...

Package blindrsa

import "github.com/cloudflare/circl/blindsign/blindrsa"
Overview
Index
Examples
Subdirectories

Overview ▾

Package blindrsa implements the RSA Blind Signature Protocol as defined in [RFC9474].

The RSA Blind Signature protocol, and its variant RSABSSA (RSA Blind Signature with Appendix) is a two-party protocol between a Client and Server where they interact to compute 

sig = Sign(sk, input_msg),

where `input_msg = Prepare(msg)` is a prepared version of a private message `msg` provided by the Client, and `sk` is the private signing key provided by the server.

Supported Variants

This package is compliant with the RFC-9474 document and supports the following variants:

while these variants are not supported yet:

  • RSABSSA-SHA384-PSS-Randomized
  • RSABSSA-SHA384-PSSZERO-Randomized

Example (Blindrsa)

Code:

// Setup (offline)

// Server: generate an RSA keypair.
sk, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
    fmt.Fprintf(os.Stderr, "failed to generate RSA key: %v", err)
    return
}
pk := &sk.PublicKey
server := NewSigner(sk)

// Client: stores Server's public key.
verifier := NewVerifier(pk, crypto.SHA384)

// Protocol (online)

// Client blinds a message.
msg := []byte("alice and bob")
blindedMsg, state, err := verifier.Blind(rand.Reader, msg)
if err != nil {
    fmt.Fprintf(os.Stderr, "client failed to generate blinded message: %v", err)
    return
}

// Server signs a blinded message, and produces a blinded signature.
blindedSignature, err := server.BlindSign(blindedMsg)
if err != nil {
    fmt.Fprintf(os.Stderr, "server failed to sign: %v", err)
    return
}

// Client builds a signature from the previous state and the blinded signature.
signature, err := state.Finalize(blindedSignature)
if err != nil {
    fmt.Fprintf(os.Stderr, "client failed to obtain signature: %v", err)
    return
}

// Client verifies the signature is valid.
ok := verifier.Verify(msg, signature)
fmt.Printf("Valid signature: %v", ok == nil)

Output:

Valid signature: true

Variables

var (
    ErrUnexpectedSize          = common.ErrUnexpectedSize
    ErrInvalidMessageLength    = common.ErrInvalidMessageLength
    ErrInvalidBlind            = common.ErrInvalidBlind
    ErrInvalidRandomness       = common.ErrInvalidRandomness
    ErrUnsupportedHashFunction = common.ErrUnsupportedHashFunction
)

type Signer

An Signer represents the Signer in the blind RSA protocol. It carries the raw RSA private key used for signing blinded messages. 

type Signer struct {
    // contains filtered or unexported fields
}

func NewSigner 

func NewSigner(sk *rsa.PrivateKey) Signer

NewSigner creates a new Signer for the blind RSA protocol using an RSA private key.

func (Signer) BlindSign 

func (signer Signer) BlindSign(data []byte) ([]byte, error)

BlindSign blindly computes the RSA operation using the Signer's private key on the blinded message input, if it's of valid length, and returns an error should the function fail.

See the specification for more details: https://www.rfc-editor.org/rfc/rfc9474.html#name-blindsign

type Verifier

Verifier is a type that implements the client side of the blind RSA protocol, described in https://www.rfc-editor.org/rfc/rfc9474.html#name-rsabssa-variants 

type Verifier interface {
    // Blind initializes the blind RSA protocol using an input message and source of randomness. The
    // signature is deterministic. This function fails if randomness was not provided.
    Blind(random io.Reader, message []byte) ([]byte, VerifierState, error)

    // FixedBlind runs the Blind function with fixed blind and salt inputs.
    FixedBlind(message, blind, salt []byte) ([]byte, VerifierState, error)

    // Verify verifies the input (message, signature) pair and produces an error upon failure.
    Verify(message, signature []byte) error

    // Hash returns the hash function associated with the Verifier.
    Hash() hash.Hash
}

func NewDeterministicVerifier 

func NewDeterministicVerifier(pk *rsa.PublicKey, hash crypto.Hash) Verifier

NewDeterministicVerifier creates a new DeterministicBRSAVerifier using the corresponding Signer parameters. This corresponds to the RSABSSA-SHA384-PSSZERO-Deterministic variant. See the specification for more details: https://www.rfc-editor.org/rfc/rfc9474.html#name-rsabssa-variants

func NewVerifier 

func NewVerifier(pk *rsa.PublicKey, hash crypto.Hash) Verifier

NewVerifier creates a new BRSAVerifier using the corresponding Signer parameters. This corresponds to the RSABSSA-SHA384-PSS-Deterministic variant. See the specification for more details: https://www.rfc-editor.org/rfc/rfc9474.html#name-rsabssa-variants

type VerifierState

An VerifierState carries state needed to complete the blind signature protocol as a verifier. 

type VerifierState struct {
    // contains filtered or unexported fields
}

func (VerifierState) CopyBlind 

func (state VerifierState) CopyBlind() []byte

CopyBlind returns an encoding of the blind value used in the protocol.

func (VerifierState) CopySalt 

func (state VerifierState) CopySalt() []byte

CopySalt returns an encoding of the per-message salt used in the protocol.

func (VerifierState) Finalize 

func (state VerifierState) Finalize(data []byte) ([]byte, error)

Finalize computes and outputs the final signature, if it's valid. Otherwise, it returns an error.

See the specification for more details: https://www.rfc-editor.org/rfc/rfc9474.html#name-finalize

Subdirectories

Name Synopsis
..
partiallyblindrsa Package partiallyblindrsa implements a partially blind RSA protocol.