The highest tagged major version is v2.

keychain

package

v1.23.0 Latest Latest Go to latest Published: Jan 22, 2026 License: BSD-3-Clause Imports: 13 Imported by: 8

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/luxfi/node

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type KeyType
type Keychain
type PQKeychain
- func NewPQKeychain(defaultType KeyType) *PQKeychain
type PQSigner
type Signer

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrInvalidKeyType = errors.New("invalid key type")
	ErrKeyNotFound    = errors.New("key not found")
)

Functions ¶

This section is empty.

Types ¶

type KeyType ¶ added in v1.16.56

type KeyType uint8

KeyType represents the type of cryptographic key

const (
	// Classical cryptography
	KeyTypeSecp256k1 KeyType = iota
	KeyTypeBLS               // BLS signatures for consensus

	// Post-quantum cryptography (NIST FIPS standards)
	KeyTypeMLDSA44   // FIPS 204 - ML-DSA-44
	KeyTypeMLDSA65   // FIPS 204 - ML-DSA-65
	KeyTypeMLDSA87   // FIPS 204 - ML-DSA-87
	KeyTypeSLHDSA128 // FIPS 205 - SLH-DSA-128
	KeyTypeSLHDSA192 // FIPS 205 - SLH-DSA-192
	KeyTypeSLHDSA256 // FIPS 205 - SLH-DSA-256

	// Key encapsulation (FIPS 203)
	KeyTypeMLKEM512  // ML-KEM-512
	KeyTypeMLKEM768  // ML-KEM-768
	KeyTypeMLKEM1024 // ML-KEM-1024

	// Privacy-preserving
	KeyTypeRingtail // Ring signatures

	// Hybrid modes (classical + post-quantum)
	KeyTypeHybridSecp256k1MLDSA44
	KeyTypeHybridSecp256k1SLHDSA128
	KeyTypeHybridBLSMLDSA44
)

type Keychain ¶

type Keychain interface {
	Addresses() set.Set[ids.ShortID]
	Get(ids.ShortID) (Signer, bool)
}

Keychain interface that wallet signers can use This allows both secp256k1fx.Keychain and ledger-lux-go/keychain.Keychain to be used Generic across chains, DAGs, and post-quantum crypto

type PQKeychain ¶ added in v1.16.56

type PQKeychain struct {
	// contains filtered or unexported fields
}

PQKeychain implements Keychain with post-quantum support

func NewPQKeychain ¶ added in v1.16.56

func NewPQKeychain(defaultType KeyType) *PQKeychain

NewPQKeychain creates a new post-quantum keychain

func (*PQKeychain) AddBLS ¶ added in v1.23.0

func (kc *PQKeychain) AddBLS(key *bls.SecretKey) ids.ShortID

AddBLS adds a BLS key to the keychain

func (*PQKeychain) AddHybrid ¶ added in v1.16.56

func (kc *PQKeychain) AddHybrid(classical *secp256k1.PrivateKey, pq interface{}) ids.ShortID

AddHybrid adds a hybrid classical+PQ key pair

func (*PQKeychain) AddHybridBLS ¶ added in v1.23.0

func (kc *PQKeychain) AddHybridBLS(blsKey *bls.SecretKey, pqKey *mldsa.PrivateKey) ids.ShortID

AddHybridBLS adds a hybrid BLS + ML-DSA key pair This combines BLS for aggregatable consensus signatures with ML-DSA for post-quantum security

func (*PQKeychain) AddMLDSA ¶ added in v1.16.56

func (kc *PQKeychain) AddMLDSA(key *mldsa.PrivateKey, keyType KeyType) ids.ShortID

AddMLDSA adds an ML-DSA key to the keychain

func (*PQKeychain) AddMLKEM ¶ added in v1.23.0

func (kc *PQKeychain) AddMLKEM(pubKey *mlkem.PublicKey, privKey *mlkem.PrivateKey, mode mlkem.Mode) ids.ShortID

AddMLKEM adds an ML-KEM key pair to the keychain for key encapsulation

func (*PQKeychain) AddRingtail ¶ added in v1.23.0

func (kc *PQKeychain) AddRingtail(signer ring.Signer, scheme ring.Scheme) ids.ShortID

AddRingtail adds a ring signature key to the keychain scheme specifies which ring signature scheme to use (LSAG or LatticeLSAG)

func (*PQKeychain) AddSLHDSA ¶ added in v1.16.56

func (kc *PQKeychain) AddSLHDSA(key *slhdsa.PrivateKey, keyType KeyType) ids.ShortID

AddSLHDSA adds an SLH-DSA key to the keychain

func (*PQKeychain) AddSecp256k1 ¶ added in v1.16.56

func (kc *PQKeychain) AddSecp256k1(key *secp256k1.PrivateKey) ids.ShortID

AddSecp256k1 adds a secp256k1 key to the keychain

func (*PQKeychain) Addresses ¶ added in v1.16.56

func (kc *PQKeychain) Addresses() []ids.ShortID

Addresses returns all addresses in the keychain

func (*PQKeychain) GenerateKey ¶ added in v1.16.56

func (kc *PQKeychain) GenerateKey() (ids.ShortID, error)

GenerateKey generates a new key of the default type

func (*PQKeychain) GenerateRingtailKey ¶ added in v1.23.0

func (kc *PQKeychain) GenerateRingtailKey(scheme ring.Scheme) (ids.ShortID, error)

GenerateRingtailKey generates a new ring signature key with a specific scheme. scheme can be ring.LSAG (secp256k1-based) or ring.LatticeLSAG (post-quantum).

func (*PQKeychain) Get ¶ added in v1.16.56

func (kc *PQKeychain) Get(addr ids.ShortID) (Signer, bool)

Get returns the signer for the given address

func (*PQKeychain) GetPQSigner ¶ added in v1.16.56

func (kc *PQKeychain) GetPQSigner(addr ids.ShortID) (*PQSigner, bool)

GetPQSigner returns the PQ signer for advanced operations

func (*PQKeychain) SetDefaultType ¶ added in v1.16.56

func (kc *PQKeychain) SetDefaultType(keyType KeyType)

SetDefaultType sets the default key type for new keys

type PQSigner ¶ added in v1.16.56

type PQSigner struct {
	// contains filtered or unexported fields
}

PQSigner implements Signer with post-quantum support

func (*PQSigner) Address ¶ added in v1.16.56

func (s *PQSigner) Address() ids.ShortID

Address returns the address associated with this signer

func (*PQSigner) BLSPublicKey ¶ added in v1.23.0

func (s *PQSigner) BLSPublicKey() *bls.PublicKey

BLSPublicKey returns the BLS public key (for BLS or hybrid BLS key types).

func (*PQSigner) Decapsulate ¶ added in v1.23.0

func (s *PQSigner) Decapsulate(ciphertext []byte) (sharedSecret []byte, err error)

Decapsulate recovers the shared secret from a ciphertext. Only valid for ML-KEM key types.

func (*PQSigner) Encapsulate ¶ added in v1.23.0

func (s *PQSigner) Encapsulate(recipientPubKey *mlkem.PublicKey) (ciphertext, sharedSecret []byte, err error)

Encapsulate generates a shared secret and ciphertext for the given public key. Only valid for ML-KEM key types.

func (*PQSigner) KeyImage ¶ added in v1.23.0

func (s *PQSigner) KeyImage() []byte

KeyImage returns the key image for linkability (ring signatures only). Returns nil for non-ring signature key types.

func (*PQSigner) KeyType ¶ added in v1.23.0

func (s *PQSigner) KeyType() KeyType

KeyType returns the key type of this signer.

func (*PQSigner) PublicKey ¶ added in v1.23.0

func (s *PQSigner) PublicKey() []byte

PublicKey returns the public key bytes for this signer.

func (*PQSigner) RingScheme ¶ added in v1.23.0

func (s *PQSigner) RingScheme() ring.Scheme

RingScheme returns the ring signature scheme used (for Ringtail keys).

func (*PQSigner) Sign ¶ added in v1.16.56

func (s *PQSigner) Sign(msg []byte) ([]byte, error)

Sign signs a message with the appropriate algorithm

func (*PQSigner) SignHash ¶ added in v1.16.56

func (s *PQSigner) SignHash(hash []byte) ([]byte, error)

SignHash signs a hash with the appropriate algorithm

func (*PQSigner) SignRing ¶ added in v1.23.0

func (s *PQSigner) SignRing(message []byte, ringPubKeys [][]byte, signerIndex int) (ring.RingSignature, error)

SignRing creates a ring signature for the given message using the provided ring of public keys. The signer's public key must be included in the ring at signerIndex.

type Signer ¶

type Signer interface {
	SignHash([]byte) ([]byte, error)
	Sign([]byte) ([]byte, error)
	Address() ids.ShortID
}

Signer interface for signing operations Generic interface for all signing needs (classical and post-quantum)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL