@bsv/sdk 1.1.29 → 1.1.30

package/docs/primitives.md

@@ -8,15 +8,16 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 
 | | | |
 | --- | --- | --- |
-| [BasePoint](#class-basepoint) | [Point](#class-point) | [SHA1HMAC](#class-sha1hmac) |
-| [BigNumber](#class-bignumber) | [PointInFiniteField](#class-pointinfinitefield) | [SHA256](#class-sha256) |
-| [Curve](#class-curve) | [Polynomial](#class-polynomial) | [SHA256HMAC](#class-sha256hmac) |
-| [DRBG](#class-drbg) | [PrivateKey](#class-privatekey) | [SHA512](#class-sha512) |
-| [JacobianPoint](#class-jacobianpoint) | [PublicKey](#class-publickey) | [SHA512HMAC](#class-sha512hmac) |
-| [K256](#class-k256) | [RIPEMD160](#class-ripemd160) | [Signature](#class-signature) |
-| [KeyShares](#class-keyshares) | [Reader](#class-reader) | [SymmetricKey](#class-symmetrickey) |
-| [Mersenne](#class-mersenne) | [ReductionContext](#class-reductioncontext) | [TransactionSignature](#class-transactionsignature) |
-| [MontgomoryMethod](#class-montgomorymethod) | [SHA1](#class-sha1) | [Writer](#class-writer) |
+| [BasePoint](#class-basepoint) | [PointInFiniteField](#class-pointinfinitefield) | [SHA256HMAC](#class-sha256hmac) |
+| [BigNumber](#class-bignumber) | [Polynomial](#class-polynomial) | [SHA512](#class-sha512) |
+| [Curve](#class-curve) | [PrivateKey](#class-privatekey) | [SHA512HMAC](#class-sha512hmac) |
+| [DRBG](#class-drbg) | [PublicKey](#class-publickey) | [Schnorr](#class-schnorr) |
+| [JacobianPoint](#class-jacobianpoint) | [RIPEMD160](#class-ripemd160) | [Signature](#class-signature) |
+| [K256](#class-k256) | [Reader](#class-reader) | [SymmetricKey](#class-symmetrickey) |
+| [KeyShares](#class-keyshares) | [ReductionContext](#class-reductioncontext) | [TransactionSignature](#class-transactionsignature) |
+| [Mersenne](#class-mersenne) | [SHA1](#class-sha1) | [Writer](#class-writer) |
+| [MontgomoryMethod](#class-montgomorymethod) | [SHA1HMAC](#class-sha1hmac) |  |
+| [Point](#class-point) | [SHA256](#class-sha256) |  |
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Variables](#variables)
 
@@ -7349,6 +7350,116 @@ public hasLowS(): boolean
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Variables](#variables)
 
+---
+### Class: Schnorr
+
+Class representing the Schnorr Zero-Knowledge Proof (ZKP) protocol.
+
+This class provides methods to generate and verify proofs that demonstrate knowledge of a secret without revealing it.
+Specifically, it allows one party to prove to another that they know the private key corresponding to a public key
+and have correctly computed a shared secret, without disclosing the private key itself.
+
+The protocol involves two main methods:
+- `generateProof`: Generates a proof linking a public key `A` and a shared secret `S`, proving knowledge of the corresponding private key `a`.
+- `verifyProof`: Verifies the provided proof, ensuring its validity without revealing any secret information.
+
+The class utilizes elliptic curve cryptography (ECC) and the SHA-256 hash function to compute challenges within the proof.
+
+Example
+
+```typescript
+const schnorr = new Schnorr();
+const a = PrivateKey.fromRandom(); // Prover's private key
+const A = a.toPublicKey();         // Prover's public key
+const b = PrivateKey.fromRandom(); // Other party's private key
+const B = b.toPublicKey();         // Other party's public key
+const S = B.mul(a);                // Shared secret
+
+// Prover generates the proof
+const proof = schnorr.generateProof(a, A, B, S);
+
+// Verifier verifies the proof
+const isValid = schnorr.verifyProof(A.point, B.point, S.point, proof);
+console.log(`Proof is valid: ${isValid}`);
+```
+```ts
+export default class Schnorr {
+    constructor() 
+    generateProof(aArg: PrivateKey, AArg: PublicKey, BArg: PublicKey, S: Point): {
+        R: Point;
+        SPrime: Point;
+        z: BigNumber;
+    } 
+    verifyProof(A: Point, B: Point, S: Point, proof: {
+        R: Point;
+        SPrime: Point;
+        z: BigNumber;
+    }): boolean 
+}
+```
+
+<details>
+
+<summary>Class Schnorr Details</summary>
+
+#### Method generateProof
+
+Generates a proof that demonstrates the link between public key A and shared secret S
+
+```ts
+generateProof(aArg: PrivateKey, AArg: PublicKey, BArg: PublicKey, S: Point): {
+    R: Point;
+    SPrime: Point;
+    z: BigNumber;
+} 
+```
+
+Returns
+
+Proof (R, S', z)
+
+Argument Details
+
++ **a**
+  + Private key corresponding to public key A
++ **A**
+  + Public key
++ **B**
+  + Other party's public key
++ **S**
+  + Shared secret
+
+#### Method verifyProof
+
+Verifies the proof of the link between public key A and shared secret S
+
+```ts
+verifyProof(A: Point, B: Point, S: Point, proof: {
+    R: Point;
+    SPrime: Point;
+    z: BigNumber;
+}): boolean 
+```
+
+Returns
+
+True if the proof is valid, false otherwise
+
+Argument Details
+
++ **A**
+  + Public key
++ **B**
+  + Other party's public key
++ **S**
+  + Shared secret
++ **proof**
+  + Proof (R, S', z)
+
+</details>
+
+Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Variables](#variables)
+
 ---
 ## Functions
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bsv/sdk",
-  "version": "1.1.29",
+  "version": "1.1.30",
   "type": "module",
   "description": "BSV Blockchain Software Development Kit",
   "main": "dist/cjs/mod.js",

package/src/primitives/Schnorr.ts

@@ -0,0 +1,95 @@
+import BigNumber from './BigNumber.js'
+import Curve from './Curve.js'
+import Point from './Point.js'
+import { sha256 } from './Hash.js'
+import { PrivateKey, PublicKey } from './index.js'
+
+/**
+ * Class representing the Schnorr Zero-Knowledge Proof (ZKP) protocol.
+ *
+ * This class provides methods to generate and verify proofs that demonstrate knowledge of a secret without revealing it.
+ * Specifically, it allows one party to prove to another that they know the private key corresponding to a public key
+ * and have correctly computed a shared secret, without disclosing the private key itself.
+ *
+ * The protocol involves two main methods:
+ * - `generateProof`: Generates a proof linking a public key `A` and a shared secret `S`, proving knowledge of the corresponding private key `a`.
+ * - `verifyProof`: Verifies the provided proof, ensuring its validity without revealing any secret information.
+ *
+ * The class utilizes elliptic curve cryptography (ECC) and the SHA-256 hash function to compute challenges within the proof.
+ *
+ * @example
+ * ```typescript
+ * const schnorr = new Schnorr();
+ * const a = PrivateKey.fromRandom(); // Prover's private key
+ * const A = a.toPublicKey();         // Prover's public key
+ * const b = PrivateKey.fromRandom(); // Other party's private key
+ * const B = b.toPublicKey();         // Other party's public key
+ * const S = B.mul(a);                // Shared secret
+ *
+ * // Prover generates the proof
+ * const proof = schnorr.generateProof(a, A, B, S);
+ *
+ * // Verifier verifies the proof
+ * const isValid = schnorr.verifyProof(A.point, B.point, S.point, proof);
+ * console.log(`Proof is valid: ${isValid}`);
+ * ```
+ */
+export default class Schnorr {
+  private readonly curve: Curve
+
+  constructor () {
+    this.curve = new Curve()
+  }
+
+  /**
+     * Generates a proof that demonstrates the link between public key A and shared secret S
+     * @param a Private key corresponding to public key A
+     * @param A Public key
+     * @param B Other party's public key
+     * @param S Shared secret
+     * @returns Proof (R, S', z)
+     */
+  generateProof (aArg: PrivateKey, AArg: PublicKey, BArg: PublicKey, S: Point): { R: Point, SPrime: Point, z: BigNumber } {
+    const r = PrivateKey.fromRandom()
+    const R = r.toPublicKey()
+    const SPrime = BArg.mul(r)
+    const e = this.computeChallenge(AArg, BArg, S, SPrime, R)
+    const z = r.add(e.mul(aArg)).umod(this.curve.n)
+    return { R, SPrime, z }
+  }
+
+  /**
+     * Verifies the proof of the link between public key A and shared secret S
+     * @param A Public key
+     * @param B Other party's public key
+     * @param S Shared secret
+     * @param proof Proof (R, S', z)
+     * @returns True if the proof is valid, false otherwise
+     */
+  verifyProof (A: Point, B: Point, S: Point, proof: { R: Point, SPrime: Point, z: BigNumber }): boolean {
+    const { R, SPrime, z } = proof
+    const e = this.computeChallenge(A, B, S, SPrime, R)
+
+    // Check zG = R + eA
+    const zG = this.curve.g.mul(z)
+    const RpluseA = R.add(A.mul(e))
+    if (!zG.eq(RpluseA)) {
+      return false
+    }
+
+    // Check zB = S' + eS
+    const zB = B.mul(z)
+    const SprimeeS = SPrime.add(S.mul(e))
+    if (!zB.eq(SprimeeS)) {
+      return false
+    }
+
+    return true
+  }
+
+  private computeChallenge (A: Point, B: Point, S: Point, SPrime: Point, R: Point): BigNumber {
+    const message = [...A.encode(true), ...B.encode(true), ...S.encode(true), ...SPrime.encode(true), ...R.encode(true)] as number[]
+    const hash = sha256(message)
+    return new BigNumber(hash).umod(this.curve.n)
+  }
+}

package/src/primitives/__tests/Schnorr.test.ts

@@ -0,0 +1,272 @@
+import Schnorr from '../../../dist/cjs/src/primitives/Schnorr.js'
+import BigNumber from '../../../dist/cjs/src/primitives/BigNumber.js'
+import Curve from '../../../dist/cjs/src/primitives/Curve.js'
+import PrivateKey from '../../../dist/cjs/src/primitives/PrivateKey.js'
+
+describe('Schnorr Zero-Knowledge Proof', () => {
+    let schnorr: Schnorr
+    let curve: Curve
+
+    beforeAll(() => {
+        schnorr = new Schnorr()
+        curve = new Curve()
+    })
+
+    it('should verify a valid proof', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Verify proof
+        const result = schnorr.verifyProof(A, B, S, proof)
+        expect(result).toBe(true)
+    })
+
+    it('should fail verification if proof is tampered (R modified)', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Tamper with R
+        const tamperedR = proof.R.add(curve.g)
+        const tamperedProof = { ...proof, R: tamperedR }
+
+        // Verify proof
+        const result = schnorr.verifyProof(A, B, S, tamperedProof)
+        expect(result).toBe(false)
+    })
+
+    it('should fail verification if proof is tampered (z modified)', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Tamper with z
+        const tamperedZ = proof.z.add(new BigNumber(1)).umod(curve.n)
+        const tamperedProof = { ...proof, z: tamperedZ }
+
+        // Verify proof
+        const result = schnorr.verifyProof(A, B, S, tamperedProof)
+        expect(result).toBe(false)
+    })
+
+    it('should fail verification if proof is tampered (S\' modified)', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Tamper with S'
+        const tamperedSPrime = proof.SPrime.add(curve.g)
+        const tamperedProof = { ...proof, SPrime: tamperedSPrime }
+
+        // Verify proof
+        const result = schnorr.verifyProof(A, B, S, tamperedProof)
+        expect(result).toBe(false)
+    })
+
+    it('should fail verification if inputs are tampered (A modified)', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Tamper with A
+        const tamperedA = A.add(curve.g)
+
+        // Verify proof
+        const result = schnorr.verifyProof(tamperedA, B, S, proof)
+        expect(result).toBe(false)
+    })
+
+    it('should fail verification if inputs are tampered (B modified)', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Tamper with B
+        const tamperedB = B.add(curve.g)
+
+        // Verify proof
+        const result = schnorr.verifyProof(A, tamperedB, S, proof)
+        expect(result).toBe(false)
+    })
+
+    it('should fail verification if inputs are tampered (S modified)', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Tamper with S
+        const tamperedS = S.add(curve.g)
+
+        // Verify proof
+        const result = schnorr.verifyProof(A, B, tamperedS, proof)
+        expect(result).toBe(false)
+    })
+
+    it('should fail verification if using wrong private key', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const wrongA = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof using wrong private key
+        const proof = schnorr.generateProof(wrongA, A, B, S)
+
+        // Verify proof
+        const result = schnorr.verifyProof(A, B, S, proof)
+        expect(result).toBe(false)
+    })
+
+    it('should fail verification if using wrong public key', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+        const wrongB = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+        const wrongBPublic = wrongB.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Verify proof with wrong B
+        const result = schnorr.verifyProof(A, wrongBPublic, S, proof)
+        expect(result).toBe(false)
+    })
+
+    it('should fail verification if shared secret S is incorrect', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Intentionally compute incorrect shared secret
+        const S = B.mul(a).add(curve.g)
+
+        // Generate proof with correct S
+        const proof = schnorr.generateProof(a, A, B, B.mul(a))
+
+        // Verify proof with incorrect S
+        const result = schnorr.verifyProof(A, B, S, proof)
+        expect(result).toBe(false)
+    })
+
+    it('should verify a valid proof with fixed keys', () => {
+        // Use fixed private keys for determinism
+        const a = new PrivateKey(new BigNumber('123456789abcdef123456789abcdef123456789abcdef123456789abcdef', 16))
+        const b = new PrivateKey(new BigNumber('abcdef123456789abcdef123456789abcdef123456789abcdef123456789', 16))
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Verify proof
+        const result = schnorr.verifyProof(A, B, S, proof)
+        expect(result).toBe(true)
+    })
+
+    it('should throw an error if inputs are invalid', () => {
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+        const S = B.mul(a)
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        expect(() => schnorr.verifyProof(null as any, B, S, proof)).toThrow()
+        expect(() => schnorr.verifyProof(A, null as any, S, proof)).toThrow()
+        expect(() => schnorr.verifyProof(A, B, null as any, proof)).toThrow()
+        expect(() => schnorr.verifyProof(A, B, S, null as any)).toThrow()
+    })
+})

package/src/primitives/index.ts

@@ -11,3 +11,4 @@ export * as Hash from './Hash.js'
 export { default as Random } from './Random.js'
 export { default as TransactionSignature } from './TransactionSignature.js'
 export { default as Polynomial, PointInFiniteField } from './Polynomial.js'
+export { default as Schnorr } from './Schnorr.js'

package/src/totp/totp.ts

@@ -106,7 +106,7 @@ function generateHOTP (
   options: Required<TOTPOptions>
 ): string {
   const timePad = new BigNumber(counter).toArray('be', 8)
-  //console.log({ timePad })
+  // console.log({ timePad })
   const hmac = calcHMAC(secret, timePad, options.algorithm)
   const signature = hmac.digest()