README
¶
bls12-381-hd
Hierarchical Key Derivation for BLS12-381, implemented in Go.
Following ERC-2333 and ERC-2334.
With no dependencies other than golang.org/x/crypto.
Full disclaimer: use this code at your own risk. The code is not audited.
Usage
package main
import (
"fmt"
hd "github.com/protolambda/bls12-381-hd"
"github.com/tyler-smith/go-bip39"
)
func main() {
m := "test test test test test test test test test test test junk"
seed := bip39.NewSeed(m, "")
key, err := hd.SecretKeyFromHD(seed, "m/12381/3600/0/0/0")
if err != nil {
panic(err)
}
fmt.Printf("derived key: %x\n", key[:])
}
License
MIT, see LICENSE file.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type CompressedLamportPK ¶
type CompressedLamportPK [32]byte
func ParentSKToLamportPK ¶
func ParentSKToLamportPK(parentSK *SK, index uint32) (*CompressedLamportPK, error)
ParentSKToLamportPK implements parent_SK_to_lamport_PK of ERC-2333.
https://eips.ethereum.org/EIPS/eip-2333#parent_sk_to_lamport_pk
Inputs parent_SK, the BLS Secret Key of the parent node index, the index of the desired child node, an integer 0 <= index < 2^32
Outputs
lamport_PK, the compressed lamport PK, a 32 octet string
Definitions
I2OSP is as defined in RFC3447 (Big endian decoding) flip_bits is a function that returns the bitwise negation of its input "" is the empty string a | b is the concatenation of a with b
type LamportSK ¶
type LamportSK [255][32]byte
func IKMToLamportSK ¶
IKMToLamportSK implements IKM_to_lamport_SK of ERC-2333.
https://eips.ethereum.org/EIPS/eip-2333#ikm_to_lamport_sk
Inputs
IKM, a secret octet string salt, an octet string
Outputs
lamport_SK, an array of 255 32-octet strings
Definitions
HKDF-Extract is as defined in RFC5869, instantiated with SHA256 HKDF-Expand is as defined in RFC5869, instantiated with SHA256 K = 32 is the digest size (in octets) of the hash function (SHA256) L = K * 255 is the HKDF output size (in octets) "" is the empty string bytes_split is a function takes in an octet string and splits it into K-byte chunks which are returned as an array
type SK ¶
func DeriveChildSK ¶
DeriveChildSK implements derive_child_sk of ERC-2333.
https://eips.ethereum.org/EIPS/eip-2333#derive_child_sk
The child key derivation function takes in the parent’s private key and the index of the child and returns the child private key.
Inputs
parent_SK, the secret key of the parent node, a big endian encoded integer index, the index of the desired child node, an integer 0 <= index < 2^32
Outputs
child_SK, the secret key of the child node, a big endian encoded integer
func DeriveMasterSK ¶
DeriveMasterSK implements derive_master_sk of ERC-2333.
https://eips.ethereum.org/EIPS/eip-2333#derive_master_sk
The child key derivation function takes in the parent’s private key and the index of the child and returns the child private key. The seed should ideally be derived from a mnemonic, with the intention being that BIP39 mnemonics, with the associated mnemonic_to_seed method be used.
Inputs
seed, the source entropy for the entire tree, a octet string >= 256 bits in length
Outputs
SK, the secret key of master node within the tree, a big endian encoded integer
func HKDFModR ¶
HKDFModR implements HKDF_mod_r of ERC-2333.
https://eips.ethereum.org/EIPS/eip-2333#hkdf_mod_r
Inputs IKM, a secret octet string >= 256 bits in length key_info, an optional octet string (default="", the empty string)
Outputs
SK, the corresponding secret key, an integer 0 <= SK < r.
Definitions
HKDF-Extract is as defined in RFC5869, instantiated with hash H. HKDF-Expand is as defined in RFC5869, instantiated with hash H. L is the integer given by ceil((3 * ceil(log2(r))) / 16).(L=48) "BLS-SIG-KEYGEN-SALT-" is an ASCII string comprising 20 octets. OS2IP is as defined in RFC3447 (Big endian encoding) I2OSP is as defined in RFC3447 (Big endian decoding) r is the order of the BLS 12-381 curve defined in the v4 draft IETF BLS signature scheme standard r=52435875175126190479447740508185965837690552500527637822603658699938581184513
Source Files