ring_sig 0.0.1 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 81ca882165cbb38793b1973cc43b8861eda76b88
-  data.tar.gz: 9be01854e734261e115c2c8d8edbfb2cc3cff8a9
+  metadata.gz: 99fef8c39d8ec2e0d7fc86ed6f25a09625940dfd
+  data.tar.gz: 9e989018593339b1148a858c2b508c6cc17fc016
 SHA512:
-  metadata.gz: e73648fab59657fe7a30dbef07b1b8457b0e511b136bf7a3750a08791843a0aa2ad4e45a280da5b3d05b7455b7c0a69440dc20cbdd0f97b9c05b413362e5896b
-  data.tar.gz: 8a23930dbc658f1a91c4dde5ed32443366f205c116961a874f3365f788eb1297086626393126e7d77305c08e9e8f0dcb79bfeb56b1a55b3890e678524d39748c
+  metadata.gz: 5f0f5ec506578ffa6e9a6a7593f4418303a9f65be9b9cac64a3176cbf253de76f956efe56c935ecd065bba18f19508972c2ff06f0df9d710f94274fc779e58a0
+  data.tar.gz: e8527bea3482085ea27a8a77334f497b4922cc14f969f98a27981d5d239c6e129386fe40229b90ea35f4b23a75e5a3fe7823e9c44ff822af6a632256fd9785c0

data/.travis.yml

@@ -0,0 +1,5 @@
+script: "rspec"
+rvm:
+  - 2.0.0
+  - 2.1.0
+  - ruby-head

data/.yardopts

@@ -0,0 +1,3 @@
+--readme README.md
+--markup markdown
+lib/ring_sig/**/*.rb

data/README.md

@@ -0,0 +1,134 @@
+# RingSig gem for Ruby
+
+[![Build Status](https://travis-ci.org/jamoes/ring_sig.svg?branch=master)](https://travis-ci.org/jamoes/ring_sig)
+
+This gem implements a signature scheme known as one-time ring signatures.
+The algorithm for one-time ring signatures was originally described in section
+4.4 of the [CryptoNote Whitepaper](https://cryptonote.org/whitepaper.pdf).
+
+## Ring signatures
+
+Ring signatures are a special type of digital signature that allows the signer
+to achieve *unconditional unlinkability* between their signature and their
+public key. Signers sign a message using their private key and an arbitrary set
+of foreign public keys. Verifiers are given the full set of public keys that a
+message was signed with. Verifiers can prove that *one* of the private keys
+signed the message, but they cannot determine *which* private key was actually
+used for signing.
+
+The signatures produced by this gem are said to be *one-time* ring signatures,
+because the signature includes a Key Image, which is the same for all messages
+signed with the same private key. Therefore, if a signer signs multiple messages
+with the same private key, the signatures can be linked.
+
+This gem does not use any randomness. All the algorithms are deterministic, and
+do not require any sort of external source of randomness. When signing, a seed
+is computed from a hash of the message and the private key. That seed is used
+along with the hash algorithm and a nonce anywhere the signing algorithm calls
+for randomness. As a result, the same inputs will always generate the same
+signature.
+
+## Current limitations
+
+- This gem is not optimized for speed. All elliptical curve arithmetic is
+computed in pure ruby. As a result, the sign and verify operations are slow.
+Future versions will hopefully be better optimized for speed.
+- This gem was not written by a cryptography expert. It is provided "as is"
+and it is the user's responsibility to make sure it will be suitable for the
+desired purpose.
+
+## Installation
+
+This library is distributed as a gem named [ring_sig](https://rubygems.org/gems/ring_sig)
+at RubyGems.org.  To install it, run:
+
+    gem install ring_sig
+
+## Usage
+
+First, require the gem:
+```ruby
+require 'ring_sig'
+```
+
+Next, create a private key for signing. For our example, we'll just use the
+private key `1`. In the wild, you'll want to utilize a securely generated key.
+```ruby
+key = RingSig::PrivateKey.new(1)
+```
+
+Next, access a set a foreign public keys for signing. To demonstrate that any
+arbitrary keys can be used, we'll use the public keys from the coinbase
+transactions of the first three blocks on the bitcoin blockchain.
+
+```ruby
+foreign_keys = %w{
+    04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f
+    0496b538e853519c726a2c91e61ec11600ae1390813a627c66fb8be7947be63c52da7589379515d4e0a604f8141781e62294721166bf621e73a82cbf2342c858ee
+    047211a824f55b505228e4c3d5194c1fcfaa15a456abdf37f9b9d97a4040afc073dee6c89064984f03385237d92167c13e236446b417ab79a0fcae412ae3316b77
+  }.map {|s| RingSig::PublicKey.from_hex(s) }
+```
+
+Next, we sign the message. This will assign a `RingSig::Signature` to the `sig`
+variable, and a deterministically shuffled Array of `RingSig::PublicKey`s to the
+`public_keys` variable.
+```ruby
+sig, public_keys = key.sign("Hello World!", foreign_keys)
+```
+
+You can see the signature contents by using the `to_hex` method:
+```ruby
+puts sig.to_hex
+```
+
+Finally, verify the signature:
+```ruby
+sig.verify("Hello World!", public_keys)
+```
+
+By default, this gem uses SHA256 for its hash algorithm, and Secp256k1 for its
+ECDSA group. You can specify alternates if you'd like:
+```ruby
+key = RingSig::PrivateKey.new(1, group: ECDSA::Group::Secp256r1, hash_algorithm: OpenSSL::Digest::RIPEMD160)
+```
+
+## Standards
+
+There currently aren't any standards around Ring Signatures that I know of. This
+gem attempts to make sensible choices such that the exact same algorithm can
+easily be implemented in other languages.
+
+I'd love to see standards emerge around this powerful cryptographic primitive.
+If you have any feedback about how to make the implementation of the algorithms
+in this gem more inter-operable with other systems, I'd love to hear it!
+
+## Contributing
+
+To submit a bug, please go to this gem's [github page](https://github.com/jamoes/ring_sig)
+and create a new issue.
+
+If you'd like to contribute code, these are the general steps:
+
+1. Fork and clone the repository
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -a 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a Pull Request
+
+Please make sure to write tests for your new code, and  follow the existing code
+standards wherever possible.
+
+## Credit
+
+Special thanks to the authors of the very excellent [ECDSA](https://github.com/DavidEGrayson/ruby_ecdsa)
+gem. Not only is it a dependency of this gem, I also used it to gain a
+much better understanding of elliptical curve crypto, and used it as inspiration
+for this gem.
+
+## Supported platforms
+
+Ruby 2.0.0 and above.
+
+## Documentation
+
+For complete documentation, see the [RingSig page on RubyDoc.info](http://rubydoc.info/gems/ring_sig).

data/lib/ring_sig.rb

@@ -1,7 +1,8 @@
 require 'openssl'
 require 'ecdsa'
 require 'ring_sig/hasher'
-require 'ring_sig/key'
+require 'ring_sig/private_key'
+require 'ring_sig/public_key'
 require 'ring_sig/signature'
 require 'ring_sig/version'
 require 'ring_sig/ecdsa/point'

data/lib/ring_sig/private_key.rb

@@ -0,0 +1,165 @@
+module RingSig
+  # Instances of this class represent a private ECDSA key.
+  class PrivateKey
+
+    # The integer value of this private key. A number between 0 and the
+    # group's order (non-inclusive).
+    #
+    # @return [Integer]
+    attr_reader :value
+
+    # @return [PublicKey]
+    attr_reader :public_key
+
+    # @return [ECDSA::Group]
+    attr_reader :group
+
+    # @return [#digest]
+    attr_reader :hash_algorithm
+
+    # Creates a new instance of {PrivateKey}.
+    #
+    # @param value [Integer]
+    # @param group [ECDSA::Group]
+    # @param hash_algorithm [#digest]
+    def initialize(value, group: ECDSA::Group::Secp256k1, hash_algorithm: OpenSSL::Digest::SHA256)
+      raise ArgumentError, "Value is not an integer" unless value.is_a?(Integer)
+      raise ArgumentError, "Value is too small" if value < 1
+      raise ArgumentError, "Value is too large" if value >= group.order
+
+      @value = value
+      @public_key = PublicKey.new(group.generator.multiply_by_scalar(value), group: group)
+
+      @group = group
+      @hash_algorithm = hash_algorithm
+      @hasher = Hasher.new(group, hash_algorithm)
+    end
+
+    # Creates a new instance of {PrivateKey} from a hex string.
+    #
+    # @param octet_string [String]
+    # @param group [ECDSA::Group]
+    # @param hash_algorithm [#digest]
+    # @return [PrivateKey]
+    def self.from_hex(hex_string, group: ECDSA::Group::Secp256k1, hash_algorithm: OpenSSL::Digest::SHA256)
+      self.from_octet([hex_string].pack('H*'), group: group, hash_algorithm: hash_algorithm)
+    end
+
+    # Creates a new instance of {PrivateKey} from an octet string.
+    #
+    # @param octet_string [String]
+    # @param group [ECDSA::Group]
+    # @param hash_algorithm [#digest]
+    # @return [PrivateKey]
+    def self.from_octet(octet_string, group: ECDSA::Group::Secp256k1, hash_algorithm: OpenSSL::Digest::SHA256)
+      value = ECDSA::Format::FieldElementOctetString.decode(octet_string, group.field)
+      PrivateKey.new(value, group: group, hash_algorithm: hash_algorithm)
+    end
+
+    # Encodes this private key into an octet string. The encoded data contains
+    # only the value. It does not contain the group or hash_algorithm.
+    #
+    # @return [String]
+    def to_hex
+      to_octet.unpack('H*').first
+    end
+
+    # Encodes this public key into a hex string. The encoded data contains
+    # only the value. It does not contain the group or hash_algorithm.
+    #
+    # @return [String]
+    def to_octet
+      ECDSA::Format::FieldElementOctetString.encode(value, group.field)
+    end
+
+    # Signs a message with this key's private key and a set of foreign public
+    # keys. The resulting signature can be verified against the ordered set of
+    # all public keys used for creating this signature. The signature will also
+    # contain a key_image which will be the same for all messages signed with
+    # this key.
+    #
+    # @param message [String] The message to sign.
+    # @param foreign_keys [Array<PublicKey>] The foreign keys for the signature.
+    # @return [Array(Signature, Array<PublicKey>)] A pair containing the signature
+    #   and the set of public keys (in the correct order) for verifying.
+    def sign(message, foreign_keys)
+      raise ArgumentError "Foreign keys must all have the same group" unless foreign_keys.all?{ |e| e.group == group }
+
+      message_digest = @hasher.hash_string(message)
+      seed = @hasher.hash_array([value, message_digest])
+
+      all_keys = @hasher.shuffle([self] + foreign_keys, seed)
+
+      q_array, w_array = generate_q_w(all_keys, seed)
+      ll_array, rr_array = generate_ll_rr(all_keys, q_array, w_array)
+      challenge = @hasher.hash_array([message_digest] + ll_array + rr_array)
+      c_array, r_array = generate_c_r(all_keys, q_array, w_array, challenge)
+
+      public_keys = all_keys.map(&:public_key)
+      signature = Signature.new(key_image, c_array, r_array, group: group, hash_algorithm: @hasher.algorithm)
+
+      [signature, public_keys]
+    end
+
+    # @return [ECDSA::Point] the key image.
+    def key_image
+      @key_image ||= @hasher.hash_point(point) * value
+    end
+
+    # @return [ECDSA::Point] the public key's point.
+    def point
+      public_key.point
+    end
+
+    # @return [Boolean] true if the private keys are equal.
+    def ==(other)
+      return false unless other.is_a?(PrivateKey)
+      value == other.value && group == other.group && hash_algorithm == other.hash_algorithm
+    end
+
+    private
+
+    def generate_q_w(all_keys, seed)
+      q_array, w_array = [], []
+
+      all_keys.each_with_index do |k, i|
+        q_array[i] = @hasher.hash_array(['q', seed, i])
+        w_array[i] = 0
+        w_array[i] = @hasher.hash_array(['w', seed, i]) if k.is_a?(PublicKey)
+      end
+
+      [q_array, w_array]
+    end
+
+    def generate_ll_rr(all_keys, q_array, w_array)
+      ll_array, rr_array = [], []
+
+      all_keys.each_with_index do |k, i|
+        ll_array[i] = group.generator * q_array[i]
+        rr_array[i] = @hasher.hash_point(k.point) * q_array[i]
+        if k.is_a?(PublicKey)
+          ll_array[i] += k.point * w_array[i]
+          rr_array[i] += key_image * w_array[i]
+        end
+      end
+
+      [ll_array, rr_array]
+    end
+
+    def generate_c_r(all_keys, q_array, w_array, challenge)
+      c_array, r_array = [], []
+
+      all_keys.each_with_index do |k, i|
+        if k.is_a?(PublicKey)
+          c_array[i] = w_array[i]
+          r_array[i] = q_array[i]
+        else
+          c_array[i] = (challenge - w_array.inject{|a, b| a + b}) % group.order
+          r_array[i] = (q_array[i] - c_array[i] * k.value) % group.order
+        end
+      end
+
+      [c_array, r_array]
+    end
+  end
+end

data/lib/ring_sig/public_key.rb

@@ -0,0 +1,73 @@
+module RingSig
+  # Instances of this class represent a public ECDSA key.
+  class PublicKey
+
+    # The elliptical curve point of this public key.
+    #
+    # @return [ECDSA::Point]
+    attr_reader :point
+
+    # @return [ECDSA::Group]
+    attr_reader :group
+
+    # Creates a new instance of {PublicKey}.
+    #
+    # @param point [ECDSA::Point]
+    # @param group [ECDSA::Group]
+    def initialize(point, group: ECDSA::Group::Secp256k1)
+      raise ArgumentError, "Point is not an ECDSA::Point" unless point.is_a?(ECDSA::Point)
+      raise ArgumentError, "Point is not on the group's curve" unless group.include?(point)
+
+      @point = point
+      @group = group
+    end
+
+    # Creates a new instance of {PublicKey} from a hex string.
+    #
+    # @param hex_string [String]
+    # @param group [ECDSA::Group]
+    # @return [PublicKey]
+    def self.from_hex(hex_string, group: ECDSA::Group::Secp256k1)
+      self.from_octet([hex_string].pack('H*'), group: group)
+    end
+
+    # Creates a new instance of {PublicKey} from an octet string.
+    #
+    # @param octet_string [String]
+    # @param group [ECDSA::Group]
+    # @return [PublicKey]
+    def self.from_octet(octet_string, group: ECDSA::Group::Secp256k1)
+      point = ECDSA::Format::PointOctetString.decode(octet_string, group)
+      PublicKey.new(point, group: group)
+    end
+
+    # Encodes this public key into an octet string. The encoded data contains
+    # only the point. It does not contain the group.
+    #
+    # @param compression [Boolean]
+    # @return [String]
+    def to_hex(compression: true)
+      to_octet(compression: compression).unpack('H*').first
+    end
+
+    # Encodes this public key into a hex string. The encoded data contains
+    # only the point. It does not contain the group.
+    #
+    # @param compression [Boolean]
+    # @return [String]
+    def to_octet(compression: true)
+      ECDSA::Format::PointOctetString.encode(point, compression: compression)
+    end
+
+    # @return [PublicKey] self.
+    def public_key
+      self
+    end
+
+    # @return [Boolean] true if the public keys are equal.
+    def ==(other)
+      return false unless other.is_a?(PublicKey)
+      point == other.point && group == other.group
+    end
+  end
+end

data/lib/ring_sig/signature.rb

@@ -31,7 +31,7 @@ module RingSig
 
       @group = group
       @hash_algorithm = hash_algorithm
-      @hasher = RingSig::Hasher.new(group, hash_algorithm)
+      @hasher = Hasher.new(group, hash_algorithm)
     end
 
     # Creates a new instance of {Signature} from a der string.
@@ -47,7 +47,7 @@ module RingSig
       c_array = asn1.value[1].value.map{|i| i.value.to_i}
       r_array = asn1.value[2].value.map{|i| i.value.to_i}
 
-      RingSig::Signature.new(key_image, c_array, r_array, group: group, hash_algorithm: hash_algorithm)
+      Signature.new(key_image, c_array, r_array, group: group, hash_algorithm: hash_algorithm)
     end
 
     # Creates a new instance of {Signature} from a hex string.
@@ -57,13 +57,14 @@ module RingSig
     # @param hash_algorithm [#digest]
     # @return [Signature]
     def self.from_hex(hex_string, group: ECDSA::Group::Secp256k1, hash_algorithm: OpenSSL::Digest::SHA256)
-      RingSig::Signature.from_der([hex_string].pack('H*'), group: group, hash_algorithm: hash_algorithm)
+      Signature.from_der([hex_string].pack('H*'), group: group, hash_algorithm: hash_algorithm)
     end
 
     # Encodes this signature into a der string. The encoded data contains
     # the key_image, c_array, and r_array. It does not contain the group
     # or hash_algorithm.
     #
+    # @param compression [Boolean]
     # @return [String]
     def to_der(compression: true)
       OpenSSL::ASN1::Sequence.new([
@@ -77,6 +78,7 @@ module RingSig
     # the key_image, c_array, and r_array. It does not contain the group
     # or hash_algorithm.
     #
+    # @param compression [Boolean]
     # @return [String]
     def to_hex(compression: true)
       to_der(compression: compression).unpack('H*').first
@@ -85,15 +87,15 @@ module RingSig
     # Verifies this signature against an ordered set of public keys.
     #
     # @param message [String]
-    # @param public_keys [Array<Key>]
+    # @param public_keys [Array<PublicKey>]
     # @return [Boolean] true if the signature verifies, false otherwise.
     def verify(message, public_keys)
       ll_array = []
       rr_array = []
 
       public_keys.each_with_index do |k, i|
-        ll_array[i] = (group.generator * r_array[i]) + (k.public_key * c_array[i])
-        rr_array[i] = (@hasher.hash_point(k.public_key) * (r_array[i]) + key_image * c_array[i])
+        ll_array[i] = (group.generator * r_array[i]) + (k.point * c_array[i])
+        rr_array[i] = (@hasher.hash_point(k.point) * (r_array[i]) + key_image * c_array[i])
       end
 
       c_sum = c_array.inject{|a, b| a + b} % group.order

data/lib/ring_sig/version.rb

@@ -1,3 +1,3 @@
 module RingSig
-  VERSION = '0.0.1'
+  VERSION = '0.1.0'
 end

data/ring_sig.gemspec

@@ -15,12 +15,12 @@ Gem::Specification.new do |s|
   s.test_files  = s.files.grep(%r{^(test|spec|features)/})
 
   s.add_development_dependency 'bundler', '~> 1.3'
-  s.add_development_dependency 'rake', '~> 0'
+  s.add_development_dependency 'rake', '~> 10'
   s.add_development_dependency 'rspec', '~> 3.0'
   s.add_development_dependency 'simplecov', '~> 0'
   s.add_development_dependency 'yard', '~> 0'
-  s.add_development_dependency 'markdown', '~> 0'
-  s.add_development_dependency 'redcarpet', '~> 0'
+  s.add_development_dependency 'markdown', '~> 1'
+  s.add_development_dependency 'redcarpet', '~> 3'
 
   s.add_runtime_dependency 'ecdsa', '~> 1.1'
 end

data/spec/private_key_spec.rb

@@ -0,0 +1,107 @@
+require 'spec_helper'
+
+describe RingSig::PrivateKey do
+  key = RingSig::PrivateKey.new(1)
+  key_hex = '0000000000000000000000000000000000000000000000000000000000000001'
+  group = ECDSA::Group::Secp256k1
+  message = 'a'
+  # The public keys from the coinbase transactions in the first three bitcoin blocks:
+  foreign_keys = %w{
+      04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f
+      0496b538e853519c726a2c91e61ec11600ae1390813a627c66fb8be7947be63c52da7589379515d4e0a604f8141781e62294721166bf621e73a82cbf2342c858ee
+      047211a824f55b505228e4c3d5194c1fcfaa15a456abdf37f9b9d97a4040afc073dee6c89064984f03385237d92167c13e236446b417ab79a0fcae412ae3316b77
+    }.map {|s| RingSig::PublicKey.from_hex(s) }
+
+  it 'raises ArgumentError if value is too small' do
+    expect { RingSig::PrivateKey.new(0) }.to raise_error(ArgumentError)
+  end
+
+  it 'raises ArgumentError if value is too large' do
+    expect { RingSig::PrivateKey.new(group.order) }.to raise_error(ArgumentError)
+  end
+
+  describe '#key_image' do
+    it 'computes correctly' do
+      expect(key.key_image.x).to eq(19808304348355547845585283516832906889081321816618757912787193259813413622341)
+      expect(key.key_image.y).to eq(6456680440731674563715553325029463353567815591885844101408227481418612066782)
+    end
+  end
+
+  describe '#public_key' do
+    it 'computes correctly' do
+      expect(key.public_key.to_hex).to eq("0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798")
+    end
+  end
+
+  describe '#point' do
+    it 'equals the public key point' do
+      expect(key.point).to eq(key.public_key.point)
+    end
+  end
+
+  describe '#to_hex' do
+    it 'converts to hex' do
+      expect(key.to_hex).to eq key_hex
+    end
+  end
+
+  describe '#from_hex' do
+    it 'converts from hex' do
+      expect(RingSig::PrivateKey.from_hex(key_hex)).to eq key
+    end
+  end
+
+  describe '#to_octet' do
+    it 'converts to octet' do
+      expect(key.to_octet).to eq [key_hex].pack('H*')
+    end
+  end
+
+  describe '#from_octet' do
+    it 'converts from octet' do
+      expect(RingSig::PrivateKey.from_octet([key_hex].pack('H*'))).to eq key
+    end
+  end
+
+  describe '==' do
+    it 'returns true when keys are the same' do
+      expect(key).to eq key
+      expect(RingSig::PrivateKey.new(key.value) == key).to eq true
+    end
+
+    it 'returns false when keys are different' do
+      expect(RingSig::PrivateKey.new(2) == key).to eq false
+    end
+  end
+
+  describe '#sign' do
+    sig, public_keys = key.sign(message, foreign_keys)
+
+    it 'signs and verifies' do
+      expect(sig.to_hex).to eq '3082013d0421022bcb1a5b3c70421bfac818f6bd13289a5c9a3cfb42d3b81f023a0276974c924530818a02200b084320e064c99a4c25122fbbae407f9a5b2b4f063d2276500e051641a04f79022100b6c3d4ec0f42acf78ffd5697da7145cf1f274410ccbdb02bae3da79c25dd324c02210086861195f0eecb9948bf421ca5ce4c0f4e5838e7fe0735d2afd40bc5c10c849102200c84c1450e3a0b092f4449204b531a02d1f9f7eafef6d34bbe599d944a85eba930818a022100cb8f91859d1cd0308ecd3a278d0334da2e97a7dc54d36bbbb266cd2187c78bc4022100a81cff48a1e5ca431c30e3e658d22447cf808cd414cccdb84d43bb72a91c3add02201c9ef437f57532ab0e916536709aacde09f2243297e1d6e3992385cc603d41540220690ddd89d38482bb42e59ee6f2279c8f35a8211300e13939aed00e91bb3d9661'
+
+      expected_public_keys = [2, 1, 0, 3].map{|i| ([key] + foreign_keys)[i].public_key}
+      expect(public_keys).to eq expected_public_keys
+
+      expect(sig.verify(message, public_keys)).to be true
+      expect(sig.verify(message + '0', public_keys)).to be false
+      expect(sig.verify(message, public_keys.reverse)).to be false
+    end
+
+    it 'has the same key_image for different foreign keys' do
+      other_sig, other_public_keys = key.sign(message, foreign_keys[0..1])
+
+      expect(sig.to_hex).not_to eq(other_sig.to_hex)
+      expect(sig.key_image).to eq(other_sig.key_image)
+    end
+
+    it 'signs and verifies with no foreign keys' do
+      sig, public_keys = key.sign(message, [])
+
+      expect(sig.to_hex).to eq '306c0421022bcb1a5b3c70421bfac818f6bd13289a5c9a3cfb42d3b81f023a0276974c9245302202202a2c0676992db106d54b0d2834c53b95b55d524c7449b55202f3ccb465ce73873023022100a1638b0f03ef1f29b9822cff583df944793a558fe089b669af73006d21f9183d'
+      expect(public_keys).to eq [key.public_key]
+
+      expect(sig.verify(message, public_keys)).to be true
+    end
+  end
+end

data/spec/public_key_spec.rb

@@ -0,0 +1,62 @@
+require 'spec_helper'
+
+describe RingSig::PublicKey do
+  compressed_hex = '03678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6'
+  uncompressed_hex = '04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f'
+  group = ECDSA::Group::Secp256k1
+  key = RingSig::PublicKey.new(group.new_point([
+    46833799212576611471711417854818141128240043280360231002189938627535641370294,
+    33454781559405909841731692443380420218121109572881027288991311028992835919199
+    ]))
+
+  describe '#to_hex' do
+    it 'converts to compressed hex' do
+      expect(key.to_hex(compression: true)).to eq compressed_hex
+    end
+
+    it 'converts to uncompressed hex' do
+      expect(key.to_hex(compression: false)).to eq uncompressed_hex
+    end
+  end
+
+  describe '#from_hex' do
+    it 'converts from compressed hex' do
+      expect(RingSig::PublicKey.from_hex(compressed_hex)).to eq key
+    end
+
+    it 'converts from uncompressed hex' do
+      expect(RingSig::PublicKey.from_hex(uncompressed_hex)).to eq key
+    end
+  end
+
+  describe '#to_octet' do
+    it 'converts to compressed octet' do
+      expect(key.to_octet(compression: true)).to eq [compressed_hex].pack('H*')
+    end
+
+    it 'converts to uncompressed octet' do
+      expect(key.to_octet(compression: false)).to eq [uncompressed_hex].pack('H*')
+    end
+  end
+
+  describe '#from_octet' do
+    it 'converts from compressed octet' do
+      expect(RingSig::PublicKey.from_octet([compressed_hex].pack('H*'))).to eq key
+    end
+
+    it 'converts from uncompressed octet' do
+      expect(RingSig::PublicKey.from_octet([uncompressed_hex].pack('H*'))).to eq key
+    end
+  end
+
+  describe '==' do
+    it 'returns true when keys are the same' do
+      expect(key).to eq key
+      expect(RingSig::PublicKey.new(key.point) == key).to eq true
+    end
+
+    it 'returns false when keys are different' do
+      expect(RingSig::PublicKey.new(group.generator) == key).to eq false
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ring_sig
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.1.0
 platform: ruby
 authors:
 - Stephen McCarthy
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-09-09 00:00:00.000000000 Z
+date: 2014-09-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '10'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '10'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -86,28 +86,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1'
 - !ruby/object:Gem::Dependency
   name: redcarpet
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: ecdsa
   requirement: !ruby/object:Gem::Requirement
@@ -130,6 +130,8 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".travis.yml"
+- ".yardopts"
 - Gemfile
 - LICENSE
 - README.md
@@ -137,12 +139,14 @@ files:
 - lib/ring_sig.rb
 - lib/ring_sig/ecdsa/point.rb
 - lib/ring_sig/hasher.rb
-- lib/ring_sig/key.rb
+- lib/ring_sig/private_key.rb
+- lib/ring_sig/public_key.rb
 - lib/ring_sig/signature.rb
 - lib/ring_sig/version.rb
 - ring_sig.gemspec
 - spec/hasher_spec.rb
-- spec/key_spec.rb
+- spec/private_key_spec.rb
+- spec/public_key_spec.rb
 - spec/signature_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/jamoes/ring_sig
@@ -172,7 +176,8 @@ summary: This gem implements ring signatures, built on top of ECDSA, as specifie
   by CryptoNote
 test_files:
 - spec/hasher_spec.rb
-- spec/key_spec.rb
+- spec/private_key_spec.rb
+- spec/public_key_spec.rb
 - spec/signature_spec.rb
 - spec/spec_helper.rb
 has_rdoc: 

data/lib/ring_sig/key.rb

@@ -1,142 +0,0 @@
-module RingSig
-  # Instances of this class represent an ECDSA key.
-  class Key
-
-    # @return [Integer]
-    attr_reader :private_key
-
-    # @return [ECDSA::Point]
-    attr_reader :public_key
-
-    # @return [ECDSA::Group]
-    attr_reader :group
-
-    # @return [#digest]
-    attr_reader :hash_algorithm
-
-    # Creates a new instance of {Key}. Must provide  either a private_key or
-    # a public_key, but not both.
-    #
-    # @param private_key [Integer]
-    # @param public_key [ECDSA::Point]
-    # @param group [ECDSA::Group]
-    # @param hash_algorithm [#digest]
-    def initialize(
-       private_key:    nil,
-       public_key:     nil,
-       group:          ECDSA::Group::Secp256k1,
-       hash_algorithm: OpenSSL::Digest::SHA256)
-
-      if private_key && public_key
-        raise ArgumentError, "Must not provide both private_key and public_key"
-      elsif private_key
-        raise ArgumentError, "Private key is not an integer" unless private_key.is_a?(Integer)
-        raise ArgumentError, "Private key is too small" if private_key < 1
-        raise ArgumentError, "Private key is too large" if private_key >= group.order
-        @private_key = private_key
-        @public_key = group.generator.multiply_by_scalar(private_key)
-      elsif public_key
-        raise ArgumentError, "Public key is not an ECDSA::Point" unless public_key.is_a?(ECDSA::Point)
-        raise ArgumentError, "Public key is not on the group's curve" unless group.include?(public_key)
-        @public_key = public_key
-      else
-        raise ArgumentError, "Must provide either private_key or public_key"
-      end
-
-      @group = group
-      @hash_algorithm = hash_algorithm
-      @hasher = RingSig::Hasher.new(group, hash_algorithm)
-    end
-
-    # Signs a message with this key's private_key and a set of public foreign
-    # keys. The resulting signature can be verified against the ordered set of
-    # all public keys used for creating this signature. The signature will also
-    # contain a key_image which will be the same for all messages signed with
-    # this key.
-    #
-    # @param message [String] The message to sign.
-    # @param foreign_keys [Array<Key>] The foreign keys for the signature.
-    # @return [Array(Signature, Array<Key>)] A pair containing the signature
-    #   and the set of public keys (in the correct order) for verifying.
-    def sign(message, foreign_keys)
-      raise ArgumentError "Cannot sign without a private key" unless private_key
-      raise ArgumentError "Foreign keys must all have to the same group" unless foreign_keys.all?{|e| e.group == group}
-      raise ArgumentError "Foreign keys must all have to the same hash_algorithm" unless foreign_keys.all?{|e| e.hash_algorithm == hash_algorithm}
-
-      message_digest = @hasher.hash_string(message)
-      seed = @hasher.hash_array([private_key, message_digest])
-
-      foreign_keys = foreign_keys.map(&:drop_private_key)
-      all_keys = @hasher.shuffle([self] + foreign_keys, seed)
-
-      q_array, w_array = generate_q_w(all_keys, seed)
-      ll_array, rr_array = generate_ll_rr(all_keys, q_array, w_array)
-      challenge = @hasher.hash_array([message_digest] + ll_array + rr_array)
-      c_array, r_array = generate_c_r(all_keys, q_array, w_array, challenge)
-
-      public_keys = all_keys.map(&:drop_private_key)
-
-      [RingSig::Signature.new(key_image, c_array, r_array, group: group, hash_algorithm: @hasher.algorithm), public_keys]
-    end
-
-    # @return [ECDSA::Point] the key image.
-    def key_image
-      raise ArgumentError "Cannot compute key image without the private key" unless private_key
-      @key_image ||= @hasher.hash_point(@public_key) * @private_key
-    end
-
-    # Returns self if this key has no private key. Otherwise, returns a new key
-    # with only the public_key component.
-    #
-    # @return [Key]
-    def drop_private_key
-      return self unless private_key
-      Key.new(public_key: public_key, group: group, hash_algorithm: hash_algorithm)
-    end
-
-    private
-
-    def generate_q_w(all_keys, seed)
-      q_array, w_array = [], []
-
-      all_keys.each_with_index do |k, i|
-        q_array[i] = @hasher.hash_array(['q', seed, i])
-        w_array[i] = @hasher.hash_array(['w', seed, i])
-        w_array[i] = 0 if k.private_key
-      end
-
-      [q_array, w_array]
-    end
-
-    def generate_ll_rr(all_keys, q_array, w_array)
-      ll_array, rr_array = [], []
-
-      all_keys.each_with_index do |k, i|
-        ll_array[i] = group.generator * q_array[i]
-        rr_array[i] = @hasher.hash_point(k.public_key) * q_array[i]
-        if k.private_key.nil?
-          ll_array[i] += k.public_key * w_array[i]
-          rr_array[i] += key_image * w_array[i]
-        end
-      end
-
-      [ll_array, rr_array]
-    end
-
-    def generate_c_r(all_keys, q_array, w_array, challenge)
-      c_array, r_array = [], []
-
-      all_keys.each_with_index do |k, i|
-        if k.private_key.nil?
-          c_array[i] = w_array[i]
-          r_array[i] = q_array[i]
-        else
-          c_array[i] = (challenge - w_array.inject{|a, b| a + b}) % group.order
-          r_array[i] = (q_array[i] - c_array[i] * k.private_key) % group.order
-        end
-      end
-
-      [c_array, r_array]
-    end
-  end
-end

data/spec/key_spec.rb

@@ -1,86 +0,0 @@
-require 'spec_helper'
-
-describe RingSig::Key do
-  key = RingSig::Key.new(private_key: 1)
-  group = ECDSA::Group::Secp256k1
-  message = 'a'
-
-  it 'computes a key image' do
-    expect(key.key_image.x).to eq(19808304348355547845585283516832906889081321816618757912787193259813413622341)
-    expect(key.key_image.y).to eq(6456680440731674563715553325029463353567815591885844101408227481418612066782)
-  end
-
-  it 'raises ArgumentError when providing both public and private keys' do
-    expect { RingSig::Key.new(private_key: 1, public_key: group.generator) }.to raise_error(ArgumentError)
-  end
-
-  it 'raises ArgumentError if neither public or private key are provided' do
-    expect { RingSig::Key.new }.to raise_error(ArgumentError)
-  end
-
-  it 'raises ArgumentError if private key is too small' do
-    expect { RingSig::Key.new(private_key: 0) }.to raise_error(ArgumentError)
-  end
-
-  describe '#key_image' do
-    it 'computes correctly' do
-      expect(key.key_image.x).to eq(19808304348355547845585283516832906889081321816618757912787193259813413622341)
-      expect(key.key_image.y).to eq(6456680440731674563715553325029463353567815591885844101408227481418612066782)
-    end
-  end
-
-  describe '#drop_private_key' do
-    it 'creates a new Key without the private_key component' do
-      key2 = key.drop_private_key
-      expect(key).not_to eq(key2)
-      expect(key2.private_key).to be(nil)
-      expect(key2.public_key).not_to be(nil)
-    end
-  end
-
-  context 'Three foreign keys' do
-    # The public keys from the coinbase transactions in the first three bitcoin blocks.
-    foreign_keys = %w{
-        04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f
-        0496b538e853519c726a2c91e61ec11600ae1390813a627c66fb8be7947be63c52da7589379515d4e0a604f8141781e62294721166bf621e73a82cbf2342c858ee
-        047211a824f55b505228e4c3d5194c1fcfaa15a456abdf37f9b9d97a4040afc073dee6c89064984f03385237d92167c13e236446b417ab79a0fcae412ae3316b77
-      }.map do |s|
-        RingSig::Key.new(public_key: ECDSA::Format::PointOctetString.decode([s].pack('H*'), group))
-      end
-
-    describe '#sign' do
-      sig, public_keys = key.sign(message, foreign_keys)
-
-      it 'signs and verifies' do
-        expect(sig.to_hex).to eq '3082013d0421022bcb1a5b3c70421bfac818f6bd13289a5c9a3cfb42d3b81f023a0276974c924530818a02200b084320e064c99a4c25122fbbae407f9a5b2b4f063d2276500e051641a04f79022100b6c3d4ec0f42acf78ffd5697da7145cf1f274410ccbdb02bae3da79c25dd324c02210086861195f0eecb9948bf421ca5ce4c0f4e5838e7fe0735d2afd40bc5c10c849102200c84c1450e3a0b092f4449204b531a02d1f9f7eafef6d34bbe599d944a85eba930818a022100cb8f91859d1cd0308ecd3a278d0334da2e97a7dc54d36bbbb266cd2187c78bc4022100a81cff48a1e5ca431c30e3e658d22447cf808cd414cccdb84d43bb72a91c3add02201c9ef437f57532ab0e916536709aacde09f2243297e1d6e3992385cc603d41540220690ddd89d38482bb42e59ee6f2279c8f35a8211300e13939aed00e91bb3d9661'
-
-        expected_public_keys = [2, 1, 0, 3].map{|i| ([key] + foreign_keys)[i].public_key}
-        expect(public_keys.map(&:public_key)).to eq expected_public_keys
-
-        expect(sig.verify(message, public_keys)).to be true
-        expect(sig.verify(message + '0', public_keys)).to be false
-        expect(sig.verify(message, public_keys.reverse)).to be false
-      end
-
-      it 'has the same key_image for different foreign keys' do
-        other_sig, other_public_keys = key.sign(message, foreign_keys[0..1])
-
-        expect(sig.to_hex).not_to eq(other_sig.to_hex)
-        expect(sig.key_image).to eq(other_sig.key_image)
-      end
-    end
-  end
-
-  context 'Zero foreign keys' do
-    foreign_keys = []
-
-    it 'signs and verifies' do
-      sig, public_keys = key.sign(message, foreign_keys)
-
-      expect(sig.to_hex).to eq '306c0421022bcb1a5b3c70421bfac818f6bd13289a5c9a3cfb42d3b81f023a0276974c9245302202202a2c0676992db106d54b0d2834c53b95b55d524c7449b55202f3ccb465ce73873023022100a1638b0f03ef1f29b9822cff583df944793a558fe089b669af73006d21f9183d'
-      expect(public_keys.map(&:public_key)).to eq [key.public_key]
-
-      expect(sig.verify(message, public_keys)).to be true
-    end
-  end
-end