Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Config ¶
type Config struct {
// ID is the identifier for this participant.
ID party.ID
// Threshold is the number of accepted corruptions while still being able to sign.
Threshold int
PrivateShare curve.Scalar
// PublicKey is the shared public key for this consortium of signers.
//
// This key can be used to verify signatures produced by the consortium.
PublicKey curve.Point
// ChainKey is the additional randomness we've agreed upon.
//
// This is only ever useful if you do BIP-32 key derivation, or something similar.
ChainKey []byte
//
// This will later be used to verify the integrity of the signing protocol.
VerificationShares *party.PointMap
}
Config contains all the information produced after key generation, from the perspective of a single participant.
When unmarshalling, EmptyResult needs to be called to set the group, before calling cbor.Unmarshal, or equivalent methods.
func EmptyConfig ¶
EmptyConfig creates an empty Result with a specific group.
This needs to be called before unmarshalling, instead of just using new(Result). This is to allow points and scalars to be correctly unmarshalled.
func (*Config) Derive ¶
Derive performs an arbitrary derivation of a related key, by adding a scalar.
This can support methods like BIP32, but is more general.
Optionally, a new chain key can be passed as well.
func (*Config) DeriveChild ¶
DeriveChild adjusts the shares to represent the derived public key at a certain index.
This will panic if the group is not curve.Secp256k1 ¶
This derivation works according to BIP-32, see: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
type TaprootConfig ¶
type TaprootConfig struct {
// ID is the identifier for this participant.
ID party.ID
// Threshold is the number of accepted corruptions while still being able to sign.
Threshold int
PrivateShare *curve.Secp256k1Scalar
// PublicKey is the shared public key for this consortium of signers.
//
// This key can be used to verify signatures produced by the consortium.
PublicKey taproot.PublicKey
// ChainKey is the additional randomness we've agreed upon.
//
// This is only ever useful if you do BIP-32 key derivation, or something similar.
ChainKey []byte
//
// This will later be used to verify the integrity of the signing protocol.
VerificationShares map[party.ID]*curve.Secp256k1Point
}
TaprootConfig is like result, but for Taproot / BIP-340 keys.
The main difference is that our public key is an actual taproot public key.
func (*TaprootConfig) Clone ¶
func (r *TaprootConfig) Clone() *TaprootConfig
Clone creates a deep clone of this struct, and all the values contained inside
func (*TaprootConfig) Derive ¶
func (r *TaprootConfig) Derive(adjust *curve.Secp256k1Scalar, newChainKey []byte) (*TaprootConfig, error)
Derive performs an arbitrary derivation of a related key, by adding a scalar.
This can support methods like BIP32, but is more general.
Optionally, a new chain key can be passed as well.
func (*TaprootConfig) DeriveChild ¶
func (r *TaprootConfig) DeriveChild(i uint32) (*TaprootConfig, error)
DeriveChild adjusts the shares to represent the derived public key at a certain index.
This derivation works according to BIP-32, see: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
Note that to do this derivation, we interpret the Taproot key as an "old" ECDSA key, with the y coordinate byte set to 0x02. We also only look at the x coordinate of the derived public key, making sure that the corresponding secret key matches the version of this point with an even y coordinate.
Source Files