mirror of
https://github.com/onsonr/sonr.git
synced 2025-03-10 21:09:11 +00:00
Prad Nukala
89989fa102
- **refactor: move session-related code to middleware package** - **refactor: update PKL build process and adjust related configurations** - **feat: integrate base.cosmos.v1 Genesis module** - **refactor: pass session context to modal rendering functions** - **refactor: move nebula package to app directory and update templ version** - **refactor: Move home section video view to dedicated directory** - **refactor: remove unused views file** - **refactor: move styles and UI components to global scope** - **refactor: Rename images.go to cdn.go** - **feat: Add Empty State Illustrations** - **refactor: Consolidate Vault Index Logic** - **fix: References to App.wasm and remove Vault Directory embedded CDN files** - **refactor: Move CDN types to Models** - **fix: Correct line numbers in templ error messages for arch_templ.go** - **refactor: use common types for peer roles** - **refactor: move common types and ORM to a shared package** - **fix: Config import dwn** - **refactor: move nebula directory to app** - **feat: Rebuild nebula** - **fix: correct file paths in panels templates** - **feat: Remove duplicate types** - **refactor: Move dwn to pkg/core** - **refactor: Binary Structure** - **feat: Introduce Crypto Pkg** - **fix: Broken Process Start** - **feat: Update pkg/* structure** - **feat: Refactor PKL Structure** - **build: update pkl build process** - **chore: Remove Empty Files** - **refactor: remove unused macaroon package** - **feat: Add WebAwesome Components** - **refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets** - **refactor: refactor server and move components to pkg/core/dwn** - **build: update go modules** - **refactor: move gateway logic into dedicated hway command** - **feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module** - **feat: Implement MPC-based JWT signing and UCAN token generation** - **feat: add support for MPC-based JWT signing** - **feat: Implement MPC-based UCAN capabilities for smart accounts** - **feat: add address field to keyshareSource** - **feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations** - **refactor: improve MPC keyshare management and signing process** - **feat: enhance MPC capability hierarchy documentation** - **refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity** - **refactor: remove unused Ethereum address computation** - **feat: Add HasHandle and IsAuthenticated methods to HTTPContext** - **refactor: Add context.Context support to session HTTPContext** - **refactor: Resolve context interface conflicts in HTTPContext** - **feat: Add session ID context key and helper functions** - **feat: Update WebApp Page Rendering** - **refactor: Simplify context management by using single HTTPContext key** - **refactor: Simplify HTTPContext creation and context management in session middleware** - **refactor: refactor session middleware to use a single data structure** - **refactor: Simplify HTTPContext implementation and session data handling** - **refactor: Improve session context handling and prevent nil pointer errors** - **refactor: Improve session context handling with nil safety and type support** - **refactor: improve session data injection** - **feat: add full-screen modal component and update registration flow** - **chore: add .air.toml to .gitignore** - **feat: add Air to devbox and update dependencies**
141 lines
4.9 KiB
Go
Executable File
141 lines
4.9 KiB
Go
Executable File
//
|
|
// Copyright Coinbase, Inc. All Rights Reserved.
|
|
//
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
//
|
|
|
|
// Package schnorr implements a Schnorr proof, as described and used in Doerner, et al. https://eprint.iacr.org/2018/499.pdf
|
|
// see Functionalities 6. it also implements a "committed" version, as described in Functionality 7.
|
|
package schnorr
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/subtle"
|
|
"fmt"
|
|
|
|
"github.com/pkg/errors"
|
|
"golang.org/x/crypto/sha3"
|
|
|
|
"github.com/onsonr/sonr/pkg/crypto/core/curves"
|
|
)
|
|
|
|
type Commitment = []byte
|
|
|
|
type Prover struct {
|
|
curve *curves.Curve
|
|
basePoint curves.Point
|
|
uniqueSessionId []byte
|
|
}
|
|
|
|
// Proof contains the (c, s) schnorr proof. `Statement` is the curve point you're proving knowledge of discrete log of,
|
|
// with respect to the base point.
|
|
type Proof struct {
|
|
C curves.Scalar
|
|
S curves.Scalar
|
|
Statement curves.Point
|
|
}
|
|
|
|
// NewProver generates a `Prover` object, ready to generate Schnorr proofs on any given point.
|
|
// We allow the option `basePoint == nil`, in which case `basePoint` is auto-assigned to be the "default" generator for the group.
|
|
func NewProver(curve *curves.Curve, basepoint curves.Point, uniqueSessionId []byte) *Prover {
|
|
if basepoint == nil {
|
|
basepoint = curve.NewGeneratorPoint()
|
|
}
|
|
return &Prover{
|
|
curve: curve,
|
|
basePoint: basepoint,
|
|
uniqueSessionId: uniqueSessionId,
|
|
}
|
|
}
|
|
|
|
// Prove generates and returns a Schnorr proof, given the scalar witness `x`.
|
|
// in the process, it will actually also construct the statement (just one curve mult in this case)
|
|
func (p *Prover) Prove(x curves.Scalar) (*Proof, error) {
|
|
// assumes that params, and pub are already populated. populates the fields c and s...
|
|
var err error
|
|
result := &Proof{}
|
|
result.Statement = p.basePoint.Mul(x)
|
|
k := p.curve.Scalar.Random(rand.Reader)
|
|
random := p.basePoint.Mul(k)
|
|
hash := sha3.New256()
|
|
if _, err = hash.Write(p.uniqueSessionId); err != nil {
|
|
return nil, errors.Wrap(err, "writing salt to hash in schnorr prove")
|
|
}
|
|
if _, err = hash.Write(p.basePoint.ToAffineCompressed()); err != nil {
|
|
return nil, errors.Wrap(err, "writing basePoint to hash in schnorr prove")
|
|
}
|
|
if _, err = hash.Write(result.Statement.ToAffineCompressed()); err != nil {
|
|
return nil, errors.Wrap(err, "writing statement to hash in schnorr prove")
|
|
}
|
|
if _, err = hash.Write(random.ToAffineCompressed()); err != nil {
|
|
return nil, errors.Wrap(err, "writing point K to hash in schnorr prove")
|
|
}
|
|
result.C, err = p.curve.Scalar.SetBytes(hash.Sum(nil))
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "writing point K to hash in schnorr prove")
|
|
}
|
|
result.S = result.C.Mul(x).Add(k)
|
|
return result, nil
|
|
}
|
|
|
|
// Verify verifies the `proof`, given the prover parameters `scalar` and `curve`.
|
|
// As for the prover, we allow `basePoint == nil`, in this case, it's auto-assigned to be the group's default generator.
|
|
func Verify(proof *Proof, curve *curves.Curve, basepoint curves.Point, uniqueSessionId []byte) error {
|
|
if basepoint == nil {
|
|
basepoint = curve.NewGeneratorPoint()
|
|
}
|
|
gs := basepoint.Mul(proof.S)
|
|
xc := proof.Statement.Mul(proof.C.Neg())
|
|
random := gs.Add(xc)
|
|
hash := sha3.New256()
|
|
if _, err := hash.Write(uniqueSessionId); err != nil {
|
|
return errors.Wrap(err, "writing salt to hash in schnorr verify")
|
|
}
|
|
if _, err := hash.Write(basepoint.ToAffineCompressed()); err != nil {
|
|
return errors.Wrap(err, "writing basePoint to hash in schnorr verify")
|
|
}
|
|
if _, err := hash.Write(proof.Statement.ToAffineCompressed()); err != nil {
|
|
return errors.Wrap(err, "writing statement to hash in schnorr verify")
|
|
}
|
|
if _, err := hash.Write(random.ToAffineCompressed()); err != nil {
|
|
return errors.Wrap(err, "writing point K to hash in schnorr verify")
|
|
}
|
|
if subtle.ConstantTimeCompare(proof.C.Bytes(), hash.Sum(nil)) != 1 {
|
|
return fmt.Errorf("schnorr verification failed")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// ProveCommit generates _and_ commits to a schnorr proof which is later revealed; see Functionality 7.
|
|
// returns the Proof and Commitment.
|
|
func (p *Prover) ProveCommit(x curves.Scalar) (*Proof, Commitment, error) {
|
|
proof, err := p.Prove(x)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
hash := sha3.New256()
|
|
if _, err = hash.Write(proof.C.Bytes()); err != nil {
|
|
return nil, nil, err
|
|
}
|
|
if _, err = hash.Write(proof.S.Bytes()); err != nil {
|
|
return nil, nil, err
|
|
}
|
|
return proof, hash.Sum(nil), nil
|
|
}
|
|
|
|
// DecommitVerify receives a `Proof` and a `Commitment`; it first checks that the proof actually opens the commitment;
|
|
// then it verifies the proof. returns and error if either on eof thse fail.
|
|
func DecommitVerify(proof *Proof, commitment Commitment, curve *curves.Curve, basepoint curves.Point, uniqueSessionId []byte) error {
|
|
hash := sha3.New256()
|
|
if _, err := hash.Write(proof.C.Bytes()); err != nil {
|
|
return err
|
|
}
|
|
if _, err := hash.Write(proof.S.Bytes()); err != nil {
|
|
return err
|
|
}
|
|
if subtle.ConstantTimeCompare(hash.Sum(nil), commitment) != 1 {
|
|
return fmt.Errorf("initial hash decommitment failed")
|
|
}
|
|
return Verify(proof, curve, basepoint, uniqueSessionId)
|
|
}
|