Documentation
¶
Index ¶
- Constants
- func ListSchemes() []string
- func RandomnessFromSignature(sig []byte) []byte
- type Scheme
- func GetSchemeByID(id string) (*Scheme, error)
- func GetSchemeFromEnv() (*Scheme, error)
- func NewPedersenBLSChained() (cs *Scheme)
- func NewPedersenBLSUnchained() (cs *Scheme)
- func NewPedersenBLSUnchainedG1() (cs *Scheme)
- func NewPedersenBLSUnchainedSwapped() (cs *Scheme)deprecated
- func SchemeFromName(schemeName string) (*Scheme, error)
- type SignedBeacon
Constants ¶
const DefaultSchemeID = "pedersen-bls-chained"
DefaultSchemeID is the default scheme ID.
const ShortSigSchemeID = "bls-unchained-on-g1"
ShortSigSchemeID is the scheme id used to set unchained randomness on beacons with G1 and G2 swapped.
const SigsOnG1ID = "bls-unchained-g1-rfc9380"
SigsOnG1ID is the scheme id used to set unchained randomness on beacons with signatures on G1 that are compliant with the hash to curve RFC.
const UnchainedSchemeID = "pedersen-bls-unchained"
UnchainedSchemeID is the scheme id used to set unchained randomness on beacons.
Variables ¶
This section is empty.
Functions ¶
func RandomnessFromSignature ¶
RandomnessFromSignature derives the round randomness from its signature. We are using sha256 currently but it could use blake2b instead or another hash. Hashing the signature is important because the algebraic structure of the elliptic curve points that correspond to signatures does not map uniformly with all possible bit string, but a signature is indistinguishable from any random point on that elliptic curve.
Types ¶
type Scheme ¶
type Scheme struct {
// The name of the scheme
Name string
// SigGroup is the group used to create the signatures; it must always be
// different from the KeyGroup: G1 key group and G2 sig group or G1 sig group and G2 keygroup.
SigGroup kyber.Group
// KeyGroup is the group used to create the keys
KeyGroup kyber.Group
// ThresholdScheme is the signature scheme used, defining over which curve the signature
// and keys respectively are.
ThresholdScheme sign.ThresholdScheme
// AuthScheme is the signature scheme used to identify public identities
AuthScheme sign.Scheme
// DKGAuthScheme is the signature scheme used to authenticate packets during broadcast in a DKG
DKGAuthScheme sign.Scheme
// the hash function used by this scheme
IdentityHash func() hash.Hash `toml:"-"`
// the DigestBeacon is used to generate the bytes that are getting signed
DigestBeacon func(hashableBeacon) []byte `toml:"-"`
}
Scheme represents the cryptographic schemes supported by drand. It currently assumes the usage of pairings and it is important that the SigGroup and KeyGroup are properly set with respect to the ThresholdScheme, the AuthScheme also needs to be compatible with the KeyGroup, since it will use it to self-sign its own public key.
Note: Scheme is not meant to be marshaled directly. Instead use the SchemeFromName
func GetSchemeByID ¶
GetSchemeByID allows the user to retrieve the scheme configuration looking by its ID. It will return a boolean which indicates if the scheme was found or not. In addition to it, if the received ID is an empty string, it will return the default defined scheme
func GetSchemeFromEnv ¶
GetSchemeFromEnv allows the user to retrieve the scheme configuration looking by the ID set on an environmental variable. If the scheme is not found, function will panic.
func NewPedersenBLSChained ¶
func NewPedersenBLSChained() (cs *Scheme)
NewPedersenBLSChained instantiate a scheme of type "pedersen-bls-chained" which is the original sheme used by drand since 2018. It links all beacons with the previous ones by "chaining" the signatures with the previous signature, preventing one to predict a future message that would be signed by the network before the previous signature is available. This however means this scheme is not compatible with "timelock encryption" as done by tlock. This schemes has the group public key on G1, so 48 bytes, and the beacon signatures on G2, so 96 bytes.
func NewPedersenBLSUnchained ¶
func NewPedersenBLSUnchained() (cs *Scheme)
NewPedersenBLSUnchained instantiate a scheme of type "pedersen-bls-unchained" which removes the link of all beacons with the previous ones by only hashing the round number as the message being signed. This scheme is compatible with "timelock encryption" as done by tlock. This schemes has the group public key on G1, so 48 bytes, and the beacon signatures on G2, so 96 bytes.
func NewPedersenBLSUnchainedG1 ¶
func NewPedersenBLSUnchainedG1() (cs *Scheme)
NewPedersenBLSUnchainedG1 instantiate a scheme of type "bls-unchained-on-g1" which is also unchained, only hashing the round number as the message being signed in beacons. This scheme is also compatible with "timelock encryption" as done by tlock. This schemes has the group public key on G2, so 96 bytes, and the beacon signatures on G1, so 48 bytes. This means databases of beacons produced with this scheme are almost half the size of the other schemes.
func NewPedersenBLSUnchainedSwapped
deprecated
func NewPedersenBLSUnchainedSwapped() (cs *Scheme)
NewPedersenBLSUnchainedSwapped instantiate a scheme of type "bls-unchained-on-g1" which is also unchained, only hashing the round number as the message being signed in beacons. This scheme is also compatible with "timelock encryption" as done by tlock. This schemes has the group public key on G2, so 96 bytes, and the beacon signatures on G1, so 48 bytes. This means databases of beacons produced with this scheme are almost half the size of the other schemes.
Deprecated: However this scheme is using the DST from G2 for Hash to Curve, which means it is not spec compliant.
func SchemeFromName ¶
func (*Scheme) VerifyBeacon ¶
func (s *Scheme) VerifyBeacon(b SignedBeacon, pubkey kyber.Point) error
VerifyBeacon is verifying the aggregated beacon against the provided group public key
type SignedBeacon ¶
type SignedBeacon interface {
GetSignature() []byte
// contains filtered or unexported methods
}
Source Files
Directories