本文整理汇总了Golang中github.com/dedis/crypto/abstract.Suite.Scalar方法的典型用法代码示例。如果您正苦于以下问题:Golang Suite.Scalar方法的具体用法?Golang Suite.Scalar怎么用?Golang Suite.Scalar使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类github.com/dedis/crypto/abstract.Suite的用法示例。
在下文中一共展示了Suite.Scalar方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: Biffle
// Binary shuffle ("biffle") for 2 ciphertexts based on general ZKPs.
func Biffle(suite abstract.Suite, G, H abstract.Point,
X, Y [2]abstract.Point, rand abstract.Cipher) (
Xbar, Ybar [2]abstract.Point, prover proof.Prover) {
// Pick the single-bit permutation.
bit := int(random.Byte(rand) & 1)
// Pick a fresh ElGamal blinding factor for each pair
var beta [2]abstract.Scalar
for i := 0; i < 2; i++ {
beta[i] = suite.Scalar().Pick(rand)
}
// Create the output pair vectors
for i := 0; i < 2; i++ {
pi_i := i ^ bit
Xbar[i] = suite.Point().Mul(G, beta[pi_i])
Xbar[i].Add(Xbar[i], X[pi_i])
Ybar[i] = suite.Point().Mul(H, beta[pi_i])
Ybar[i].Add(Ybar[i], Y[pi_i])
}
or := bifflePred()
secrets := map[string]abstract.Scalar{
"beta0": beta[0],
"beta1": beta[1]}
points := bifflePoints(suite, G, H, X, Y, Xbar, Ybar)
choice := map[proof.Predicate]int{or: bit}
prover = or.Prover(suite, secrets, points, choice)
return
}示例2: DefaultConstructors
// DefaultConstructors gives a default constructor for protobuf out of the global suite
func DefaultConstructors(suite abstract.Suite) protobuf.Constructors {
constructors := make(protobuf.Constructors)
var point abstract.Point
var secret abstract.Scalar
constructors[reflect.TypeOf(&point).Elem()] = func() interface{} { return suite.Point() }
constructors[reflect.TypeOf(&secret).Elem()] = func() interface{} { return suite.Scalar() }
return constructors
}示例3: ReadScalarHex
// ReadScalarHex reads a scalar in hexadecimal from string
func ReadScalarHex(suite abstract.Suite, str string) (abstract.Scalar, error) {
enc, err := hex.DecodeString(str)
if err != nil {
return nil, err
}
s := suite.Scalar()
err = s.UnmarshalBinary(enc)
return s, err
}示例4: signH1
func signH1(suite abstract.Suite, H1pre abstract.Cipher, PG, PH abstract.Point) abstract.Scalar {
H1 := H1pre.Clone()
PGb, _ := PG.MarshalBinary()
H1.Write(PGb)
if PH != nil {
PHb, _ := PH.MarshalBinary()
H1.Write(PHb)
}
H1.Message(nil, nil, nil) // finish message absorption
return suite.Scalar().Pick(H1)
}示例5: hash
func hash(suite abstract.Suite, r abstract.Point, msg []byte) (abstract.Scalar, error) {
rBuf, err := r.MarshalBinary()
if err != nil {
return nil, err
}
cipher := suite.Cipher(rBuf)
cipher.Message(nil, nil, msg)
// (re)compute challenge (e)
e := suite.Scalar().Pick(cipher)
return e, nil
}示例6: Verify
// Verify returns whether the verification of the signature succeeds or not.
// Specifically, it adjusts the signature according to the exception in the
// signature, so it can be verified by dedis/crypto/cosi.
// publics is a slice of all public signatures, and the msg is the msg
// being signed.
func (bs *BFTSignature) Verify(s abstract.Suite, publics []abstract.Point) error {
if bs == nil || bs.Sig == nil || bs.Msg == nil {
return errors.New("Invalid signature")
}
// compute the aggregate key of all the signers
aggPublic := s.Point().Null()
for i := range publics {
aggPublic.Add(aggPublic, publics[i])
}
// compute the reduced public aggregate key (all - exception)
aggReducedPublic := s.Point().Null().Add(s.Point().Null(), aggPublic)
// compute the aggregate commit of exception
aggExCommit := s.Point().Null()
for _, ex := range bs.Exceptions {
aggExCommit = aggExCommit.Add(aggExCommit, ex.Commitment)
aggReducedPublic.Sub(aggReducedPublic, publics[ex.Index])
}
// get back the commit to recreate the challenge
origCommit := s.Point()
if err := origCommit.UnmarshalBinary(bs.Sig[0:32]); err != nil {
return err
}
// re create challenge
h := sha512.New()
if _, err := origCommit.MarshalTo(h); err != nil {
return err
}
if _, err := aggPublic.MarshalTo(h); err != nil {
return err
}
if _, err := h.Write(bs.Msg); err != nil {
return err
}
// redo like in cosi -k*A + r*B == C
// only with C being the reduced version
k := s.Scalar().SetBytes(h.Sum(nil))
minusPublic := s.Point().Neg(aggReducedPublic)
ka := s.Point().Mul(minusPublic, k)
r := s.Scalar().SetBytes(bs.Sig[32:64])
rb := s.Point().Mul(nil, r)
left := s.Point().Add(rb, ka)
right := s.Point().Sub(origCommit, aggExCommit)
if !left.Equal(right) {
return errors.New("Commit recreated is not equal to one given")
}
return nil
}示例7: ElGamalEncrypt
func ElGamalEncrypt(suite abstract.Suite, pubkey abstract.Point, message []byte) (
K, C abstract.Point, remainder []byte) {
// Embed the message (or as much of it as will fit) into a curve point.
M, remainder := suite.Point().Pick(message, random.Stream)
// ElGamal-encrypt the point to produce ciphertext (K,C).
k := suite.Scalar().Pick(random.Stream) // ephemeral private key
K = suite.Point().Mul(nil, k) // ephemeral DH public key
S := suite.Point().Mul(pubkey, k) // ephemeral DH shared secret
C = S.Add(S, M) // message blinded with secret
return
}示例8: verifyCommitment
func verifyCommitment(suite abstract.Suite, msg []byte, commitment abstract.Point, challenge abstract.Scalar) error {
pb, err := commitment.MarshalBinary()
if err != nil {
return err
}
cipher := suite.Cipher(pb)
cipher.Message(nil, nil, msg)
// reconstructed challenge
reconstructed := suite.Scalar().Pick(cipher)
if !reconstructed.Equal(challenge) {
return errors.New("Reconstructed challenge not equal to one given")
}
return nil
}示例9: Init
// Initialize...
func (sk *SKEME) Init(suite abstract.Suite, rand cipher.Stream,
lpri PriKey, rpub Set, hide bool) {
sk.suite = suite
sk.hide = hide
sk.lpri, sk.rpub = lpri, rpub
// Create our Diffie-Hellman keypair
sk.lx = suite.Scalar().Pick(rand)
sk.lX = suite.Point().Mul(nil, sk.lx)
sk.lXb, _ = sk.lX.MarshalBinary()
// Encrypt and send the DH key to the receiver.
// This is a deviation from SKEME, to protect message metadata
// and further harden messages against tampering or active MITM DoS.
sk.lm = Encrypt(suite, rand, sk.lXb, rpub, hide)
}示例10: benchGenKeys
func benchGenKeys(suite abstract.Suite,
nkeys int) ([]abstract.Point, abstract.Scalar) {
rand := random.Stream
// Create an anonymity set of random "public keys"
X := make([]abstract.Point, nkeys)
for i := range X { // pick random points
X[i], _ = suite.Point().Pick(nil, rand)
}
// Make just one of them an actual public/private keypair (X[mine],x)
x := suite.Scalar().Pick(rand)
X[0] = suite.Point().Mul(nil, x)
return X, x
}示例11: keyPair
// XXX belongs in crypto package?
func keyPair(suite abstract.Suite, rand cipher.Stream,
hide bool) (abstract.Point, abstract.Scalar, []byte) {
x := suite.Scalar().Pick(rand)
X := suite.Point().Mul(nil, x)
if !hide {
Xb, _ := X.MarshalBinary()
return X, x, Xb
}
Xh := X.(abstract.Hiding)
for {
Xb := Xh.HideEncode(rand) // try to encode as uniform blob
if Xb != nil {
return X, x, Xb // success
}
x.Pick(rand) // try again with a new key
X.Mul(nil, x)
}
}示例12: SchnorrSign
// This simplified implementation of Schnorr Signatures is based on
// crypto/anon/sig.go
// The ring structure is removed and
// The anonimity set is reduced to one public key = no anonimity
func SchnorrSign(suite abstract.Suite, random cipher.Stream, message []byte,
privateKey abstract.Scalar) []byte {
// Create random secret v and public point commitment T
v := suite.Scalar().Pick(random)
T := suite.Point().Mul(nil, v)
// Create challenge c based on message and T
c := hashSchnorr(suite, message, T)
// Compute response r = v - x*c
r := suite.Scalar()
r.Mul(privateKey, c).Sub(v, r)
// Return verifiable signature {c, r}
// Verifier will be able to compute v = r + x*c
// And check that hashElgamal for T and the message == c
buf := bytes.Buffer{}
sig := basicSig{c, r}
suite.Write(&buf, &sig)
return buf.Bytes()
}示例13: VerifySignature
// VerifySignature is the method to call to verify a signature issued by a Cosi
// struct. Publics is the WHOLE list of publics keys, the mask at the end of the
// signature will take care of removing the indivual public keys that did not
// participate
func VerifySignature(suite abstract.Suite, publics []abstract.Point, message, sig []byte) error {
aggCommitBuff := sig[:32]
aggCommit := suite.Point()
if err := aggCommit.UnmarshalBinary(aggCommitBuff); err != nil {
panic(err)
}
sigBuff := sig[32:64]
sigInt := suite.Scalar().SetBytes(sigBuff)
maskBuff := sig[64:]
mask := newMask(suite, publics)
mask.SetMask(maskBuff)
aggPublic := mask.Aggregate()
aggPublicMarshal, err := aggPublic.MarshalBinary()
if err != nil {
return err
}
hash := sha512.New()
hash.Write(aggCommitBuff)
hash.Write(aggPublicMarshal)
hash.Write(message)
buff := hash.Sum(nil)
k := suite.Scalar().SetBytes(buff)
// k * -aggPublic + s * B = k*-A + s*B
// from s = k * a + r => s * B = k * a * B + r * B <=> s*B = k*A + r*B
// <=> s*B + k*-A = r*B
minusPublic := suite.Point().Neg(aggPublic)
kA := suite.Point().Mul(minusPublic, k)
sB := suite.Point().Mul(nil, sigInt)
left := suite.Point().Add(kA, sB)
if !left.Equal(aggCommit) {
return errors.New("Signature invalid")
}
return nil
}示例14: TestShuffle
func TestShuffle(suite abstract.Suite, k int, N int) {
rand := suite.Cipher(abstract.RandomKey)
// Create a "server" private/public keypair
h := suite.Scalar().Pick(rand)
H := suite.Point().Mul(nil, h)
// Create a set of ephemeral "client" keypairs to shuffle
c := make([]abstract.Scalar, k)
C := make([]abstract.Point, k)
// fmt.Println("\nclient keys:")
for i := 0; i < k; i++ {
c[i] = suite.Scalar().Pick(rand)
C[i] = suite.Point().Mul(nil, c[i])
// fmt.Println(" "+C[i].String())
}
// ElGamal-encrypt all these keypairs with the "server" key
X := make([]abstract.Point, k)
Y := make([]abstract.Point, k)
r := suite.Scalar() // temporary
for i := 0; i < k; i++ {
r.Pick(rand)
X[i] = suite.Point().Mul(nil, r)
Y[i] = suite.Point().Mul(H, r) // ElGamal blinding factor
Y[i].Add(Y[i], C[i]) // Encrypted client public key
}
// Repeat only the actual shuffle portion for test purposes.
for i := 0; i < N; i++ {
// Do a key-shuffle
Xbar, Ybar, prover := Shuffle(suite, nil, H, X, Y, rand)
prf, err := proof.HashProve(suite, "PairShuffle", rand, prover)
if err != nil {
panic("Shuffle proof failed: " + err.Error())
}
//fmt.Printf("proof:\n%s\n",hex.Dump(prf))
// Check it
verifier := Verifier(suite, nil, H, X, Y, Xbar, Ybar)
err = proof.HashVerify(suite, "PairShuffle", verifier, prf)
if err != nil {
panic("Shuffle verify failed: " + err.Error())
}
}
}示例15: SignSchnorr
// SignSchnorr creates a Schnorr signature from a msg and a private key
func SignSchnorr(suite abstract.Suite, private abstract.Scalar, msg []byte) (SchnorrSig, error) {
// using notation from https://en.wikipedia.org/wiki/Schnorr_signature
// create random secret k and public point commitment r
k := suite.Scalar().Pick(random.Stream)
r := suite.Point().Mul(nil, k)
// create challenge e based on message and r
e, err := hash(suite, r, msg)
if err != nil {
return SchnorrSig{}, err
}
// compute response s = k - x*e
xe := suite.Scalar().Mul(private, e)
s := suite.Scalar().Sub(k, xe)
return SchnorrSig{Challenge: e, Response: s}, nil
}