Update interface

2026-02-06 19:16:40 +01:00 · 2021-01-16 18:00:52 +01:00
parent ec095bba83
commit becff7b647
10 changed files with 78 additions and 134 deletions
--- a/README.md
+++ b/README.md
@@ -7,24 +7,26 @@ Blind signature over [secp256k1](https://en.bitcoin.it/wiki/Secp256k1), based on
 ## Usage

 ```go
-// message to be signed
+// signer: create new signer key pair
+sk := NewPrivateKey()
+signerPubK := sk.Public()
+
+// signer: when user requests new R parameter to blind a new msg,
+// create new signerR (public) with its secret k
+k, signerR := NewRequestParameters()
+
+// user: blinds the msg using signer's R
 msg := new(big.Int).SetBytes([]byte("test"))
+msgBlinded, userSecretData := Blind(msg, signerR)

-// create new signer
-signerPrivateData := blindsecp256k1.NewSigner()
-signerPublicData := signerPrivateData.PublicData()
+// signer: signs the blinded message using its private key & secret k
+sBlind := sk.BlindSign(msgBlinded, k)

-// user blinds the msg
-msgBlinded, user := blindsecp256k1.Blind(msg, signerPublicData)
-
-// signer signs the blinded message
-sBlind := signerPrivateData.BlindSign(msgBlinded)
-
-// user unblinds the blinded signature
-sig := blindsecp256k1.Unblind(sBlind, msg, user)
+// user: unblinds the blinded signature
+sig := Unblind(sBlind, msg, userSecretData)

 // signature can be verified with signer PublicKey
-verified := blindsecp256k1.Verify(msg, sig, signerPublicData.Q)
+verified := Verify(msg, sig, signerPubK)
 assert.True(t, verified)
 ```

--- a/blindsecp256k1.go
+++ b/blindsecp256k1.go
@@ -94,46 +94,20 @@ func (pk *PublicKey) Point() *Point {
 	return (*Point)(pk)
 }

-// SignerPrivateData contains the secret values from the Signer
-type SignerPrivateData struct {
-	D *PrivateKey
-	K *big.Int
-}
-
-// SignerPublicData contains the public values from the Signer (generated from
-// its SignerPrivateData)
-type SignerPublicData struct {
-	// Q is the Signer Public Key
-	Q *PublicKey // = skG
-	R *Point     // = kG
-}
-
-// NewSigner returns a new SignerPrivateData with random D & K
-func NewSigner() *SignerPrivateData {
-	sk := NewPrivateKey()
+// NewRequestParameters returns a new random k (secret) & R (public) parameters
+func NewRequestParameters() (*big.Int, *Point) {
 	k := newRand()
-	return &SignerPrivateData{
-		D: sk,
-		K: k,
-	}
+	return k, G.Mul(k) // R = kG
 }

-// PublicData returns the SignerPublicData from the SignerPrivateData
-func (signer *SignerPrivateData) PublicData() *SignerPublicData {
-	return &SignerPublicData{
-		Q: signer.D.Public(), // Q = dG
-		R: G.Mul(signer.K),   // R = kG
-	}
-}
-
-// BlindSign performs the blind signature on the given mBlinded using
-// SignerPrivateData values
-func (signer *SignerPrivateData) BlindSign(mBlinded *big.Int) *big.Int {
+// BlindSign performs the blind signature on the given mBlinded using the
+// PrivateKey and the secret k values
+func (sk *PrivateKey) BlindSign(mBlinded *big.Int, k *big.Int) *big.Int {
 	// TODO add pending checks
 	// s' = dm' + k
 	sBlind := new(big.Int).Add(
-		new(big.Int).Mul(signer.D.BigInt(), mBlinded),
-		signer.K)
+		new(big.Int).Mul(sk.BigInt(), mBlinded),
+		k)
 	return sBlind
 }

@@ -146,17 +120,19 @@ type UserSecretData struct {
 	F *Point // public (in the paper is R)
 }

-// Blind performs the blinding operation on m using SignerPublicData parameters
-func Blind(m *big.Int, signer *SignerPublicData) (*big.Int, *UserSecretData) {
+// Blind performs the blinding operation on m using signerR parameter
+func Blind(m *big.Int, signerR *Point) (*big.Int, *UserSecretData) {
 	u := &UserSecretData{}
 	u.A = newRand()
 	u.B = newRand()

 	// (R) F = aR' + bG
-	aR := signer.R.Mul(u.A)
+	aR := signerR.Mul(u.A)
 	bG := G.Mul(u.B)
 	u.F = aR.Add(bG)

+	// TODO check that F != O (point at infinity)
+
 	rx := new(big.Int).Mod(u.F.X, N)

 	// m' = a^-1 rx h(m)
--- a/blindsecp256k1_test.go
+++ b/blindsecp256k1_test.go
@@ -8,23 +8,25 @@ import (
 )

 func TestFlow(t *testing.T) {
-	// message to be signed
+	// signer: create new signer key pair
+	sk := NewPrivateKey()
+	signerPubK := sk.Public()
+
+	// signer: when user requests new R parameter to blind a new msg,
+	// create new signerR (public) with its secret k
+	k, signerR := NewRequestParameters()
+
+	// user: blinds the msg using signer's R
 	msg := new(big.Int).SetBytes([]byte("test"))
+	msgBlinded, userSecretData := Blind(msg, signerR)

-	// create new signer
-	signerPrivateData := NewSigner()
-	signerPublicData := signerPrivateData.PublicData()
+	// signer: signs the blinded message using its private key & secret k
+	sBlind := sk.BlindSign(msgBlinded, k)

-	// user blinds the msg
-	msgBlinded, user := Blind(msg, signerPublicData)
+	// user: unblinds the blinded signature
+	sig := Unblind(sBlind, msg, userSecretData)

-	// signer signs the blinded message
-	sBlind := signerPrivateData.BlindSign(msgBlinded)
-
-	// user unblinds the blinded signature
-	sig := Unblind(sBlind, msg, user)
-
-	// signature can be verified with signer PublicKey (Q)
-	verified := Verify(msg, sig, signerPublicData.Q)
+	// signature can be verified with signer PublicKey
+	verified := Verify(msg, sig, signerPubK)
 	assert.True(t, verified)
 }
--- a/go.mod
+++ b/go.mod
@@ -1,4 +1,4 @@
-module blindsecp256k1
+module github.com/arnaucube/go-blindsecp256k1

 go 1.14

--- a/go.sum
+++ b/go.sum
@@ -20,7 +20,6 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156/go.mod h1:Cb/ax3seSYIx7SuZdm2G2xzfwmv3TPSk2ucNfQESPXM=
 github.com/aristanetworks/goarista v0.0.0-20170210015632-ea17b1a17847/go.mod h1:D/tb0zPVXnP7fmsLZjtdUhSsumbK/ij54UXjjVgMGxQ=
-github.com/arnaucube/go-blindsecp256k1 v0.0.0-20210110223224-c3e4afc55292 h1:IDrJ98Pv07YozWvwigwK9ygJBa6zsB+H5sHGWLJTrX8=
 github.com/aws/aws-sdk-go v1.25.48/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/btcsuite/btcd v0.0.0-20171128150713-2e60448ffcc6 h1:Eey/GGQ/E5Xp1P2Lyx1qj007hLZfbi0+CoVeJruGCtI=
@@ -30,7 +29,6 @@ github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghf
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cloudflare/cloudflare-go v0.10.2-0.20190916151808-a80f83b9add9/go.mod h1:1MxXX1Ux4x6mqPmjkUgTP1CdXIBXKX7T+Jk9Gxrmx+U=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
--- a/v0/blindsecp256k1v0.go
+++ b/v0/blindsecp256k1v0.go
@@ -93,46 +93,20 @@ func (pk *PublicKey) Point() *Point {
 	return (*Point)(pk)
 }

-// SignerPrivateData contains the secret values from the Signer
-type SignerPrivateData struct {
-	D *PrivateKey
-	K *big.Int
-}
-
-// SignerPublicData contains the public values from the Signer (generated from
-// its SignerPrivateData)
-type SignerPublicData struct {
-	// Q is the Signer Public Key
-	Q *PublicKey // = skG
-	R *Point     // = kG
-}
-
-// NewSigner returns a new SignerPrivateData with random D & K
-func NewSigner() *SignerPrivateData {
-	sk := NewPrivateKey()
+// NewRequestParameters returns a new random k (secret) & R (public) parameters
+func NewRequestParameters() (*big.Int, *Point) {
 	k := newRand()
-	return &SignerPrivateData{
-		D: sk,
-		K: k,
-	}
-}
-
-// PublicData returns the SignerPublicData from the SignerPrivateData
-func (signer *SignerPrivateData) PublicData() *SignerPublicData {
-	return &SignerPublicData{
-		Q: signer.D.Public(), // Q = dG
-		R: G.Mul(signer.K),   // R = kG
-	}
+	return k, G.Mul(k) // R = kG
 }

 // BlindSign performs the blind signature on the given mBlinded using
 // SignerPrivateData values
-func (signer *SignerPrivateData) BlindSign(mBlinded *big.Int) *big.Int {
+func (sk *PrivateKey) BlindSign(mBlinded *big.Int, k *big.Int) *big.Int {
 	// TODO add pending checks
 	// s' = d(m') + k
 	sBlind := new(big.Int).Add(
-		new(big.Int).Mul(signer.D.BigInt(), mBlinded),
-		signer.K)
+		new(big.Int).Mul(sk.BigInt(), mBlinded),
+		k)
 	return sBlind
 }

@@ -147,7 +121,7 @@ type UserSecretData struct {
 }

 // Blind performs the blinding operation on m using SignerPublicData parameters
-func Blind(m *big.Int, signer *SignerPublicData) (*big.Int, *UserSecretData) {
+func Blind(m *big.Int, signerPubK *PublicKey, signerR *Point) (*big.Int, *UserSecretData) {
 	u := &UserSecretData{}
 	u.A = newRand()
 	u.B = newRand()
@@ -155,10 +129,10 @@ func Blind(m *big.Int, signer *SignerPublicData) (*big.Int, *UserSecretData) {
 	binv := new(big.Int).ModInverse(u.B, N)

 	// F = b^-1 R + a b^-1 Q + c G
-	bR := signer.R.Mul(binv)
+	bR := signerR.Mul(binv)
 	abinv := new(big.Int).Mul(u.A, binv)
 	abinv = new(big.Int).Mod(abinv, N)
-	abQ := signer.Q.Point().Mul(abinv)
+	abQ := signerPubK.Point().Mul(abinv)
 	cG := G.Mul(u.C)
 	u.F = bR.Add(abQ).Add(cG)
 	// TODO check F==O
--- a/v0/blindsecp256k1v0_test.go
+++ b/v0/blindsecp256k1v0_test.go
@@ -8,23 +8,25 @@ import (
 )

 func TestFlow(t *testing.T) {
-	// message to be signed
+	// signer: create new signer key pair
+	sk := NewPrivateKey()
+	signerPubK := sk.Public()
+
+	// signer: when user requests new R parameter to blind a new msg,
+	// create new signerR (public) with its secret k
+	k, signerR := NewRequestParameters()
+
+	// user: blinds the msg using signer's R
 	msg := new(big.Int).SetBytes([]byte("test"))
+	msgBlinded, userSecretData := Blind(msg, signerPubK, signerR)

-	// create new signer
-	signerPrivateData := NewSigner()
-	signerPublicData := signerPrivateData.PublicData()
+	// signer: signs the blinded message using its private key & secret k
+	sBlind := sk.BlindSign(msgBlinded, k)

-	// user blinds the msg
-	msgBlinded, user := Blind(msg, signerPublicData)
-
-	// signer signs the blinded message
-	sBlind := signerPrivateData.BlindSign(msgBlinded)
-
-	// user unblinds the blinded signature
-	sig := Unblind(sBlind, msg, user)
+	// user: unblinds the blinded signature
+	sig := Unblind(sBlind, msg, userSecretData)

 	// signature can be verified with signer PublicKey (Q)
-	verified := Verify(msg, sig, signerPublicData.Q)
+	verified := Verify(msg, sig, signerPubK)
 	assert.True(t, verified)
 }
--- a/wasm/blindsecp256k1-wasm.go
+++ b/wasm/blindsecp256k1-wasm.go
@@ -57,8 +57,7 @@ func blindv0(this js.Value, values []js.Value) interface{} {
 		Y: signerRy,
 	}

-	signer := &blindsecp256k1v0.SignerPublicData{signerQ, signerR}
-	mBlinded, user := blindsecp256k1v0.Blind(m, signer)
+	mBlinded, user := blindsecp256k1v0.Blind(m, signerQ, signerR)

 	r := make(map[string]interface{})
 	r["mBlinded"] = mBlinded.String()
@@ -108,28 +107,19 @@ func unblindv0(this js.Value, values []js.Value) interface{} {
 }
 func blind(this js.Value, values []js.Value) interface{} {
 	mStr := values[0].String()
-	signerQxStr := values[1].String()
-	signerQyStr := values[2].String()
-	signerRxStr := values[3].String()
-	signerRyStr := values[4].String()
+	signerRxStr := values[1].String()
+	signerRyStr := values[2].String()

 	m := stringToBigInt(mStr)
-	signerQx := stringToBigInt(signerQxStr)
-	signerQy := stringToBigInt(signerQyStr)
 	signerRx := stringToBigInt(signerRxStr)
 	signerRy := stringToBigInt(signerRyStr)

-	signerQ := &blindsecp256k1.PublicKey{
-		X: signerQx,
-		Y: signerQy,
-	}
 	signerR := &blindsecp256k1.Point{
 		X: signerRx,
 		Y: signerRy,
 	}

-	signer := &blindsecp256k1.SignerPublicData{signerQ, signerR}
-	mBlinded, user := blindsecp256k1.Blind(m, signer)
+	mBlinded, user := blindsecp256k1.Blind(m, signerR)

 	r := make(map[string]interface{})
 	r["mBlinded"] = mBlinded.String()
--- a/wasm/webtest/blindsecp256k1.wasm
+++ b/wasm/webtest/blindsecp256k1.wasm
--- a/wasm/webtest/index.js
+++ b/wasm/webtest/index.js
@@ -2,15 +2,15 @@ function test() {
 	let m = "1952805748";

 	console.log("using: https://sci-hub.do/10.1109/ICCKE.2013.6682844");
-	// Q & R would be received from the Signer
-	let signerQx = "26613296432153871833441195158297038913673464785502568519907582377915678491093";
-	let signerQy = "81940194042971427014176158889809922552127995083760111384335138546589994227275";
+	// R would be received from the Signer
 	let signerRx = "59371873487402651110657306418818354906476102545298559461791300717696053835454";
 	let signerRy = "98322875246066710654579302898391677189379767946198239290895789444110962324342";
-	let blindRes = blind(m, signerQx, signerQy, signerRx, signerRy);
+	let blindRes = blind(m, signerRx, signerRy);
 	console.log("blind", blindRes);

-	// sBlind would be received from the Signer
+	// Q & sBlind would be received from the Signer
+	let signerQx = "26613296432153871833441195158297038913673464785502568519907582377915678491093";
+	let signerQy = "81940194042971427014176158889809922552127995083760111384335138546589994227275";
 	let sBlind = "7240298625621589352655632414257224668430424461224914067754717095121139699933353374227084479180038954015287518505167995306229258561275087198611946596619855";
 	let unblindRes = unblind(sBlind, m, blindRes.uA, blindRes.uB, blindRes.uFx, blindRes.uFy);
 	console.log("unblind", unblindRes);