Categorygithub.com/arnaucube/go-blindsecp256k1
modulepackage
0.0.0-20211204171003-644e7408753f
Repository: https://github.com/arnaucube/go-blindsecp256k1.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
8
Dependents
5
Files
508 SLOC

# README

go-blindsecp256k1 GoDoc Go Report Card Test

Blind signature over secp256k1, based on "New Blind Signature Schemes Based on the (Elliptic Curve) Discrete Logarithm Problem" paper by Hamid Mala & Nafiseh Nezhadansari.

WARNING: this repo is experimental, do not use in production.

The implementation of this repo is compatible with https://github.com/arnaucube/blindsecp256k1-js

Usage

import (
	[...]
	"github.com/arnaucube/go-blindsecp256k1"
)

[...]
// errors are not handled for simplicity of the example

// signer: create new signer key pair
sk, _ := blindsecp256k1.NewPrivateKey()
signerPubK := sk.Public()

// signer: when user requests new R parameter to blind a new msg,
// create new signerR (public) with its secret k
k, signerR, _ := blindsecp256k1.NewRequestParameters()

// user: blinds the msg using signer's R
msg := new(big.Int).SetBytes([]byte("test"))
msgBlinded, userSecretData, _ := blindsecp256k1.Blind(msg, signerR)

// signer: signs the blinded message using its private key & secret k
sBlind, _ := sk.BlindSign(msgBlinded, k)

// user: unblinds the blinded signature
sig := blindsecp256k1.Unblind(sBlind, userSecretData)

// signature can be verified with signer PublicKey
verified := blindsecp256k1.Verify(msg, sig, signerPubK)
assert.True(t, verified)

Compression & decompression (allows to compress a point & public key (64 bytes) into 33 bytes, and a signature (96 bytes) into 65 bytes):

p := blindsecp256k1.G // take the generator point as an example

// also, instead from G, we can start from a PublicKey, which can be converted
// into a Point with
p = pk.Point()

// compress point
b := p.Compress()
fmt.Println(hex.EncodeToString(b[:]))

// decompress point (recovering the original point)
p2, _ := blindsecp256k1.DecompressPoint(b)
assert.Equal(t, p, p2)


// compress signature
b = sig.Compress()
fmt.Println(hex.EncodeToString(b[:])) // 65 bytes

// decompress signature
sig2, _ := DecompressSignature(b)
assert.Equal(t, sig, sig2)

WASM usage

WASM wrappers for browser usage can be found at the wasm directory with an example in html&js.

# Packages

Package blindsecp256k1v0 implements the Blind signature scheme explained at "An Efficient Blind Signature Scheme Based on the Elliptic Curve Discrete Logarithm Problem", by Morteza Nikooghadama & Ali Zakerolhosseini http://www.isecure-journal.com/article_39171_47f9ec605dd3918c2793565ec21fcd7a.pdf LICENSE can be found at https://github.com/arnaucube/go-blindsecp256k1/blob/master/LICENSE .
No description provided by the author

# Functions

Blind performs the blinding operation on m using signerR parameter.
DecompressPoint unpacks a Point from the given byte array of 33 bytes https://bitcointalk.org/index.php?topic=162805.msg1712294#msg1712294.
DecompressSignature unpacks a Signature from the given byte array of 65 bytes.
NewPointFromBytes returns a new *Point from a given byte array with length 64 which has encoded the point coordinates each one as 32 bytes in little-endian.
NewPointFromBytesUncompressed returns a new *Point from a given byte array with length 64 which has encoded the point coordinates each one as 32 bytes in little-endian.
NewPrivateKey returns a new random private key.
NewPublicKeyFromBytes returns a new *PublicKey from a given byte array with length 64 which has encoded the public key coordinates each one as 32 bytes in little-endian.
NewPublicKeyFromBytesUncompressed returns a new *PublicKey from a given byte array with length 64 which has encoded the public key coordinates each one as 32 bytes in little-endian.
NewPublicKeyFromECDSA returns a *PublicKey from a serialized/marshaled array of bytes generated by the ethereum/standard ECDSA PubKey implementation.
NewRequestParameters returns a new random k (secret) & R (public) parameters.
NewSignatureFromBytes returns a new *Signature from a given byte array with length 96 which has encoded S and the F point coordinates each one as 32 bytes in little-endian.
NewSignatureFromBytesUncompressed returns a new *Signature from a given byte array with length 96 which has encoded S and the F point coordinates each one as 32 bytes in little-endian.
Unblind performs the unblinding operation of the blinded signature for the given the UserSecretData.
Verify checks the signature of the message m for the given PublicKey.

# Variables

B (from y^2 = x^3 + B).
G represents the base point of secp256k1.
N represents the order of G of secp256k1.
P represents the secp256k1 finite field.

# Structs

Point represents a point on the secp256k1 curve.
Signature contains the signature values S & F.
UserSecretData contains the secret values from the User (a, b) and the public F.

# Type aliases

PrivateKey represents the signer's private key.
PublicKey represents the signer's public key.