schnorr_sig 0.0.0.4 → 0.1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +24 -5
- data/VERSION +1 -1
- data/lib/schnorr_sig/util.rb +1 -1
- data/lib/schnorr_sig.rb +3 -2
- data/test/vectors.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 151da6ed14b8d23233e92c09c4354d00454d9c10a4abbbb6f8429f17bba10cfb
|
|
4
|
+
data.tar.gz: 9391ae74a60a5275bf2704b8fef73b6d69591313c924f3bb9cddb24ee08e7372
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dc77694c5a19118374eab690d7fe6a2bf04e24a009e7c62108397a4dcb4fdf4e002d5e980018a9d83875c6fff93d4c132a9b6b8f1ffd1394304d584447706ab1
|
|
7
|
+
data.tar.gz: 76aceaed2e98afacc253c20549d3b16a48f3d7159aed457f51d2a7f37ea4a9b7a3bfee239b92b04b9b40f8de9f855e5330aef96ec446e01ddec260505d6f0254
|
data/README.md
CHANGED
|
@@ -14,6 +14,24 @@ and specifications similar to
|
|
|
14
14
|
[IETF RFCs](https://en.wikipedia.org/wiki/Request_for_Comments).
|
|
15
15
|
BIP340 specifies elliptic curve `secp256k1` for use with Schnorr signatures.
|
|
16
16
|
|
|
17
|
+
Two separate implementations are provided.
|
|
18
|
+
|
|
19
|
+
## Ruby Implementation
|
|
20
|
+
|
|
21
|
+
This is the default implementation: entirely Ruby code within this library,
|
|
22
|
+
with mostly-Ruby dependencies:
|
|
23
|
+
|
|
24
|
+
* [ecdsa_ext](https://github.com/azuchi/ruby_ecdsa_ext)
|
|
25
|
+
- [ecdsa](https://github.com/DavidEGrayson/ruby_ecdsa/)
|
|
26
|
+
|
|
27
|
+
## "Fast" Implementation
|
|
28
|
+
|
|
29
|
+
This is based on the [rbsecp256k1](https://github.com/etscrivner/rbsecp256k1)
|
|
30
|
+
gem, which is not installed by default. The gem wraps the
|
|
31
|
+
[secp256k1](https://github.com/bitcoin-core/secp256k1) library from the
|
|
32
|
+
Bitcoin project, which provides battle-tested performance, correctness, and
|
|
33
|
+
security guarantees.
|
|
34
|
+
|
|
17
35
|
# Usage
|
|
18
36
|
|
|
19
37
|
This library is provided as a RubyGem. It has a single dependency on
|
|
@@ -77,9 +95,9 @@ require 'schnorr_sig/fast' # not 'schnorr_sig'
|
|
|
77
95
|
# Elliptic Curves
|
|
78
96
|
|
|
79
97
|
Note that [elliptic curves](https://en.wikipedia.org/wiki/Elliptic_curve)
|
|
80
|
-
are not ellipses, but
|
|
98
|
+
are not ellipses, but are instead described by cubic equations of
|
|
81
99
|
the form: `y^2 = x^3 + ax + b` where `a` and `b` are the parameters of the
|
|
82
|
-
resulting
|
|
100
|
+
resulting equation. All points `(x, y)` which satisfy a given parameterized
|
|
83
101
|
equation provide the exact definition of an elliptic curve.
|
|
84
102
|
|
|
85
103
|
## Curve `secp256k1`
|
|
@@ -104,11 +122,11 @@ Here is one
|
|
|
104
122
|
}
|
|
105
123
|
```
|
|
106
124
|
|
|
107
|
-
* `p` is the prime for the Field, below INTMAX(32) (256^32)
|
|
125
|
+
* `p` is the prime for the Field, below `INTMAX(32)` (256^32)
|
|
108
126
|
* `a` is zero, as above
|
|
109
127
|
* `b` is seven, as above
|
|
110
|
-
* `g` is the generator point: [x, y]
|
|
111
|
-
* `n` is the Group order, significantly below INTMAX(32)
|
|
128
|
+
* `g` is the generator point: `[x, y]`
|
|
129
|
+
* `n` is the Group order, significantly below `INTMAX(32)`
|
|
112
130
|
|
|
113
131
|
Elliptic curves have algebraic structures called
|
|
114
132
|
[Groups](https://en.wikipedia.org/wiki/Group_\(mathematics\)) and
|
|
@@ -224,6 +242,7 @@ required.
|
|
|
224
242
|
* For any given x-value on the curve, the y-value is easily generated
|
|
225
243
|
* For most curves, there are two different y-values for an x-value
|
|
226
244
|
* We are always dealing with 32-byte integers: **Bignums**
|
|
245
|
+
* Bignum math can be expensive
|
|
227
246
|
* Converting between integer format and 32-byte strings can be expensive
|
|
228
247
|
* The Schnorr algorithm requires lots of `string <--> integer` conversion
|
|
229
248
|
* Hex strings are never used internally
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.1.0.1
|
data/lib/schnorr_sig/util.rb
CHANGED
|
@@ -18,7 +18,7 @@ module SchnorrSig
|
|
|
18
18
|
def self.bytestring!(str, size)
|
|
19
19
|
string!(str)
|
|
20
20
|
raise(EncodingError, str.encoding) unless str.encoding == Encoding::BINARY
|
|
21
|
-
str.
|
|
21
|
+
str.bytesize == size or raise(SizeError, str.bytesize)
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
# likely returns a Bignum, larger than a 64-bit hardware integer
|
data/lib/schnorr_sig.rb
CHANGED
|
@@ -9,6 +9,7 @@ module SchnorrSig
|
|
|
9
9
|
class BoundsError < Error; end
|
|
10
10
|
class SanityCheck < Error; end
|
|
11
11
|
class VerifyFail < Error; end
|
|
12
|
+
class InfinityPoint < Error; end
|
|
12
13
|
|
|
13
14
|
GROUP = ECDSA::Group::Secp256k1
|
|
14
15
|
P = GROUP.field.prime # smaller than 256**32
|
|
@@ -40,7 +41,7 @@ module SchnorrSig
|
|
|
40
41
|
big2bin(val)
|
|
41
42
|
when ECDSA::Point
|
|
42
43
|
# BIP340: The function bytes(P), where P is a point, returns bytes(x(P)).
|
|
43
|
-
val.infinity? ? (
|
|
44
|
+
val.infinity? ? raise(InfinityPoint, va.inspect) : big2bin(val.x)
|
|
44
45
|
else
|
|
45
46
|
raise(SanityCheck, val.inspect)
|
|
46
47
|
end
|
|
@@ -150,7 +151,7 @@ module SchnorrSig
|
|
|
150
151
|
end
|
|
151
152
|
|
|
152
153
|
# BIP340: The function lift_x(x), where x is a 256-bit unsigned integer,
|
|
153
|
-
# returns the point P for which x(P) = x
|
|
154
|
+
# returns the point P for which x(P) = x and has_even_y(P),
|
|
154
155
|
# or fails if x is greater than p-1 or no such point exists.
|
|
155
156
|
# Input
|
|
156
157
|
# A large integer, x
|
data/test/vectors.rb
CHANGED