bgls

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 7, 2018 License: Apache-2.0 Imports: 5 Imported by: 3

Documentation

Overview

Package bgls implements bls signatures, as described by Short Signatures from the Weil Pairing. In this library, an aggregate signature refers to an aggregation of signatures on different messages into a single signature. A multi signature refers to an aggregation of signatures on the same message into the same signature. The difference is that a multi signature can be verified quite quickly, using 2 pairing operations regardless of the number of signers, whereas an aggregate signature requires n+1 pairing operations.

There are three different methods to protect against the rogue public key attack. The three methods are proving knowledge of secret key (kosk), enforcing that all messages are distinct (Distinct Message), and using a hash of the public keys to create exponents that are used in aggregation (Hashed Aggregation Exponents - HAE). These are all described in https://crypto.stanford.edu/~dabo/pubs/papers/BLSmultisig.html, where HAE is Dan Boneh's new method introduced in that article.

Proof of knowledge of the secret key is done in this library through doing a BLS signature on the public key itself as a message. See blsKosk.go for more details. Note that this Kosk method is not interoperable with 'plain' bls due to design choices explained in blsKosk.go

BLS with distinct messages is done in this library by prepending the public key to each message, before signing, to ensure that it each message is unique. (thereby circumventing rogue public key attacks). See blsDistinctMessage.go for more details. Note that BLS with distinct messages does not offer multi sigs in their efficiently computable form where only 2 pairings are required.

The third method for preventing the rogue public key attack is explained in in blsHAE.go, and in Boneh's paper. The method for hashing public keys to the exponents is to write them to blake2x, and then to squeeze the corresponding amount of output from the XOF.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AggregateKeys 

func AggregateKeys(keys []Point) Point

AggregateKeys sums an array of public keys into one key. This wrapper only exists so end-users don't have to use the method from curve

func AggregateSignatures 

func AggregateSignatures(sigs []Point) Point

AggregateSignatures aggregates an array of signatures into one aggsig. This wrapper only exists so end-users don't have to use the method from curves

func AggregateSignaturesWithHAE 

func AggregateSignaturesWithHAE(sigs []Point, pubkeys []Point) Point

AggregateSignaturesWithHAE aggregates the signatures, using the hashed exponents derived from the pubkeys to protect against the rogue public key attack.

func Authenticate 

func Authenticate(curve CurveSystem, sk *big.Int) Point

Authenticate generates an Aggregatable Authentication for a given secret key. It signs the public key generated from sk, with a 0x01 byte prepended to it.

func AuthenticateCustHash 

func AuthenticateCustHash(curve CurveSystem, sk *big.Int, hash func([]byte) Point) Point

AuthenticateCustHash generates an Aggregatable Authentication for a given secret key. It signs the public key generated from sk, with a null byte prepended to it. This runs with the specified hash function.

func CheckAuthentication 

func CheckAuthentication(curve CurveSystem, pubkey Point, authentication Point) bool

CheckAuthentication verifies that the provided signature is in fact authentication for this public key.

func CheckAuthenticationCustHash 

func CheckAuthenticationCustHash(curve CurveSystem, pubkey Point, authentication Point, hash func([]byte) Point) bool

CheckAuthenticationCustHash verifies that the provided signature is in fact authentication for this public key.

func DistinctMsgSign 

func DistinctMsgSign(curve CurveSystem, sk *big.Int, m []byte) Point

DistinctMsgSign creates a signature on a message with a private key, with prepending the public key to the message.

func DistinctMsgSignCustHash 

func DistinctMsgSignCustHash(curve CurveSystem, sk *big.Int, msg []byte, hash func([]byte) Point) Point

DistinctMsgSignCustHash creates a signature on a message with a private key, using a supplied function to hash to g1.

func DistinctMsgVerifyAggregateSignature 

func DistinctMsgVerifyAggregateSignature(curve CurveSystem, aggsig Point, keys []Point, msgs [][]byte) bool

DistinctMsgVerifyAggregateSignature checks that an aggsig was generated from the the provided set of public key / msg pairs, when the messages are signed using the 'Distinct Message' method.

func DistinctMsgVerifySingleSignature 

func DistinctMsgVerifySingleSignature(curve CurveSystem, sig Point, pubkey Point, m []byte) bool

DistinctMsgVerifySingleSignature checks that a single 'Distinct Message' signature is valid

func KeyGen 

func KeyGen(curve CurveSystem) (*big.Int, Point, error)

KeyGen generates a *big.Int and Point2

func KoskSign 

func KoskSign(curve CurveSystem, sk *big.Int, msg []byte) Point

KoskSign creates a kosk signature on a message with a private key. A kosk signature prepends a 0x01 byte to the message before signing.

func KoskSignCustHash 

func KoskSignCustHash(curve CurveSystem, sk *big.Int, msg []byte, hash func([]byte) Point) Point

KoskSignCustHash creates a kosk signature on a message with a private key, using a supplied function to hash to point. A kosk signature prepends a 0x01 byte to the message before signing.

func KoskVerifyAggregateSignature 

func KoskVerifyAggregateSignature(curve CurveSystem, aggsig Point, keys []Point, msgs [][]byte) bool

KoskVerifyAggregateSignature verifies that the aggregated signature proves that all messages were signed by the associated keys.

func KoskVerifyMultiSignature 

func KoskVerifyMultiSignature(curve CurveSystem, aggsig Point, keys []Point, msg []byte) bool

KoskVerifyMultiSignature checks that the aggregate signature correctly proves that a single message has been signed by a set of keys, vulnerable against chosen key attack, if keys have not been authenticated

func KoskVerifyMultiSignatureWithMultiplicity 

func KoskVerifyMultiSignatureWithMultiplicity(curve CurveSystem, aggsig Point, keys []Point,
	multiplicity []int64, msg []byte) bool

KoskVerifyMultiSignatureWithMultiplicity verifies a BLS multi signature where multiple copies of each signature may have been included in the aggregation

func KoskVerifySingleSignature 

func KoskVerifySingleSignature(curve CurveSystem, sig Point, pubKey Point, msg []byte) bool

KoskVerifySingleSignature checks that a single kosk signature is valid.

func KoskVerifySingleSignatureCustHash 

func KoskVerifySingleSignatureCustHash(curve CurveSystem, pubKey Point, msg []byte,
	sig Point, hash func([]byte) Point) bool

KoskVerifySingleSignatureCustHash checks that a single kosk signature is valid, with the supplied hash function.

func LoadPublicKey 

func LoadPublicKey(curve CurveSystem, sk *big.Int) Point

LoadPublicKey turns secret key into a public key of type Point2

func Sign 

func Sign(curve CurveSystem, sk *big.Int, msg []byte) Point

Sign creates a standard BLS signature on a message with a private key

func SignCustHash 

func SignCustHash(sk *big.Int, msg []byte, hash func([]byte) Point) Point

SignCustHash creates a standard BLS signature on a message with a private key, using a supplied function to hash onto the curve where signatures lie.

func VerifyAggregateSignature 

func VerifyAggregateSignature(curve CurveSystem, aggsig Point, keys []Point, msgs [][]byte) bool

VerifyAggregateSignature verifies that the aggregated signature proves that all messages were signed by the associated keys. This will fail if there are duplicate messages, due to the possibility of the rogue public-key attack. If duplicate messages should be allowed, one of the protections against the rogue public-key attack should be used. See doc.go for more details.

func VerifyAggregateSignatureWithHAE 

func VerifyAggregateSignatureWithHAE(curve CurveSystem, aggsig Point, pubkeys []Point, msgs [][]byte) bool

VerifyAggregateSignatureWithHAE verifies signatures of different messages aggregated with HAE.

func VerifyMultiSignatureWithHAE 

func VerifyMultiSignatureWithHAE(curve CurveSystem, aggsig Point, pubkeys []Point, msg []byte) bool

VerifyMultiSignatureWithHAE verifies signatures of the same message aggregated with HAE.

func VerifySingleSignature 

func VerifySingleSignature(curve CurveSystem, sig Point, pubKey Point, msg []byte) bool

VerifySingleSignature checks that a single standard BLS signature is valid

func VerifySingleSignatureCustHash 

func VerifySingleSignatureCustHash(curve CurveSystem, sig Point, pubkey Point,
	msg []byte, hash func([]byte) Point) bool

VerifySingleSignatureCustHash checks that a single standard BLS signature is valid, using the supplied hash function to hash onto the curve where signatures lie.

Types

type AggSig 

type AggSig struct {
	// contains filtered or unexported fields
}

AggSig holds paired sequences of keys and messages, and one signature

func (*AggSig) Verify 

func (a *AggSig) Verify(curve CurveSystem) bool

Verify verifies an aggregate signature type.

type MultiSig 

type MultiSig struct {
	// contains filtered or unexported fields
}

MultiSig holds set of keys and one message plus signature

func (MultiSig) Verify 

func (m MultiSig) Verify(curve CurveSystem) bool

Verify checks that a single message has been signed by a set of keys vulnerable against rogue public-key attack, if keys have not been authenticated

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.