Merge pull request #46 from pmconrad/blinding

Blinding a la Oleg Andreev
cryptonomex · Oct 1, 2015 · 7e32df4 · 7e32df4
2 parents 9933f57 + ef92e68
commit 7e32df4
Show file tree

Hide file tree

Showing 10 changed files with 1,136 additions and 9 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -342,6 +342,12 @@ target_link_libraries( bloom_test fc )
 add_executable( real128_test tests/all_tests.cpp tests/real128_test.cpp )
 target_link_libraries( real128_test fc )
 
+add_executable( hmac_test tests/hmac_test.cpp )
+target_link_libraries( hmac_test fc )
+
+add_executable( blinding_test tests/blinding_test.cpp )
+target_link_libraries( blinding_test fc )
+
 
 add_executable( udt_server tests/udts.cpp )
 target_link_libraries( udt_server fc udt )

diff --git a/include/fc/crypto/elliptic.hpp b/include/fc/crypto/elliptic.hpp
@@ -24,6 +24,9 @@ namespace fc {
     typedef fc::array<char,72>          signature;
     typedef fc::array<unsigned char,65> compact_signature;
     typedef std::vector<char>           range_proof_type;
+    typedef fc::array<char,78>          extended_key_data;
+    typedef fc::sha256                  blinded_hash;
+    typedef fc::sha256                  blind_signature;
 
     /**
      *  @class public_key
@@ -73,6 +76,8 @@ namespace fc {
            static std::string to_base58( const public_key_data &key );
            static public_key from_base58( const std::string& b58 );
 
+           unsigned int fingerprint() const;
+
         private:
           friend class private_key;
           static public_key from_key_data( const public_key_data& v );
@@ -136,13 +141,80 @@ namespace fc {
             return a.get_secret() < b.get_secret();
            }
 
+           unsigned int fingerprint() const { return get_public_key().fingerprint(); }
+
         private:
            private_key( EC_KEY* k );
            static fc::sha256 get_secret( const EC_KEY * const k );
            fc::fwd<detail::private_key_impl,32> my;
     };
 
+    class extended_public_key : public public_key
+    {
+        public:
+            extended_public_key( const public_key& k, const sha256& c,
+                                 int child = 0, int parent_fp = 0, uint8_t depth = 0 );
+
+            extended_public_key derive_child( int i ) const;
+            extended_public_key derive_normal_child( int i ) const;
+
+            extended_key_data serialize_extended() const;
+            static extended_public_key deserialize( const extended_key_data& data );
+            fc::string str() const;
+            fc::string to_base58() const { return str(); }
+            static extended_public_key from_base58( const fc::string& base58 );
+
+            public_key generate_p( int i ) const;
+            public_key generate_q( int i ) const;
+        private:
+            sha256 c;
+            int child_num, parent_fp;
+            uint8_t depth;
+    };
+
+    class extended_private_key : public private_key
+    {
+        public:
+            extended_private_key( const private_key& k, const sha256& c,
+                                  int child = 0, int parent_fp = 0, uint8_t depth = 0 );
+
+            extended_public_key get_extended_public_key()const;
+
+            extended_private_key derive_child( int i ) const;
+            extended_private_key derive_normal_child( int i ) const;
+            extended_private_key derive_hardened_child( int i ) const;
+
+            extended_key_data serialize_extended() const;
+            static extended_private_key deserialize( const extended_key_data& data );
+            fc::string str() const;
+            fc::string to_base58() const { return str(); }
+            static extended_private_key from_base58( const fc::string& base58 );
+            static extended_private_key generate_master( const fc::string& seed );
+            static extended_private_key generate_master( const char* seed, uint32_t seed_len );
+
+            // Oleg Andreev's blind signature scheme,
+            // see http://blog.oleganza.com/post/77474860538/blind-signatures
+            public_key blind_public_key( const extended_public_key& bob, int i ) const;
+            blinded_hash blind_hash( const fc::sha256& hash, int i ) const;
+            blind_signature blind_sign( const blinded_hash& hash, int i ) const;
+            // WARNING! This may produce non-canonical signatures!
+            compact_signature unblind_signature( const extended_public_key& bob,
+                                                 const blind_signature& sig,
+                                                 const fc::sha256& hash, int i ) const;
 
+        private:
+            extended_private_key private_derive_rest( const fc::sha512& hash,
+                                                      int num ) const;
+            private_key generate_a( int i ) const;
+            private_key generate_b( int i ) const;
+            private_key generate_c( int i ) const;
+            private_key generate_d( int i ) const;
+            private_key_secret compute_p( int i ) const;
+            private_key_secret compute_q( int i, const private_key_secret& p ) const;
+            sha256 c;
+            int child_num, parent_fp;
+            uint8_t depth;
+    };
 
      struct range_proof_info
      {
@@ -158,9 +230,9 @@ namespace fc {
      bool            verify_sum( const std::vector<commitment_type>& commits, const std::vector<commitment_type>& neg_commits, int64_t excess );
      bool            verify_range( uint64_t& min_val, uint64_t& max_val, const commitment_type& commit, const range_proof_type& proof );
 
-     range_proof_type range_proof_sign( uint64_t min_value, 
-                                       const commitment_type& commit, 
-                                       const blind_factor_type& commit_blind, 
+     range_proof_type range_proof_sign( uint64_t min_value,
+                                       const commitment_type& commit,
+                                       const blind_factor_type& commit_blind,
                                        const blind_factor_type& nonce,
                                        int8_t base10_exp,
                                        uint8_t min_bits,
@@ -169,15 +241,15 @@ namespace fc {
 
      bool            verify_range_proof_rewind( blind_factor_type& blind_out,
                                           uint64_t& value_out,
-                                          string& message_out, 
+                                          string& message_out,
                                           const blind_factor_type& nonce,
-                                          uint64_t& min_val, 
-                                          uint64_t& max_val, 
-                                          commitment_type commit, 
+                                          uint64_t& min_val,
+                                          uint64_t& max_val,
+                                          commitment_type commit,
                                           const range_proof_type& proof );
      range_proof_info range_get_info( const range_proof_type& proof );
-     
-     
+
+
 
   } // namespace ecc
   void to_variant( const ecc::private_key& var,  variant& vo );

diff --git a/include/fc/crypto/hmac.hpp b/include/fc/crypto/hmac.hpp
@@ -0,0 +1,63 @@
+/* 
+ * File:   hmac.hpp
+ * Author: Peter Conrad
+ *
+ * Created on 1. Juli 2015, 21:48
+ */
+
+#ifndef HMAC_HPP
+#define	HMAC_HPP
+
+#include <fc/crypto/sha224.hpp>
+#include <fc/crypto/sha256.hpp>
+#include <fc/crypto/sha512.hpp>
+
+namespace fc {
+
+    template<typename H>
+    class hmac
+    {
+        public:
+            hmac() {}
+
+            H digest( const char* c, uint32_t c_len, const char* d, uint32_t d_len )
+            {
+                encoder.reset();
+                add_key(c, c_len, 0x36);
+                encoder.write( d, d_len );
+                H intermediate = encoder.result();
+
+                encoder.reset();
+                add_key(c, c_len, 0x5c);
+                encoder.write( intermediate.data(), intermediate.data_size() );
+                return encoder.result();
+            }
+
+        private:
+            void add_key( const char* c, const uint32_t c_len, char pad )
+            {
+                if ( c_len > internal_block_size() )
+                {
+                    H hash = H::hash( c, c_len );
+                    add_key( hash.data(), hash.data_size(), pad );
+                }
+                else
+                    for (unsigned int i = 0; i < internal_block_size(); i++ )
+                    {
+                        encoder.put( pad ^ ((i < c_len) ? *c++ : 0) );
+                    }
+            }
+
+            unsigned int internal_block_size() const;
+
+            H dummy;
+            typename H::encoder encoder;
+    };
+
+    typedef hmac<fc::sha224> hmac_sha224;
+    typedef hmac<fc::sha256> hmac_sha256;
+    typedef hmac<fc::sha512> hmac_sha512;
+}
+
+#endif	/* HMAC_HPP */
+