ring_sig 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 81ca882165cbb38793b1973cc43b8861eda76b88
+  data.tar.gz: 9be01854e734261e115c2c8d8edbfb2cc3cff8a9
+SHA512:
+  metadata.gz: e73648fab59657fe7a30dbef07b1b8457b0e511b136bf7a3750a08791843a0aa2ad4e45a280da5b3d05b7455b7c0a69440dc20cbdd0f97b9c05b413362e5896b
+  data.tar.gz: 8a23930dbc658f1a91c4dde5ed32443366f205c116961a874f3365f788eb1297086626393126e7d77305c08e9e8f0dcb79bfeb56b1a55b3890e678524d39748c

data/.gitignore

@@ -0,0 +1,7 @@
+.ruby-version
+.ruby-gemset
+Gemfile.lock
+*.gem
+coverage/
+doc/
+.yardoc/

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Stephen McCarthy
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the "Software"), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,20 @@
+desc "Run the specs and generate a code coverage report."
+
+task 'default' => 'spec'
+
+desc 'Run specs'
+task 'spec' do
+  sh 'rspec'
+end
+
+desc 'Run specs and generate coverage report'
+task 'coverage' do
+  ENV['COVERAGE'] = 'Y'
+  Rake::Task['spec'].invoke
+end
+
+desc 'Print out lines of code and related statistics.'
+task 'stats' do
+  puts 'Lines of code and comments (including blank lines):'
+  sh "find lib -type f | xargs wc -l"
+end

data/lib/ring_sig.rb

@@ -0,0 +1,11 @@
+require 'openssl'
+require 'ecdsa'
+require 'ring_sig/hasher'
+require 'ring_sig/key'
+require 'ring_sig/signature'
+require 'ring_sig/version'
+require 'ring_sig/ecdsa/point'
+
+# The top-level module for the RingSig gem.
+module RingSig
+end

data/lib/ring_sig/ecdsa/point.rb

@@ -0,0 +1,6 @@
+module ECDSA
+  class Point
+    alias_method :*, :multiply_by_scalar
+    alias_method :+, :add_to_point
+  end
+end

data/lib/ring_sig/hasher.rb

@@ -0,0 +1,94 @@
+module RingSig
+  # A customized hasher specifically for Ring Signatures.
+  class Hasher
+    # @return [ECDSA::Group]
+    attr_reader :group
+
+    # @return [#digest]
+    attr_reader :algorithm
+
+
+    # Creates a new instance of {Hasher}.
+    #
+    # @param group [ECDSA::Group]
+    # @param algorithm [#digest]
+    def initialize(group, algorithm)
+      @group = group
+      @algorithm = algorithm
+    end
+
+    # Continuously hashes until a value less than the group's order is found.
+    #
+    # @param s (String) The value to be hashed.
+    # @return (Integer) A number between 0 and the group's order.
+    def hash_string(s)
+      n = nil
+      loop do
+        s = @algorithm.digest(s)
+        n = s.unpack('H*').first.to_i(16)
+        break if n < @group.order
+      end
+      n
+    end
+
+    # Hashes an array. Converts the Array to an OpenSSL::ASN1::Sequence der
+    # string, and then hashes that string.
+    #
+    # @param array [Array<String,Integer,ECDSA::Point>] The array to be hashed.
+    # @return [Integer] A number between 0 and the group's order.
+    def hash_array(array)
+      array = array.map do |e|
+        case e
+        when String
+          OpenSSL::ASN1::UTF8String.new(e)
+        when Integer
+          OpenSSL::ASN1::Integer.new(e)
+        when ECDSA::Point
+          OpenSSL::ASN1::OctetString.new(ECDSA::Format::PointOctetString.encode(e, compression: true))
+        else
+          raise ArgumentError, "Unsupported type: #{p.inspect}"
+        end
+      end
+
+      hash_string(OpenSSL::ASN1::Sequence.new(array).to_der)
+    end
+
+    # Hashes a point to another point.
+    #
+    # @param point [ECDSA::Point] The point to be hashed.
+    # @return [ECDSA::Point] A new point, deterministically computed from the input point.
+    def hash_point(point)
+      @group.generator * hash_array(point.coords)
+    end
+
+    # Shuffles an array in a deterministic manner.
+    #
+    # @param array (Array) The array to be shuffled.
+    # @param seed (Integer) A random seed which determines the outcome of the suffle.
+    # @return (Array) The shuffled array.
+    def shuffle(array, seed)
+      seed_array = [seed, 0]
+      (array.size - 1).downto(1) do |i|
+        r = next_rand(i + 1, seed_array)
+        array[i], array[r] = array[r], array[i]
+      end
+      array
+    end
+
+    private
+
+    # Deterministically returns a random number between 0 and n.
+    #
+    # @param n (Integer) The maximum value.
+    # @param seed_array (Array<Integer>) A pair `[seed, suffix]`.
+    #   The suffix will be modified.
+    # @return (Integer) A number between 0 and n.
+    def next_rand(n, seed_array)
+      loop do
+        r = hash_array(seed_array)
+        seed_array[1] += 1
+        return r % n if r < @group.order - @group.order % n
+      end
+    end
+  end
+end

data/lib/ring_sig/key.rb

@@ -0,0 +1,142 @@
+module RingSig
+  # Instances of this class represent an ECDSA key.
+  class Key
+
+    # @return [Integer]
+    attr_reader :private_key
+
+    # @return [ECDSA::Point]
+    attr_reader :public_key
+
+    # @return [ECDSA::Group]
+    attr_reader :group
+
+    # @return [#digest]
+    attr_reader :hash_algorithm
+
+    # Creates a new instance of {Key}. Must provide  either a private_key or
+    # a public_key, but not both.
+    #
+    # @param private_key [Integer]
+    # @param public_key [ECDSA::Point]
+    # @param group [ECDSA::Group]
+    # @param hash_algorithm [#digest]
+    def initialize(
+       private_key:    nil,
+       public_key:     nil,
+       group:          ECDSA::Group::Secp256k1,
+       hash_algorithm: OpenSSL::Digest::SHA256)
+
+      if private_key && public_key
+        raise ArgumentError, "Must not provide both private_key and public_key"
+      elsif private_key
+        raise ArgumentError, "Private key is not an integer" unless private_key.is_a?(Integer)
+        raise ArgumentError, "Private key is too small" if private_key < 1
+        raise ArgumentError, "Private key is too large" if private_key >= group.order
+        @private_key = private_key
+        @public_key = group.generator.multiply_by_scalar(private_key)
+      elsif public_key
+        raise ArgumentError, "Public key is not an ECDSA::Point" unless public_key.is_a?(ECDSA::Point)
+        raise ArgumentError, "Public key is not on the group's curve" unless group.include?(public_key)
+        @public_key = public_key
+      else
+        raise ArgumentError, "Must provide either private_key or public_key"
+      end
+
+      @group = group
+      @hash_algorithm = hash_algorithm
+      @hasher = RingSig::Hasher.new(group, hash_algorithm)
+    end
+
+    # Signs a message with this key's private_key and a set of public foreign
+    # keys. The resulting signature can be verified against the ordered set of
+    # all public keys used for creating this signature. The signature will also
+    # contain a key_image which will be the same for all messages signed with
+    # this key.
+    #
+    # @param message [String] The message to sign.
+    # @param foreign_keys [Array<Key>] The foreign keys for the signature.
+    # @return [Array(Signature, Array<Key>)] A pair containing the signature
+    #   and the set of public keys (in the correct order) for verifying.
+    def sign(message, foreign_keys)
+      raise ArgumentError "Cannot sign without a private key" unless private_key
+      raise ArgumentError "Foreign keys must all have to the same group" unless foreign_keys.all?{|e| e.group == group}
+      raise ArgumentError "Foreign keys must all have to the same hash_algorithm" unless foreign_keys.all?{|e| e.hash_algorithm == hash_algorithm}
+
+      message_digest = @hasher.hash_string(message)
+      seed = @hasher.hash_array([private_key, message_digest])
+
+      foreign_keys = foreign_keys.map(&:drop_private_key)
+      all_keys = @hasher.shuffle([self] + foreign_keys, seed)
+
+      q_array, w_array = generate_q_w(all_keys, seed)
+      ll_array, rr_array = generate_ll_rr(all_keys, q_array, w_array)
+      challenge = @hasher.hash_array([message_digest] + ll_array + rr_array)
+      c_array, r_array = generate_c_r(all_keys, q_array, w_array, challenge)
+
+      public_keys = all_keys.map(&:drop_private_key)
+
+      [RingSig::Signature.new(key_image, c_array, r_array, group: group, hash_algorithm: @hasher.algorithm), public_keys]
+    end
+
+    # @return [ECDSA::Point] the key image.
+    def key_image
+      raise ArgumentError "Cannot compute key image without the private key" unless private_key
+      @key_image ||= @hasher.hash_point(@public_key) * @private_key
+    end
+
+    # Returns self if this key has no private key. Otherwise, returns a new key
+    # with only the public_key component.
+    #
+    # @return [Key]
+    def drop_private_key
+      return self unless private_key
+      Key.new(public_key: public_key, group: group, hash_algorithm: hash_algorithm)
+    end
+
+    private
+
+    def generate_q_w(all_keys, seed)
+      q_array, w_array = [], []
+
+      all_keys.each_with_index do |k, i|
+        q_array[i] = @hasher.hash_array(['q', seed, i])
+        w_array[i] = @hasher.hash_array(['w', seed, i])
+        w_array[i] = 0 if k.private_key
+      end
+
+      [q_array, w_array]
+    end
+
+    def generate_ll_rr(all_keys, q_array, w_array)
+      ll_array, rr_array = [], []
+
+      all_keys.each_with_index do |k, i|
+        ll_array[i] = group.generator * q_array[i]
+        rr_array[i] = @hasher.hash_point(k.public_key) * q_array[i]
+        if k.private_key.nil?
+          ll_array[i] += k.public_key * w_array[i]
+          rr_array[i] += key_image * w_array[i]
+        end
+      end
+
+      [ll_array, rr_array]
+    end
+
+    def generate_c_r(all_keys, q_array, w_array, challenge)
+      c_array, r_array = [], []
+
+      all_keys.each_with_index do |k, i|
+        if k.private_key.nil?
+          c_array[i] = w_array[i]
+          r_array[i] = q_array[i]
+        else
+          c_array[i] = (challenge - w_array.inject{|a, b| a + b}) % group.order
+          r_array[i] = (q_array[i] - c_array[i] * k.private_key) % group.order
+        end
+      end
+
+      [c_array, r_array]
+    end
+  end
+end

data/lib/ring_sig/signature.rb

@@ -0,0 +1,113 @@
+module RingSig
+  # Instances of this class represent RingSig signatures.
+  class Signature
+    # @return [ECDSA::Point]
+    attr_reader :key_image
+
+    # @return [Array]
+    attr_reader :c_array
+
+    # @return [Array]
+    attr_reader :r_array
+
+    # @return [ECDSA::Group]
+    attr_reader :group
+
+    # @return [#digest]
+    attr_reader :hash_algorithm
+
+    # Creates a new instance of {Signature}.
+    #
+    # @param key_image [ECDSA::Point]
+    # @param c_array [Array<Integer>]
+    # @param r_array [Array<Integer>]
+    # @param group [ECDSA::Group]
+    # @param hash_algorithm [#digest]
+    def initialize(key_image, c_array, r_array, group: ECDSA::Group::Secp256k1, hash_algorithm: OpenSSL::Digest::SHA256)
+      @key_image, @c_array, @r_array = key_image, c_array, r_array
+      key_image.is_a?(ECDSA::Point) or raise ArgumentError, 'key_image is not an ECDSA::Point.'
+      c_array.is_a?(Array) or raise ArgumentError, 'c_array is not an array.'
+      r_array.is_a?(Array) or raise ArgumentError, 'r_array is not an array.'
+
+      @group = group
+      @hash_algorithm = hash_algorithm
+      @hasher = RingSig::Hasher.new(group, hash_algorithm)
+    end
+
+    # Creates a new instance of {Signature} from a der string.
+    #
+    # @param der_string [String]
+    # @param group [ECDSA::Group]
+    # @param hash_algorithm [#digest]
+    # @return [Signature]
+    def self.from_der(der_string, group: ECDSA::Group::Secp256k1, hash_algorithm: OpenSSL::Digest::SHA256)
+      asn1 = OpenSSL::ASN1.decode(der_string)
+
+      key_image = ECDSA::Format::PointOctetString.decode(asn1.value[0].value, group)
+      c_array = asn1.value[1].value.map{|i| i.value.to_i}
+      r_array = asn1.value[2].value.map{|i| i.value.to_i}
+
+      RingSig::Signature.new(key_image, c_array, r_array, group: group, hash_algorithm: hash_algorithm)
+    end
+
+    # Creates a new instance of {Signature} from a hex string.
+    #
+    # @param hex_string [String]
+    # @param group [ECDSA::Group]
+    # @param hash_algorithm [#digest]
+    # @return [Signature]
+    def self.from_hex(hex_string, group: ECDSA::Group::Secp256k1, hash_algorithm: OpenSSL::Digest::SHA256)
+      RingSig::Signature.from_der([hex_string].pack('H*'), group: group, hash_algorithm: hash_algorithm)
+    end
+
+    # Encodes this signature into a der string. The encoded data contains
+    # the key_image, c_array, and r_array. It does not contain the group
+    # or hash_algorithm.
+    #
+    # @return [String]
+    def to_der(compression: true)
+      OpenSSL::ASN1::Sequence.new([
+        OpenSSL::ASN1::OctetString.new(ECDSA::Format::PointOctetString.encode(key_image, compression: compression)),
+        OpenSSL::ASN1::Sequence.new(c_array.map{|i| OpenSSL::ASN1::Integer.new(i)}),
+        OpenSSL::ASN1::Sequence.new(r_array.map{|i| OpenSSL::ASN1::Integer.new(i)}),
+      ]).to_der
+    end
+
+    # Encodes this signature into a hex string. The encoded data contains
+    # the key_image, c_array, and r_array. It does not contain the group
+    # or hash_algorithm.
+    #
+    # @return [String]
+    def to_hex(compression: true)
+      to_der(compression: compression).unpack('H*').first
+    end
+
+    # Verifies this signature against an ordered set of public keys.
+    #
+    # @param message [String]
+    # @param public_keys [Array<Key>]
+    # @return [Boolean] true if the signature verifies, false otherwise.
+    def verify(message, public_keys)
+      ll_array = []
+      rr_array = []
+
+      public_keys.each_with_index do |k, i|
+        ll_array[i] = (group.generator * r_array[i]) + (k.public_key * c_array[i])
+        rr_array[i] = (@hasher.hash_point(k.public_key) * (r_array[i]) + key_image * c_array[i])
+      end
+
+      c_sum = c_array.inject{|a, b| a + b} % group.order
+
+      message_digest = @hasher.hash_string(message)
+      challenge = @hasher.hash_array([message_digest] + ll_array + rr_array)
+
+      c_sum == challenge
+    end
+
+    # Returns an array containing key image coordinates, c_array, and r_array.
+    # @return (Array)
+    def components
+      key_image.coords + c_array + r_array
+    end
+  end
+end

data/lib/ring_sig/version.rb

@@ -0,0 +1,3 @@
+module RingSig
+  VERSION = '0.0.1'
+end

data/ring_sig.gemspec

@@ -0,0 +1,26 @@
+require File.expand_path('../lib/ring_sig/version', __FILE__)
+
+Gem::Specification.new do |s|
+  s.name        = 'ring_sig'
+  s.version     = RingSig::VERSION
+  s.authors     = ['Stephen McCarthy']
+  s.email       = 'sjmccarthy@gmail.com'
+  s.summary     = 'This gem implements ring signatures, built on top of ECDSA, as specified by CryptoNote'
+  s.description = 'Ring Signatures allow someone to non-interactively sign a message which can be verified against a set of chosen public keys.'
+  s.homepage    = 'https://github.com/jamoes/ring_sig'
+  s.license     = 'MIT'
+
+  s.files       = `git ls-files`.split("\n")
+  s.executables = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  s.test_files  = s.files.grep(%r{^(test|spec|features)/})
+
+  s.add_development_dependency 'bundler', '~> 1.3'
+  s.add_development_dependency 'rake', '~> 0'
+  s.add_development_dependency 'rspec', '~> 3.0'
+  s.add_development_dependency 'simplecov', '~> 0'
+  s.add_development_dependency 'yard', '~> 0'
+  s.add_development_dependency 'markdown', '~> 0'
+  s.add_development_dependency 'redcarpet', '~> 0'
+
+  s.add_runtime_dependency 'ecdsa', '~> 1.1'
+end

data/spec/hasher_spec.rb

@@ -0,0 +1,93 @@
+require 'spec_helper'
+
+describe RingSig::Hasher do
+  context 'Standard: SHA256 hash algorithm, secp256k1 group' do
+    group = ECDSA::Group::Secp256k1
+    hash_algorithm = OpenSSL::Digest::SHA256
+    hasher = RingSig::Hasher.new(group, hash_algorithm)
+
+    describe '#hash_string' do
+      it 'hashes "a"' do
+        expect(hasher.hash_string('a')).to eq 91634880152443617534842621287039938041581081254914058002978601050179556493499
+      end
+    end
+
+    describe '#hash_array' do
+      it 'hashes array of integers' do
+        expect(hasher.hash_array([1, 2, 3])).to eq 108327230196833505301150634709321652091196191739965401474258808571764922687322
+      end
+
+      it 'hashes array of strings' do
+        expect(hasher.hash_array(%w(a b c))).to eq 9077136522292755305325573261332124424180056729600426071187952904380324423800
+      end
+
+      it 'hashes array of points' do
+        expect(hasher.hash_array([group.generator, group.generator])).to eq 112151076631064605889327921696882492390839695314815668972759101076317607858646
+      end
+
+      it 'hashes mixes array' do
+        expect(hasher.hash_array([1, 'a', group.generator])).to eq 43575008266016611275304127474943853239256831409985077531779052441823152705495
+      end
+
+      it 'raises ArgumentError on invalid types' do
+        expect { hasher.hash_array([1.1]) }.to raise_error(ArgumentError)
+        expect { hasher.hash_array([[]]) }.to raise_error(ArgumentError)
+        expect { hasher.hash_array([{}]) }.to raise_error(ArgumentError)
+      end
+    end
+
+    describe '#hash_point' do
+      it 'hashes generator point' do
+        expected_point = group.new_point([0x2bcb1a5b3c70421bfac818f6bd13289a5c9a3cfb42d3b81f023a0276974c9245, 0xe465a0409b09a11894755e9b9d6e86938d1b5035587458ad29c00154ddfc9de])
+        expect(hasher.hash_point(group.generator)).to eq expected_point
+      end
+    end
+
+    describe '#shuffle' do
+      it 'shuffles deterministically' do
+        expect(hasher.shuffle([1, 2, 3, 4, 5, 6], 1)).to eq [6, 3, 4, 1, 5, 2]
+      end
+    end
+  end
+
+  context 'Simple hasher, simple group' do
+    let(:group) do
+      # A simple group with order equal to 200
+      ECDSA::Group.new(name: 'simple', p: 1, a: 1, b: 1, g: [0, 1], n: 200, h: 1)
+    end
+
+    let(:hash_algorithm) do
+      # A hash algorithm which returns a number less than 256
+      stub_const 'SimpleHashAlgorithm', Class.new
+      SimpleHashAlgorithm.class_eval do
+        def self.digest(s)
+          [(OpenSSL::Digest::SHA256.hexdigest(s).to_i(16) % 256).to_s(16)].pack('H*')
+        end
+      end
+      SimpleHashAlgorithm
+    end
+
+    let(:hasher) { RingSig::Hasher.new(group, hash_algorithm) }
+
+    # We test the hash_algorithm itself in this context, since we implemented our own simple hash_algorithm.
+    shared_examples_for 'hash algorithm' do |input, expected_value|
+      it 'Hashes input to expected_value' do
+        expect(hash_algorithm.digest(input)).to eq expected_value.force_encoding('binary')
+      end
+    end
+    it_behaves_like 'hash algorithm', 'a',    "\xBB" # 187
+    it_behaves_like 'hash algorithm', '0',    "\xE9" # 233
+    it_behaves_like 'hash algorithm', "\xE9", "\xD0" # 208
+    it_behaves_like 'hash algorithm', "\xD0", "\x15" # 21
+
+    describe '#hash_string' do
+      it 'hashes "a" to 187' do
+        expect(hasher.hash_string('a')).to eq 187
+      end
+
+      it 'hashes "0" to 21' do
+        expect(hasher.hash_string('0')).to eq 21
+      end
+    end
+  end
+end

data/spec/key_spec.rb

@@ -0,0 +1,86 @@
+require 'spec_helper'
+
+describe RingSig::Key do
+  key = RingSig::Key.new(private_key: 1)
+  group = ECDSA::Group::Secp256k1
+  message = 'a'
+
+  it 'computes a key image' do
+    expect(key.key_image.x).to eq(19808304348355547845585283516832906889081321816618757912787193259813413622341)
+    expect(key.key_image.y).to eq(6456680440731674563715553325029463353567815591885844101408227481418612066782)
+  end
+
+  it 'raises ArgumentError when providing both public and private keys' do
+    expect { RingSig::Key.new(private_key: 1, public_key: group.generator) }.to raise_error(ArgumentError)
+  end
+
+  it 'raises ArgumentError if neither public or private key are provided' do
+    expect { RingSig::Key.new }.to raise_error(ArgumentError)
+  end
+
+  it 'raises ArgumentError if private key is too small' do
+    expect { RingSig::Key.new(private_key: 0) }.to raise_error(ArgumentError)
+  end
+
+  describe '#key_image' do
+    it 'computes correctly' do
+      expect(key.key_image.x).to eq(19808304348355547845585283516832906889081321816618757912787193259813413622341)
+      expect(key.key_image.y).to eq(6456680440731674563715553325029463353567815591885844101408227481418612066782)
+    end
+  end
+
+  describe '#drop_private_key' do
+    it 'creates a new Key without the private_key component' do
+      key2 = key.drop_private_key
+      expect(key).not_to eq(key2)
+      expect(key2.private_key).to be(nil)
+      expect(key2.public_key).not_to be(nil)
+    end
+  end
+
+  context 'Three foreign keys' do
+    # The public keys from the coinbase transactions in the first three bitcoin blocks.
+    foreign_keys = %w{
+        04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f
+        0496b538e853519c726a2c91e61ec11600ae1390813a627c66fb8be7947be63c52da7589379515d4e0a604f8141781e62294721166bf621e73a82cbf2342c858ee
+        047211a824f55b505228e4c3d5194c1fcfaa15a456abdf37f9b9d97a4040afc073dee6c89064984f03385237d92167c13e236446b417ab79a0fcae412ae3316b77
+      }.map do |s|
+        RingSig::Key.new(public_key: ECDSA::Format::PointOctetString.decode([s].pack('H*'), group))
+      end
+
+    describe '#sign' do
+      sig, public_keys = key.sign(message, foreign_keys)
+
+      it 'signs and verifies' do
+        expect(sig.to_hex).to eq '3082013d0421022bcb1a5b3c70421bfac818f6bd13289a5c9a3cfb42d3b81f023a0276974c924530818a02200b084320e064c99a4c25122fbbae407f9a5b2b4f063d2276500e051641a04f79022100b6c3d4ec0f42acf78ffd5697da7145cf1f274410ccbdb02bae3da79c25dd324c02210086861195f0eecb9948bf421ca5ce4c0f4e5838e7fe0735d2afd40bc5c10c849102200c84c1450e3a0b092f4449204b531a02d1f9f7eafef6d34bbe599d944a85eba930818a022100cb8f91859d1cd0308ecd3a278d0334da2e97a7dc54d36bbbb266cd2187c78bc4022100a81cff48a1e5ca431c30e3e658d22447cf808cd414cccdb84d43bb72a91c3add02201c9ef437f57532ab0e916536709aacde09f2243297e1d6e3992385cc603d41540220690ddd89d38482bb42e59ee6f2279c8f35a8211300e13939aed00e91bb3d9661'
+
+        expected_public_keys = [2, 1, 0, 3].map{|i| ([key] + foreign_keys)[i].public_key}
+        expect(public_keys.map(&:public_key)).to eq expected_public_keys
+
+        expect(sig.verify(message, public_keys)).to be true
+        expect(sig.verify(message + '0', public_keys)).to be false
+        expect(sig.verify(message, public_keys.reverse)).to be false
+      end
+
+      it 'has the same key_image for different foreign keys' do
+        other_sig, other_public_keys = key.sign(message, foreign_keys[0..1])
+
+        expect(sig.to_hex).not_to eq(other_sig.to_hex)
+        expect(sig.key_image).to eq(other_sig.key_image)
+      end
+    end
+  end
+
+  context 'Zero foreign keys' do
+    foreign_keys = []
+
+    it 'signs and verifies' do
+      sig, public_keys = key.sign(message, foreign_keys)
+
+      expect(sig.to_hex).to eq '306c0421022bcb1a5b3c70421bfac818f6bd13289a5c9a3cfb42d3b81f023a0276974c9245302202202a2c0676992db106d54b0d2834c53b95b55d524c7449b55202f3ccb465ce73873023022100a1638b0f03ef1f29b9822cff583df944793a558fe089b669af73006d21f9183d'
+      expect(public_keys.map(&:public_key)).to eq [key.public_key]
+
+      expect(sig.verify(message, public_keys)).to be true
+    end
+  end
+end

data/spec/signature_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+describe RingSig::Signature do
+  group = ECDSA::Group::Secp256k1
+  signature = RingSig::Signature.new(group.generator, [10], [20])
+  sig_hex = '302d04210279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798300302010a3003020114'
+  sig_der = "0-\x04!\x02y\xBEf~\xF9\xDC\xBB\xACU\xA0b\x95\xCE\x87\v\a\x02\x9B\xFC\xDB-\xCE(\xD9Y\xF2\x81[\x16\xF8\x17\x980\x03\x02\x01\n0\x03\x02\x01\x14".force_encoding('binary')
+
+  it 'has the right key_image' do
+    expect(signature.key_image).to eq group.generator
+  end
+
+  it 'has the right c_array' do
+    expect(signature.c_array).to contain_exactly 10
+  end
+
+  it 'has the right r_array' do
+    expect(signature.r_array).to contain_exactly 20
+  end
+
+  it 'has the right components' do
+    expect(signature.components).to eq group.generator.coords + [10, 20]
+  end
+
+  describe '#to_hex' do
+    it 'converts to hex correctly' do
+      expect(signature.to_hex).to eq sig_hex
+    end
+  end
+
+  describe '#to_der' do
+    it 'converts to der correctly' do
+      expect(signature.to_der).to eq sig_der
+    end
+  end
+
+  describe '#from_hex' do
+    it 'converts from hex correctly' do
+      expect(RingSig::Signature.from_hex(sig_hex).components).to eq signature.components
+    end
+  end
+
+  describe '#from_der' do
+    it 'converts from der correctly' do
+      expect(RingSig::Signature.from_der(sig_der).components).to eq signature.components
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,6 @@
+if ENV['COVERAGE'] == 'Y'
+  require 'simplecov'
+  SimpleCov.start
+end
+
+require 'ring_sig'

metadata

@@ -0,0 +1,178 @@
+--- !ruby/object:Gem::Specification
+name: ring_sig
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Stephen McCarthy
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-09-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: markdown
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: redcarpet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ecdsa
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+description: Ring Signatures allow someone to non-interactively sign a message which
+  can be verified against a set of chosen public keys.
+email: sjmccarthy@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/ring_sig.rb
+- lib/ring_sig/ecdsa/point.rb
+- lib/ring_sig/hasher.rb
+- lib/ring_sig/key.rb
+- lib/ring_sig/signature.rb
+- lib/ring_sig/version.rb
+- ring_sig.gemspec
+- spec/hasher_spec.rb
+- spec/key_spec.rb
+- spec/signature_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/jamoes/ring_sig
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: This gem implements ring signatures, built on top of ECDSA, as specified
+  by CryptoNote
+test_files:
+- spec/hasher_spec.rb
+- spec/key_spec.rb
+- spec/signature_spec.rb
+- spec/spec_helper.rb
+has_rdoc: