kyber: Index | Files

package bdn

import ""

Package bdn implements the Boneh-Drijvers-Neven signature scheme which is an implementation of the bls package which is robust against rogue public-key attacks. Those attacks could allow an attacker to forge a public-key and then make a verifiable signature for an aggregation of signatures. It fixes the situation by adding coefficients to the aggregate.

See the papers:


Package Files


func AggregatePublicKeys Uses

func AggregatePublicKeys(suite pairing.Suite, mask *sign.Mask) (kyber.Point, error)

AggregatePublicKeys aggregates a set of public keys (similarly to AggregateSignatures for signatures) using the hash function H: G2 -> R with R = {1, ..., 2^128}.

func AggregateSignatures Uses

func AggregateSignatures(suite pairing.Suite, sigs [][]byte, mask *sign.Mask) (kyber.Point, error)

AggregateSignatures aggregates the signatures using a coefficient for each one of them where c = H(pk) and H: G2 -> R with R = {1, ..., 2^128}

func NewKeyPair Uses

func NewKeyPair(suite pairing.Suite, random cipher.Stream) (kyber.Scalar, kyber.Point)

NewKeyPair creates a new BLS signing key pair. The private key x is a scalar and the public key X is a point on curve G2.

func Sign Uses

func Sign(suite pairing.Suite, x kyber.Scalar, msg []byte) ([]byte, error)

Sign creates a BLS signature S = x * H(m) on a message m using the private key x. The signature S is a point on curve G1.

func Verify Uses

func Verify(suite pairing.Suite, x kyber.Point, msg, sig []byte) error

Verify checks the given BLS signature S on the message m using the public key X by verifying that the equality e(H(m), X) == e(H(m), x*B2) == e(x*H(m), B2) == e(S, B2) holds where e is the pairing operation and B2 is the base point from curve G2.

Package bdn imports 9 packages (graph). Updated 2019-11-25. Refresh now. Tools for package owners.