare

type SecretKeyShare struct {
	// contains filtered or unexported fields
}

SecretKeyShare is shamir share of a private key

func (SecretKeyShare) MarshalBinary

func (sks SecretKeyShare) MarshalBinary() ([]byte, error)

Serialize a secret key share to raw bytes

func (*SecretKeyShare) UnmarshalBinary

func (sks *SecretKeyShare) UnmarshalBinary(data []byte) error

Deserialize a secret key share from raw bytes

type SigAug

type SigAug struct {
	// contains filtered or unexported fields
}

SigAug is minimal-pubkey-size scheme that doesn't support FastAggregateVerificiation. see: https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03#section-4.2.2

func NewSigAug

func NewSigAug() *SigAug

Creates a new BLS message augmentation signature scheme with the standard domain separation tag used for signatures.

func NewSigAugWithDst

func NewSigAugWithDst(signDst string) *SigAug

Creates a new BLS message augmentation signature scheme with a custom domain separation tag used for signatures.

func (SigAug) AggregateVerify

func (b SigAug) AggregateVerify(pks []*PublicKey, msgs [][]byte, sigs []*Signature) (bool, error)

The AggregateVerify algorithm checks an aggregated signature over several (PK, message, signature) pairs. See section 3.2.3 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigAug) CombineSignatures

func (b SigAug) CombineSignatures(sigs ...*PartialSignature) (*Signature, error)

CombineSignatures takes partial signatures to yield a completed signature

func (SigAug) Keygen

func (b SigAug) Keygen() (*PublicKey, *SecretKey, error)

Creates a new BLS key pair

func (SigAug) KeygenWithSeed

func (b SigAug) KeygenWithSeed(ikm []byte) (*PublicKey, *SecretKey, error)

Creates a new BLS secret key Input key material (ikm) MUST be at least 32 bytes long, but it MAY be longer.

func (SigAug) PartialSign

func (b SigAug) PartialSign(sks *SecretKeyShare, pk *PublicKey, msg []byte) (*PartialSignature, error)

Compute a partial signature in G2 that can be combined with other partial signature

func (SigAug) Sign

func (b SigAug) Sign(sk *SecretKey, msg []byte) (*Signature, error)

Computes a signature in G1 from sk, a secret key, and a message See section 3.2.1 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigAug) ThresholdKeygen

func (b SigAug) ThresholdKeygen(threshold, total uint) (*PublicKey, []*SecretKeyShare, error)

ThresholdKeyGen generates a public key and `total` secret key shares such that `threshold` of them can be combined in signatures

func (SigAug) ThresholdKeygenWithSeed

func (b SigAug) ThresholdKeygenWithSeed(ikm []byte, threshold, total uint) (*PublicKey, []*SecretKeyShare, error)

ThresholdKeyGen generates a public key and `total` secret key shares such that `threshold` of them can be combined in signatures

func (SigAug) Verify

func (b SigAug) Verify(pk *PublicKey, msg []byte, sig *Signature) (bool, error)

Checks that a signature is valid for the message under the public key pk See section 3.2.2 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

type SigAugVt

type SigAugVt struct {
	// contains filtered or unexported fields
}

SigAugVt is minimal-signature-size scheme that doesn't support FastAggregateVerification. see: https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03#section-4.2.2

func NewSigAugVt

func NewSigAugVt() *SigAugVt

Creates a new BLS message augmentation signature scheme with the standard domain separation tag used for signatures.

func NewSigAugVtWithDst

func NewSigAugVtWithDst(signDst string) *SigAugVt

Creates a new BLS message augmentation signature scheme with a custom domain separation tag used for signatures.

func (SigAugVt) AggregateVerify

func (b SigAugVt) AggregateVerify(pks []*PublicKeyVt, msgs [][]byte, sigs []*SignatureVt) (bool, error)

The aggregateVerify algorithm checks an aggregated signature over several (PK, message, signature) pairs. See section 3.2.3 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigAugVt) CombineSignatures

func (b SigAugVt) CombineSignatures(sigs ...*PartialSignatureVt) (*SignatureVt, error)

CombineSignatures takes partial signatures to yield a completed signature

func (SigAugVt) Keygen

func (b SigAugVt) Keygen() (*PublicKeyVt, *SecretKey, error)

Creates a new BLS key pair

func (SigAugVt) KeygenWithSeed

func (b SigAugVt) KeygenWithSeed(ikm []byte) (*PublicKeyVt, *SecretKey, error)

Creates a new BLS secret key Input key material (ikm) MUST be at least 32 bytes long, but it MAY be longer.

func (SigAugVt) PartialSign

func (b SigAugVt) PartialSign(sks *SecretKeyShare, pk *PublicKeyVt, msg []byte) (*PartialSignatureVt, error)

Compute a partial signature in G2 that can be combined with other partial signature

func (SigAugVt) Sign

func (b SigAugVt) Sign(sk *SecretKey, msg []byte) (*SignatureVt, error)

Computes a signature in G1 from sk, a secret key, and a message See section 3.2.1 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02

func (SigAugVt) ThresholdKeygen

func (b SigAugVt) ThresholdKeygen(threshold, total uint) (*PublicKeyVt, []*SecretKeyShare, error)

ThresholdKeyGen generates a public key and `total` secret key shares such that `threshold` of them can be combined in signatures

func (SigAugVt) ThresholdKeygenWithSeed

func (b SigAugVt) ThresholdKeygenWithSeed(ikm []byte, threshold, total uint) (*PublicKeyVt, []*SecretKeyShare, error)

ThresholdKeygenWithSeed generates a public key and `total` secret key shares such that `threshold` of them can be combined in signatures

func (SigAugVt) Verify

func (b SigAugVt) Verify(pk *PublicKeyVt, msg []byte, sig *SignatureVt) (bool, error)

Checks that a signature is valid for the message under the public key pk See section 3.2.2 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

type SigBasic

type SigBasic struct {
	// contains filtered or unexported fields
}

SigBasic is minimal-pubkey-size scheme that doesn't support FastAggregateVerificiation. see: https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03#section-4.2.1

func NewSigBasic

func NewSigBasic() *SigBasic

Creates a new BLS basic signature scheme with the standard domain separation tag used for signatures.

func NewSigBasicWithDst

func NewSigBasicWithDst(signDst string) *SigBasic

Creates a new BLS basic signature scheme with a custom domain separation tag used for signatures.

func (SigBasic) AggregateVerify

func (b SigBasic) AggregateVerify(pks []*PublicKey, msgs [][]byte, sigs []*Signature) (bool, error)

The AggregateVerify algorithm checks an aggregated signature over several (PK, message, signature) pairs. Each message must be different or this will return false. See section 3.1.1 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigBasic) CombineSignatures

func (b SigBasic) CombineSignatures(sigs ...*PartialSignature) (*Signature, error)

CombineSignatures takes partial signatures to yield a completed signature

func (SigBasic) Keygen

func (b SigBasic) Keygen() (*PublicKey, *SecretKey, error)

Creates a new BLS key pair

func (SigBasic) KeygenWithSeed

func (b SigBasic) KeygenWithSeed(ikm []byte) (*PublicKey, *SecretKey, error)

Creates a new BLS key pair Input key material (ikm) MUST be at least 32 bytes long, but it MAY be longer.

func (SigBasic) PartialSign

func (b SigBasic) PartialSign(sks *SecretKeyShare, msg []byte) (*PartialSignature, error)

Compute a partial signature in G2 that can be combined with other partial signature

func (SigBasic) Sign

func (b SigBasic) Sign(sk *SecretKey, msg []byte) (*Signature, error)

Computes a signature in G2 from sk, a secret key, and a message

func (SigBasic) ThresholdKeygen

func (b SigBasic) ThresholdKeygen(threshold, total uint) (*PublicKey, []*SecretKeyShare, error)

ThresholdKeyGen generates a public key and `total` secret key shares such that `threshold` of them can be combined in signatures

func (SigBasic) ThresholdKeygenWithSeed

func (b SigBasic) ThresholdKeygenWithSeed(ikm []byte, threshold, total uint) (*PublicKey, []*SecretKeyShare, error)

ThresholdKeyGen generates a public key and `total` secret key shares such that `threshold` of them can be combined in signatures

func (SigBasic) Verify

func (b SigBasic) Verify(pk *PublicKey, msg []byte, sig *Signature) (bool, error)

Checks that a signature is valid for the message under the public key pk

type SigBasicVt

type SigBasicVt struct {
	// contains filtered or unexported fields
}

SigBasic is minimal-pubkey-size scheme that doesn't support FastAggregateVerification. see: https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03#section-4.2.1

func NewSigBasicVt

func NewSigBasicVt() *SigBasicVt

Creates a new BLS basic signature scheme with the standard domain separation tag used for signatures.

func NewSigBasicVtWithDst

func NewSigBasicVtWithDst(signDst string) *SigBasicVt

Creates a new BLS basic signature scheme with a custom domain separation tag used for signatures.

func (SigBasicVt) AggregateVerify

func (b SigBasicVt) AggregateVerify(pks []*PublicKeyVt, msgs [][]byte, sigs []*SignatureVt) (bool, error)

The AggregateVerify algorithm checks an aggregated signature over several (PK, message, signature) pairs. Each message must be different or this will return false. See section 3.1.1 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigBasicVt) CombineSignatures

func (b SigBasicVt) CombineSignatures(sigs ...*PartialSignatureVt) (*SignatureVt, error)

CombineSignatures takes partial signatures to yield a completed signature

func (SigBasicVt) Keygen

func (b SigBasicVt) Keygen() (*PublicKeyVt, *SecretKey, error)

Creates a new BLS key pair

func (SigBasicVt) KeygenWithSeed

func (b SigBasicVt) KeygenWithSeed(ikm []byte) (*PublicKeyVt, *SecretKey, error)

Creates a new BLS key pair Input key material (ikm) MUST be at least 32 bytes long, but it MAY be longer.

func (SigBasicVt) PartialSign

func (b SigBasicVt) PartialSign(sks *SecretKeyShare, msg []byte) (*PartialSignatureVt, error)

Compute a partial signature in G2 that can be combined with other partial signature

func (SigBasicVt) Sign

func (b SigBasicVt) Sign(sk *SecretKey, msg []byte) (*SignatureVt, error)

Computes a signature in G1 from sk, a secret key, and a message

func (SigBasicVt) ThresholdKeygen

func (b SigBasicVt) ThresholdKeygen(threshold, total uint) (*PublicKeyVt, []*SecretKeyShare, error)

ThresholdKeyGen generates a public key and `total` secret key shares such that `threshold` of them can be combined in signatures

func (SigBasicVt) ThresholdKeygenWithSeed

func (b SigBasicVt) ThresholdKeygenWithSeed(ikm []byte, threshold, total uint) (*PublicKeyVt, []*SecretKeyShare, error)

ThresholdKeygenWithSeed generates a public key and `total` secret key shares such that `threshold` of them can be combined in signatures from input key material (ikm)

func (SigBasicVt) Verify

func (b SigBasicVt) Verify(pk *PublicKeyVt, msg []byte, sig *SignatureVt) (bool, error)

Checks that a signature is valid for the message under the public key pk

type SigEth2

type SigEth2 = SigPop

SigEth2 supports signatures on Eth2. Internally is an alias for SigPop

func NewSigEth2

func NewSigEth2() *SigEth2

NewSigEth2 Creates a new BLS ETH2 signature scheme with the standard domain separation tag used for signatures.

type SigEth2Vt

type SigEth2Vt = SigPopVt

SigEth2Vt supports signatures on Eth2. Internally is an alias for SigPopVt

func NewSigEth2Vt

func NewSigEth2Vt() *SigEth2Vt

NewSigEth2Vt Creates a new BLS ETH2 signature scheme with the standard domain separation tag used for signatures.

type SigPop

type SigPop struct {
	// contains filtered or unexported fields
}

SigPop is minimal-pubkey-size scheme that supports FastAggregateVerification and requires using proofs of possession to mitigate rogue-key attacks see: https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03#section-4.2.3

func NewSigPop

func NewSigPop() *SigPop

Creates a new BLS proof of possession signature scheme with the standard domain separation tag used for signatures.

func NewSigPopWithDst

func NewSigPopWithDst(signDst, popDst string) (*SigPop, error)

Creates a new BLS message proof of possession signature scheme with a custom domain separation tag used for signatures.

func (SigPop) AggregatePublicKeys

func (b SigPop) AggregatePublicKeys(pks ...*PublicKey) (*MultiPublicKey, error)

Combine many public keys together to form a Multipublickey. Multipublickeys are used to verify multisignatures.

func (SigPop) AggregateSignatures

func (b SigPop) AggregateSignatures(sigs ...*Signature) (*MultiSignature, error)

Combine many signatures together to form a Multisignature. Multisignatures can be created when multiple signers jointly generate signatures over the same message.

func (SigPop) AggregateVerify

func (b SigPop) AggregateVerify(pks []*PublicKey, msgs [][]byte, sigs []*Signature) (bool, error)

The aggregateVerify algorithm checks an aggregated signature over several (PK, message, signature) pairs. Each message must be different or this will return false. See section 3.1.1 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigPop) CombineSignatures

func (b SigPop) CombineSignatures(sigs ...*PartialSignature) (*Signature, error)

CombineSignatures takes partial signatures to yield a completed signature

func (SigPop) FastAggregateVerify

func (b SigPop) FastAggregateVerify(pks []*PublicKey, msg []byte, asig *Signature) (bool, error)

FastAggregateVerify verifies an aggregated signature against the specified message and set of public keys. See section 3.3.4 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigPop) FastAggregateVerifyConstituent

func (b SigPop) FastAggregateVerifyConstituent(pks []*PublicKey, msg []byte, sigs []*Signature) (bool, error)

FastAggregateVerifyConstituent aggregates all constituent signatures and the verifies them against the specified message and public keys See section 3.3.4 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigPop) Keygen

func (b SigPop) Keygen() (*PublicKey, *SecretKey, error)

Creates a new BLS key pair

func (SigPop) KeygenWithSeed

func (b SigPop) KeygenWithSeed(ikm []byte) (*PublicKey, *SecretKey, error)

Creates a new BLS secret key Input key material (ikm) MUST be at least 32 bytes long, but it MAY be longer.

func (SigPop) PartialSign

func (b SigPop) PartialSign(sks *SecretKeyShare, msg []byte) (*PartialSignature, error)

Compute a partial signature in G2 that can be combined with other partial signature

func (SigPop) PopProve

func (b SigPop) PopProve(sk *SecretKey) (*ProofOfPossession, error)

Create a proof of possession for the corresponding public key. A proof of possession must be created for each public key to be used in FastAggregateVerify or a Multipublickey to avoid rogue key attacks. See section 3.3.2 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigPop) PopVerify

func (b SigPop) PopVerify(pk *PublicKey, pop2 *ProofOfPossession) (bool, error)

verify a proof of possession for the corresponding public key is valid. A proof of possession must be created for each public key to be used in FastAggregateVerify or a Multipublickey to avoid rogue key attacks. See section 3.3.3 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigPop) Sign

func (b SigPop) Sign(sk *SecretKey, msg []byte) (*Signature, error)

Computes a signature in G2 from sk, a secret key, and a message See section 2.6 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigPop) ThresholdKeygen

func (b SigPop) ThresholdKeygen(threshold, total uint) (*PublicKey, []*SecretKeyShare, error)

ThresholdKeyGen generates a public key and `total` secret key shares such that `threshold` of them can be combined in signatures

func (SigPop) ThresholdKeygenWithSeed

func (b SigPop) ThresholdKeygenWithSeed(ikm []byte, threshold, total uint) (*PublicKey, []*SecretKeyShare, error)

ThresholdKeyGen generates a public key and `total` secret key shares such that `threshold` of them can be combined in signatures

func (SigPop) Verify

func (b SigPop) Verify(pk *PublicKey, msg []byte, sig *Signature) (bool, error)

Checks that a signature is valid for the message under the public key pk See section 2.7 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigPop) VerifyMultiSignature

func (b SigPop) VerifyMultiSignature(pk *MultiPublicKey, msg []byte, sig *MultiSignature) (bool, error)

Checks that a multisignature is valid for the message under the multi public key Similar to FastAggregateVerify except the keys and signatures have already been combined. See section 3.3.4 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

type SigPopVt

type SigPopVt struct {
	// contains filtered or unexported fields
}

SigPopVt is minimal-signature-size scheme that supports FastAggregateVerification and requires using proofs of possession to mitigate rogue-key attacks see: https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03#section-4.2.3

func NewSigPopVt

func NewSigPopVt() *SigPopVt

Creates a new BLS proof of possession signature scheme with the standard domain separation tag used for signatures.

func NewSigPopVtWithDst

func NewSigPopVtWithDst(signDst, popDst string) (*SigPopVt, error)

Creates a new BLS message proof of possession signature scheme with a custom domain separation tag used for signatures.

func (SigPopVt) AggregatePublicKeys

func (b SigPopVt) AggregatePublicKeys(pks ...*PublicKeyVt) (*MultiPublicKeyVt, error)

Combine many public keys together to form a Multipublickey. Multipublickeys are used to verify multisignatures.

func (SigPopVt) AggregateSignatures

func (b SigPopVt) AggregateSignatures(sigs ...*SignatureVt) (*MultiSignatureVt, error)

Combine many signatures together to form a Multisignature. Multisignatures can be created when multiple signers jointly generate signatures over the same message.

func (SigPopVt) AggregateVerify

func (b SigPopVt) AggregateVerify(pks []*PublicKeyVt, msgs [][]byte, sigs []*SignatureVt) (bool, error)

The aggregateVerify algorithm checks an aggregated signature over several (PK, message, signature) pairs. Each message must be different or this will return false. See section 3.1.1 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02

func (SigPopVt) CombineSignatures

func (b SigPopVt) CombineSignatures(sigs ...*PartialSignatureVt) (*SignatureVt, error)

CombineSignatures takes partial signatures to yield a completed signature

func (SigPopVt) FastAggregateVerify

func (b SigPopVt) FastAggregateVerify(pks []*PublicKeyVt, msg []byte, asig *SignatureVt) (bool, error)

FastAggregateVerify verifies an aggregated signature over the same message under the given public keys. See section 3.3.4 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigPopVt) FastAggregateVerifyConstituent

func (b SigPopVt) FastAggregateVerifyConstituent(pks []*PublicKeyVt, msg []byte, sigs []*SignatureVt) (bool, error)

FastAggregateVerifyConstituent verifies a list of signature over the same message under the given public keys. See section 3.3.4 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigPopVt) Keygen

func (b SigPopVt) Keygen() (*PublicKeyVt, *SecretKey, error)

Creates a new BLS key pair

func (SigPopVt) KeygenWithSeed

func (b SigPopVt) KeygenWithSeed(ikm []byte) (*PublicKeyVt, *SecretKey, error)

Creates a new BLS secret key Input key material (ikm) MUST be at least 32 bytes long, but it MAY be longer.

func (SigPopVt) PartialSign

func (b SigPopVt) PartialSign(sks *SecretKeyShare, msg []byte) (*PartialSignatureVt, error)

Compute a partial signature in G2 that can be combined with other partial signature

func (SigPopVt) PopProve

func (b SigPopVt) PopProve(sk *SecretKey) (*ProofOfPossessionVt, error)

Create a proof of possession for the corresponding public key. A proof of possession must be created for each public key to be used in FastAggregateVerify or a Multipublickey to avoid rogue key attacks. See section 3.3.2 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigPopVt) PopVerify

func (b SigPopVt) PopVerify(pk *PublicKeyVt, pop1 *ProofOfPossessionVt) (bool, error)

verify a proof of possession for the corresponding public key is valid. A proof of possession must be created for each public key to be used in FastAggregateVerify or a Multipublickey to avoid rogue key attacks. See section 3.3.3 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigPopVt) Sign

func (b SigPopVt) Sign(sk *SecretKey, msg []byte) (*SignatureVt, error)

Computes a signature in G1 from sk, a secret key, and a message See section 2.6 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigPopVt) ThresholdKeygen

func (b SigPopVt) ThresholdKeygen(threshold, total uint) (*PublicKeyVt, []*SecretKeyShare, error)

ThresholdKeyGen generates a public key and `total` secret key shares such that `threshold` of them can be combined in signatures

func (SigPopVt) ThresholdKeygenWithSeed

func (b SigPopVt) ThresholdKeygenWithSeed(ikm []byte, threshold, total uint) (*PublicKeyVt, []*SecretKeyShare, error)

ThresholdKeyGen generates a public key and `total` secret key shares such that `threshold` of them can be combined in signatures

func (SigPopVt) Verify

func (b SigPopVt) Verify(pk *PublicKeyVt, msg []byte, sig *SignatureVt) (bool, error)

Checks that a signature is valid for the message under the public key pk See section 2.7 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-03

func (SigPopVt) VerifyMultiSignature

func (b SigPopVt) VerifyMultiSignature(pk *MultiPublicKeyVt, msg []byte, sig *MultiSignatureVt) (bool, error)

Checks that a multisignature is valid for the message under the multi public key Similar to FastAggregateVerify except the keys and signatures have already been combined. See section 3.3.4 from https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-02

type Signature

type Signature struct {
	Value bls12381.PointG2
}

Represents a BLS signature in G2

func (*Signature) UnmarshalBinary

func (sig *Signature) UnmarshalBinary(data []byte) error

Deserialize a signature from a byte array in compressed form. See https://github.com/zcash/librustzcash/blob/master/pairing/src/bls12_381/README.md#serialization https://docs.rs/bls12_381/0.1.1/bls12_381/notes/serialization/index.html If successful, it will assign the Signature otherwise it will return an error

type SignatureVt

type SignatureVt struct {
	// contains filtered or unexported fields
}

Represents a BLS signature in G1

func (*SignatureVt) UnmarshalBinary

func (sig *SignatureVt) UnmarshalBinary(data []byte) error

Deserialize a signature from a byte array in compressed form. See https://github.com/zcash/librustzcash/blob/master/pairing/src/bls12_381/README.md#serialization https://docs.rs/bls12_381/0.1.1/bls12_381/notes/serialization/index.html If successful, it will assign the Signature otherwise it will return an error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL