crypto

package
v0.0.0-...-d916464 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 14, 2026 License: MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// G1Generator is the generator point for G1
	G1Generator types.G1Point
	// G2Generator is the generator point for G2
	G2Generator types.G2Point
)

Functions

func AddG1 

func AddG1(a, b types.G1Point) (*types.G1Point, error)

AddG1 adds two G1 points This allows any point as long as it's on the curve and in the subgroup.

func AddG2 

func AddG2(a, b types.G2Point) (*types.G2Point, error)

AddG2 adds two G2 points

func ComputeAppPublicKeyFromMaster 

func ComputeAppPublicKeyFromMaster(appID string, masterPublicKey types.G2Point) (*types.G1Point, error)

ComputeAppPublicKeyFromMaster computes the application's public encryption key using the master public key and pairing operations

func ComputeLagrangeCoefficient 

func ComputeLagrangeCoefficient(i int64, participants []int64) *fr.Element

ComputeLagrangeCoefficient computes the Lagrange coefficient for participant i

func ComputeMasterPublicKey 

func ComputeMasterPublicKey(allCommitments [][]types.G2Point) (*types.G2Point, error)

ComputeMasterPublicKey computes the master public key from commitments

func DecryptForApp 

func DecryptForApp(appID string, appPrivateKey types.G1Point, ciphertext []byte) ([]byte, error)

DecryptForApp decrypts data using the recovered application private key with AES-GCM

This implements the Boneh-Franklin IBE decryption:

  • Validates ciphertext format (magic, version)
  • Extracts C1 from ciphertext
  • Computes g_ID = e(appPrivateKey, C1) using pairing
  • Since appPrivateKey = [s]Q_ID and C1 = [r]P: g_ID = e([s]Q_ID, [r]P) = e(Q_ID, P)^(r*s) = e(Q_ID, masterPublicKey)^r
  • This matches the encryption key, allowing successful decryption
  • Derives AES key from g_ID using HKDF with version-aware domain separation
  • Decrypts with AES-GCM and verifies authentication using AAD

Expected ciphertext format matches EncryptForApp output

func EncryptForApp 

func EncryptForApp(appID string, masterPublicKey types.G2Point, plaintext []byte) ([]byte, error)

EncryptForApp encrypts data for an application using full IBE with AES-GCM

This implements the Boneh-Franklin IBE scheme: - Computes Q_ID = H_1(app_id) ∈ G1 - Chooses random r ∈ Fr - Computes C1 = r*P where P is G2 generator - Computes g_ID = e(Q_ID, masterPublicKey)^r using pairing - Derives AES key from g_ID using HKDF with version-aware domain separation - Uses AES-GCM for authenticated encryption with AAD (appID || version || C1)

Ciphertext format (version 1): 

[0:3]     magic ("IBE")
[3:4]     version (0x01)
[4:100]   C1 (compressed G2 point, 96 bytes)
[100:112] nonce (12 bytes)
[112:]    encrypted data + GCM tag

func EvaluatePolynomial 

func EvaluatePolynomial(poly polynomial.Polynomial, x int64) *fr.Element

EvaluatePolynomial evaluates a polynomial at point x

func GetAppPublicKey 

func GetAppPublicKey(appID string) (*types.G1Point, error)

GetAppPublicKey computes the public key for an application given the master public key This implements Q_ID = H_1(app_id) for IBE encryption

func HashAcknowledgementForMerkle 

func HashAcknowledgementForMerkle(ack *types.Acknowledgement) [32]byte

HashAcknowledgementForMerkle creates a keccak256 hash of an acknowledgement for merkle leaf (Phase 3) The hash format matches the Solidity implementation for cross-validation keccak256(abi.encodePacked(playerID, dealerID, epoch, shareHash, commitmentHash))

func HashCommitment 

func HashCommitment(commitments []types.G2Point) [32]byte

HashCommitment hashes commitments

func HashShareForAck 

func HashShareForAck(share *fr.Element) [32]byte

HashShareForAck creates a keccak256 hash of a share for use in acknowledgements (Phase 3) This commits the player to the specific share they received

func HashToG1 

func HashToG1(appID string) (*types.G1Point, error)

HashToG1 hashes a string to a G1 point using proper hash-to-curve

func PointsEqualG2 

func PointsEqualG2(a, b types.G2Point) (bool, error)

PointsEqualG2 checks if two G2 points are equal

func RecoverAppPrivateKey 

func RecoverAppPrivateKey(appID string, partialSigs map[int64]types.G1Point, threshold int) (*types.G1Point, error)

RecoverAppPrivateKey recovers app private key from partial signatures. Returns an error if fewer than threshold signatures are provided.

func RecoverSecret 

func RecoverSecret(shares map[int64]*fr.Element) (*fr.Element, error)

RecoverSecret recovers secret from shares using Lagrange interpolation

func ScalarMulG1 

func ScalarMulG1(point types.G1Point, scalar *fr.Element) (*types.G1Point, error)

ScalarMulG1 performs scalar multiplication on G1

func ScalarMulG2 

func ScalarMulG2(point types.G2Point, scalar *fr.Element) (*types.G2Point, error)

ScalarMulG2 performs scalar multiplication on G2

func VerifyShareWithCommitments 

func VerifyShareWithCommitments(nodeID int, share *fr.Element, commitments []types.G2Point) bool

VerifyShareWithCommitments verifies a share against polynomial commitments

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.