223 lines
5.7 KiB
Raw Permalink Normal View History

feature/1114 implement account interface (#1167) - **refactor: move session-related code to middleware package** - **refactor: update PKL build process and adjust related configurations** - **feat: integrate base.cosmos.v1 Genesis module** - **refactor: pass session context to modal rendering functions** - **refactor: move nebula package to app directory and update templ version** - **refactor: Move home section video view to dedicated directory** - **refactor: remove unused views file** - **refactor: move styles and UI components to global scope** - **refactor: Rename images.go to cdn.go** - **feat: Add Empty State Illustrations** - **refactor: Consolidate Vault Index Logic** - **fix: References to App.wasm and remove Vault Directory embedded CDN files** - **refactor: Move CDN types to Models** - **fix: Correct line numbers in templ error messages for arch_templ.go** - **refactor: use common types for peer roles** - **refactor: move common types and ORM to a shared package** - **fix: Config import dwn** - **refactor: move nebula directory to app** - **feat: Rebuild nebula** - **fix: correct file paths in panels templates** - **feat: Remove duplicate types** - **refactor: Move dwn to pkg/core** - **refactor: Binary Structure** - **feat: Introduce Crypto Pkg** - **fix: Broken Process Start** - **feat: Update pkg/* structure** - **feat: Refactor PKL Structure** - **build: update pkl build process** - **chore: Remove Empty Files** - **refactor: remove unused macaroon package** - **feat: Add WebAwesome Components** - **refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets** - **refactor: refactor server and move components to pkg/core/dwn** - **build: update go modules** - **refactor: move gateway logic into dedicated hway command** - **feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module** - **feat: Implement MPC-based JWT signing and UCAN token generation** - **feat: add support for MPC-based JWT signing** - **feat: Implement MPC-based UCAN capabilities for smart accounts** - **feat: add address field to keyshareSource** - **feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations** - **refactor: improve MPC keyshare management and signing process** - **feat: enhance MPC capability hierarchy documentation** - **refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity** - **refactor: remove unused Ethereum address computation** - **feat: Add HasHandle and IsAuthenticated methods to HTTPContext** - **refactor: Add context.Context support to session HTTPContext** - **refactor: Resolve context interface conflicts in HTTPContext** - **feat: Add session ID context key and helper functions** - **feat: Update WebApp Page Rendering** - **refactor: Simplify context management by using single HTTPContext key** - **refactor: Simplify HTTPContext creation and context management in session middleware** - **refactor: refactor session middleware to use a single data structure** - **refactor: Simplify HTTPContext implementation and session data handling** - **refactor: Improve session context handling and prevent nil pointer errors** - **refactor: Improve session context handling with nil safety and type support** - **refactor: improve session data injection** - **feat: add full-screen modal component and update registration flow** - **chore: add .air.toml to .gitignore** - **feat: add Air to devbox and update dependencies**
2024-11-23 01:28:58 -05:00
// Copyright Coinbase, Inc. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// This file contains proofs that Paillier moduli are square-free: [spec] fig 15
package paillier
import (
crypto "github.com/onsonr/sonr/crypto/core"
feature/1114 implement account interface (#1167) - **refactor: move session-related code to middleware package** - **refactor: update PKL build process and adjust related configurations** - **feat: integrate base.cosmos.v1 Genesis module** - **refactor: pass session context to modal rendering functions** - **refactor: move nebula package to app directory and update templ version** - **refactor: Move home section video view to dedicated directory** - **refactor: remove unused views file** - **refactor: move styles and UI components to global scope** - **refactor: Rename images.go to cdn.go** - **feat: Add Empty State Illustrations** - **refactor: Consolidate Vault Index Logic** - **fix: References to App.wasm and remove Vault Directory embedded CDN files** - **refactor: Move CDN types to Models** - **fix: Correct line numbers in templ error messages for arch_templ.go** - **refactor: use common types for peer roles** - **refactor: move common types and ORM to a shared package** - **fix: Config import dwn** - **refactor: move nebula directory to app** - **feat: Rebuild nebula** - **fix: correct file paths in panels templates** - **feat: Remove duplicate types** - **refactor: Move dwn to pkg/core** - **refactor: Binary Structure** - **feat: Introduce Crypto Pkg** - **fix: Broken Process Start** - **feat: Update pkg/* structure** - **feat: Refactor PKL Structure** - **build: update pkl build process** - **chore: Remove Empty Files** - **refactor: remove unused macaroon package** - **feat: Add WebAwesome Components** - **refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets** - **refactor: refactor server and move components to pkg/core/dwn** - **build: update go modules** - **refactor: move gateway logic into dedicated hway command** - **feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module** - **feat: Implement MPC-based JWT signing and UCAN token generation** - **feat: add support for MPC-based JWT signing** - **feat: Implement MPC-based UCAN capabilities for smart accounts** - **feat: add address field to keyshareSource** - **feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations** - **refactor: improve MPC keyshare management and signing process** - **feat: enhance MPC capability hierarchy documentation** - **refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity** - **refactor: remove unused Ethereum address computation** - **feat: Add HasHandle and IsAuthenticated methods to HTTPContext** - **refactor: Add context.Context support to session HTTPContext** - **refactor: Resolve context interface conflicts in HTTPContext** - **feat: Add session ID context key and helper functions** - **feat: Update WebApp Page Rendering** - **refactor: Simplify context management by using single HTTPContext key** - **refactor: Simplify HTTPContext creation and context management in session middleware** - **refactor: refactor session middleware to use a single data structure** - **refactor: Simplify HTTPContext implementation and session data handling** - **refactor: Improve session context handling and prevent nil pointer errors** - **refactor: Improve session context handling with nil safety and type support** - **refactor: improve session data injection** - **feat: add full-screen modal component and update registration flow** - **chore: add .air.toml to .gitignore** - **feat: add Air to devbox and update dependencies**
2024-11-23 01:28:58 -05:00
// [spec] 10.2 and ProvePSF, VerifyPSF fig.15
const PsfProofLength = 13
// PsfProofParams contains the inputs to ProvePSF
type PsfProofParams struct {
Curve elliptic.Curve
SecretKey *SecretKey
Pi uint32
Y *curves.EcPoint
// PsfVerifyParams contains the inputs to VerifyPSF
type PsfVerifyParams struct {
Curve elliptic.Curve
PublicKey *PublicKey
Pi uint32
Y *curves.EcPoint
// PsfProof is a slice of 13 big.Int's that prove that a Paillier modulus is square-free
type PsfProof []*big.Int
// Prove that a Paillier modulus is square-free
// [spec] §10.fig 15
func (p *PsfProofParams) Prove() (PsfProof, error) {
// Verify that params are sane
if p.Curve == nil ||
p.SecretKey == nil ||
p.Pi == 0 ||
p.Y == nil {
return nil, internal.ErrNilArguments
// 1. ell = 13
// Note this is set above as PsfProofLength
// 2. M = N^{-1} mod \phi(N)
M, err := crypto.Inv(p.SecretKey.N, p.SecretKey.Totient)
if err != nil {
return nil, err
// 3. [x_1, ..., x_ell] <- GenerateChallenges(g,q,y,Pi,ell)
// NOTE: spec doesn't include N, but it's an oversight--should be part of the
// commitment
x, err := generateChallenges(p.Curve.Params(), p.SecretKey.N, p.Pi, p.Y)
if err != nil {
return nil, err
if len(x) != PsfProofLength {
return nil, fmt.Errorf("Challenges array is not correct length: want=%v got=%v", PsfProofLength, len(x))
// 4. For i = [1, ... \ell]
// NOTE: typo in spec: says j = ... but uses subscript i in loop
proof := make([]*big.Int, PsfProofLength)
for i, xj := range x {
// 5. Compute y_i = x_i^M mod N
// NOTE: the pseudocode shows mod phi(N) which is incorrect
// it should be mod N otherwise the reverse in Verify
// will fail. Using phi(N) puts M in the wrong group.
yi, err := crypto.Exp(xj, M, p.SecretKey.N)
if err != nil {
return nil, err
// 6. Set \Pi = [y_1, ..., y_\ell]
// NOTE: typo in spec: says y_t not y_\ell
proof[i] = yi
// 7. return \Pi
return proof, nil
// Verify that a Paillier modulus is square-free
// [spec] §10.fig 15
func (p PsfProof) Verify(psf *PsfVerifyParams) error {
// Verify that params are sane
if psf == nil ||
psf.Curve == nil ||
psf.PublicKey == nil ||
psf.Pi == 0 ||
psf.Y == nil {
return internal.ErrNilArguments
// 1. ell = 13
// Note this is set above as PsfProofLength
// 2. t = 1000
// NOTE not used anywhere
// 3. if q|N return false
if new(big.Int).Mod(psf.PublicKey.N, psf.Curve.Params().N).Cmp(crypto.Zero) == 0 {
return fmt.Errorf("paillier public key is a multiple of the curve subgroup")
// 4. [x_1, ..., x_ell] <- GenerateChallenges(g,q,y,Pi,ell)
// NOTE: spec doesn't include N, but it's an oversight--should be part of the
// commitment
x, err := generateChallenges(psf.Curve.Params(), psf.PublicKey.N, psf.Pi, psf.Y)
if err != nil {
return err
if len(x) != PsfProofLength {
return fmt.Errorf("challenges array is not correct length: want=%v got=%v", PsfProofLength, len(x))
// 5. for j in [1,...,l]
for j, xj := range x {
// 6. yj^N != x mod N return false
// NOTE: pseudocode uses i when loop uses j
lhs, err := crypto.Exp(p[j], psf.PublicKey.N, psf.PublicKey.N)
if err != nil {
return err
if lhs.Cmp(xj) != 0 {
return fmt.Errorf("not equal at %d", j)
return nil
// generateChallenges computes `l` deterministic numbers as
// challenges for PsfProof which proves that the Paillier modulus is square free
// [spec] fig.15 GenerateChallenges
func generateChallenges(params *elliptic.CurveParams, N *big.Int, pi uint32, y *curves.EcPoint) ([]*big.Int, error) {
if params == nil ||
y == nil ||
pi == 0 {
return nil, internal.ErrNilArguments
// 1. Set b = |N| // bit length of N
b := N.BitLen()
// a modulus that is too small turns this function into an infinite loop
// need at least a byte to guarantee termination
if b < 8 {
return nil, internal.ErrNilArguments
// 2. h = output bit-length of fiat-shamir hash
// See util.fiatShamir which uses sha256
// So the output bit-length is 256 bits
const h int = 256
// 3. Compute s = ⌈b/h⌉ // number of hash outputs required to obtain b bits
// i.e. the number of times we have to call fs-shamir to get the same bits as
// `b`. Compute ceil as ceilVal = (a+b-1) / b
s := int64((b + h - 1) / h)
// 4. j = 0
j := int64(0)
// 5. m = 0
m := big.NewInt(0)
x := make([]*big.Int, PsfProofLength)
Pi := new(big.Int).SetUint64(uint64(pi))
// 6. while j ≤ l
for j < PsfProofLength {
bij := big.NewInt(j)
var ej []byte
// 7. for k = [1,...,s]
for k := int64(1); k <= s; k++ {
bik := big.NewInt(k)
// 8. Compute e_jk = FS-HASH(g, q, y, p_i, j, k, m)
res, err := crypto.FiatShamir(params.Gx, params.Gy, params.N, y.X, y.Y, Pi, bij, bik, m)
if err != nil {
return nil, err
// 9. Set x_j = eJ1 || ... || eJs
// Pseudocode says to concatenate outside this loop
// however, we just concatenate the bytes now instead of storing as temporary
// variables
ej = append(ej, res...)
// 10. Truncate ej to b bits
xj := new(big.Int).SetBytes(ej[:b/8])
// 11. if x_j < Z_N* i.e. 0 < x_j and x_j < N
if xj.Cmp(crypto.Zero) == 1 && xj.Cmp(N) == -1 {
x[j] = xj
// 12 j = j + 1
// 13 m = 0
m = big.NewInt(0)
// 14 else
} else {
// 15. Set m = m + 1
m.Add(m, crypto.One)
return x, nil