diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..cdedb10 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,16 @@ +name: Lint +on: [ push, pull_request ] +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: Install Go + uses: actions/setup-go@v1 + with: + go-version: 1.14.x + - name: Checkout code + uses: actions/checkout@v2 + - name: Lint + run: | + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.30.0 + $(go env GOPATH)/bin/golangci-lint run --timeout=5m -c .golangci.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..045c0ba --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,19 @@ +name: Test +on: [push, pull_request] +jobs: + test: + # matrix strategy from: https://github.com/mvdan/github-actions-golang/blob/master/.github/workflows/test.yml + strategy: + matrix: + go-version: [1.13.x, 1.14.x] + platform: [ubuntu-latest] + runs-on: ${{ matrix.platform }} + steps: + - name: Install Go + uses: actions/setup-go@v1 + with: + go-version: ${{ matrix.go-version }} + - name: Checkout code + uses: actions/checkout@v2 + - name: Run tests + run: go test ./... diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 0000000..3212fdc --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,17 @@ +issues: + max-same-issues: 0 + exclude-use-default: false +linters: + enable: + - whitespace + - gosec + - gci + - misspell + - gomnd + - gofmt + - goimports + - lll + - golint +linters-settings: + lll: + line-length: 100 diff --git a/README.md b/README.md index 6766e77..a6ddaca 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ -# go-blindsecp256k1 -Blind signature over [secp256k1](https://en.bitcoin.it/wiki/Secp256k1), based on *"[An Efficient Blind Signature Scheme Based on the Elliptic CurveDiscrete Logarithm Problem](http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf)"* paper. +# go-blindsecp256k1 [![GoDoc](https://godoc.org/github.com/arnaucube/go-blindsecp256k1?status.svg)](https://godoc.org/github.com/arnaucube/go-blindsecp256k1) [![Go Report Card](https://goreportcard.com/badge/github.com/arnaucube/go-blindsecp256k1)](https://goreportcard.com/report/github.com/arnaucube/go-blindsecp256k1) [![Test](https://github.com/arnaucube/go-blindsecp256k1/workflows/Test/badge.svg)](https://github.com/arnaucube/go-blindsecp256k1/actions?query=workflow%3ATest) + +Blind signature over [secp256k1](https://en.bitcoin.it/wiki/Secp256k1), based on *"[An Efficient Blind Signature Scheme Based on the Elliptic Curve Discrete Logarithm Problem](http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf)"* paper. **WARNING**: this repo is experimental, do not use in production. diff --git a/blindsecp256k1.go b/blindsecp256k1.go index 35d0120..53acfb4 100644 --- a/blindsecp256k1.go +++ b/blindsecp256k1.go @@ -2,6 +2,7 @@ // http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf // // LICENSE can be found at https://github.com/arnaucube/go-blindsecp256k1/blob/master/LICENSE +// package blindsecp256k1 // WARNING: WIP code @@ -14,20 +15,24 @@ import ( "github.com/ethereum/go-ethereum/crypto/secp256k1" ) -type Point struct { - X *big.Int - Y *big.Int -} - var ( + // G represents the base point of secp256k1 G *Point = &Point{ X: secp256k1.S256().Gx, Y: secp256k1.S256().Gy, } + // N represents the order of G of secp256k1 N *big.Int = secp256k1.S256().N ) +// Point represents a point on the secp256k1 curve +type Point struct { + X *big.Int + Y *big.Int +} + +// Add performs the Point addition func (p *Point) Add(q *Point) *Point { x, y := secp256k1.S256().Add(p.X, p.Y, q.X, q.Y) return &Point{ @@ -36,6 +41,7 @@ func (p *Point) Add(q *Point) *Point { } } +// Mul performs the Point scalar multiplication func (p *Point) Mul(scalar *big.Int) *Point { x, y := secp256k1.S256().ScalarMult(p.X, p.Y, scalar.Bytes()) return &Point{ @@ -44,6 +50,7 @@ func (p *Point) Mul(scalar *big.Int) *Point { } } +// WIP func newRand() *big.Int { var b [32]byte _, err := rand.Read(b[:]) @@ -54,108 +61,129 @@ func newRand() *big.Int { return new(big.Int).Mod(bi, N) } +// PrivateKey represents the signer's private key type PrivateKey big.Int + +// PublicKey represents the signer's public key type PublicKey Point +// NewPrivateKey returns a new random private key func NewPrivateKey() *PrivateKey { k := newRand() sk := PrivateKey(*k) return &sk } +// BigInt returns a *big.Int representation of the PrivateKey func (sk *PrivateKey) BigInt() *big.Int { return (*big.Int)(sk) } +// Public returns the PublicKey from the PrivateKey func (sk *PrivateKey) Public() *PublicKey { Q := G.Mul(sk.BigInt()) pk := PublicKey(*Q) return &pk } +// Point returns a *Point representation of the PublicKey func (pk *PublicKey) Point() *Point { return (*Point)(pk) } +// SignerPrivateData contains the secret values from the Signer type SignerPrivateData struct { - d *PrivateKey - k *big.Int + D *PrivateKey + K *big.Int } + +// SignerPublicData contains the public values from the Signer (generated from +// its SignerPrivateData) type SignerPublicData struct { // Q is the Signer Public Key Q *PublicKey // = skG R *Point // = kG } +// NewSigner returns a new SignerPrivateData with random D & K func NewSigner() *SignerPrivateData { sk := NewPrivateKey() k := newRand() return &SignerPrivateData{ - d: sk, - k: k, + D: sk, + K: k, } } +// PublicData returns the SignerPublicData from the SignerPrivateData func (signer *SignerPrivateData) PublicData() *SignerPublicData { return &SignerPublicData{ - Q: signer.d.Public(), // Q = dG - R: G.Mul(signer.k), // R = kG + Q: signer.D.Public(), // Q = dG + R: G.Mul(signer.K), // R = kG } } +// BlindSign performs the blind signature on the given mBlinded using +// SignerPrivateData values func (signer *SignerPrivateData) BlindSign(mBlinded *big.Int) *big.Int { // TODO add pending checks // s' = d(m') + k sBlind := new(big.Int).Add( - new(big.Int).Mul(signer.d.BigInt(), mBlinded), - signer.k) + new(big.Int).Mul(signer.D.BigInt(), mBlinded), + signer.K) return sBlind } +// UserSecretData contains the secret values from the User (a, b, c) and the +// public F type UserSecretData struct { - a *big.Int - b *big.Int - c *big.Int + A *big.Int + B *big.Int + C *big.Int F *Point // public } +// Blind performs the blinding operation on m using SignerPublicData parameters func Blind(m *big.Int, signer *SignerPublicData) (*big.Int, *UserSecretData) { u := &UserSecretData{} - u.a = newRand() - u.b = newRand() - u.c = newRand() - binv := new(big.Int).ModInverse(u.b, N) + u.A = newRand() + u.B = newRand() + u.C = newRand() + binv := new(big.Int).ModInverse(u.B, N) // F = b^-1 R + a b^-1 Q + c G bR := signer.R.Mul(binv) - abinv := new(big.Int).Mul(u.a, binv) + abinv := new(big.Int).Mul(u.A, binv) abinv = new(big.Int).Mod(abinv, N) abQ := signer.Q.Point().Mul(abinv) - cG := G.Mul(u.c) + cG := G.Mul(u.C) u.F = bR.Add(abQ).Add(cG) // TODO check F==O r := new(big.Int).Mod(u.F.X, N) // m' = br(m)+a - br := new(big.Int).Mul(u.b, r) + br := new(big.Int).Mul(u.B, r) brm := new(big.Int).Mul(br, m) - mBlinded := new(big.Int).Add(brm, u.a) + mBlinded := new(big.Int).Add(brm, u.A) mBlinded = new(big.Int).Mod(mBlinded, N) return mBlinded, u } +// Signature contains the signature values S & F type Signature struct { S *big.Int F *Point } +// Unblind performs the unblinding operation of the blinded signature for the +// given message m and the UserSecretData func Unblind(sBlind, m *big.Int, u *UserSecretData) *Signature { // s = b^-1 s' + c - binv := new(big.Int).ModInverse(u.b, N) + binv := new(big.Int).ModInverse(u.B, N) bs := new(big.Int).Mul(binv, sBlind) - s := new(big.Int).Add(bs, u.c) + s := new(big.Int).Add(bs, u.C) s = new(big.Int).Mod(s, N) return &Signature{ @@ -164,6 +192,7 @@ func Unblind(sBlind, m *big.Int, u *UserSecretData) *Signature { } } +// Verify checks the signature of the message m for the given PublicKey func Verify(m *big.Int, signature *Signature, q *PublicKey) bool { // TODO add pending checks sG := G.Mul(signature.S) // sG