|
|
package schnorr
import ( "crypto/rand" "crypto/sha256" "math/big"
"github.com/arnaucube/cryptofun/ecc" )
const ( bits = 512 // 2048
)
// PubK is the public key of the Schnorr scheme
type PubK struct { P ecc.Point Q ecc.Point }
// PrivK is the private key of the Schnorr scheme
type PrivK struct { PubK PubK A *big.Int }
// Schnorr is the data structure for the Schnorr scheme
type Schnorr struct { EC ecc.EC D *big.Int // K
G ecc.Point Q ecc.Point // P
N int // order of curve
}
// Hash calculates a hash concatenating a given message bytes with a given EC Point. H(M||R)
func Hash(m []byte, c ecc.Point) *big.Int { var b []byte b = append(b, m...) cXBytes := c.X.Bytes() cYBytes := c.Y.Bytes() b = append(b, cXBytes...) b = append(b, cYBytes...) h := sha256.New() h.Write(b) hash := h.Sum(nil) r := new(big.Int).SetBytes(hash) return r }
// Gen generates the Schnorr scheme
func Gen(ec ecc.EC, g ecc.Point, r *big.Int) (Schnorr, PrivK, error) { var err error var schnorr Schnorr var sk PrivK schnorr.EC = ec schnorr.G = g
sk.PubK.P, _, err = ec.At(r) if err != nil { return schnorr, sk, err }
orderP, err := ec.Order(sk.PubK.P) if err != nil { return schnorr, sk, err }
// rand int between 1 and oerder of P
sk.A, err = rand.Int(rand.Reader, orderP) if err != nil { return schnorr, sk, err } sk.A = big.NewInt(int64(7)) skACopy := new(big.Int).SetBytes(sk.A.Bytes()) // pk.Q = k x P
sk.PubK.Q, err = ec.Mul(sk.PubK.P, skACopy) if err != nil { return schnorr, sk, err } return schnorr, sk, nil }
// Sign performs the signature of the message m with the given private key
func (schnorr Schnorr) Sign(sk PrivK, m []byte) (*big.Int, ecc.Point, error) { var e *big.Int orderP, err := schnorr.EC.Order(sk.PubK.P) if err != nil { return e, ecc.Point{}, err } // rand k <-[1,r]
k, err := rand.Int(rand.Reader, orderP) if err != nil { return e, ecc.Point{}, err }
// R = k x P
rPoint, err := schnorr.EC.Mul(sk.PubK.P, k) if err != nil { return e, ecc.Point{}, err } // e = H(M||R)
e = Hash(m, rPoint) // a*e
ae := new(big.Int).Mul(sk.A, e) // k + a*e
kae := new(big.Int).Add(k, ae) // k + a*e mod r, where r is order of P
s := new(big.Int).Mod(kae, orderP) return s, rPoint, nil }
// Verify checks if the given public key matches with the given signature of the message m, in the given EC
func Verify(ec ecc.EC, pk PubK, m []byte, s *big.Int, rPoint ecc.Point) (bool, error) { // e = H(M||R)
e := Hash(m, rPoint) eCopy := new(big.Int).SetBytes(e.Bytes())
// e x Q
eQ, err := ec.Mul(pk.Q, eCopy) if err != nil { return false, err }
// R + e x Q
// reQ, err := schnorr.EC.Add(rPoint, eQ)
// if err != nil {
// return false, err
// }
// s x P
sp, err := ec.Mul(pk.P, s) if err != nil { return false, err }
// return reQ.Equal(sp), nil
return eQ.Equal(sp), nil }
|