ring

package
v1.17.27 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 25, 2025 License: BSD-3-Clause Imports: 9 Imported by: 0

Documentation

Overview

Package ring implements ring signatures for anonymous group signing.

Ring signatures allow a member of a group to sign a message such that it can be verified as coming from someone in the group, but without revealing which member actually signed. This provides strong anonymity guarantees.

This package provides:

  • LSAG (Linkable Spontaneous Anonymous Group) signatures using secp256k1
  • Post-quantum ring signatures using lattice-based cryptography
  • Key image support for linkability (double-spend prevention)

For Q-Chain, ring signatures enable private transactions where the sender's identity is hidden among a set of possible signers (the "ring").

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrInvalidRingSize is returned when the ring size is invalid.
	ErrInvalidRingSize = errors.New("invalid ring size: must be at least 2")

	// ErrInvalidSignerIndex is returned when the signer index is out of bounds.
	ErrInvalidSignerIndex = errors.New("signer index out of bounds")

	// ErrInvalidSignature is returned when signature verification fails.
	ErrInvalidSignature = errors.New("invalid ring signature")

	// ErrInvalidKeyImage is returned when the key image is invalid.
	ErrInvalidKeyImage = errors.New("invalid key image")

	// ErrKeyImageReused is returned when a key image has been used before.
	ErrKeyImageReused = errors.New("key image has been used (double spend detected)")

	// ErrInvalidPublicKey is returned when a public key is invalid.
	ErrInvalidPublicKey = errors.New("invalid public key")

	// ErrInvalidPrivateKey is returned when a private key is invalid.
	ErrInvalidPrivateKey = errors.New("invalid private key")

	// ErrRingSizeMismatch is returned when signature ring size doesn't match.
	ErrRingSizeMismatch = errors.New("ring size mismatch")
)

Functions

func GenerateRing 

func GenerateRing(scheme Scheme, size int) ([][]byte, error)

GenerateRing generates a ring of random public keys for testing/demo purposes. In production, the ring should consist of real public keys from the network.

func VerifyAndRecord 

func VerifyAndRecord(sig RingSignature, message []byte, ring [][]byte, store KeyImageStore) error

VerifyAndRecord verifies a ring signature and records its key image. Returns an error if verification fails or if the key image was already used.

Types

type KeyImageStore 

type KeyImageStore interface {
	// HasKeyImage checks if a key image has been used.
	HasKeyImage(keyImage []byte) bool

	// AddKeyImage records a key image as used.
	AddKeyImage(keyImage []byte) error

	// RemoveKeyImage removes a key image (for rollback).
	RemoveKeyImage(keyImage []byte) error
}

KeyImageStore tracks used key images for double-spend detection.

type LSAGSignature 

type LSAGSignature struct {
	// contains filtered or unexported fields
}

LSAGSignature implements linkable ring signatures using secp256k1. Based on the Linkable Spontaneous Anonymous Group signature scheme.

func ParseLSAGSignature 

func ParseLSAGSignature(data []byte) (*LSAGSignature, error)

ParseLSAGSignature parses an LSAG signature from bytes.

func (*LSAGSignature) Bytes 

func (sig *LSAGSignature) Bytes() []byte

Bytes serializes the signature.

func (*LSAGSignature) KeyImage 

func (sig *LSAGSignature) KeyImage() []byte

KeyImage returns the key image for linkability.

func (*LSAGSignature) RingSize 

func (sig *LSAGSignature) RingSize() int

RingSize returns the number of public keys in the ring.

func (*LSAGSignature) Scheme 

func (sig *LSAGSignature) Scheme() Scheme

Scheme returns LSAG.

func (*LSAGSignature) Verify 

func (sig *LSAGSignature) Verify(message []byte, ring [][]byte) bool

Verify verifies the signature against the message and ring.

type LSAGSigner 

type LSAGSigner struct {
	// contains filtered or unexported fields
}

LSAGSigner creates LSAG ring signatures.

func NewLSAGSigner 

func NewLSAGSigner(reader io.Reader) (*LSAGSigner, error)

NewLSAGSigner creates a new LSAG signer with a random private key.

func NewLSAGSignerFromPrivateKey 

func NewLSAGSignerFromPrivateKey(privateKey []byte) (*LSAGSigner, error)

NewLSAGSignerFromPrivateKey creates an LSAG signer from an existing private key.

func (*LSAGSigner) KeyImage 

func (s *LSAGSigner) KeyImage() []byte

KeyImage returns the key image.

func (*LSAGSigner) PublicKey 

func (s *LSAGSigner) PublicKey() []byte

PublicKey returns the signer's compressed public key.

func (*LSAGSigner) Scheme 

func (s *LSAGSigner) Scheme() Scheme

Scheme returns LSAG.

func (*LSAGSigner) Sign 

func (signer *LSAGSigner) Sign(message []byte, ring [][]byte, signerIndex int) (RingSignature, error)

Sign creates a ring signature for the message.

type LatticeSignature 

type LatticeSignature struct {
	// contains filtered or unexported fields
}

LatticeSignature implements post-quantum ring signatures. Uses ML-DSA key material with a hash-based ring construction.

func ParseLatticeSignature 

func ParseLatticeSignature(data []byte) (*LatticeSignature, error)

ParseLatticeSignature parses a lattice ring signature from bytes.

func (*LatticeSignature) Bytes 

func (sig *LatticeSignature) Bytes() []byte

Bytes serializes the signature.

func (*LatticeSignature) KeyImage 

func (sig *LatticeSignature) KeyImage() []byte

KeyImage returns the key image for linkability.

func (*LatticeSignature) RingSize 

func (sig *LatticeSignature) RingSize() int

RingSize returns the number of public keys in the ring.

func (*LatticeSignature) Scheme 

func (sig *LatticeSignature) Scheme() Scheme

Scheme returns LatticeLSAG.

func (*LatticeSignature) Verify 

func (sig *LatticeSignature) Verify(message []byte, ring [][]byte) bool

Verify verifies the lattice ring signature.

type LatticeSigner 

type LatticeSigner struct {
	// contains filtered or unexported fields
}

LatticeSigner creates post-quantum ring signatures using ML-DSA key material.

func NewLatticeSigner 

func NewLatticeSigner(reader io.Reader) (*LatticeSigner, error)

NewLatticeSigner creates a new lattice-based ring signer.

func NewLatticeSignerFromPrivateKey 

func NewLatticeSignerFromPrivateKey(privateKey []byte) (*LatticeSigner, error)

NewLatticeSignerFromPrivateKey creates a signer from an existing private key.

func (*LatticeSigner) KeyImage 

func (s *LatticeSigner) KeyImage() []byte

KeyImage returns the key image.

func (*LatticeSigner) PublicKey 

func (s *LatticeSigner) PublicKey() []byte

PublicKey returns the signer's public key.

func (*LatticeSigner) Scheme 

func (s *LatticeSigner) Scheme() Scheme

Scheme returns LatticeLSAG.

func (*LatticeSigner) Sign 

func (signer *LatticeSigner) Sign(message []byte, ring [][]byte, signerIndex int) (RingSignature, error)

Sign creates a lattice-based ring signature.

type MemoryKeyImageStore 

type MemoryKeyImageStore struct {
	// contains filtered or unexported fields
}

MemoryKeyImageStore is an in-memory implementation of KeyImageStore.

func NewMemoryKeyImageStore 

func NewMemoryKeyImageStore() *MemoryKeyImageStore

NewMemoryKeyImageStore creates a new in-memory key image store.

func (*MemoryKeyImageStore) AddKeyImage 

func (s *MemoryKeyImageStore) AddKeyImage(keyImage []byte) error

AddKeyImage records a key image as used.

func (*MemoryKeyImageStore) HasKeyImage 

func (s *MemoryKeyImageStore) HasKeyImage(keyImage []byte) bool

HasKeyImage checks if a key image has been used.

func (*MemoryKeyImageStore) RemoveKeyImage 

func (s *MemoryKeyImageStore) RemoveKeyImage(keyImage []byte) error

RemoveKeyImage removes a key image.

type RingSignature 

type RingSignature interface {
	// Scheme returns the signature scheme used.
	Scheme() Scheme

	// Bytes serializes the signature to bytes.
	Bytes() []byte

	// KeyImage returns the key image for linkability.
	// Two signatures from the same private key will have the same key image.
	KeyImage() []byte

	// RingSize returns the number of public keys in the ring.
	RingSize() int

	// Verify verifies the signature against the given message and ring.
	Verify(message []byte, ring [][]byte) bool
}

RingSignature represents a ring signature that can be verified against a ring of public keys without revealing which key created it.

func ParseSignature 

func ParseSignature(scheme Scheme, data []byte) (RingSignature, error)

ParseSignature parses a ring signature from bytes.

type Scheme 

type Scheme int

Signature scheme types 

const (
	// LSAG is the Linkable Spontaneous Anonymous Group signature scheme
	// based on secp256k1 elliptic curves.
	LSAG Scheme = iota

	// LatticeLSAG is a post-quantum linkable ring signature scheme
	// based on Module-LWE lattices.
	LatticeLSAG

	// DualRing is an efficient ring signature construction.
	DualRing
)

func (Scheme) String 

func (s Scheme) String() string

String returns the string representation of the scheme.

type Signer 

type Signer interface {
	// Scheme returns the signature scheme used.
	Scheme() Scheme

	// PublicKey returns the signer's public key.
	PublicKey() []byte

	// Sign creates a ring signature for the given message.
	// The signer's public key must be included in the ring at signerIndex.
	Sign(message []byte, ring [][]byte, signerIndex int) (RingSignature, error)

	// KeyImage returns the key image derived from this signer's private key.
	KeyImage() []byte
}

Signer creates ring signatures.

func NewSigner 

func NewSigner(scheme Scheme) (Signer, error)

NewSigner creates a new ring signer with a random private key.

func NewSignerFromPrivateKey 

func NewSignerFromPrivateKey(scheme Scheme, privateKey []byte) (Signer, error)

NewSignerFromPrivateKey creates a signer from an existing private key.

func NewSignerFromReader 

func NewSignerFromReader(scheme Scheme, reader io.Reader) (Signer, error)

NewSignerFromReader creates a new ring signer using the given random source.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.