Documentation
¶
Index ¶
- Variables
- func AggregateVerify(sig *Signature, publics []*Key, signers []int, message Hash) error
- func BatchVerify(msg Hash, keys []*Key, sigs []*Signature) bool
- func HashScalar(k *edwards25519.Point, outputIndex uint64) *edwards25519.Scalar
- func KeyMultPubPriv(pub, priv *Key) *edwards25519.Point
- func RandReader() *randReader
- func ReadRand(buf []byte)
- type BatchVerifier
- type CosiNonce
- type CosiSignature
- func (c *CosiSignature) AggregateResponse(publics []*Key, responses map[int]*[32]byte, message Hash, strict bool) error
- func (c *CosiSignature) Challenge(publics []*Key, message Hash) (*edwards25519.Scalar, error)
- func (c *CosiSignature) FullVerify(publics []*Key, threshold int, message Hash) error
- func (c *CosiSignature) Keys() []int
- func (c CosiSignature) MarshalJSON() ([]byte, error)
- func (c *CosiSignature) Response(privateKey, random *Key, publics []*Key, message Hash) (*[32]byte, error)
- func (c CosiSignature) String() string
- func (c *CosiSignature) ThresholdVerify(threshold int) bool
- func (c *CosiSignature) UnmarshalJSON(b []byte) error
- func (c *CosiSignature) VerifyResponse(publics []*Key, signer int, s *[32]byte, message Hash) error
- type Hash
- type Key
- func DeriveGhostPrivateKey(R, a, b *Key, outputIndex uint64) *Key
- func DeriveGhostPublicKey(r, A, B *Key, outputIndex uint64) *Key
- func DeriveGhostPublicKeyForInternalVanish(r, A, B *Key, outputIndex uint64) *Key
- func KeyFromString(s string) (Key, error)
- func NewKeyFromSeed(seed []byte) Key
- func ViewGhostOutputKey(P, a, R *Key, outputIndex uint64) *Key
- func (k Key) CheckKey() bool
- func (k Key) DeterministicHashDerive() Key
- func (k Key) HasValue() bool
- func (k Key) MarshalJSON() ([]byte, error)
- func (k Key) Public() Key
- func (privateKey *Key) Sign(message Hash) Signature
- func (k Key) String() string
- func (k *Key) UnmarshalJSON(b []byte) error
- func (publicKey *Key) Verify(message Hash, sig Signature) bool
- func (publicKey *Key) VerifyWithChallenge(sig Signature, a *edwards25519.Scalar) bool
- type Signature
Constants ¶
This section is empty.
Variables ¶
var ErrCosiNonceReuse = errors.New("cosi nonce reuse with a different challenge")
Functions ¶
func AggregateVerify ¶ added in v0.12.18
func HashScalar ¶ added in v0.9.8
func HashScalar(k *edwards25519.Point, outputIndex uint64) *edwards25519.Scalar
func KeyMultPubPriv ¶ added in v0.5.0
func KeyMultPubPriv(pub, priv *Key) *edwards25519.Point
func RandReader ¶ added in v0.17.0
func RandReader() *randReader
Types ¶
type BatchVerifier ¶ added in v0.12.1
type BatchVerifier struct {
// contains filtered or unexported fields
}
BatchVerifier accumulates batch entries with Add, before performing batch verification with Verify.
func NewBatchVerifier ¶ added in v0.12.1
func NewBatchVerifier() BatchVerifier
NewBatchVerifier creates an empty BatchVerifier.
func (*BatchVerifier) Verify ¶ added in v0.12.1
func (v *BatchVerifier) Verify() bool
Verify checks all entries in the current batch, returning true if all entries are valid and false if any one entry is invalid.
If a failure arises it is unknown which entry failed, the caller must verify each entry individually.
Calling Verify on an empty batch returns false.
type CosiNonce ¶ added in v0.19.0
type CosiNonce struct {
// contains filtered or unexported fields
}
CosiNonce is an opaque handle to a single-use Schnorr nonce. Copies of the handle share the same state and lock. Reusing the same nonce for two different aggregate challenges reveals the long-term private key, so the first response permanently binds this nonce to one challenge. An identical retry returns the cached response without touching the nonce again.
func CosiCommitNonce ¶ added in v0.19.0
type CosiSignature ¶ added in v0.5.0
type CosiSignature struct {
Signature Signature
Mask uint64
// contains filtered or unexported fields
}
func CosiAggregateCommitment ¶ added in v0.5.0
func CosiAggregateCommitment(randoms map[int]*Key) (*CosiSignature, error)
func (*CosiSignature) AggregateResponse ¶ added in v0.5.0
func (*CosiSignature) Challenge ¶ added in v0.5.0
func (c *CosiSignature) Challenge(publics []*Key, message Hash) (*edwards25519.Scalar, error)
func (*CosiSignature) FullVerify ¶ added in v0.5.0
func (c *CosiSignature) FullVerify(publics []*Key, threshold int, message Hash) error
func (*CosiSignature) Keys ¶ added in v0.5.0
func (c *CosiSignature) Keys() []int
func (CosiSignature) MarshalJSON ¶ added in v0.5.0
func (c CosiSignature) MarshalJSON() ([]byte, error)
func (CosiSignature) String ¶ added in v0.5.0
func (c CosiSignature) String() string
func (*CosiSignature) ThresholdVerify ¶ added in v0.5.0
func (c *CosiSignature) ThresholdVerify(threshold int) bool
func (*CosiSignature) UnmarshalJSON ¶ added in v0.5.0
func (c *CosiSignature) UnmarshalJSON(b []byte) error
func (*CosiSignature) VerifyResponse ¶ added in v0.5.0
type Hash ¶
type Hash [32]byte
func Blake3Hash ¶ added in v0.14.0
func HashFromString ¶
func Sha256Hash ¶ added in v0.17.0
func (Hash) ForNetwork ¶
func (Hash) MarshalJSON ¶
func (*Hash) UnmarshalJSON ¶
type Key ¶
type Key [32]byte
func DeriveGhostPrivateKey ¶
func DeriveGhostPublicKey ¶
func DeriveGhostPublicKeyForInternalVanish ¶ added in v0.18.32
func KeyFromString ¶ added in v0.5.10
func NewKeyFromSeed ¶
func ViewGhostOutputKey ¶
func (Key) DeterministicHashDerive ¶
func (Key) MarshalJSON ¶
func (*Key) UnmarshalJSON ¶
func (*Key) VerifyWithChallenge ¶ added in v0.5.0
func (publicKey *Key) VerifyWithChallenge(sig Signature, a *edwards25519.Scalar) bool
type Signature ¶
type Signature [64]byte
func AggregateSign ¶ added in v0.18.33
func AggregateSign(privKeys []*Key, publics []*Key, signers []int, seed []byte, message Hash) (*Signature, error)
AggregateSign produces a MuSig-style aggregate Schnorr signature over the given signers and message. Each nonce is derived from the private key, at least 32 bytes of caller-supplied entropy, the complete signer transcript, aggregate public key, signer index, and message. Binding all of these values prevents nonce reuse across changed signer sets and prevents disclosure of the auxiliary seed from exposing a private key.