crypto

module
v1.2.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 6, 2025 License: BSD-3-Clause

README

Lux Crypto Package

Go Reference Go Report Card

Overview

The crypto package provides cryptographic primitives and utilities for the Lux Network ecosystem. It includes implementations for BLS signatures, key derivation, certificate handling, and secp256k1 operations, all optimized for blockchain applications.

Features

  • BLS Signatures: Threshold signature scheme supporting multi-party computation
  • SLIP-10 HD Wallets: Hierarchical deterministic key derivation
  • secp256k1: Elliptic curve operations for Ethereum compatibility
  • Certificate Management: TLS certificate handling for node identity
  • Key Factories: Secure key generation and management

Installation

go get github.com/luxfi/crypto

Usage

BLS Signatures

BLS (Boneh-Lynn-Shacham) signatures provide efficient threshold signature schemes:

import (
    "github.com/luxfi/crypto/bls"
)

// Generate a private key
sk, err := bls.NewSecretKey()
if err != nil {
    log.Fatal(err)
}

// Get the public key
pk := bls.PublicFromSecretKey(sk)

// Sign a message
message := []byte("Hello, Lux!")
signature := bls.Sign(sk, message)

// Verify the signature
valid := bls.Verify(pk, signature, message)
Key Derivation (SLIP-10)

Hierarchical deterministic key derivation following SLIP-10 standard:

import (
    "github.com/luxfi/crypto/keychain"
)

// Create a new keychain from seed
seed := []byte("your-secure-seed-phrase")
kc, err := keychain.NewFromSeed(seed)
if err != nil {
    log.Fatal(err)
}

// Derive a key at a specific path
key, err := kc.Derive([]uint32{44, 9000, 0, 0, 0})
if err != nil {
    log.Fatal(err)
}
secp256k1 Operations

Ethereum-compatible elliptic curve operations:

import (
    "github.com/luxfi/crypto/secp256k1"
)

// Generate a private key
privKey, err := secp256k1.NewPrivateKey()
if err != nil {
    log.Fatal(err)
}

// Get the public key
pubKey := privKey.PublicKey()

// Sign a message
messageHash := crypto.Keccak256([]byte("message"))
signature, err := privKey.Sign(messageHash)
if err != nil {
    log.Fatal(err)
}

// Verify signature
valid := pubKey.Verify(messageHash, signature)
Certificate Handling

TLS certificate management for node identity:

import (
    "github.com/luxfi/crypto"
)

// Create a certificate structure
cert := &crypto.Certificate{
    Raw:       tlsCert.Raw,
    PublicKey: tlsCert.PublicKey,
}

// Use with node identity generation
// nodeID := ids.NodeIDFromCert(cert)

Package Structure

crypto/
├── bls/           # BLS signature scheme implementation
├── keychain/      # SLIP-10 HD key derivation
├── secp256k1/     # secp256k1 elliptic curve operations
├── certificate.go # TLS certificate structures
└── README.md      # This file

Security Considerations

  1. Key Storage: Never store private keys in plain text. Use secure key management systems.
  2. Randomness: This package uses cryptographically secure random number generation.
  3. Constant Time: Critical operations are implemented to be constant-time where applicable.
  4. Threshold Signatures: BLS signatures support threshold schemes for distributed signing.

Performance

The crypto package is optimized for blockchain operations:

  • Fast signature verification for consensus
  • Batch verification support in BLS
  • Optimized elliptic curve operations
  • Minimal memory allocations

Testing

Run the comprehensive test suite:

go test ./...

Run benchmarks:

go test -bench=. ./...

Contributing

We welcome contributions! Please see our Contributing Guidelines for details.

Development Setup
  1. Clone the repository
  2. Install dependencies: go mod download
  3. Run tests: go test ./...
  4. Run linters: golangci-lint run

License

This project is licensed under the BSD 3-Clause License. See the LICENSE file for details.

References

Directories

Path Synopsis
Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693 and the extendable output function (XOF) BLAKE2Xb.
 Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693 and the extendable output function (XOF) BLAKE2Xb.
bls
blstest
signer/localsigner
Package bn256 implements the Optimal Ate pairing over a 256-bit Barreto-Naehrig curve.
 Package bn256 implements the Optimal Ate pairing over a 256-bit Barreto-Naehrig curve.
cloudflare
Package bn256 implements a particular bilinear group at the 128-bit security level.
 Package bn256 implements a particular bilinear group at the 128-bit security level.
gnark
google
Package bn256 implements a particular bilinear group.
 Package bn256 implements a particular bilinear group.
hexutil
Package hexutil implements hex encoding with 0x prefix.
 Package hexutil implements hex encoding with 0x prefix.
math
Package math provides integer math utilities.
 Package math provides integer math utilities.
ipa
bandersnatch
bandersnatch/fp
bandersnatch/fr
banderwagon
common
common/parallel
test_helper
Package kzg4844 implements the KZG crypto for EIP-4844.
 Package kzg4844 implements the KZG crypto for EIP-4844.
Package rlp implements the RLP serialization format.
 Package rlp implements the RLP serialization format.
Package secp256k1 wraps the bitcoin secp256k1 C library.
 Package secp256k1 wraps the bitcoin secp256k1 C library.
Package secp256r1 implements signature verification for the P256VERIFY precompile.
 Package secp256r1 implements signature verification for the P256VERIFY precompile.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.