eddsa-threshold 0.2.0__py3-none-any.whl

eddsa_threshold/__init__.py

@@ -0,0 +1 @@
+"""EdDSA Threshold package."""

eddsa_threshold/eddsa/__init__.py

@@ -0,0 +1 @@
+"""EdDSA primitives."""

eddsa_threshold/eddsa/algorithms/__init__.py

@@ -0,0 +1 @@
+"""EdDSA signing algorithms."""

eddsa_threshold/eddsa/algorithms/ed25519.py

@@ -0,0 +1,84 @@
+from typing import Callable
+from eddsa_threshold.eddsa.curves.ed25519.ed25519_curve import Ed25519Curve
+from eddsa_threshold.eddsa.curves.ed25519.scalar_ops import Ed25519ScalarOps
+from eddsa_threshold.eddsa.curves.ed25519.constants import SCALAR_SIZE
+from eddsa_threshold.eddsa.keys.ed25519_keypair import Ed25519Keypair
+from eddsa_threshold.eddsa.util.dom import dom2
+from eddsa_threshold.eddsa.util.hash_bindings import sha512
+
+
+class Ed25519():
+    """
+    EdDSA using the Ed25519 curve.
+    Implements signing and verification methods.
+    """
+
+    @staticmethod
+    def sign(message: bytes, keypair: Ed25519Keypair) -> bytes:
+        """Sign a message using the provided Ed25519 keypair."""
+
+        return Ed25519._sign(message, keypair, ph=lambda m: m, dom2=dom2(0, None))
+
+    @staticmethod
+    def verify(signature: bytes, message: bytes, public_key: bytes) -> bool:
+        """Verify a signature for a message using the provided Ed25519 public key."""
+
+        return Ed25519._verify(signature, message, public_key, ph=lambda m: m, dom2=dom2(0, None))
+
+    @staticmethod
+    def _sign(message: bytes, keypair: Ed25519Keypair, ph: Callable, dom2: bytes) -> bytes:
+        """Internal sign method as basis for subclasses."""
+
+        curve = Ed25519Curve()
+
+        # Sign message according to RFC 8032 Section 5.1.6
+        # 1. Get precomputed prefix
+        prefix = keypair.prefix
+
+        # 2. Compute the nonce
+        r = int.from_bytes(sha512(dom2 + prefix + ph(message)), byteorder='little')
+
+        # 3. Compute the R point
+        r = curve.scalar_ops.reduce(r)
+        R = curve.encode_extended_point(curve.scalar_mult(r))
+
+        # 4. Compute the challenge
+        k = int.from_bytes(sha512(dom2 + R + keypair.public_bytes + ph(message)), byteorder='little')
+
+        # 5. Compute the S value
+        k = curve.scalar_ops.reduce(k)
+        S = curve.scalar_ops.reduce(r + k * keypair.scalar)
+
+        return R + curve._encoding.encode_scalar(S)
+
+    @staticmethod
+    def _verify(signature: bytes, message: bytes, public_key: bytes, ph: Callable, dom2: bytes) -> bool:
+        """Internal verify method as basis for subclasses."""
+
+        curve = Ed25519Curve()
+
+        # Verify signature according to RFC 8032 Section 5.1.7
+        if len(signature) != 64:
+            return False
+
+        try:
+            # 1. Decode R and S from the signature
+            R = curve.decode_point(signature[:SCALAR_SIZE])
+            S = curve._encoding.decode_scalar(signature[SCALAR_SIZE:])
+            if S >= curve.scalar_ops.order or S < 0:
+                return False
+
+            A = curve.decode_point(public_key)
+
+            # 2. Compute the challenge
+            k = int.from_bytes(sha512(dom2 + signature[:SCALAR_SIZE] + public_key + ph(message)), byteorder='little')
+            k = curve.scalar_ops.reduce(k)
+
+            # 3. Verify the equation [S]B = R + [k]A
+            left = curve.scalar_mult(S)
+            right = curve.add(curve.affine_to_extended(R), curve.scalar_mult(k, curve.affine_to_extended(A)))
+
+            return curve.extended_to_affine(left) == curve.extended_to_affine(right)
+
+        except ValueError:
+            return False

eddsa_threshold/eddsa/algorithms/ed25519ctx.py

@@ -0,0 +1,23 @@
+from eddsa_threshold.eddsa.algorithms.ed25519 import Ed25519
+from eddsa_threshold.eddsa.keys.ed25519_keypair import Ed25519Keypair
+from eddsa_threshold.eddsa.util.dom import dom2
+from eddsa_threshold.eddsa.util.hash_bindings import sha512
+
+
+class Ed25519CTX(Ed25519):
+    """
+    EdDSA using the Ed25519 curve and context.
+    Implements signing and verification methods.
+    """
+
+    @staticmethod
+    def sign(message: bytes, keypair: Ed25519Keypair, context: bytes = b"") -> bytes:
+        """Sign a message using the provided Ed25519 keypair. Uses context (SHOULD not be emtpy)."""
+
+        return Ed25519CTX._sign(message, keypair, ph=lambda m: m, dom2=dom2(0, context))
+    
+    @staticmethod
+    def verify(signature: bytes, message: bytes, public_key: bytes, context: bytes = b"") -> bool:
+        """Verify a signature for a message using the provided Ed25519 public key. Uses context (SHOULD not be emtpy)."""
+        
+        return Ed25519CTX._verify(signature, message, public_key, ph=lambda m: m, dom2=dom2(0, context))

eddsa_threshold/eddsa/algorithms/ed25519ph.py

@@ -0,0 +1,23 @@
+from eddsa_threshold.eddsa.algorithms.ed25519 import Ed25519
+from eddsa_threshold.eddsa.keys.ed25519_keypair import Ed25519Keypair
+from eddsa_threshold.eddsa.util.dom import dom2
+from eddsa_threshold.eddsa.util.hash_bindings import sha512
+
+
+class Ed25519PH(Ed25519):
+    """
+    EdDSA using the Ed25519 curve and pre-hashing.
+    Implements signing and verification methods.
+    """
+
+    @staticmethod
+    def sign(message: bytes, keypair: Ed25519Keypair, context: bytes = b"") -> bytes:
+        """Sign a message using the provided Ed25519 keypair. Uses pre-hashing and context (set to empty by default)."""
+
+        return Ed25519PH._sign(message, keypair, ph=sha512, dom2=dom2(1, context))
+    
+    @staticmethod
+    def verify(signature: bytes, message: bytes, public_key: bytes, context: bytes = b"") -> bool:
+        """Verify a signature for a message using the provided Ed25519 public key. Uses pre-hashing and context (set to empty by default)."""
+        
+        return Ed25519PH._verify(signature, message, public_key, ph=sha512, dom2=dom2(1, context))

eddsa_threshold/eddsa/algorithms/ed448.py

@@ -0,0 +1,84 @@
+from typing import Callable
+from eddsa_threshold.eddsa.curves.ed448.constants import SCALAR_SIZE, SIGNATURE_SIZE
+from eddsa_threshold.eddsa.curves.ed448.ed448_curve import Ed448Curve
+from eddsa_threshold.eddsa.curves.ed448.scalar_ops import Ed448ScalarOps
+from eddsa_threshold.eddsa.keys.ed448_keypair import Ed448Keypair
+from eddsa_threshold.eddsa.util.dom import dom4
+from eddsa_threshold.eddsa.util.hash_bindings import shake256
+
+
+class Ed448():
+    """
+    EdDSA using the Ed448 curve.
+    Implements signing and verification methods.
+    """
+
+    @staticmethod
+    def sign(message: bytes, keypair: Ed448Keypair, context: bytes) -> bytes:
+        """Sign a message using the provided Ed448 keypair."""
+
+        return Ed448._sign(message, keypair, ph=lambda m: m, dom4=dom4(0, context))
+
+    @staticmethod
+    def verify(signature: bytes, message: bytes, public_key: bytes, context: bytes) -> bool:
+        """Verify a signature for a message using the provided Ed448 public key."""
+
+        return Ed448._verify(signature, message, public_key, ph=lambda m: m, dom4=dom4(0, context))
+
+    @staticmethod
+    def _sign(message: bytes, keypair: Ed448Keypair, ph: Callable, dom4: bytes) -> bytes:
+        """Internal sign method as basis for subclasses."""
+
+        curve = Ed448Curve()
+
+        # Sign message according to RFC 8032 Section 5.2.6
+        # 1. Get precomputed prefix
+        prefix = keypair.prefix
+
+        # 2. Compute the nonce
+        r = int.from_bytes(shake256(dom4 + prefix + ph(message), 114), byteorder='little')
+
+        # 3. Compute the R point
+        r = curve.scalar_ops.reduce(r)
+        R = curve.encode_extended_point(curve.scalar_mult(r))
+
+        # 4. Compute the challenge
+        k = int.from_bytes(shake256(dom4 + R + keypair.public_bytes + ph(message), 114), byteorder='little')
+
+        # 5. Compute the S value
+        k = curve.scalar_ops.reduce(k)
+        S = curve.scalar_ops.reduce(r + k * keypair.scalar)
+
+        return R + curve._encoding.encode_scalar(S)
+
+    @staticmethod
+    def _verify(signature: bytes, message: bytes, public_key: bytes, ph: Callable, dom4: bytes) -> bool:
+        """Internal verify method as basis for subclasses."""
+
+        curve = Ed448Curve()
+
+        # Verify signature according to RFC 8032 Section 5.2.7
+        if len(signature) != SIGNATURE_SIZE:
+            return False
+
+        try:
+            # 1. Decode R and S from the signature
+            R = curve.decode_point(signature[:SCALAR_SIZE])
+            S = curve._encoding.decode_scalar(signature[SCALAR_SIZE:])
+            if S >= curve.scalar_ops.order or S < 0:
+                return False
+
+            A = curve.decode_point(public_key)
+
+            # 2. Compute the challenge
+            k = int.from_bytes(shake256(dom4 + signature[:SCALAR_SIZE] + public_key + ph(message), 114), byteorder='little')
+            k = curve.scalar_ops.reduce(k)
+
+            # 3. Verify the equation [S]B = R + [k]A
+            left = curve.scalar_mult(S)
+            right = curve.add(curve.affine_to_extended(R), curve.scalar_mult(k, curve.affine_to_extended(A)))
+
+            return curve.extended_to_affine(left) == curve.extended_to_affine(right)
+
+        except ValueError:
+            return False

eddsa_threshold/eddsa/algorithms/ed448ph.py

@@ -0,0 +1,23 @@
+from eddsa_threshold.eddsa.algorithms.ed448 import Ed448
+from eddsa_threshold.eddsa.keys.ed448_keypair import Ed448Keypair
+from eddsa_threshold.eddsa.util.dom import dom4
+from eddsa_threshold.eddsa.util.hash_bindings import shake256
+
+
+class Ed448PH(Ed448):
+    """
+    EdDSA using the Ed448 curve and pre-hashing.
+    Implements signing and verification methods.
+    """
+
+    @staticmethod
+    def sign(message: bytes, keypair: Ed448Keypair, context: bytes = b"") -> bytes:
+        """Sign a message using the provided Ed448 keypair."""
+
+        return Ed448PH._sign(message, keypair, ph=lambda m: shake256(m, 64), dom4=dom4(1, context))
+
+    @staticmethod
+    def verify(signature: bytes, message: bytes, public_key: bytes, context: bytes = b"") -> bool:
+        """Verify a signature for a message using the provided Ed448 public key."""
+
+        return Ed448PH._verify(signature, message, public_key, ph=lambda m: shake256(m, 64), dom4=dom4(1, context))

eddsa_threshold/eddsa/curves/__init__.py

@@ -0,0 +1 @@
+"""Curve implementations."""

eddsa_threshold/eddsa/curves/base/__init__.py

@@ -0,0 +1 @@
+"""Base curve abstractions."""

eddsa_threshold/eddsa/curves/base/edwards_curve.py

@@ -0,0 +1,91 @@
+from abc import ABC, abstractmethod
+from typing import Tuple
+
+from eddsa_threshold.eddsa.curves.base.encoding import Encoding
+from eddsa_threshold.eddsa.curves.base.field_ops import FieldOps
+from eddsa_threshold.eddsa.curves.base.scalar_ops import ScalarOps
+
+
+class EdwardsCurve(ABC):
+    """
+    Abstract base class for Edwards curves.
+
+    Provides methods for point encoding/decoding, coordinate conversions, scalar multiplication, and negation.
+
+    Concrete implementations must provide field operations, encoding, the base point, and point addition/doubling.
+    """
+
+    @property
+    @abstractmethod
+    def field(self) -> FieldOps:
+        """Return the FieldOps implementation."""
+        raise NotImplementedError
+
+    @property
+    @abstractmethod
+    def encoding(self) -> Encoding:
+        """Return the Encoding implementation."""
+        raise NotImplementedError
+    
+    @property
+    @abstractmethod
+    def scalar_ops(self) -> ScalarOps:
+        """Return the ScalarOps implementation."""
+        raise NotImplementedError
+
+    @property
+    @abstractmethod
+    def base_point(self) -> Tuple:
+        """Return affine base point as (x, y)."""
+        raise NotImplementedError
+
+    def encode_extended_point(self, P: Tuple) -> bytes:
+        """Encode point from (X, Y, Z, T) to bytes."""
+        return self.encode_affine_point(self.extended_to_affine(P))
+
+    def encode_affine_point(self, P: Tuple) -> bytes:
+        """Encode point from (x, y) to bytes."""
+        return self.encoding.encode_point(P)
+
+    def decode_point(self, data: bytes) -> Tuple:
+        """Decode point from bytes to (x, y)."""
+        return self.encoding.decode_point(data)
+
+    def affine_to_extended(self, P: Tuple):
+        """Convert (x, y) → (X, Y, Z, T)."""
+        x, y = P
+        return (x, y, 1, self.field.mul(x, y))
+
+    def extended_to_affine(self, P: Tuple):
+        """Convert (X, Y, Z, T) → (x, y)."""
+        X, Y, Z, _ = P
+        z_inv = self.field.inv(Z)
+        return (self.field.mul(X, z_inv), self.field.mul(Y, z_inv))
+
+    @abstractmethod
+    def add(self, P: Tuple, Q: Tuple) -> Tuple:
+        """Add points P and Q."""
+        raise NotImplementedError
+
+    @abstractmethod
+    def double(self, P: Tuple) -> Tuple:
+        """Double point P."""
+        raise NotImplementedError
+
+    def scalar_mult(self, k: int, P=None) -> Tuple:
+        """Multiply point P by scalar k using double-and-add algorithm. If P is None, use the base point."""
+        if P is None:
+            P = self.affine_to_extended(self.base_point)
+
+        Q = (0, 1, 1, 0)  # Neutral element in extended coordinates
+        for bit in reversed(bin(k)[2:]):
+            if bit == '1':
+                Q = self.add(Q, P)
+            P = self.double(P)
+
+        return Q
+
+    def negate(self, P: Tuple) -> Tuple:
+        """Negate point P."""
+        X, Y, Z, T = P
+        return (self.field.neg(X), Y, Z, self.field.neg(T))

eddsa_threshold/eddsa/curves/base/encoding.py

@@ -0,0 +1,54 @@
+from abc import ABC, abstractmethod
+from typing import Tuple
+
+from eddsa_threshold.eddsa.curves.base.field_ops import FieldOps
+
+
+class Encoding(ABC):
+    """
+    Abstract byte encoding/decoding layer.
+    """
+
+    @abstractmethod
+    def __init__(self, FieldOps: FieldOps):
+        """Initialize with field operations."""
+        raise NotImplementedError
+
+    @property
+    @abstractmethod
+    def scalar_size(self) -> int:
+        """Size in bytes of a private scalar."""
+        raise NotImplementedError
+    
+    @property
+    @abstractmethod
+    def group_order(self) -> int:
+        """Group order of the field."""
+        raise NotImplementedError
+
+    @property
+    @abstractmethod
+    def point_size(self) -> int:
+        """Size in bytes of an encoded public key point."""
+        raise NotImplementedError
+
+    @abstractmethod
+    def encode_point(self, P: Tuple) -> bytes:
+        raise NotImplementedError
+
+    @abstractmethod
+    def decode_point(self, data: bytes) -> Tuple:
+        raise NotImplementedError
+
+    def encode_scalar(self, x: int) -> bytes:
+        """Serialize a scalar to bytes (little-endian)."""
+        return x.to_bytes(self.scalar_size, byteorder='little')
+    
+    def decode_scalar(self, data: bytes) -> int:
+        """Deserialize bytes to a scalar (little-endian)."""
+        if len(data) != self.scalar_size:
+            raise ValueError(f"Invalid scalar size: expected {self.scalar_size} bytes")
+        value = int.from_bytes(data, byteorder='little')
+        if value < 0 or value >= self.group_order:
+            raise ValueError("Deserialized scalar is out of range")
+        return value

eddsa_threshold/eddsa/curves/base/field_ops.py

@@ -0,0 +1,48 @@
+from abc import ABC, abstractmethod
+
+
+class FieldOps(ABC):
+    """
+    Abstract base class for finite field operations modulo a prime p.
+
+    All operations return integers representing field elements.
+    """
+
+    @property
+    @abstractmethod
+    def p(self) -> int:
+        """Prime modulus for the field GF(p)."""
+        raise NotImplementedError
+
+    def add(self, x: int, y: int) -> int:
+        """Addition in the field GF(p)."""
+        return (x + y) % self.p
+
+    def sub(self, x: int, y: int) -> int:
+        """Subtraction in the field GF(p)."""
+        return (x - y) % self.p
+
+    def mul(self, x: int, y: int) -> int:
+        """Multiplication in the field GF(p)."""
+        return (x * y) % self.p
+
+    def neg(self, x: int) -> int:
+        """Negation in the field GF(p)."""
+        return -x % self.p
+
+    def inv(self, x: int) -> int:
+        """Multiplicative inverse in the field GF(p)."""
+        # https://en.wikipedia.org/wiki/Finite_field_arithmetic
+        return pow(x, self.p - 2, self.p)
+
+    def sqr(self, x: int) -> int:
+        """Squaring in the field GF(p)."""
+        return (x * x) % self.p
+
+    def pow(self, x: int, e: int) -> int:
+        """Exponentiation in the field GF(p)."""
+        return pow(x, e, self.p)
+
+    def reduce(self, x: int) -> int:
+        """Reduce x modulo p."""
+        return x % self.p

eddsa_threshold/eddsa/curves/base/scalar_ops.py

@@ -0,0 +1,34 @@
+from abc import ABC, abstractmethod
+from secrets import randbelow
+
+
+class ScalarOps(ABC):
+    """
+    Abstract class representing scalar-related math modulo the group order.
+    
+    All operations return integers representing scalars.
+    """
+
+    @property
+    @abstractmethod
+    def order(self) -> int:
+        raise NotImplementedError
+    
+    @property
+    @abstractmethod
+    def identity(self) -> int:
+        """Return the identity scalar."""
+        raise NotImplementedError
+
+    def inv(self, x: int) -> int:
+        """Multiplicative inverse in the field GF(order)."""
+        # https://en.wikipedia.org/wiki/Finite_field_arithmetic
+        return pow(x, self.order - 2, self.order)
+
+    def reduce(self, k: int) -> int:
+        """Reduce any integer modulo the group order."""
+        return k % self.order
+
+    def random_scalar(self) -> int:
+        """Fine for this project; NOT PRODUCTION SECURE."""
+        return randbelow(self.order)

eddsa_threshold/eddsa/curves/ed25519/__init__.py

@@ -0,0 +1 @@
+"""Ed25519 curve implementation."""

eddsa_threshold/eddsa/curves/ed25519/constants.py

@@ -0,0 +1,37 @@
+"""
+Constants for Ed25519
+
+These values are taken from RFC 8032.
+RFC: https://datatracker.ietf.org/doc/html/rfc8032
+"""
+
+# Finite field modulus p
+p = 2**255 - 19
+
+# Bit size of the field
+b = 256
+
+# base 2 logarithm of cofactor
+c = 3
+
+n = 254
+
+# Curve Parameters d/a
+# d = -121665 * pow(121666, -1, p) % p
+d = 37095705934669439343138083508754565189542113879843219016388785533085940283555
+a = -1
+
+# Base point of the curve
+BASE_X = 15112221349535400772501151409588531511454012693041857206046113283949847762202
+BASE_Y = 46316835694926478169428394003475163141307993866256225615783033603165251855960
+BASE = (BASE_X, BASE_Y)
+IDENTITY = (0, 1)
+
+# Order of ed25519
+L = 2**252+27742317777372353535851937790883648493
+
+# Encoding sizes (in bytes)
+SCALAR_SIZE = 32      # size of private scalar
+PUBLIC_KEY_SIZE = 32  # size of encoded public key
+SIGNATURE_SIZE = 64   # R || S
+SEED_SIZE = 32        # seed length specified by RFC 8032

eddsa_threshold/eddsa/curves/ed25519/ed25519_curve.py

@@ -0,0 +1,79 @@
+from typing import Tuple
+from eddsa_threshold.eddsa.curves.base.edwards_curve import EdwardsCurve
+from eddsa_threshold.eddsa.curves.base.encoding import Encoding
+from eddsa_threshold.eddsa.curves.base.field_ops import FieldOps
+from eddsa_threshold.eddsa.curves.base.scalar_ops import ScalarOps
+from .scalar_ops import Ed25519ScalarOps
+from .encoding import Ed25519Encoding
+from .field_ops import Ed25519FieldOps
+from .constants import d, BASE
+
+
+class Ed25519Curve(EdwardsCurve):
+    """
+    Ed25519 curve implementation.
+
+    See base class EdwardsCurve for method descriptions.
+    """
+
+    def __init__(self):
+        self._field_ops = Ed25519FieldOps()
+        self._encoding = Ed25519Encoding(self._field_ops)
+        self._scalar_ops = Ed25519ScalarOps()
+        self.d = d
+
+    @property
+    def field(self) -> FieldOps:
+        return self._field_ops
+
+    @property
+    def encoding(self) -> Encoding:
+        return self._encoding
+
+    @property
+    def scalar_ops(self) -> ScalarOps:
+        return self._scalar_ops
+
+    @property
+    def base_point(self) -> Tuple:
+        return BASE
+
+    # Point addition
+    def add(self, P: Tuple, Q: Tuple) -> Tuple:
+        X1, Y1, Z1, T1 = P
+        X2, Y2, Z2, T2 = Q
+
+        A = (Y1 - X1) * (Y2 - X2)
+        B = (Y1 + X1) * (Y2 + X2)
+        C = T1 * 2 * self.d * T2
+        D = Z1 * 2 * Z2
+        E = B - A
+        F = D - C
+        G = D + C
+        H = B + A
+
+        X3 = self._field_ops.mul(E, F)
+        Y3 = self._field_ops.mul(G, H)
+        T3 = self._field_ops.mul(E, H)
+        Z3 = self._field_ops.mul(F, G)
+
+        return (X3, Y3, Z3, T3)
+
+    # Point doubling
+    def double(self, P: Tuple) -> Tuple:
+        X1, Y1, Z1, T1 = P
+
+        A = X1**2
+        B = Y1**2
+        C = 2 * Z1**2
+        H = A + B
+        E = H - (X1 + Y1)**2
+        G = A - B
+        F = C + G
+
+        X3 = self._field_ops.mul(E, F)
+        Y3 = self._field_ops.mul(G, H)
+        T3 = self._field_ops.mul(E, H)
+        Z3 = self._field_ops.mul(F, G)
+
+        return (X3, Y3, Z3, T3)