Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ECDSA over secp256k1 signatures and verification #490

Merged
merged 52 commits into from
Jan 5, 2025
+1,123 −91
Merged

Add ECDSA over secp256k1 signatures and verification #490

Changes from 1 commit
Commits
Show all changes
52 commits
Select commit Hold shift + click to select a range
f43a97c
[zoo] add generator for secp256k1
Vindaar Dec 8, 2024
6434eba
[ECDSA] add initial ECDSA signing / verifying implementation
Vindaar Dec 8, 2024
e8540b6
[ecdsa] fix imports
Vindaar Dec 12, 2024
41d502d
[ecdsa] export Secp256k1 as `C` for convenience
Vindaar Dec 12, 2024
2760af4
[ecdsa] export `toDER` proc
Vindaar Dec 12, 2024
9f31c38
[ecdsa] use `isZero` instead of old zero comparison
Vindaar Dec 12, 2024
5862d43
[ecdsa] rename private key generator & add private -> public key
Vindaar Dec 12, 2024
4fd34e2
[tests] add test cases for ECDSA signature verification
Vindaar Dec 12, 2024
a4ca057
[ecdsa] handle some `.noinit.` cases
Vindaar Dec 21, 2024
22bd57b
[ecdsa] turn `toBytes`, `arrayWith` into in-place procedures
Vindaar Dec 21, 2024
4e17514
[ecdsa] clean up comment about Fp -> Fr conversion
Vindaar Dec 21, 2024
46d8f92
[ecdsa] replace toPemPrivateKey/PublicKey by in-place array variants
Vindaar Dec 21, 2024
7164f07
[ecdsa] replace `toDER` by non allocating variant
Vindaar Dec 21, 2024
890b185
[ecdsa] replace out-of-place arithmetic by in-place
Vindaar Dec 23, 2024
50de116
[ecdsa] move ECDSA implementation to ~signatures~ directory
Vindaar Dec 23, 2024
931044d
[ecdsa] remove dependence on explicit SHA256 hash function
Vindaar Dec 24, 2024
fe8a8aa
[ecdsa] make DERSignature generic under curve by having static size
Vindaar Dec 24, 2024
bec1536
[ecdsa] turn more procs generic over curve and hash function
Vindaar Dec 24, 2024
34442fa
[ecdsa] replace sign/verify API by one matching BLS signatures
Vindaar Dec 24, 2024
06f7a5f
[ecdsa] remove global curve & generator constants
Vindaar Dec 24, 2024
ad16403
[ecdsa] correctly handle truncation of digests > Fr BigInts
Vindaar Dec 24, 2024
e9174e6
create file for common signature ops, `derivePubkey` for ECDSA & BLS
Vindaar Dec 24, 2024
4d72a6b
create file specifically for ECDSA over secp256k1
Vindaar Dec 24, 2024
a8ecd59
[ecdsa] add `fromDER` to split DER encoded signature back into r, s a…
Vindaar Dec 26, 2024
828189c
[tests] add OpenSSL wrapper intended for test cases
Vindaar Dec 26, 2024
722fa37
[tests] first step towards OpenSSL tests
Vindaar Dec 26, 2024
64130a1
[tests] fully avoid JSON intermediary files for ECDSA tests
Vindaar Dec 27, 2024
e9387e8
[tests] rename file back to test case name, add DERSigSize tests
Vindaar Dec 27, 2024
0d24f6a
[tests] also test our DER encoder
Vindaar Dec 27, 2024
5229551
[tests] extend OpenSSL wrapper for required functionality
Vindaar Dec 28, 2024
1d05da4
[tests] move openssl wrapper to root of tests to share between tests
Vindaar Dec 28, 2024
c0b3806
[tests] add test case to verify PEM file writer
Vindaar Dec 28, 2024
87bc887
[ecdsa] clean up and fix PEM file writers
Vindaar Dec 28, 2024
8000567
[tests] [bench] use shared OpenSSL wrapper where appropriate
Vindaar Dec 28, 2024
04ce1c8
[codecs] move serialization logic to ecdsa secp256k1 submodule
Vindaar Dec 28, 2024
0c5195f
[codecs] move DER signature serialization to codecs_ecdsa submodule
Vindaar Dec 28, 2024
89688ba
[ecdsa] adjust ECDSA secp256k1 API & test cases
Vindaar Dec 28, 2024
5011fe3
[ecdsa] add mini docstring for `verify`
Vindaar Dec 28, 2024
fa5a5eb
[codecs] clean up imports in `codecs_ecdsa.nim`
Vindaar Dec 28, 2024
2f6a897
[ecdsa] clean up imports of `ecdsa_secp256k1.nim`
Vindaar Dec 28, 2024
2693aec
[ecdsa] do not export `raw` field in ecdsa_secp256k1
Vindaar Dec 30, 2024
1b44a8f
[CI] fix CI failures by including OpenSSL wrapper instead of import
Vindaar Dec 30, 2024
c2c39af
[bench] disable OpenSSL bench for sha256 on windows
Vindaar Dec 31, 2024
fa9e0ab
[nimble] add ECDSA signature test to nimble task
Vindaar Dec 31, 2024
4cac2ec
[ecdsa] replace brainfart using pointer size for bits in byte
Vindaar Dec 31, 2024
30285ff
[ecdsa] fix final related brainfart :)
Vindaar Dec 31, 2024
901597e
[tests] when the brainfart infects the test cases too! 🤯
Vindaar Dec 31, 2024
6c09fe1
replace DERSig* by DerSig*
Vindaar Jan 1, 2025
0bbc839
replace `toPemFile` by simply `toPem`
Vindaar Jan 1, 2025
20057e0
rename `common_signature_ops` to `ecc_sig_ops`
Vindaar Jan 1, 2025
9642ca6
[tests] disable ECDSA test for Windows
Vindaar Jan 1, 2025
2fd2bb2
[ecdsa] avoid awkward arrayWith declaration & call
Vindaar Jan 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
create file for common signature ops, derivePubkey for ECDSA & BLS 
Also cleans up the imports of the ECDSA file and adds the copyright header
@Vindaar
Vindaar committed Dec 30, 2024
commit e9174e60a118520158373279174a235349c5df3a
19 changes: 4 additions & 15 deletions constantine/signatures/bls_signatures.nim
View file
Original file line number Diff line number Diff line change
@@ -15,7 +15,10 @@ import
constantine/named/algebras,
constantine/hash_to_curve/[hash_to_curve, h2c_hash_to_field],
constantine/hashes,
constantine/platforms/views
constantine/platforms/views,
constantine/signatures/common_signature_ops # for `derivePubkey`

export common_signature_ops

# ############################################################
#
@@ -34,20 +37,6 @@ import
{.push raises: [].} # No exceptions allowed in core cryptographic operations
{.push checks: off.} # No defects due to array bound checking or signed integer overflow allowed

func derivePubkey*[Pubkey, SecKey](pubkey: var Pubkey, seckey: SecKey) =
## Generates the public key associated with the input secret key.
##
## The secret key MUST be in range (0, curve order)
## 0 is INVALID
const Group = Pubkey.G
type Field = Pubkey.F
const EC = Field.Name

var pk {.noInit.}: EC_ShortW_Jac[Field, Group]
pk.setGenerator()
pk.scalarMul(seckey)
pubkey.affine(pk)

func coreSign*[Sig, SecKey](
signature: var Sig,
secretKey: SecKey,
26 changes: 26 additions & 0 deletions constantine/signatures/common_signature_ops.nim
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Constantine
# Copyright (c) 2018-2019 Status Research & Development GmbH
# Copyright (c) 2020-Present Mamy André-Ratsimbazafy
# Licensed and distributed under either of
# * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
# * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
# at your option. This file may not be copied, modified, or distributed except according to those terms.

import
constantine/math/[ec_shortweierstrass],
constantine/named/zoo_generators,
constantine/named/algebras

func derivePubkey*[Pubkey, SecKey](pubkey: var Pubkey, seckey: SecKey) =
## Generates the public key associated with the input secret key.
##
## The secret key MUST be in range (0, curve order)
## 0 is INVALID
const Group = Pubkey.G
type Field = Pubkey.F
const EC = Field.Name

var pk {.noInit.}: EC_ShortW_Jac[Field, Group]
pk.setGenerator()
pk.scalarMul(seckey)
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty sure lattices don't derive public keys the same way ;).

Probably better to rename the file ecc_sig_ops.nim or something.

pubkey.affine(pk)
31 changes: 21 additions & 10 deletions constantine/signatures/ecdsa.nim
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,28 @@
# Constantine
# Copyright (c) 2018-2019 Status Research & Development GmbH
# Copyright (c) 2020-Present Mamy André-Ratsimbazafy
# Licensed and distributed under either of
# * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
# * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
# at your option. This file may not be copied, modified, or distributed except according to those terms.

import
../hashes,
../named/algebras,
../math/io/[io_bigints, io_fields, io_ec],
../math/elliptic/[ec_shortweierstrass_affine, ec_shortweierstrass_jacobian, ec_scalar_mul, ec_multi_scalar_mul],
../math/[arithmetic, ec_shortweierstrass],
../platforms/[abstractions, views],
../serialization/codecs, # for fromHex and (in the future) base64 encoding
../mac/mac_hmac, # for deterministic nonce generation via RFC 6979
../named/zoo_generators, # for generator
../csprngs/sysrand
constantine/hashes,
constantine/named/algebras,
constantine/math/io/[io_bigints, io_fields, io_ec],
constantine/math/elliptic/[ec_shortweierstrass_affine, ec_shortweierstrass_jacobian, ec_scalar_mul, ec_multi_scalar_mul],
constantine/math/[arithmetic, ec_shortweierstrass],
constantine/platforms/[abstractions, views],
constantine/serialization/codecs, # for fromHex and (in the future) base64 encoding
constantine/mac/mac_hmac, # for deterministic nonce generation via RFC 6979
constantine/named/zoo_generators, # for generator
constantine/csprngs/sysrand,
constantine/signatures/common_signature_ops # for `derivePubkey`

import std / macros # for `update` convenience helper

export common_signature_ops

type
## Decides the type of sampler we use for the nonce. By default
## a simple uniform random sampler. Alternatively a deterministic