Documentation
¶
Overview ¶
Package threshcrypto provides an implementation of the MirModule module. It supports TBLS signatures.
Index ¶
- Variables
- type DummyCrypto
- type MirModule
- type TBLSInst
- func (inst *TBLSInst) MarshalTo(w io.Writer) (int, error)
- func (inst *TBLSInst) Recover(_ [][]byte, sigShares [][]byte) ([]byte, error)
- func (inst *TBLSInst) SignShare(msg [][]byte) ([]byte, error)
- func (inst *TBLSInst) UnmarshalFrom(r io.Reader) (int, error)
- func (inst *TBLSInst) VerifyFull(msg [][]byte, sigFull []byte) error
- func (inst *TBLSInst) VerifyShare(msg [][]byte, sigShare []byte, nodeID t.NodeID) error
- type ThreshCrypto
Constants ¶
This section is empty.
Variables ¶
var ( // DefaultPseudoSeed is an arbitrary number that the nodes can use as a seed when instantiating their MirModule modules. // This is not secure, but helps during testing, as it obviates the exchange of public keys among nodes. DefaultPseudoSeed int64 = 12345 )
Functions ¶
This section is empty.
Types ¶
type DummyCrypto ¶
type DummyCrypto struct {
DummySigShareSuffix []byte
// Current node ID
Self t.NodeID
// The only accepted full signature
DummySigFull []byte
}
DummyCrypto represents a dummy MirModule module that always produces the same dummy byte slices specified at instantiation as the full signature. Signature shares always consist of the nodeID followed by a preset suffix (DummySigShareSuffix) Verification of these dummy signatures always succeeds. This is intended as a stub for testing purposes.
func (*DummyCrypto) Recover ¶
func (dc *DummyCrypto) Recover(data [][]byte, sigShares [][]byte) ([]byte, error)
Recovers full signature from signature shares if they are valid, otherwise an error is returned. data is ignored.
func (*DummyCrypto) SignShare ¶
func (dc *DummyCrypto) SignShare(_ [][]byte) ([]byte, error)
SignShare always returns the dummy signature DummySig, regardless of the data.
func (*DummyCrypto) VerifyFull ¶
func (dc *DummyCrypto) VerifyFull(_ [][]byte, signature []byte) error
VerifyFull returns nil (i.e. success) only if signature equals DummySig. data is ignored.
func (*DummyCrypto) VerifyShare ¶
VerifyShare returns nil (i.e. success) only if signature share equals nodeID||DummySigShareSuffix. data is ignored.
type MirModule ¶
type MirModule struct {
// contains filtered or unexported fields
}
func New ¶
func New(threshCrypto ThreshCrypto) *MirModule
func (*MirModule) ApplyEvent ¶
func (*MirModule) ApplyEvents ¶
func (*MirModule) ImplementsModule ¶
func (c *MirModule) ImplementsModule()
The ImplementsModule method only serves the purpose of indicating that this is a Module and must not be called.
type TBLSInst ¶
type TBLSInst struct {
// contains filtered or unexported fields
}
TBLSInst an instance of a BLS-based (t, len(members))-threshold signature scheme It is capable of creating signature shares with its (single) private key share, and validating/recovering signatures involving all group members.
func TBLS12381Keygen ¶
TBLS12381Keygen constructs a set TBLSInst for a given set of member nodes and threshold T with nByz byzantine nodes, using the BLS12-381 pairing, with signatures being points on curve G1, and keys points on curve G2.
func (*TBLSInst) MarshalTo ¶
MarshalTo writes the properties of a TBLSInst to an io.Writer. Can be read with TBLSInst.UnmarshalFrom.
func (*TBLSInst) Recover ¶
Recover recovers a full signature from a set of (previously validated) shares, that are known to be from distinct nodes.
func (*TBLSInst) UnmarshalFrom ¶
UnmarshalFrom sets the properties of a TBLSInst from an io.Reader. The property stream can be created from TBLSInst.MarshalTo. NOTE: Currently assumes the underlying scheme is the same as in TBLS12381Keygen().
func (*TBLSInst) VerifyFull ¶
VerifyFull verifies that a (full) signature is valid for a given message.
type ThreshCrypto ¶
type ThreshCrypto interface {
// The data to be signed is the concatenation of all the passed byte slices.
// A signature share produced by SignShare is verifiable using VerifyShare.
// After obtaining signature shares from T group members, the full signature can be constructed with Recover.
// Returns the signature (and a nil error) on success, and a non-nil error otherwise.
SignShare(data [][]byte) ([]byte, error)
// Returns nil on success (i.e., if the given signature share is valid) and a non-nil error otherwise.
VerifyShare(data [][]byte, signatureShare []byte, nodeID t.NodeID) error
// Recover constructs a full signature from signature shares over data.
// All signature shares MUST have been previously verified with VerifyShare, and must come from
// different nodes.
// Returns the full signature (and a nil error) on success and a non-nil error otherwise.
// Signatures returned by Recover are guaranteed to be valid.
Recover(data [][]byte, signatureShares [][]byte) ([]byte, error)
// VerifyFull verifies a full signature from the group over data.
// Returns nil on success (i.e., if the given signature is valid) and a non-nil error otherwise.
VerifyFull(data [][]byte, signature []byte) error
}
The ThreshCrypto interface represents an implementation of threshold cryptography primitives inside the MirModule module. It is responsible for producing and verifying cryptographic threshold signatures, which disperses the authority to sign among a group of N members, where T must sign their share for a full signature to be produced. It internally stores information about the group, its public key and shares, and the node's private key share.
func TBLSPseudo ¶
TBLSPseudo returns a ThreshCryptoImpl module to be used by a Node, generating new keys in a pseudo-random manner. It is initialized and populated deterministically, based on a given configuration and a random seed. NodePseudo is not secure. Intended for testing purposes and assuming a static membership known to all nodes, NodePseudo can be invoked by each Node independently (specifying the same seed, e.g. DefaultPseudoSeed) and generates the same set of keys for the whole system at each node, obviating the exchange of public keys.
Source Files
Directories