github.com/ronperry/cryptoedge@v0.0.0-20150815114006-cc363e290743/jjm/signer.go (about) 1 package jjm 2 3 import ( 4 "github.com/ronperry/cryptoedge/eccutil" 5 "math/big" 6 ) 7 8 // Signer is a single signer 9 type Signer struct { 10 curve *eccutil.Curve 11 privkey []byte 12 pubkey *eccutil.Point 13 } 14 15 // SignRequestPublicInt are the public parameters given to a signature requestor 16 type SignRequestPublicInt struct { 17 PointRs1, PointRs2 *eccutil.Point // R points 18 ScalarLs1, ScalarLs2 *big.Int // l parameters 19 } 20 21 // SignRequestPrivateInt are the _private_ parameters for the operation, never to be released 22 type SignRequestPrivateInt struct { 23 ScalarKs1, ScalarKs2 *big.Int // k parameters. Private. kn x curve.G == Rn 24 PointRs1, PointRs2 *eccutil.Point // R points. Public data, but kept for reverence 25 ScalarLs1, ScalarLs2 *big.Int // l parameters. Public data, but kept for reverence 26 ScalarRs1, ScalarRs2 *big.Int // x coordinates of PointRs1, PointRs2. Public. Pre-calculated. 27 IsUsed bool 28 } 29 30 // BlindSignatureInt is a blind signature 31 type BlindSignatureInt struct { 32 ScalarS1, ScalarS2 *big.Int 33 } 34 35 // NewSigner returns a new Signer instance 36 func NewSigner(privkey []byte, pubkey *eccutil.Point, curve *eccutil.Curve) *Signer { 37 s := new(Signer) 38 s.curve = curve 39 s.privkey = privkey 40 s.pubkey = pubkey 41 return s 42 } 43 44 // NewSignRequest creates a new signature request parameter set. 45 // Public is given to requestor, Private is kept for later signature 46 func (signer *Signer) NewSignRequest() (Public *SignRequestPublicInt, Private *SignRequestPrivateInt, err error) { 47 var loopcount int 48 for { 49 if loopcount > eccutil.MaxLoopCount { 50 return nil, nil, eccutil.ErrMaxLoop 51 } 52 loopcount++ 53 ScalarKs1B, PointRs1, err := signer.curve.GenerateKey() 54 if err != nil { 55 continue 56 } 57 ScalarKs2B, PointRs2, err := signer.curve.GenerateKey() 58 if err != nil { 59 continue 60 } 61 ScalarRs1, err := signer.curve.ExtractR(PointRs1) 62 if err != nil { 63 continue 64 } 65 ScalarRs2, err := signer.curve.ExtractR(PointRs2) 66 if err != nil { 67 continue 68 } 69 70 ScalarLs1, err := signer.curve.GenNVint() // this limits L substantially, and might not be the best idea 71 if err != nil { 72 continue 73 } 74 ScalarLs2, err := signer.curve.GenNVint() // this limits L substantially, and might not be the best idea 75 if err != nil { 76 continue 77 } 78 79 tPrivate := new(SignRequestPrivateInt) 80 tPrivate.PointRs1 = PointRs1 81 tPrivate.PointRs2 = PointRs2 82 tPrivate.ScalarKs1 = new(big.Int) 83 tPrivate.ScalarKs1 = tPrivate.ScalarKs1.SetBytes(ScalarKs1B) 84 tPrivate.ScalarKs2 = new(big.Int) 85 tPrivate.ScalarKs2 = tPrivate.ScalarKs2.SetBytes(ScalarKs2B) 86 tPrivate.ScalarLs1 = ScalarLs1 87 tPrivate.ScalarLs2 = ScalarLs2 88 tPrivate.ScalarRs1 = ScalarRs1 89 tPrivate.ScalarRs2 = ScalarRs2 90 tPrivate.IsUsed = false 91 _, err = signer.curve.TestParams(tPrivate.ScalarKs1, tPrivate.ScalarKs2, tPrivate.ScalarLs1, tPrivate.ScalarLs2, tPrivate.ScalarRs1, tPrivate.ScalarRs2) 92 if err != nil { 93 continue 94 } 95 tPublic := new(SignRequestPublicInt) 96 tPublic.PointRs1 = tPrivate.PointRs1 97 tPublic.PointRs2 = tPrivate.PointRs2 98 tPublic.ScalarLs1 = tPrivate.ScalarLs1 99 tPublic.ScalarLs2 = tPrivate.ScalarLs2 100 101 return tPublic, tPrivate, nil 102 } 103 } 104 105 // Sign signs a blinded message 106 func (signer *Signer) Sign(blindmessage *BlindMessageInt, privateParams *SignRequestPrivateInt) (signature *BlindSignatureInt, err error) { 107 if privateParams.IsUsed { 108 return nil, eccutil.ErrParamReuse 109 } 110 //cparams := signer.curve.curve.Params() 111 privkeyInt := new(big.Int) 112 privkeyInt = privkeyInt.SetBytes(signer.privkey) 113 114 _, err = signer.curve.TestParams(privkeyInt, blindmessage.M1, blindmessage.M2, privateParams.ScalarRs1, privateParams.ScalarKs1, privateParams.ScalarLs1, privateParams.ScalarRs2, privateParams.ScalarKs2, privateParams.ScalarLs2) 115 if err != nil { 116 return nil, err // Should never fire 117 } 118 119 mt1 := eccutil.ManyMult(privkeyInt, blindmessage.M1) // SigPriv * m1 120 mt2 := eccutil.ManyMult(privkeyInt, blindmessage.M2) // SigPriv * m2 121 ms1 := eccutil.ManyMult(privateParams.ScalarRs1, privateParams.ScalarKs1, privateParams.ScalarLs1) // rs1 * k1 * l1 122 ms2 := eccutil.ManyMult(privateParams.ScalarRs2, privateParams.ScalarKs2, privateParams.ScalarLs2) // rs2 * k2 * l2 123 124 ss1, ss2 := new(big.Int), new(big.Int) 125 ss1 = ss1.Sub(mt1, ms1) // (SigPriv * m1) - (rs1 * k1 * l1) 126 ss2 = ss2.Sub(mt2, ms2) // (SigPriv * m2) - (rs2 * k2 * l2) 127 ss1 = ss1.Mod(ss1, signer.curve.Params.N) // ss1 = (SigPriv * m1 - rs1 * k1 * l1) mod N 128 ss2 = ss2.Mod(ss2, signer.curve.Params.N) // ss2 = (SigPriv * m2 - rs2 * k2 * l2) mod N 129 signaturet := new(BlindSignatureInt) 130 signaturet.ScalarS1 = ss1 131 signaturet.ScalarS2 = ss2 132 return signaturet, nil 133 } 134 135 /* 136 137 type SignRequestPrivate struct { 138 ScalarKs1, ScalarKs2 *big.Int // k parameters. Private. kn x curve.G == Rn 139 PointRs1, PointRs2 *Point // R points. Public data, but kept for reverence 140 ScalarLs1, ScalarLs2 *big.Int // l parameters. Public data, but kept for reverence 141 ScalarRs1, ScalarRs2 *big.Int // x coordinates of PointRs1, PointRs2. Public. Pre-calculated. 142 IsUsed bool 143 } 144 145 146 Signer: 147 curve.Sign 148 Input: 149 from Self: SigPriv, ks1, ks2, l1, l2 150 from Requestor: m1, m2 151 Calculation: 152 Rs1 = ks1 x GeneratorPoint 153 Rs2 = ks2 x GeneratorPoint 154 rs1 = Rs1.x mod P 155 rs2 = Rs2.x mod P 156 157 ss1 = SigPriv * m1 - rs1 * k1 * l1 mod N 158 ss2 = SigPriv * m2 - rs2 * k2 * l2 mod N 159 Public: ss1, ss2 160 Destroy against future use: ks1, ks2 , l1, l2) 161 */