forked from winderica/kryptology
/
partialsig.go
55 lines (44 loc) · 1.43 KB
/
partialsig.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
//
// Copyright Coinbase, Inc. All Rights Reserved.
//
// SPDX-License-Identifier: Apache-2.0
//
package ted25519
import "strconv"
type Message []byte
func (m Message) String() string {
return string(m)
}
const signatureLength = 64
type PartialSignature struct {
ShareIdentifier byte // x-coordinate of which signer produced signature
Sig []byte // 64-byte signature: R || s
}
// NewPartialSignature creates a new PartialSignature
func NewPartialSignature(identifier byte, sig []byte) *PartialSignature {
if l := len(sig); l != signatureLength {
panic("ted25519: invalid partial signature length: " + strconv.Itoa(l))
}
return &PartialSignature{ShareIdentifier: identifier, Sig: sig}
}
// R returns the R component of the signature
func (sig *PartialSignature) R() []byte {
return sig.Sig[:32]
}
// S returns the s component of the signature
func (sig *PartialSignature) S() []byte {
return sig.Sig[32:]
}
func (sig *PartialSignature) Bytes() []byte {
return sig.Sig
}
// TSign generates a signature that can later be aggregated with others to produce a signature valid
// under the provided public key and nonce pair.
func TSign(message Message, key *KeyShare, pub PublicKey, nonce *NonceShare, noncePub PublicKey) *PartialSignature {
sig := ThresholdSign(
reverseBytes(key.Value.Bytes()), pub,
message,
reverseBytes(nonce.Value.Bytes()), noncePub,
)
return NewPartialSignature(byte(key.ShamirShare.Identifier), sig)
}