eddsa-threshold 0.2.0__py3-none-any.whl

eddsa_threshold/eddsa/curves/ed25519/encoding.py

@@ -0,0 +1,80 @@
+from typing import Tuple
+
+from eddsa_threshold.eddsa.curves.base.encoding import Encoding
+from eddsa_threshold.eddsa.curves.ed25519.field_ops import Ed25519FieldOps
+from .constants import SCALAR_SIZE, PUBLIC_KEY_SIZE, d, a, L
+
+
+class Ed25519Encoding(Encoding):
+    """
+    Byte encoding/decoding layer for Ed25519.
+    """
+
+    def __init__(self, field_ops: Ed25519FieldOps):
+        self._field = field_ops
+
+    @property
+    def scalar_size(self) -> int:
+        """Size in bytes of a private scalar."""
+        return SCALAR_SIZE
+    
+    @property
+    def group_order(self) -> int:
+        """Group order of the field."""
+        return L
+
+    @property
+    def point_size(self) -> int:
+        """Size in bytes of an encoded public key point."""
+        return PUBLIC_KEY_SIZE
+
+    def encode_point(self, P: Tuple) -> bytes:
+        """Encode point P=(x, y) to bytes."""
+        x, y = P
+        y_bytes = y.to_bytes(self.point_size, byteorder='little')
+        
+        y_bytes = bytearray(y_bytes)
+        if x & 1:
+            y_bytes[-1] |= 0x80
+        
+        return bytes(y_bytes)
+
+    def decode_point(self, data: bytes) -> Tuple:
+        """Decode point from bytes to (x_lsb, y)."""
+        if len(data) != self.point_size:
+            raise ValueError("Invalid point size")
+        
+        y_bytes = bytearray(data)
+        x_lsb = (y_bytes[-1] >> 7) & 1
+        y_bytes[-1] &= 0x7F  # Clear the MSB
+        
+        y = int.from_bytes(y_bytes, byteorder='little')
+        if y >= self._field.p:
+            raise ValueError("Invalid point encoding - y out of range")
+        
+        y2 = self._field.pow(y, 2)
+        u = (y2 - 1) % self._field.p
+        v = (d * y2 - a) % self._field.p
+        
+        v3 = self._field.pow(v, 3)
+        v7 = self._field.pow(v, 7)
+        
+        w = (u * v3 * self._field.pow((u * v7), ((self._field.p - 5) // 8))) % self._field.p
+        
+        w2 = self._field.sqr(w)
+        
+        if (v * w2) % self._field.p == u:
+            x = w
+        elif (v * w2) % self._field.p == self._field.neg(u):
+            x = (w * self._field.pow(2, ((self._field.p - 1) // 4))) % self._field.p
+        else:
+            raise ValueError("Invalid point encoding - SQRT failure")
+        
+        if x == 0 and x_lsb == 1:
+            raise ValueError("Invalid point encoding - x is zero but lsb is 1")
+        
+        if (x % 2) == x_lsb:
+            return (x, y)
+        else:
+            return (self._field.p - x, y)
+            

eddsa_threshold/eddsa/curves/ed25519/field_ops.py

@@ -0,0 +1,12 @@
+from eddsa_threshold.eddsa.curves.base.field_ops import FieldOps
+from .constants import p
+
+
+class Ed25519FieldOps(FieldOps):
+    """
+    Finite field operations modulo the prime p = 2^255 - 19 for Ed25519.
+    """
+
+    @property
+    def p(self) -> int:
+        return p

eddsa_threshold/eddsa/curves/ed25519/scalar_ops.py

@@ -0,0 +1,12 @@
+from eddsa_threshold.eddsa.curves.base.scalar_ops import ScalarOps
+from .constants import L, SCALAR_SIZE
+
+
+class Ed25519ScalarOps(ScalarOps):
+    @property
+    def order(self) -> int:
+        return L
+    
+    @property
+    def identity(self) -> int:
+        return 0

eddsa_threshold/eddsa/curves/ed448/__init__.py

@@ -0,0 +1 @@
+"""Ed448 curve implementation."""

eddsa_threshold/eddsa/curves/ed448/constants.py

@@ -0,0 +1,37 @@
+"""
+Constants for Ed448
+
+These values are taken from RFC 8032.
+RFC: https://datatracker.ietf.org/doc/html/rfc8032
+"""
+
+# Finite field modulus p
+p = 2**448 - 2**224 -  1
+
+# Bit size of the field
+b = 456
+
+# base 2 logarithm of cofactor
+c = 2
+
+n = 447
+
+# Curve Parameters d/a
+# d = -121665 * pow(121666, -1, p) % p
+d = -39081
+a = 1
+
+# Base point of the curve
+BASE_X = 224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710
+BASE_Y = 298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660
+BASE = (BASE_X, BASE_Y)
+IDENTITY = (0, 1)
+
+# Order of ed25519
+L = 2**446 - 13818066809895115352007386748515426880336692474882178609894547503885
+
+# Encoding sizes (in bytes)
+SCALAR_SIZE = 57      # size of private scalar
+PUBLIC_KEY_SIZE = 57  # size of encoded public key
+SIGNATURE_SIZE = 114  # R || S
+SEED_SIZE = 57        # seed length specified by RFC 8032

eddsa_threshold/eddsa/curves/ed448/ed448_curve.py

@@ -0,0 +1,76 @@
+from typing import Tuple
+from eddsa_threshold.eddsa.curves.base.edwards_curve import EdwardsCurve
+from eddsa_threshold.eddsa.curves.base.encoding import Encoding
+from eddsa_threshold.eddsa.curves.base.field_ops import FieldOps
+from eddsa_threshold.eddsa.curves.base.scalar_ops import ScalarOps
+from .scalar_ops import Ed448ScalarOps
+from .encoding import Ed448Encoding
+from .field_ops import Ed448FieldOps
+from .constants import d, BASE
+
+
+class Ed448Curve(EdwardsCurve):
+    """
+    Ed448 curve implementation.
+
+    See base class EdwardsCurve for method descriptions.
+    """
+
+    def __init__(self):
+        self._field_ops = Ed448FieldOps()
+        self._encoding = Ed448Encoding(self._field_ops)
+        self._scalar_ops = Ed448ScalarOps()
+        self.d = d
+
+    @property
+    def field(self) -> FieldOps:
+        return self._field_ops
+
+    @property
+    def encoding(self) -> Encoding:
+        return self._encoding
+
+    @property
+    def scalar_ops(self) -> ScalarOps:
+        return self._scalar_ops
+
+    @property
+    def base_point(self) -> Tuple:
+        return BASE
+
+    # Point addition
+    def add(self, P: Tuple, Q: Tuple) -> Tuple:
+        X1, Y1, Z1, _ = P
+        X2, Y2, Z2, _ = Q
+
+        A = Z1 * Z2
+        B = A**2
+        C = X1 * X2
+        D = Y1 * Y2
+        E = d * C * D
+        F = B - E
+        G = B + E
+        H = (Y1 + X1) * (Y2 + X2)
+
+        X3 = self._field_ops.mul(A, F*(H - C - D))
+        Y3 = self._field_ops.mul(A, G*(D - C))
+        Z3 = self._field_ops.mul(F, G)
+
+        return (X3, Y3, Z3, _)
+
+    # Point doubling
+    def double(self, P: Tuple) -> Tuple:
+        X1, Y1, Z1, _ = P
+
+        B = (X1+Y1) ** 2
+        C = X1**2
+        D = Y1**2
+        E = C + D
+        H = Z1**2
+        J = E - 2 * H
+
+        X3 = self._field_ops.mul((B - E), J)
+        Y3 = self._field_ops.mul(E, (C - D))
+        Z3 = self._field_ops.mul(E, J)
+
+        return (X3, Y3, Z3, _)

eddsa_threshold/eddsa/curves/ed448/encoding.py

@@ -0,0 +1,77 @@
+from typing import Tuple
+
+from eddsa_threshold.eddsa.curves.base.encoding import Encoding
+from eddsa_threshold.eddsa.curves.ed448.field_ops import Ed448FieldOps
+from .constants import SCALAR_SIZE, PUBLIC_KEY_SIZE, d, a, L
+
+
+class Ed448Encoding(Encoding):
+    """
+    Byte encoding/decoding layer for Ed448.
+    """
+
+    def __init__(self, field_ops: Ed448FieldOps):
+        self._field = field_ops
+
+    @property
+    def scalar_size(self) -> int:
+        """Size in bytes of a private scalar."""
+        return SCALAR_SIZE
+    
+    @property
+    def group_order(self) -> int:
+        """Group order of the field."""
+        return L
+
+    @property
+    def point_size(self) -> int:
+        """Size in bytes of an encoded public key point."""
+        return PUBLIC_KEY_SIZE
+
+    def encode_point(self, P: Tuple) -> bytes:
+        """Encode point P=(x, y) to bytes."""
+        x, y = P
+        y_bytes = y.to_bytes(self.point_size, byteorder='little')
+        
+        y_bytes = bytearray(y_bytes)
+        if x & 1:
+            y_bytes[-1] |= 0x80
+        
+        return bytes(y_bytes)
+
+    def decode_point(self, data: bytes) -> Tuple:
+        """Decode point from bytes to (x_lsb, y)."""
+        if len(data) != self.point_size:
+            raise ValueError("Invalid point size")
+        
+        y_bytes = bytearray(data)
+        x_lsb = (y_bytes[-1] >> 7) & 1
+        y_bytes[-1] &= 0x7F  # Clear the MSB
+        
+        y = int.from_bytes(y_bytes, byteorder='little')
+        if y >= self._field.p:
+            raise ValueError("Invalid point encoding - y out of range")
+        
+        y2 = self._field.pow(y, 2)
+        u = (y2 - 1) % self._field.p
+        v = (d * y2 - a) % self._field.p
+        
+        u3 = self._field.pow(u, 3)
+        v3 = self._field.pow(v, 3)
+        u5 = self._field.pow(u, 5)
+        
+        w = (u3 * v * self._field.pow((u5 * v3), ((self._field.p - 3) // 4))) % self._field.p
+        
+        if (v * w**2) % self._field.p == u:
+            x = w
+        else:
+            raise ValueError("Invalid point encoding - SQRT failure")
+        
+        if x == 0 and x_lsb == 1:
+            raise ValueError("Invalid point encoding - x is zero but lsb is 1")
+        
+        if (x % 2) == x_lsb:
+            return (x, y)
+        else:
+            return (self._field.p - x, y)
+            

eddsa_threshold/eddsa/curves/ed448/field_ops.py

@@ -0,0 +1,12 @@
+from eddsa_threshold.eddsa.curves.base.field_ops import FieldOps
+from .constants import p
+
+
+class Ed448FieldOps(FieldOps):
+    """
+    Finite field operations modulo the prime p = 2^448 - 2^224 - 1 for Ed448.
+    """
+
+    @property
+    def p(self) -> int:
+        return p

eddsa_threshold/eddsa/curves/ed448/scalar_ops.py

@@ -0,0 +1,12 @@
+from eddsa_threshold.eddsa.curves.base.scalar_ops import ScalarOps
+from .constants import L, SCALAR_SIZE
+
+
+class Ed448ScalarOps(ScalarOps):
+    @property
+    def order(self) -> int:
+        return L
+
+    @property
+    def identity(self) -> int:
+        return 0

eddsa_threshold/eddsa/keys/__init__.py

@@ -0,0 +1 @@
+"""Keypair helpers."""

eddsa_threshold/eddsa/keys/ed25519_keypair.py

@@ -0,0 +1,46 @@
+import os
+from eddsa_threshold.eddsa.curves.ed25519.ed25519_curve import Ed25519Curve
+from eddsa_threshold.eddsa.keys.keypair import Keypair
+from eddsa_threshold.eddsa.curves.ed25519.constants import SEED_SIZE
+from eddsa_threshold.eddsa.util.hash_bindings import sha512
+
+
+class Ed25519Keypair(Keypair):
+    """
+    Ed25519 keypair implementation.
+
+    Provides methods to create an Ed25519 keypair from a private seed or to generate a fresh random keypair.
+    """
+
+    @classmethod
+    def from_private_bytes(cls, seed: bytes) -> Ed25519Keypair:
+        """Create Ed25519 keypair from 32-byte seed."""
+        if len(seed) != SEED_SIZE:
+            raise ValueError(f"Invalid seed size: {len(seed)} bytes (expected {SEED_SIZE} bytes)")
+
+        # Derive key according to RFC 8032 Section 5.1.5
+        # 1. Hash with SHA-512
+        hashed = sha512(seed)
+
+        # 2. Prune bits
+        a_bytes = bytearray(hashed[:32])
+        a_bytes[0] &= 248
+        a_bytes[31] &= 127
+        a_bytes[31] |= 64
+
+        # 3. Convert to integer scalar
+        scalar = int.from_bytes(a_bytes, byteorder='little')
+        
+        # 4. Compute prefix
+        prefix = hashed[32:]
+
+        # 5. Compute public key
+        curve = Ed25519Curve()
+        public_bytes = curve.encode_extended_point(curve.scalar_mult(scalar))
+
+        return cls(seed, scalar, prefix, public_bytes)
+
+    @classmethod
+    def generate(cls) -> Ed25519Keypair:
+        """Generate a fresh Ed25519 keypair from a random 32-byte seed."""
+        return cls.from_private_bytes(os.urandom(SEED_SIZE))

eddsa_threshold/eddsa/keys/ed448_keypair.py

@@ -0,0 +1,45 @@
+import os
+from eddsa_threshold.eddsa.curves.ed448.ed448_curve import Ed448Curve
+from eddsa_threshold.eddsa.keys.keypair import Keypair
+from eddsa_threshold.eddsa.curves.ed448.constants import SEED_SIZE
+from eddsa_threshold.eddsa.util.hash_bindings import shake256
+
+
+class Ed448Keypair(Keypair):
+    """
+    Ed448 keypair implementation.
+
+    Provides methods to create an Ed448 keypair from a private seed or to generate a fresh random keypair.
+    """
+
+    @classmethod
+    def from_private_bytes(cls, seed: bytes) -> Ed448Keypair:
+        """Create Ed448 keypair from 57-byte seed."""
+        if len(seed) != SEED_SIZE:
+            raise ValueError(f"Invalid seed size: {len(seed)} bytes (expected {SEED_SIZE} bytes)")
+
+        # Derive key according to RFC 8032 Section 5.2.5
+        # 1. Hash with SHAKE-256(x, 114)
+        hashed = shake256(seed, 114)
+
+        # 2. Prune bits
+        a_bytes = bytearray(hashed[:57])
+        a_bytes[0] &= 252
+        a_bytes[56] &= 0
+        a_bytes[55] |= 128
+
+        # 3. Convert to integer scalar
+        scalar = int.from_bytes(a_bytes, byteorder='little')
+        
+        # 4. Compute prefix
+        prefix = hashed[57:]
+
+        # 5. Compute public key
+        curve = Ed448Curve()
+        public_bytes = curve.encode_extended_point(curve.scalar_mult(scalar))
+
+        return cls(seed, scalar, prefix, public_bytes)
+    @classmethod
+    def generate(cls) -> Ed448Keypair:
+        """Generate a fresh Ed448 keypair from a random 57-byte seed."""
+        return cls.from_private_bytes(os.urandom(SEED_SIZE))

eddsa_threshold/eddsa/keys/keypair.py

@@ -0,0 +1,50 @@
+from abc import ABC, abstractmethod
+
+
+class Keypair(ABC):
+    """
+    Abstract base class for EdDSA keypairs.
+    Provides access to private seed, scalar, prefix and public key bytes.
+
+    Also defines abstract methods for keypair generation.
+    These allow for keypair creation from a private seed or generation of a fresh random keypair.
+    """
+
+    def __init__(self, seed: bytes, scalar: int, prefix: bytes, public_bytes: bytes):
+        """Initialize Keypair with private seed, scalar, prefix, and public key bytes."""
+        self._private_bytes = seed
+        self._scalar = scalar
+        self._prefix = prefix
+        self._public_bytes = public_bytes
+
+    @property
+    def private_bytes(self) -> bytes:
+        """Return the private seed bytes used to generate the keypair."""
+        return self._private_bytes
+
+    @property
+    def scalar(self) -> int:
+        """Return the integer scalar derived from the private seed."""
+        return self._scalar
+    
+    @property
+    def prefix(self) -> bytes:
+        """Return the prefix bytes derived from the private seed."""
+        return self._prefix
+
+    @property
+    def public_bytes(self) -> bytes:
+        """Return the public key bytes corresponding to the keypair."""
+        return self._public_bytes
+
+    @classmethod
+    @abstractmethod
+    def from_private_bytes(cls, seed: bytes) -> Keypair: 
+        """Create a keypair from the given private seed bytes."""
+        raise NotImplementedError
+
+    @classmethod
+    @abstractmethod
+    def generate(cls) -> Keypair: 
+        """Generate a fresh random keypair."""
+        raise NotImplementedError

eddsa_threshold/eddsa/util/__init__.py

@@ -0,0 +1 @@
+"""Utility helpers."""

eddsa_threshold/eddsa/util/dom.py

@@ -0,0 +1,17 @@
+from typing import Optional
+
+
+def dom2(phflag: int, context: Optional[bytes]) -> bytes:
+    """Create the DOM2 prefix for EdDSA signatures."""
+    if context is None:
+        return b""
+    if len(context) > 255:
+        raise ValueError("Context length must be at most 255 bytes.")
+    return (b"SigEd25519 no Ed25519 collisions" + bytes([phflag]) + bytes([len(context)]) + context)
+
+
+def dom4(phflag: int, context: bytes) -> bytes:
+    """Create the DOM4 prefix for EdDSA signatures."""
+    if len(context) > 255:
+        raise ValueError("Context length must be at most 255 bytes.")
+    return (b"SigEd448" + bytes([phflag]) + bytes([len(context)]) + context)

eddsa_threshold/eddsa/util/hash_bindings.py

@@ -0,0 +1,12 @@
+import hashlib
+
+
+def sha512(data: bytes) -> bytes:
+    """Compute SHA-512 hash of the input using hashlib."""
+    return hashlib.sha512(data).digest()
+
+def shake256(data: bytes, outlen: int) -> bytes:
+    """Compute SHAKE-256 hash of the input using hashlib."""
+    shake = hashlib.shake_256()
+    shake.update(data)
+    return shake.digest(outlen)

eddsa_threshold/frost/__init__.py

@@ -0,0 +1 @@
+"""FROST protocol implementation."""