forked from taurushq-io/multi-party-sig
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathtypes.go
59 lines (48 loc) · 1.46 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
package sign
import (
"io"
"github.com/taurusgroup/multi-party-sig/pkg/hash"
"github.com/taurusgroup/multi-party-sig/pkg/math/curve"
"github.com/taurusgroup/multi-party-sig/pkg/math/sample"
)
// messageHash is a wrapper around bytes to provide some domain separation.
type messageHash []byte
// WriteTo makes messageHash implement the io.WriterTo interface.
func (m messageHash) WriteTo(w io.Writer) (int64, error) {
if m == nil {
return 0, io.ErrUnexpectedEOF
}
n, err := w.Write(m)
return int64(n), err
}
// Domain implements hash.WriterToWithDomain, and separates this type within hash.Hash.
func (messageHash) Domain() string {
return "messageHash"
}
// Signature represents the result of a Schnorr signature.
//
// This signature claims to satisfy:
//
// z * G = R + H(R, Y, m) * Y
//
// for a public key Y.
type Signature struct {
// R is the commitment point.
R curve.Point
// z is the response scalar.
z curve.Scalar
}
// Verify checks if a signature equation actually holds.
// The public point must be a valid point on the curve.
//
// Note that m is the hash of a message, and not the message itself.
func (sig Signature) Verify(public curve.Point, m messageHash) bool {
group := public.Curve()
challengeHash := hash.New()
_ = challengeHash.WriteAny(sig.R, public, m)
challenge := sample.Scalar(challengeHash.Digest(), group)
expected := challenge.Act(public)
expected = expected.Add(sig.R)
actual := sig.z.ActOnBase()
return expected.Equal(actual)
}