schnorr_ring_sign

package

v0.0.0-...-05508b9 Latest Latest Go to latest Published: Oct 24, 2023 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/legendzhouwd/crypto

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func Sign(keys []*ecdsa.PublicKey, privateKey *ecdsa.PrivateKey, message []byte) ([]byte, error)
func Verify(keys []*ecdsa.PublicKey, signature, message []byte) (bool, error)

Constants ¶

View Source

const (
	MinimumParticipant = 2
)

Variables ¶

View Source

var (
	GenerateRingSignatureError     = errors.New("failed to generate ring signature")
	TooSmallNumOfkeysError         = errors.New("The total num of keys should be greater than one")
	CurveParamNilError             = errors.New("curve input param is nil")
	NotExactTheSameCurveInputError = errors.New("the curve is not same as curve of members")
	InvalidInputParamsError        = errors.New("invalid input")
	KeyParamNotMatchError          = errors.New("key param not match")
)

Functions ¶

func Sign ¶

func Sign(keys []*ecdsa.PublicKey, privateKey *ecdsa.PrivateKey, message []byte) ([]byte, error)

Schnorr Ring Signature use a particular function, the same as Schnorr signatures, defined as: H'(m, s(i), e(i)) = H(m || s(i)*G + e(i)*P(i))

To verify the ring signature, check that the result of H'(m, s(i), e(i)) is equal to e((i+1) % R). Which means that: H(m || s(i)*G + e(i)*P(i)) = e((i+1) % R)

P is the public key. P(i) = x(i)*G ---- x is the scalar factor of the private key R is the total number of P(0), P(1), ..., P(R-1) which are all the public keys participate in generating the ring signature. H is a hash function, for instance SHA256 or SM3. N is the order of the curve. r is the index of the actual signer located in the public keys of the ring.

This is the process:

Signer choose a random int index r within [0:lenOfRing-1] to hide his public key
Signer choose a random number k within [1:N-1]
Signer use k to compute the next index e: e((r+1)%R) = H(m || k*G), %R in case of (r+1) == R
Then repeat the procedure to compute every e within the ring until reach index r for i := (r+1)%R; i != r; i++%R: Choose a random number s((r+1)%R), i.e. s(i) within [1:N-1] Then compute e((r+2)%R), i.e. e((i+1) % R) = H(m || s(i)*G + e(i)*P(i))

5. Now we get e((r+1)%R), s((r+1)%R), ..., e(r), except s(r), which means the ring has a gap.

In order to close the ring, or say fulfill the gap, someone must have a private key which
corresponding public key exists within the public key set.

Finally we use e(r), k and x(r) to compute corresponding s(r):
   Compute s(r) = k - e(r)*x(r)

Now we get everything, the ring is closed. The Output signature: (P(0), ..., P(R-1), e(0), s(0), ..., s(R-1))

It is impossible for us to know who signed the signature, as everyone can use his private key to fulfill the gap and close the ring.

func Verify ¶

func Verify(keys []*ecdsa.PublicKey, signature, message []byte) (bool, error)

check the ring signature func Verify(sig *RingSignature, message []byte) bool {

Types ¶

This section is empty.

Source Files ¶

View all Source files

signature.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL