1 unstable release
0.1.0 | Jun 28, 2024 |
---|
#1133 in Cryptography
26KB
485 lines
Orodruin
Safe Rust Monero-like bLSAG ring signatures on Ristretto curve, as described in Zero to Monero.
Ring signature
A "ring" is a set of public keys. A ring signature is a signature that can only be forged by a member of the ring, and while you can verify its authenticity, you cannot identify which member forged it.
This crate implements bLSAG, a kind of ring signature where a different signatures issued by the same key can be proved to be linked together (without breaking the anonymity). You may want to use single-use keys to avoid linkability.
Typical applications are anonymous voting systems and anonymous transactions (e.g. Monero).
Explanations and proof of correctness are given in this short article.
Features
- Sign (feature
alloc
) - Verify (no-std)
- Generic for cryptographic 512-bits hashers that impl
digest::Digest
(e.g. sha2) (featuredigest
) - Impl for
blake2b-simd
(featureblake2b
) - You can easily impl other hashers
- No guarantee about constant-time operation.
Example
use orodruin::*;
let mut rng = rand::thread_rng();
let mut hasher = sha2::Sha512::default();
let secret_keys: Vec<SecretKey> = (0..4).map(|_| SecretKey::random(&mut rng)).collect();
let ring: Vec<PublicKey> = secret_keys.iter().map(SecretKey::public_key).collect();
for (i, secret_key) in secret_keys.into_iter().enumerate() {
let message = i.to_be_bytes();
let signature = sign(secret_key, &ring, i, &message, &mut rng, &mut hasher);
assert_eq!(signature.verify(ring.iter(), &message, &mut hasher), Ok(()));
}
Disclaimer
I am a student in cryptology and computer security (as of 2024), but I am not an expert in elliptic curves nor have I made a security proof for this algorithm. This crate has not been reviewed by an expert. Use at your own risk.
Name
In Lord of the Rings, Orodruin is the volcano where the Ring of power was forged and destroyed. As the crate Nazgul served as inspiration for the implementation details, we stay in the theme.
License
GNU AGPL v3, CopyLeft 2024 Pascal Engélibert (why copyleft?)
All rights granted to Axiom-Team (association loi 1901, France).
Implementation details inspired by nazgul.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, version 3 of the License.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see https://www.gnu.org/licenses/.
Dependencies
~1.5–2.3MB
~50K SLoC