mirror of
https://github.com/onsonr/sonr.git
synced 2025-03-10 13:07:09 +00:00
Prad Nukala
31bcc21c35
- **refactor: remove unused auth components** - **refactor: improve devbox configuration and deployment process** - **refactor: improve devnet and testnet setup** - **fix: update templ version to v0.2.778** - **refactor: rename pkl/net.matrix to pkl/matrix.net** - **refactor: migrate webapp components to nebula** - **refactor: protobuf types** - **chore: update dependencies for improved security and stability** - **feat: implement landing page and vault gateway servers** - **refactor: Migrate data models to new module structure and update related files** - **feature/1121-implement-ucan-validation** - **refactor: Replace hardcoded constants with model types in attns.go** - **feature/1121-implement-ucan-validation** - **chore: add origin Host struct and update main function to handle multiple hosts** - **build: remove unused static files from dwn module** - **build: remove unused static files from dwn module** - **refactor: Move DWN models to common package** - **refactor: move models to pkg/common** - **refactor: move vault web app assets to embed module** - **refactor: update session middleware import path** - **chore: configure port labels and auto-forwarding behavior** - **feat: enhance devcontainer configuration** - **feat: Add UCAN middleware for Echo with flexible token validation** - **feat: add JWT middleware for UCAN authentication** - **refactor: update package URI and versioning in PklProject files** - **fix: correct sonr.pkl import path** - **refactor: move JWT related code to auth package** - **feat: introduce vault configuration retrieval and management** - **refactor: Move vault components to gateway module and update file paths** - **refactor: remove Dexie and SQLite database implementations** - **feat: enhance frontend with PWA features and WASM integration** - **feat: add Devbox features and streamline Dockerfile** - **chore: update dependencies to include TigerBeetle** - **chore(deps): update go version to 1.23** - **feat: enhance devnet setup with PATH environment variable and updated PWA manifest** - **fix: upgrade tigerbeetle-go dependency and remove indirect dependency** - **feat: add PostgreSQL support to devnet and testnet deployments** - **refactor: rename keyshare cookie to token cookie** - **feat: upgrade Go version to 1.23.3 and update dependencies** - **refactor: update devnet and testnet configurations** - **feat: add IPFS configuration for devnet** - **I'll help you update the ipfs.config.pkl to include all the peers from the shell script. Here's the updated configuration:** - **refactor: move mpc package to crypto directory** - **feat: add BIP32 support for various cryptocurrencies** - **feat: enhance ATN.pkl with additional capabilities** - **refactor: simplify smart account and vault attenuation creation** - **feat: add new capabilities to the Attenuation type** - **refactor: Rename MPC files for clarity and consistency** - **feat: add DIDKey support for cryptographic operations** - **feat: add devnet and testnet deployment configurations** - **fix: correct key derivation in bip32 package** - **refactor: rename crypto/bip32 package to crypto/accaddr** - **fix: remove duplicate indirect dependency** - **refactor: move vault package to root directory** - **refactor: update routes for gateway and vault** - **refactor: remove obsolete web configuration file** - **refactor: remove unused TigerBeetle imports and update host configuration** - **refactor: adjust styles directory path** - **feat: add broadcastTx and simulateTx functions to gateway** - **feat: add PinVault handler**
141 lines
4.9 KiB
Go
Executable File
141 lines
4.9 KiB
Go
Executable File
//
|
|
// Copyright Coinbase, Inc. All Rights Reserved.
|
|
//
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
//
|
|
|
|
// Package schnorr implements a Schnorr proof, as described and used in Doerner, et al. https://eprint.iacr.org/2018/499.pdf
|
|
// see Functionalities 6. it also implements a "committed" version, as described in Functionality 7.
|
|
package schnorr
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/subtle"
|
|
"fmt"
|
|
|
|
"github.com/pkg/errors"
|
|
"golang.org/x/crypto/sha3"
|
|
|
|
"github.com/onsonr/sonr/crypto/core/curves"
|
|
)
|
|
|
|
type Commitment = []byte
|
|
|
|
type Prover struct {
|
|
curve *curves.Curve
|
|
basePoint curves.Point
|
|
uniqueSessionId []byte
|
|
}
|
|
|
|
// Proof contains the (c, s) schnorr proof. `Statement` is the curve point you're proving knowledge of discrete log of,
|
|
// with respect to the base point.
|
|
type Proof struct {
|
|
C curves.Scalar
|
|
S curves.Scalar
|
|
Statement curves.Point
|
|
}
|
|
|
|
// NewProver generates a `Prover` object, ready to generate Schnorr proofs on any given point.
|
|
// We allow the option `basePoint == nil`, in which case `basePoint` is auto-assigned to be the "default" generator for the group.
|
|
func NewProver(curve *curves.Curve, basepoint curves.Point, uniqueSessionId []byte) *Prover {
|
|
if basepoint == nil {
|
|
basepoint = curve.NewGeneratorPoint()
|
|
}
|
|
return &Prover{
|
|
curve: curve,
|
|
basePoint: basepoint,
|
|
uniqueSessionId: uniqueSessionId,
|
|
}
|
|
}
|
|
|
|
// Prove generates and returns a Schnorr proof, given the scalar witness `x`.
|
|
// in the process, it will actually also construct the statement (just one curve mult in this case)
|
|
func (p *Prover) Prove(x curves.Scalar) (*Proof, error) {
|
|
// assumes that params, and pub are already populated. populates the fields c and s...
|
|
var err error
|
|
result := &Proof{}
|
|
result.Statement = p.basePoint.Mul(x)
|
|
k := p.curve.Scalar.Random(rand.Reader)
|
|
random := p.basePoint.Mul(k)
|
|
hash := sha3.New256()
|
|
if _, err = hash.Write(p.uniqueSessionId); err != nil {
|
|
return nil, errors.Wrap(err, "writing salt to hash in schnorr prove")
|
|
}
|
|
if _, err = hash.Write(p.basePoint.ToAffineCompressed()); err != nil {
|
|
return nil, errors.Wrap(err, "writing basePoint to hash in schnorr prove")
|
|
}
|
|
if _, err = hash.Write(result.Statement.ToAffineCompressed()); err != nil {
|
|
return nil, errors.Wrap(err, "writing statement to hash in schnorr prove")
|
|
}
|
|
if _, err = hash.Write(random.ToAffineCompressed()); err != nil {
|
|
return nil, errors.Wrap(err, "writing point K to hash in schnorr prove")
|
|
}
|
|
result.C, err = p.curve.Scalar.SetBytes(hash.Sum(nil))
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "writing point K to hash in schnorr prove")
|
|
}
|
|
result.S = result.C.Mul(x).Add(k)
|
|
return result, nil
|
|
}
|
|
|
|
// Verify verifies the `proof`, given the prover parameters `scalar` and `curve`.
|
|
// As for the prover, we allow `basePoint == nil`, in this case, it's auto-assigned to be the group's default generator.
|
|
func Verify(proof *Proof, curve *curves.Curve, basepoint curves.Point, uniqueSessionId []byte) error {
|
|
if basepoint == nil {
|
|
basepoint = curve.NewGeneratorPoint()
|
|
}
|
|
gs := basepoint.Mul(proof.S)
|
|
xc := proof.Statement.Mul(proof.C.Neg())
|
|
random := gs.Add(xc)
|
|
hash := sha3.New256()
|
|
if _, err := hash.Write(uniqueSessionId); err != nil {
|
|
return errors.Wrap(err, "writing salt to hash in schnorr verify")
|
|
}
|
|
if _, err := hash.Write(basepoint.ToAffineCompressed()); err != nil {
|
|
return errors.Wrap(err, "writing basePoint to hash in schnorr verify")
|
|
}
|
|
if _, err := hash.Write(proof.Statement.ToAffineCompressed()); err != nil {
|
|
return errors.Wrap(err, "writing statement to hash in schnorr verify")
|
|
}
|
|
if _, err := hash.Write(random.ToAffineCompressed()); err != nil {
|
|
return errors.Wrap(err, "writing point K to hash in schnorr verify")
|
|
}
|
|
if subtle.ConstantTimeCompare(proof.C.Bytes(), hash.Sum(nil)) != 1 {
|
|
return fmt.Errorf("schnorr verification failed")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// ProveCommit generates _and_ commits to a schnorr proof which is later revealed; see Functionality 7.
|
|
// returns the Proof and Commitment.
|
|
func (p *Prover) ProveCommit(x curves.Scalar) (*Proof, Commitment, error) {
|
|
proof, err := p.Prove(x)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
hash := sha3.New256()
|
|
if _, err = hash.Write(proof.C.Bytes()); err != nil {
|
|
return nil, nil, err
|
|
}
|
|
if _, err = hash.Write(proof.S.Bytes()); err != nil {
|
|
return nil, nil, err
|
|
}
|
|
return proof, hash.Sum(nil), nil
|
|
}
|
|
|
|
// DecommitVerify receives a `Proof` and a `Commitment`; it first checks that the proof actually opens the commitment;
|
|
// then it verifies the proof. returns and error if either on eof thse fail.
|
|
func DecommitVerify(proof *Proof, commitment Commitment, curve *curves.Curve, basepoint curves.Point, uniqueSessionId []byte) error {
|
|
hash := sha3.New256()
|
|
if _, err := hash.Write(proof.C.Bytes()); err != nil {
|
|
return err
|
|
}
|
|
if _, err := hash.Write(proof.S.Bytes()); err != nil {
|
|
return err
|
|
}
|
|
if subtle.ConstantTimeCompare(hash.Sum(nil), commitment) != 1 {
|
|
return fmt.Errorf("initial hash decommitment failed")
|
|
}
|
|
return Verify(proof, curve, basepoint, uniqueSessionId)
|
|
}
|