存储>> ed25519-cosi>> 返回
项目作者: jpopesculian

项目描述 :
Collective Edwards-Curve Digital Signature Algorithm
高级语言: C
项目地址: git://github.com/jpopesculian/ed25519-cosi.git
创建时间: 2019-05-13T15:43:51Z
项目社区:https://github.com/jpopesculian/ed25519-cosi
开源协议:MIT License
下载


Collective Edwards-Curve Digital Signature Algorithm

Under Development and sparsely tested, please use at your own risk.

Installation

The only dependency is libsodium (tested with version 1.0.17).

  1. git clone https://github.com/jpopesculian/ed25519-cosi.git $INSTALL_DIR
  2. cd $INSTALL_DIR
  3. make
  4. sudo make install

Testing

Requires libcheck

  1. make check

Usage

The Collective Edwards-Curve Digital Signature Algorithm is based upon B.
Ford’s draft at
https://tools.ietf.org/id/draft-ford-cfrg-cosi-00.html.
This library includes both creating and verifying collective signatures.

Signature Generation

Include

Include <ed25519_cosi.h> header in your source file and compile with
-led25519_cosi and -lsodium ld flags.

Setup

It’s up to the implementation to decide how to communicate with participants.
The Draft suggests Protocol Buffers and has appropriate schemas. In addition an
ordered list of public keys needs to be available for the “Leader” and
a verifier to reference. In addition collective public key will be made and
distributed by using ed25519_cosi_update_public_key (using
ed25519_cosi_SC_ONE as a base value).

Announcement

It’s up to the implementation to decide how to the Leader will announce to the
participants that a message will be signed. A collective signature mask should
be initialized here for the signature (a byte array of length
ed25519_cosi_mask_len(n) where n is the number of participants
corresponding to the public key list and should be initialized with
ed25519_cosi_mask_init).

Commitment

If a participant wants to sign he/she will create a commitment
ed25519_cosi_commit generating a nonce he/she must store and a public
commitment to be sent to the Leader. The Leader will then collect the public
commitments using ed25519_cosi_update_commit (using ed25519_cosi_SC_ONE as
a base value).

On commitment receipt, the Leader needs to update the collective signature mask
using ed25519_cosi_mask_enable for responding participants.

Challenge

After creating the collective commitment, the Leader will then create
a challenge with ed25519_cosi_challenge and broadcast the collective
challenge participants (he/she should include the message and commitment so
that the participants can verify).

Response

After receiving and verifying the challenge, participants will create
a response with ed25519_cosi_response and their stored nonce value and send
back to the Leader. On receipt of a response, the Leader will use
ed25519_cosi_update_response to collect the responses (using
ed25519_cosi_SC_ZERO as a base).

Signature Creation

The Leader will then combine the collective commitment, collective response and
collective signature mask together with ed25519_cosi_signature to create the
signature itself.

Signature Verification

To signature can be verified in two steps. Through a policy and through cryptography.

Policy Verification

A policy is used to check who participated in a collective signature. It can be
such things as m of n or checking that certain people signed or any
combination / permutation of those. The library offers helpers such as
ed25519_cosi_did_sign and ed25519_cosi_num_signatures to help build such
a policy (ed25519_cosi_valid_length or ed25519_cosi_valid_signature should
be called before verifying a policy).

Cryptographic Verification

Given the message, signature and the list of participants public keys (in the
same order as used in the signature generation process), someone can verify the
collective signature using ed25519_cosi_valid_signature.