UNPKG

@cloudflare/zkp-ecdsa

Version:

zkp-ecdsa: A Typescript Implementation of ZKAttest

github.com/cloudflare/zkp-ecdsa

cloudflare/zkp-ecdsa

137 lines 7.01 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) { var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; return c > 3 && r && Object.defineProperty(target, key, r), r; }; var __metadata = (this && this.__metadata) || function (k, v) { if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v); }; import { ExpProof, proveExp, verifyExp } from './exp/exp.js'; import { GKProof, proveMembership, verifyMembership } from './proofGK/gk.js'; import { PedersenParams, generatePedersenParams } from './commit/pedersen.js'; import { bitLen, fromBytes, invMod, posMod } from './bignum/big.js'; import { jsonArrayMember, jsonMember, jsonObject, toJson } from 'typedjson'; import { p256, tomEdwards256 } from './curves/instances.js'; import { Group } from './curves/group.js'; import { cmpArray } from './util.js'; let SignatureProofList = class SignatureProofList { constructor(R, comS1, keyXcom, keyYcom, expProof, membershipProof) { this.R = R; this.comS1 = comS1; this.keyXcom = keyXcom; this.keyYcom = keyYcom; this.expProof = expProof; this.membershipProof = membershipProof; } eq(o) { return (this.R.eq(o.R) && this.comS1.eq(o.comS1) && this.keyXcom.eq(o.keyXcom) && this.keyYcom.eq(o.keyYcom) && cmpArray(this.expProof, o.expProof) && this.membershipProof.eq(o.membershipProof)); } }; __decorate([ jsonMember({ constructor: Group.Point, isRequired: true }), __metadata("design:type", Group.Point) ], SignatureProofList.prototype, "R", void 0); __decorate([ jsonMember({ constructor: Group.Point, isRequired: true }), __metadata("design:type", Group.Point) ], SignatureProofList.prototype, "comS1", void 0); __decorate([ jsonMember({ constructor: Group.Point, isRequired: true }), __metadata("design:type", Group.Point) ], SignatureProofList.prototype, "keyXcom", void 0); __decorate([ jsonMember({ constructor: Group.Point, isRequired: true }), __metadata("design:type", Group.Point) ], SignatureProofList.prototype, "keyYcom", void 0); __decorate([ jsonArrayMember(ExpProof, { isRequired: true }), __metadata("design:type", Array) ], SignatureProofList.prototype, "expProof", void 0); __decorate([ jsonMember({ constructor: GKProof, isRequired: true }), __metadata("design:type", GKProof) ], SignatureProofList.prototype, "membershipProof", void 0); SignatureProofList = __decorate([ jsonObject, toJson, __metadata("design:paramtypes", [Group.Point, Group.Point, Group.Point, Group.Point, Array, GKProof]) ], SignatureProofList); export { SignatureProofList }; let SystemParametersList = class SystemParametersList { constructor(NistGroup, ProofGroup, SecLevel) { this.NistGroup = NistGroup; this.ProofGroup = ProofGroup; this.SecLevel = SecLevel; } eq(o) { return this.NistGroup.eq(o.NistGroup) && this.ProofGroup.eq(o.ProofGroup) && this.SecLevel == o.SecLevel; } }; __decorate([ jsonMember({ constructor: PedersenParams, isRequired: true }), __metadata("design:type", PedersenParams) ], SystemParametersList.prototype, "NistGroup", void 0); __decorate([ jsonMember({ constructor: PedersenParams, isRequired: true }), __metadata("design:type", PedersenParams) ], SystemParametersList.prototype, "ProofGroup", void 0); __decorate([ jsonMember({ constructor: Number, isRequired: true }), __metadata("design:type", Number) ], SystemParametersList.prototype, "SecLevel", void 0); SystemParametersList = __decorate([ jsonObject, toJson, __metadata("design:paramtypes", [PedersenParams, PedersenParams, Number]) ], SystemParametersList); export { SystemParametersList }; function truncateToN(msg, n) { const delta = bitLen(msg) - bitLen(n); if (delta > 0) { msg >>= BigInt(delta); } return msg; } export function generateParamsList(secLevel = 80) { const nistGroup = generatePedersenParams(p256), proofGroup = generatePedersenParams(tomEdwards256); return new SystemParametersList(nistGroup, proofGroup, secLevel); } export async function keyToInt(publicKey) { const pkBytes = new Uint8Array(await crypto.subtle.exportKey('raw', publicKey)), pkPoint = p256.deserializePoint(pkBytes), pkCoords = pkPoint.toAffine(); if (!pkCoords) { throw new Error('invalid public key'); } return pkCoords.x; } export async function proveSignatureList(params, msgHash, sigBytes, publicKey, which, keys) { const ec = p256, pkBytes = new Uint8Array(await crypto.subtle.exportKey('raw', publicKey)), pkPoint = p256.deserializePoint(pkBytes), pkCoords = pkPoint.toAffine(); if (!pkCoords) { throw new Error('invalid public key'); } const len = sigBytes.length, groupOrder = ec.order, z = truncateToN(fromBytes(msgHash), groupOrder), r = fromBytes(sigBytes.slice(0, len / 2)), s = fromBytes(sigBytes.slice(len / 2)), sinv = invMod(s, groupOrder), u1 = posMod(sinv * z, groupOrder), u2 = posMod(sinv * r, groupOrder), R = ec .generator() .mul(ec.newScalar(u1)) .add(pkPoint.mul(ec.newScalar(u2))), rinv = invMod(r, groupOrder), s1 = posMod(rinv * s, groupOrder), z1 = posMod(rinv * z, groupOrder), Q = ec.generator().mul(ec.newScalar(z1)), paramsSigExp = new PedersenParams(p256, R, params.NistGroup.h), comS1 = paramsSigExp.commit(s1), pkX = params.ProofGroup.commit(pkCoords.x), pkY = params.ProofGroup.commit(pkCoords.y), sigProof = await proveExp(paramsSigExp, params.ProofGroup, s1, comS1, pkPoint, pkX, pkY, params.SecLevel, Q), membershipProof = await proveMembership(params.ProofGroup, pkX, which, keys); return new SignatureProofList(R, comS1.p, pkX.p, pkY.p, sigProof, membershipProof); } export async function verifySignatureList(params, msgHash, keys, proof) { const ec = p256, groupOrder = ec.order, z = truncateToN(fromBytes(msgHash), groupOrder), R = proof.R, coordR = R.toAffine(); if (!coordR) { throw new Error('R is at infinity'); } const rinv = invMod(coordR.x, groupOrder), paramsSigExp = new PedersenParams(p256, R, params.NistGroup.h), z1 = posMod(rinv * z, groupOrder), Q = ec.generator().mul(ec.newScalar(z1)); if (!(await verifyMembership(params.ProofGroup, proof.keyXcom, keys, proof.membershipProof))) { return false; } if (!(await verifyExp(paramsSigExp, params.ProofGroup, proof.comS1, proof.keyXcom, proof.keyYcom, proof.expProof, 20, Q))) { return false; } return true; } //# sourceMappingURL=zkpAttestList.js.map