Class: Zilliqa::Crypto::Schnorr
- Inherits:
-
Object
- Object
- Zilliqa::Crypto::Schnorr
- Includes:
- BitcoinSecp256k1
- Defined in:
- lib/zilliqa/crypto/schnorr.rb
Constant Summary collapse
- N =
OpenSSL::BN.new('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141', 16)
- G =
OpenSSL::BN.new('79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798', 16)
Class Method Summary collapse
-
.hash(q_point, pubkey_point, message) ⇒ Object
Hash (r | M).
-
.sign(message, private_key, public_key) ⇒ Object
sign.
-
.try_sign(message, private_key, k_bn, public_key) ⇒ Object
trySign.
-
.verify(message, sig, public_key) ⇒ Object
Verify signature.
Instance Method Summary collapse
-
#initialize ⇒ Schnorr
constructor
A new instance of Schnorr.
Constructor Details
#initialize ⇒ Schnorr
Returns a new instance of Schnorr.
13 14 |
# File 'lib/zilliqa/crypto/schnorr.rb', line 13 def initialize end |
Class Method Details
.hash(q_point, pubkey_point, message) ⇒ Object
Hash (r | M).
125 126 127 128 129 130 131 132 |
# File 'lib/zilliqa/crypto/schnorr.rb', line 125 def self.hash(q_point, pubkey_point, ) sha256 = Digest::SHA256.new sha256 << q_point.to_octet_string(:compressed) sha256 << pubkey_point.to_octet_string(:compressed) sha256 << Util.decode_hex() OpenSSL::BN.new(sha256.hexdigest, 16) end |
.sign(message, private_key, public_key) ⇒ Object
sign
20 21 22 23 24 25 26 27 28 29 30 31 |
# File 'lib/zilliqa/crypto/schnorr.rb', line 20 def self.sign(, private_key, public_key) sig = nil until sig k = Util.encode_hex SecureRandom.random_bytes(32) k_bn = OpenSSL::BN.new(k, 16) sig = try_sign(, private_key, k_bn, public_key) sig = Zilliqa::Util::Validator.signature?(sig.to_s) ? sig : nil end sig end |
.try_sign(message, private_key, k_bn, public_key) ⇒ Object
trySign
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'lib/zilliqa/crypto/schnorr.rb', line 40 def self.try_sign(, private_key, k_bn, public_key) group = OpenSSL::PKey::EC::Group.new('secp256k1') prikey_bn = OpenSSL::BN.new(private_key, 16) pubkey_bn = OpenSSL::BN.new(public_key, 16) pubkey_point = OpenSSL::PKey::EC::Point.new(group, pubkey_bn) throw 'Bad private key.' if prikey_bn.zero? || prikey_bn >= N # 1a. check that k is not 0 return nil if k_bn.zero? # 1b. check that k is < the order of the group return nil if k_bn >= N # 2. Compute commitment Q = kG, where g is the base point q_point = pubkey_point.mul(0, k_bn) # 3. Compute the challenge r = H(Q || pubKey || msg) # mod reduce the r value by the order of secp256k1, n r_bn = hash(q_point, pubkey_point, ) % N return nil if r_bn.zero? # 4. Compute s = k - r * prv # 4a. Compute r * prv s_bn = r_bn * prikey_bn % N # 4b. Compute s = k - r * prv mod n s_bn = k_bn.mod_sub(s_bn, N) return nil if s_bn.zero? Signature.new(r_bn.to_s(16), s_bn.to_s(16)) end |
.verify(message, sig, public_key) ⇒ Object
Verify signature.
-
Check if r,s is in [1, …, order-1]
-
Compute Q = sG + r*kpub
-
If Q = O (the neutral point), return 0;
-
r’ = H(Q, kpub, m)
-
return r’ == r
90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
# File 'lib/zilliqa/crypto/schnorr.rb', line 90 def self.verify(, sig, public_key) pubkey = PublicKey.new pubkey.deserialize Util.decode_hex(public_key) r = sig.r r_bn = OpenSSL::BN.new(r, 16) s = sig.s s_bn = OpenSSL::BN.new(s, 16) throw 'Invalid signature' if (s_bn.zero? || r_bn.zero?) throw 'Invalid signature' if (s_bn.negative? || r_bn.negative?) throw 'Invalid signature' if (s_bn >= N || r_bn >= N) group = OpenSSL::PKey::EC::Group.new('secp256k1') pubkey_bn = OpenSSL::BN.new(public_key, 16) pubkey_point = OpenSSL::PKey::EC::Point.new(group, pubkey_bn) throw 'Invalid public key' unless pubkey_point.on_curve? q_point = pubkey_point.mul(r_bn, s_bn) throw 'Invalid intermediate point.' if q_point.infinity? h_bn = self.hash(q_point, pubkey_point, ) % N throw 'Invalid hash.' if (h_bn.zero?) h_bn.eql?(r_bn) end |