ed25519

package module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 30, 2023 License: MIT Imports: 7 Imported by: 1

README

ed25519-recovery

Package ed25519-recovery implements a modified Ed25519 signature algorithm that allows for public key recovery.

It is based on the Ed25519 signature scheme implemented by the Go 1.20.1 standard library.

ed25519-recovery and achieves public key recovery by removal of the public key from the pre-image of the SHA512 digest in the calculation of S.

Motivation

Key recovery allows to save on data that needs to be transferred with signed messages. Note: there's a computational cost for extracting the public key, so one should consider the trade-off between computations and data size.

Usage

import ed25519 "github.com/spacemeshos/ed25519-recovery"

func example() {
    // Generate a key pair.
    privateKey, publicKey, err := ed25519.GenerateKey(rand.Reader)
    if err != nil {
        panic(err)
    }

    // Sign a message.
    message := []byte("Hello, world!")
    signature := ed25519.Sign(privateKey, message)

    // Extract the public key from the signature...
    extractedPublicKey := ed25519.ExtractPublicKey(message, signature)

    // ... or verify the signature using the public key.
    if !ed25519.Verify(publicKey, message, signature) {
        panic("invalid signature")
    }
}

Benchmarks

The benchmarks can be executed with go test -bench ..

Benchmark_Go_Sign-6                      52352     22548 ns/op       0 B/op       0 allocs/op
Benchmark_Go_Verify-6                    25263     47206 ns/op       0 B/op       0 allocs/op
Benchmark_Spacemesh_Sign-6               52512     22942 ns/op       0 B/op       0 allocs/op
Benchmark_Spacemesh_Verify-6             25344     47545 ns/op       0 B/op       0 allocs/op
Benchmark_Spacemesh_KeyExtraction-6      16887     69857 ns/op       0 B/op       0 allocs/op

Testing

Some of the tests require python3 and the pip package pure25519 to be installed. These tests fuzz the implemented functions and compare the results to the python reference implementation in internal/pure25519.

To run the tests, execute go test ./... -v. There are also fuzzing tests that can be run with

go test -fuzz=Fuzz_ExtractPublicKey -fuzztime=20s
go test -fuzz=Fuzz_Sign -fuzztime=20s
go test -fuzz=Fuzz_Derive -fuzztime=20s

Documentation

Overview

Package ed25519-recovery implements a modified Ed25519 signature algorithm that allows for public key recovery. See https://github.com/spacemeshos/ed25519-recovery#readme.

Index

Constants

View Source 
const (
	// PublicKeySize is the size, in bytes, of public keys as used in this package.
	PublicKeySize = ed25519.PublicKeySize
	// PrivateKeySize is the size, in bytes, of private keys as used in this package.
	PrivateKeySize = ed25519.PrivateKeySize
	// SignatureSize is the size, in bytes, of signatures generated and verified by this package.
	SignatureSize = ed25519.SignatureSize
	// SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032.
	SeedSize = ed25519.SeedSize
)

Variables

This section is empty.

Functions

func GenerateKey 

func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error)

GenerateKey generates a public/private key pair using entropy from rand. If rand is nil, crypto/rand.Reader will be used.

func InvertModL 

func InvertModL(x *edwards25519.Scalar) *edwards25519.Scalar

InvertModL computes 1/x mod l and puts the result into s

func Sign 

func Sign(privateKey PrivateKey, message []byte) []byte

Sign signs the message with privateKey and returns a signature. It will panic if len(privateKey) is not PrivateKeySize.

The signature may be verified using this package's Verify function if the signer's public key is known.

Note: This function is not compatible with "crypto/ed25519".Sign. The signatures generated by this function cannot be verified using "crypto/ed25519".Verify.

func Verify 

func Verify(publicKey PublicKey, message, sig []byte) bool

Verify reports whether sig is a valid signature of message by publicKey. It will panic if len(publicKey) is not PublicKeySize.

Note: This function is not compatible with "crypto/ed25519".Verify. Only signatures created by this package's Sign function can be verified using this function.

Types

type PrivateKey 

type PrivateKey = ed25519.PrivateKey

PrivateKey is the type of Ed25519 private keys. It implements crypto.Signer.

func NewKeyFromSeed 

func NewKeyFromSeed(seed []byte) PrivateKey

NewKeyFromSeed calculates a private key from a seed. It will panic if len(seed) is not SeedSize. This function is provided for interoperability with RFC 8032. RFC 8032's private keys correspond to seeds in this package.

type PublicKey 

type PublicKey = ed25519.PublicKey

PublicKey is the type of Ed25519 public keys.

func ExtractPublicKey 

func ExtractPublicKey(message, sig []byte) (PublicKey, error)

ExtractPublicKey extracts the signer's public key given a message and its signature. It will panic if len(sig) is not SignatureSize.

Note: This function is not compatible with signatures created by "crypto/ed25519".Sign. Only signatures created by this package's Sign function can be used for public key recovery.

Source Files

View all Source files

Directories

Path Synopsis
internal
edwards25519
Package edwards25519 implements group logic for the twisted Edwards curve
 Package edwards25519 implements group logic for the twisted Edwards curve
edwards25519/field
Package field implements fast arithmetic modulo 2^255-19.
 Package field implements fast arithmetic modulo 2^255-19.
pure25519

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.