arnaucube
/
go-blindsecp256k1
mirror of https://github.com/arnaucube/go-blindsecp256k1.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20 Commits
5 Branches
0 Tags
60 MiB
Branch: feature/abstract-curve
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'feature/abstract-curve'
${ noResults }
go-blindsecp256k1/blindsecp256k1.go

351 lines
8.4 KiB
Raw Permalink Normal View History

Add blind signature scheme methods
3 years ago
Implement https://sci-hub.do/10.1109/ICCKE.2013.6682844 Previous to this commit there was the implementation of "[An Efficient Blind Signature Scheme Based on the Elliptic Curve Discrete Logarithm Problem](http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf)" paper by by Morteza Nikooghadama & Ali Zakerolhosseini. This commit adds the implementation of "[New Blind Signature Schemes Based on the (Elliptic Curve) Discrete Logarithm Problem](https://sci-hub.do/10.1109/ICCKE.2013.6682844)" paper by Hamid Mala & Nafiseh Nezhadansari.
3 years ago
Add README.md
3 years ago
Add GHA (tests & lint), add descr, update readme
3 years ago
Add secp256k1 wrappers
3 years ago
Add blind signature scheme methods
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add secp256k1 wrappers
3 years ago
Add checks to inputs at Blind & BlindSign
3 years ago
Add secp256k1 wrappers
3 years ago
Implement https://sci-hub.do/10.1109/ICCKE.2013.6682844 Previous to this commit there was the implementation of "[An Efficient Blind Signature Scheme Based on the Elliptic Curve Discrete Logarithm Problem](http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf)" paper by by Morteza Nikooghadama & Ali Zakerolhosseini. This commit adds the implementation of "[New Blind Signature Schemes Based on the (Elliptic Curve) Discrete Logarithm Problem](https://sci-hub.do/10.1109/ICCKE.2013.6682844)" paper by Hamid Mala & Nafiseh Nezhadansari.
3 years ago
Add secp256k1 wrappers
3 years ago
Add checks to inputs at Blind & BlindSign
3 years ago
Add secp256k1 wrappers
3 years ago
Add Point Compression & Decompression methods
3 years ago
Add secp256k1 wrappers
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add GHA (tests & lint), add descr, update readme
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add secp256k1 wrappers
3 years ago
Add GHA (tests & lint), add descr, update readme
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add secp256k1 wrappers
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add checks to inputs at Blind & BlindSign
3 years ago
Add Signature Compression & Decompression
3 years ago
Add Point Compression & Decompression methods
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add Point Compression & Decompression methods
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add Point Compression & Decompression methods
3 years ago
Add GHA (tests & lint), add descr, update readme
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add secp256k1 wrappers
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add secp256k1 wrappers
3 years ago
Add blind signature scheme methods
3 years ago
Add GHA (tests & lint), add descr, update readme
3 years ago
Add blind signature scheme methods
3 years ago
Add GHA (tests & lint), add descr, update readme
3 years ago
Add blind signature scheme methods
3 years ago
Add GHA (tests & lint), add descr, update readme
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add blind signature scheme methods
3 years ago
Add GHA (tests & lint), add descr, update readme
3 years ago
Add blind signature scheme methods
3 years ago
Add GHA (tests & lint), add descr, update readme
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add blind signature scheme methods
3 years ago
Add GHA (tests & lint), add descr, update readme
3 years ago
Add blind signature scheme methods
3 years ago
Update interface
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add blind signature scheme methods
3 years ago
Update interface
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add blind signature scheme methods
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add checks to inputs at Blind & BlindSign
3 years ago
Implement https://sci-hub.do/10.1109/ICCKE.2013.6682844 Previous to this commit there was the implementation of "[An Efficient Blind Signature Scheme Based on the Elliptic Curve Discrete Logarithm Problem](http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf)" paper by by Morteza Nikooghadama & Ali Zakerolhosseini. This commit adds the implementation of "[New Blind Signature Schemes Based on the (Elliptic Curve) Discrete Logarithm Problem](https://sci-hub.do/10.1109/ICCKE.2013.6682844)" paper by Hamid Mala & Nafiseh Nezhadansari.
3 years ago
Add blind signature scheme methods
3 years ago
Update interface
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add checks to inputs at Blind & BlindSign
3 years ago
Add blind signature scheme methods
3 years ago
Add checks to inputs at Blind & BlindSign
3 years ago
Add GHA (tests & lint), add descr, update readme
3 years ago
Add blind signature scheme methods
3 years ago
Add GHA (tests & lint), add descr, update readme
3 years ago
Add blind signature scheme methods
3 years ago
Add checks to inputs at Blind & BlindSign
3 years ago
Add blind signature scheme methods
3 years ago
Update interface
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add test hash odd bytes for js compatibility To ensure compatibility with https://github.com/arnaucube/blindsecp256k1-js/
3 years ago
Add checks to inputs at Blind & BlindSign
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add blind signature scheme methods
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Implement https://sci-hub.do/10.1109/ICCKE.2013.6682844 Previous to this commit there was the implementation of "[An Efficient Blind Signature Scheme Based on the Elliptic Curve Discrete Logarithm Problem](http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf)" paper by by Morteza Nikooghadama & Ali Zakerolhosseini. This commit adds the implementation of "[New Blind Signature Schemes Based on the (Elliptic Curve) Discrete Logarithm Problem](https://sci-hub.do/10.1109/ICCKE.2013.6682844)" paper by Hamid Mala & Nafiseh Nezhadansari.
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Implement https://sci-hub.do/10.1109/ICCKE.2013.6682844 Previous to this commit there was the implementation of "[An Efficient Blind Signature Scheme Based on the Elliptic Curve Discrete Logarithm Problem](http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf)" paper by by Morteza Nikooghadama & Ali Zakerolhosseini. This commit adds the implementation of "[New Blind Signature Schemes Based on the (Elliptic Curve) Discrete Logarithm Problem](https://sci-hub.do/10.1109/ICCKE.2013.6682844)" paper by Hamid Mala & Nafiseh Nezhadansari.
3 years ago
Update interface
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add test hash odd bytes for js compatibility To ensure compatibility with https://github.com/arnaucube/blindsecp256k1-js/
3 years ago
Add checks to inputs at Blind & BlindSign
3 years ago
Update interface
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Implement https://sci-hub.do/10.1109/ICCKE.2013.6682844 Previous to this commit there was the implementation of "[An Efficient Blind Signature Scheme Based on the Elliptic Curve Discrete Logarithm Problem](http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf)" paper by by Morteza Nikooghadama & Ali Zakerolhosseini. This commit adds the implementation of "[New Blind Signature Schemes Based on the (Elliptic Curve) Discrete Logarithm Problem](https://sci-hub.do/10.1109/ICCKE.2013.6682844)" paper by Hamid Mala & Nafiseh Nezhadansari.
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Implement https://sci-hub.do/10.1109/ICCKE.2013.6682844 Previous to this commit there was the implementation of "[An Efficient Blind Signature Scheme Based on the Elliptic Curve Discrete Logarithm Problem](http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf)" paper by by Morteza Nikooghadama & Ali Zakerolhosseini. This commit adds the implementation of "[New Blind Signature Schemes Based on the (Elliptic Curve) Discrete Logarithm Problem](https://sci-hub.do/10.1109/ICCKE.2013.6682844)" paper by Hamid Mala & Nafiseh Nezhadansari.
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Implement https://sci-hub.do/10.1109/ICCKE.2013.6682844 Previous to this commit there was the implementation of "[An Efficient Blind Signature Scheme Based on the Elliptic Curve Discrete Logarithm Problem](http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf)" paper by by Morteza Nikooghadama & Ali Zakerolhosseini. This commit adds the implementation of "[New Blind Signature Schemes Based on the (Elliptic Curve) Discrete Logarithm Problem](https://sci-hub.do/10.1109/ICCKE.2013.6682844)" paper by Hamid Mala & Nafiseh Nezhadansari.
3 years ago
Add checks to inputs at Blind & BlindSign
3 years ago
Add blind signature scheme methods
3 years ago
Add GHA (tests & lint), add descr, update readme
3 years ago
Add blind signature scheme methods
3 years ago
Add Signature Compression & Decompression
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add Signature Compression & Decompression
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add Signature Compression & Decompression
3 years ago
Add GHA (tests & lint), add descr, update readme
3 years ago
Update `Unblind` inputs removing unnecessary `m` - Update Unblind inputs removing unnecessary `m` - Add mod at Blind & BlindSign
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Implement https://sci-hub.do/10.1109/ICCKE.2013.6682844 Previous to this commit there was the implementation of "[An Efficient Blind Signature Scheme Based on the Elliptic Curve Discrete Logarithm Problem](http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf)" paper by by Morteza Nikooghadama & Ali Zakerolhosseini. This commit adds the implementation of "[New Blind Signature Schemes Based on the (Elliptic Curve) Discrete Logarithm Problem](https://sci-hub.do/10.1109/ICCKE.2013.6682844)" paper by Hamid Mala & Nafiseh Nezhadansari.
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add blind signature scheme methods
3 years ago
Add GHA (tests & lint), add descr, update readme
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add blind signature scheme methods
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add checks to inputs at Blind & BlindSign
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add checks to inputs at Blind & BlindSign
3 years ago
Add json Marshalers
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add blind signature scheme methods
3 years ago
Implement https://sci-hub.do/10.1109/ICCKE.2013.6682844 Previous to this commit there was the implementation of "[An Efficient Blind Signature Scheme Based on the Elliptic Curve Discrete Logarithm Problem](http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf)" paper by by Morteza Nikooghadama & Ali Zakerolhosseini. This commit adds the implementation of "[New Blind Signature Schemes Based on the (Elliptic Curve) Discrete Logarithm Problem](https://sci-hub.do/10.1109/ICCKE.2013.6682844)" paper by Hamid Mala & Nafiseh Nezhadansari.
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Implement https://sci-hub.do/10.1109/ICCKE.2013.6682844 Previous to this commit there was the implementation of "[An Efficient Blind Signature Scheme Based on the Elliptic Curve Discrete Logarithm Problem](http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf)" paper by by Morteza Nikooghadama & Ali Zakerolhosseini. This commit adds the implementation of "[New Blind Signature Schemes Based on the (Elliptic Curve) Discrete Logarithm Problem](https://sci-hub.do/10.1109/ICCKE.2013.6682844)" paper by Hamid Mala & Nafiseh Nezhadansari.
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Implement https://sci-hub.do/10.1109/ICCKE.2013.6682844 Previous to this commit there was the implementation of "[An Efficient Blind Signature Scheme Based on the Elliptic Curve Discrete Logarithm Problem](http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf)" paper by by Morteza Nikooghadama & Ali Zakerolhosseini. This commit adds the implementation of "[New Blind Signature Schemes Based on the (Elliptic Curve) Discrete Logarithm Problem](https://sci-hub.do/10.1109/ICCKE.2013.6682844)" paper by Hamid Mala & Nafiseh Nezhadansari.
3 years ago
Abstract curve from impl to use elliptic.Curve interface
3 years ago
Add blind signature scheme methods
3 years ago
Update `Unblind` inputs removing unnecessary `m` - Update Unblind inputs removing unnecessary `m` - Add mod at Blind & BlindSign
3 years ago
Implement https://sci-hub.do/10.1109/ICCKE.2013.6682844 Previous to this commit there was the implementation of "[An Efficient Blind Signature Scheme Based on the Elliptic Curve Discrete Logarithm Problem](http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf)" paper by by Morteza Nikooghadama & Ali Zakerolhosseini. This commit adds the implementation of "[New Blind Signature Schemes Based on the (Elliptic Curve) Discrete Logarithm Problem](https://sci-hub.do/10.1109/ICCKE.2013.6682844)" paper by Hamid Mala & Nafiseh Nezhadansari.
3 years ago
Add blind signature scheme methods
3 years ago
  1. // Package blindsecp256k1 implements the Blind signature scheme explained at
  2. // "New Blind Signature Schemes Based on the (Elliptic Curve) Discrete
  3. // Logarithm Problem", by Hamid Mala & Nafiseh Nezhadansari
  4. // https://sci-hub.do/10.1109/ICCKE.2013.6682844
  5. //
  6. // LICENSE can be found at https://github.com/arnaucube/go-blindsecp256k1/blob/master/LICENSE
  7. //
  8. package blindsecp256k1
  10. // WARNING: WIP code
  12. import (
  13. "bytes"
  14. "crypto/elliptic"
  15. "crypto/rand"
  16. "fmt"
  17. "math/big"
  19. "github.com/ethereum/go-ethereum/crypto"
  20. )
  22. // TMP
  23. // const (
  24. // // MinBigIntBytesLen defines the minimum bytes length of the minimum
  25. // // accepted value for the checked *big.Int
  26. // MinBigIntBytesLen = 20 * 8
  27. // )
  29. var (
  30. zero *big.Int = big.NewInt(0)
  31. )
  33. // Curve is a curve wrapper that works with Point structs
  34. type Curve struct {
  35. c elliptic.Curve
  36. }
  38. // Point represents a point on the secp256k1 curve
  39. type Point struct {
  40. X *big.Int
  41. Y *big.Int
  42. }
  44. // Add performs the Point addition
  45. func (c Curve) Add(p, q *Point) *Point {
  46. x, y := c.c.Add(p.X, p.Y, q.X, q.Y)
  47. return &Point{
  48. X: x,
  49. Y: y,
  50. }
  51. }
  53. // Mul performs the Point scalar multiplication
  54. func (c Curve) Mul(p *Point, scalar *big.Int) *Point {
  55. x, y := c.c.ScalarMult(p.X, p.Y, scalar.Bytes())
  56. return &Point{
  57. X: x,
  58. Y: y,
  59. }
  60. }
  62. func (c Curve) isValid(p *Point) error {
  63. if !c.c.IsOnCurve(p.X, p.Y) {
  64. return fmt.Errorf("Point is not on curve %s", c.c.Params().Name)
  65. }
  67. if bytes.Equal(p.X.Bytes(), zero.Bytes()) &&
  68. bytes.Equal(p.Y.Bytes(), zero.Bytes()) {
  69. return fmt.Errorf("Point (%s, %s) can not be (0, 0)",
  70. p.X.String(), p.Y.String())
  71. }
  72. return nil
  73. }
  75. // Compress packs a Point to a byte array of 33 bytes, encoded in little-endian.
  76. func (p *Point) Compress() [33]byte {
  77. xBytes := p.X.Bytes()
  78. odd := byte(0)
  79. if isOdd(p.Y) {
  80. odd = byte(1)
  81. }
  82. var b [33]byte
  83. copy(b[32-len(xBytes):32], xBytes)
  84. b[32] = odd
  85. return b
  86. }
  88. func isOdd(b *big.Int) bool {
  89. return b.Bit(0) != 0
  90. }
  92. // DecompressPoint unpacks a Point from the given byte array of 33 bytes
  93. // https://bitcointalk.org/index.php?topic=162805.msg1712294#msg1712294
  94. func DecompressPoint(curv elliptic.Curve, b [33]byte) (*Point, error) {
  95. x := new(big.Int).SetBytes(b[:32])
  96. var odd bool
  97. if b[32] == byte(1) {
  98. odd = true
  99. }
  101. // secp256k1: y2 = x3+ ax2 + b (where A==0, B==7)
  102. params := curv.Params()
  103. B := params.B
  104. P := params.P
  106. // compute x^3 + B mod p
  107. x3 := new(big.Int).Mul(x, x)
  108. x3 = new(big.Int).Mul(x3, x)
  109. // x3 := new(big.Int).Exp(x, big.NewInt(3), nil)
  110. x3 = new(big.Int).Add(x3, B)
  111. x3 = new(big.Int).Mod(x3, P)
  113. // sqrt mod p of x^3 + B
  114. y := new(big.Int).ModSqrt(x3, P)
  115. if y == nil {
  116. return nil, fmt.Errorf("not sqrt mod of x^3")
  117. }
  118. if odd != isOdd(y) {
  119. y = new(big.Int).Sub(P, y)
  120. // TODO if needed Mod
  121. }
  123. // check that y is a square root of x^3 + B
  124. y2 := new(big.Int).Mul(y, y)
  125. y2 = new(big.Int).Mod(y2, P)
  126. if !bytes.Equal(y2.Bytes(), x3.Bytes()) {
  127. return nil, fmt.Errorf("invalid square root")
  128. }
  130. if odd != isOdd(y) {
  131. return nil, fmt.Errorf("odd does not match oddness")
  132. }
  134. p := &Point{X: x, Y: y}
  135. return p, nil
  136. }
  138. // WIP
  139. func newRand(curv elliptic.Curve) *big.Int {
  140. var b [32]byte
  141. _, err := rand.Read(b[:])
  142. if err != nil {
  143. panic(err)
  144. }
  145. bi := new(big.Int).SetBytes(b[:])
  146. return new(big.Int).Mod(bi, curv.Params().N)
  147. }
  149. // PrivateKey represents the signer's private key
  150. type PrivateKey big.Int
  152. // PublicKey represents the signer's public key
  153. type PublicKey Point
  155. // NewPrivateKey returns a new random private key
  156. func NewPrivateKey(curv elliptic.Curve) *PrivateKey {
  157. k := newRand(curv)
  158. sk := PrivateKey(*k)
  159. return &sk
  160. }
  162. // BigInt returns a *big.Int representation of the PrivateKey
  163. func (sk *PrivateKey) BigInt() *big.Int {
  164. return (*big.Int)(sk)
  165. }
  167. // Public returns the PublicKey from the PrivateKey
  168. func (sk *PrivateKey) Public(curv elliptic.Curve) *PublicKey {
  169. // TODO change impl to use directly X, Y instead
  170. // of Point wrapper. In order to have the impl more close to go interface
  171. c := Curve{curv}
  172. G := &Point{
  173. X: c.c.Params().Gx,
  174. Y: c.c.Params().Gy,
  175. }
  176. q := c.Mul(G, sk.BigInt())
  177. pk := PublicKey{X: q.X, Y: q.Y}
  178. return &pk
  179. }
  181. // Point returns a *Point representation of the PublicKey
  182. func (pk *PublicKey) Point() *Point {
  183. return (*Point)(pk)
  184. }
  186. // NewRequestParameters returns a new random k (secret) & R (public) parameters
  187. func NewRequestParameters(curv elliptic.Curve) (*big.Int, *Point) {
  188. k := newRand(curv)
  189. G := &Point{
  190. X: curv.Params().Gx,
  191. Y: curv.Params().Gy,
  192. }
  193. // R = kG
  194. r := Curve{curv}.Mul(G, k)
  195. return k, r
  196. }
  198. // BlindSign performs the blind signature on the given mBlinded using the
  199. // PrivateKey and the secret k values
  200. func (sk *PrivateKey) BlindSign(curv elliptic.Curve, mBlinded *big.Int, k *big.Int) (*big.Int, error) {
  201. c := Curve{curv}
  202. n := c.c.Params().N
  203. // TODO add pending checks
  204. if mBlinded.Cmp(n) != -1 {
  205. return nil, fmt.Errorf("mBlinded not inside the finite field")
  206. }
  207. if bytes.Equal(mBlinded.Bytes(), big.NewInt(0).Bytes()) {
  208. return nil, fmt.Errorf("mBlinded can not be 0")
  209. }
  210. // TMP
  211. // if mBlinded.BitLen() < MinBigIntBytesLen {
  212. // return nil, fmt.Errorf("mBlinded too small")
  213. // }
  215. // s' = dm' + k
  216. sBlind := new(big.Int).Add(
  217. new(big.Int).Mul(sk.BigInt(), mBlinded),
  218. k)
  219. sBlind = new(big.Int).Mod(sBlind, n)
  220. return sBlind, nil
  221. }
  223. // UserSecretData contains the secret values from the User (a, b) and the
  224. // public F
  225. type UserSecretData struct {
  226. A *big.Int
  227. B *big.Int
  229. F *Point // public (in the paper is named R)
  230. }
  232. // Blind performs the blinding operation on m using signerR parameter
  233. func Blind(curv elliptic.Curve, m *big.Int, signerR *Point) (*big.Int, *UserSecretData, error) {
  234. c := Curve{curv}
  235. if err := c.isValid(signerR); err != nil {
  236. return nil, nil, fmt.Errorf("signerR %s", err)
  237. }
  239. // TODO check if curv==signerR.curv
  240. // TODO (once the Point abstraction is removed) check that signerR is
  241. // in the curve
  242. G := &Point{
  243. X: curv.Params().Gx,
  244. Y: curv.Params().Gy,
  245. }
  247. u := &UserSecretData{}
  248. u.A = newRand(curv)
  249. u.B = newRand(curv)
  251. // (R) F = aR' + bG
  252. aR := c.Mul(signerR, u.A)
  253. bG := c.Mul(G, u.B)
  254. u.F = c.Add(aR, bG)
  256. // TODO check that F != O (point at infinity)
  257. if err := c.isValid(u.F); err != nil {
  258. return nil, nil, fmt.Errorf("u.F %s", err)
  259. }
  261. rx := new(big.Int).Mod(u.F.X, curv.Params().N)
  263. // m' = a^-1 rx h(m)
  264. ainv := new(big.Int).ModInverse(u.A, curv.Params().N)
  265. ainvrx := new(big.Int).Mul(ainv, rx)
  266. hBytes := crypto.Keccak256(m.Bytes())
  267. h := new(big.Int).SetBytes(hBytes)
  268. mBlinded := new(big.Int).Mul(ainvrx, h)
  269. mBlinded = new(big.Int).Mod(mBlinded, curv.Params().N)
  271. return mBlinded, u, nil
  272. }
  274. // Signature contains the signature values S & F
  275. type Signature struct {
  276. S *big.Int
  277. F *Point
  278. }
  280. // Compress packs a Signature to a byte array of 65 bytes, encoded in
  281. // little-endian.
  282. func (s *Signature) Compress() [65]byte {
  283. var b [65]byte
  284. sBytes := s.S.Bytes()
  285. fBytes := s.F.Compress()
  286. copy(b[:32], swapEndianness(sBytes))
  287. copy(b[32:], fBytes[:])
  288. return b
  289. }
  291. // DecompressSignature unpacks a Signature from the given byte array of 65 bytes
  292. func DecompressSignature(curve elliptic.Curve, b [65]byte) (*Signature, error) {
  293. s := new(big.Int).SetBytes(swapEndianness(b[:32]))
  294. var fBytes [33]byte
  295. copy(fBytes[:], b[32:])
  296. f, err := DecompressPoint(curve, fBytes)
  297. if err != nil {
  298. return nil, err
  299. }
  300. sig := &Signature{S: s, F: f}
  301. return sig, nil
  302. }
  304. // Unblind performs the unblinding operation of the blinded signature for the
  305. // given the UserSecretData
  306. func Unblind(curv elliptic.Curve, sBlind *big.Int, u *UserSecretData) *Signature {
  307. // s = a s' + b
  308. as := new(big.Int).Mul(u.A, sBlind)
  309. s := new(big.Int).Add(as, u.B)
  310. s = new(big.Int).Mod(s, curv.Params().N)
  312. return &Signature{
  313. S: s,
  314. F: u.F,
  315. }
  316. }
  318. // Verify checks the signature of the message m for the given PublicKey
  319. func Verify(curv elliptic.Curve, m *big.Int, s *Signature, q *PublicKey) bool {
  320. // TODO add pending checks
  321. c := Curve{curv}
  322. if err := c.isValid(s.F); err != nil {
  323. return false
  324. }
  325. if err := c.isValid(q.Point()); err != nil {
  326. return false
  327. }
  329. G := &Point{
  330. X: curv.Params().Gx,
  331. Y: curv.Params().Gy,
  332. }
  333. sG := c.Mul(G, s.S) // sG
  335. hBytes := crypto.Keccak256(m.Bytes())
  336. h := new(big.Int).SetBytes(hBytes)
  338. rx := new(big.Int).Mod(s.F.X, curv.Params().N)
  339. rxh := new(big.Int).Mul(rx, h)
  340. // rxhG := G.Mul(rxh) // originally the paper uses G
  341. rxhG := c.Mul(q.Point(), rxh)
  343. right := c.Add(s.F, rxhG)
  345. // check sG == R + rx h(m) Q (where R in this code is F)
  346. if bytes.Equal(sG.X.Bytes(), right.X.Bytes()) &&
  347. bytes.Equal(sG.Y.Bytes(), right.Y.Bytes()) {
  348. return true
  349. }
  350. return false
  351. }