secp256k1-zkp
This library is under development, and, like the secp256k1-zkp C library it depends on, this is a research effort to determine an optimal API for end-users of the mimblewimble ecosystem.
Installation
npm
npm install secp256k1-zkp
yarn
yarn add secp256k1-zkp
Classes
Constants
Functions
- sha256(v) ⇒
PromiseLike.<ArrayBuffer>
create random sha256 Buffer
- uInt64T(num) ⇒
Buffer
Takes any number (native number, BN, or string) and converts it to uInt64T (64-bit BE Buffer) suitable for use by the C++ bindings.
Secp
Kind: global class
- Secp
- new Secp(opts)
- .secretKeyZero() ⇒
Buffer
- .secretKeyCreate(input) ⇒
Buffer
- .secretKeyGenerate() ⇒
Buffer
- .secretKeyVerify(key) ⇒
boolean
- .secretKeyAdd(secretKey1, secretKey2) ⇒
Buffer
- .secretKeymul(secretKey1, secretKey2) ⇒
Buffer
- .pubKeyZero() ⇒
Buffer
- .pubKeyFromSecretKey(secretKey) ⇒
Buffer
- .pubKeyFromAddingPubKeys(pubKeys) ⇒
Buffer
- .pubKeyIsValid(pubKey) ⇒
boolean
- .pubKeyIsZero(pubKey) ⇒
boolean
- .pubKeySerialize(pubKey, [compress]) ⇒
Buffer
- .pubKeyParse(buffer) ⇒
Buffer
- .keyPairGenerate() ⇒
Object
- .sign(msg, secretKey) ⇒
Buffer
- .verify(sig, msg, pubKey) ⇒
boolean
- .signatureSerialize(sig) ⇒
Buffer
- .signatureParse(buffer) ⇒
Buffer
- .commit(value, [blind]) ⇒
Buffer
- .blindSwitch(value, blind) ⇒
Buffer
- .commitSum([positives], [negatives]) ⇒
Buffer
- .verifyCommitSum([positives], [negatives]) ⇒
boolean
- .blindSum([positives], [negatives]) ⇒
Buffer
- .commitmentToPubKey(commitment) ⇒
Buffer
- .commitmentSerialize(commitment) ⇒
Buffer
- .commitmentParse(buffer) ⇒
Buffer
- .verifyFromCommit(msg, sig, commitment) ⇒
boolean
- .bulletProofVerify(commitment, rangeProof, extraData) ⇒
boolean
- .bulletProofVerifyMulti(commitments, rangeProofs, extraData) ⇒
boolean
- .bulletProofCreate(amount, secretKey, nonce, extraData, [msg]) ⇒
Buffer
- .bulletProofRewind(commitment, nonce, extraData, rangeProof) ⇒
Buffer
- .aggsigCreateSecnonce() ⇒
Buffer
- .aggsigSignSingle(msg, secretKey, pubKeySum) ⇒
Buffer
- .aggsigSignFromSecretKey(secretKey, msg, blindSum) ⇒
Buffer
- .aggsigCalculatePartialSig(secretKey, secNonce, nonceSum, pubKeySum, msg) ⇒
Buffer
- .aggsigVerifySingle(sig, msg, pubNonce, pubKey, pubKeyTotal, extraPubKey, isPartial) ⇒
Buffer
- .aggsigVerifyPartialSig(sig, pubNonceSum, pubKey, pubKeySum, msg) ⇒
Buffer
- .aggsigVerifySingleFromCommit(sig, msg, commit) ⇒
Buffer
- .aggsigVerifyCompletedSig(sig, pubKey, pubKeySum, msg) ⇒
Buffer
- .aggsigAddSignatures(partSigs, nonceSum) ⇒
Buffer
new Secp(opts)
Param | Type | Default |
---|---|---|
opts | Object |
|
[opts.sign] | boolean |
true |
[opts.verify] | boolean |
true |
Buffer
secp.secretKeyZero() ⇒ Creates an zero secret key.
Kind: instance method of Secp
Buffer
secp.secretKeyCreate(input) ⇒ Creates a secret key.
Kind: instance method of Secp
Param | Type |
---|---|
input | Buffer | string |
Buffer
secp.secretKeyGenerate() ⇒ Creates a new random secret key
Kind: instance method of Secp
boolean
secp.secretKeyVerify(key) ⇒ Verifies validity of a secret key.
Kind: instance method of Secp
Param | Type |
---|---|
key | Buffer |
Buffer
secp.secretKeyAdd(secretKey1, secretKey2) ⇒ Adds two secretKeys to create a new secretKey
Kind: instance method of Secp
Param | Type |
---|---|
secretKey1 | Buffer |
secretKey2 | Buffer |
Buffer
secp.secretKeymul(secretKey1, secretKey2) ⇒ Adds two secretKeys to create a new secretKey
Kind: instance method of Secp
Param | Type |
---|---|
secretKey1 | Buffer |
secretKey2 | Buffer |
Buffer
secp.pubKeyZero() ⇒ Creates an invalid zero public key.
Kind: instance method of Secp
Buffer
secp.pubKeyFromSecretKey(secretKey) ⇒ Creates a new public key from a secret key.
Kind: instance method of Secp
Param | Type |
---|---|
secretKey | Buffer |
Buffer
secp.pubKeyFromAddingPubKeys(pubKeys) ⇒ Creates a new public key from the sum of the public keys.
Kind: instance method of Secp
Param | Type |
---|---|
pubKeys | Array.<Buffer> |
boolean
secp.pubKeyIsValid(pubKey) ⇒ Determine if a public key is valid.
Kind: instance method of Secp
Param | Type |
---|---|
pubKey | Buffer |
boolean
secp.pubKeyIsZero(pubKey) ⇒ Determine if a public key is zero.
Kind: instance method of Secp
Param | Type |
---|---|
pubKey | Buffer |
Buffer
secp.pubKeySerialize(pubKey, [compress]) ⇒ Serializes a public key.
Kind: instance method of Secp
Param | Type | Default |
---|---|---|
pubKey | Buffer |
|
[compress] | boolean |
true |
Buffer
secp.pubKeyParse(buffer) ⇒ Parses a public key.
Kind: instance method of Secp
Param | Type |
---|---|
buffer | Buffer |
Object
secp.keyPairGenerate() ⇒ Generates a random keyPair. Convenience function for secretKeyGenerate
and pubKeyFromSecretKey
Kind: instance method of Secp
Buffer
secp.sign(msg, secretKey) ⇒ Constructs a signature for msg
using the secret key secretKey
and RFC6979 nonce
Kind: instance method of Secp
Param | Type |
---|---|
msg | Buffer |
secretKey | Buffer |
boolean
secp.verify(sig, msg, pubKey) ⇒ Checks that sig
is a valid ECDSA signature for msg
using the public
key pubKey
.
Kind: instance method of Secp
Param | Type |
---|---|
sig | Buffer |
msg | Buffer |
pubKey | Buffer |
Buffer
secp.signatureSerialize(sig) ⇒ Serializes a signature.
Kind: instance method of Secp
Param | Type |
---|---|
sig | Buffer |
Buffer
secp.signatureParse(buffer) ⇒ Parses a signature.
Kind: instance method of Secp
Param | Type |
---|---|
buffer | Buffer |
Buffer
secp.commit(value, [blind]) ⇒ Creates a pedersen commitment from a value and a blinding factor
Kind: instance method of Secp
Param | Type |
---|---|
value | number |
[blind] | Buffer |
Buffer
secp.blindSwitch(value, blind) ⇒ Computes blinding factor for switch commitment.
Kind: instance method of Secp
Param | Type |
---|---|
value | number |
blind | Buffer |
Buffer
secp.commitSum([positives], [negatives]) ⇒ Computes the sum of multiple positive and negative pedersen commitments.
Kind: instance method of Secp
Param | Type | Default |
---|---|---|
[positives] | Array.<Buffer> |
[] |
[negatives] | Array.<Buffer> |
[] |
boolean
secp.verifyCommitSum([positives], [negatives]) ⇒ Taking arrays of positive and negative commitments as well as an expected excess, verifies that it all sums to zero.
Kind: instance method of Secp
Param | Type | Default |
---|---|---|
[positives] | Array.<Buffer> |
[] |
[negatives] | Array.<Buffer> |
[] |
Buffer
secp.blindSum([positives], [negatives]) ⇒ Computes the sum of multiple positive and negative blinding factors.
Kind: instance method of Secp
Param | Type | Default |
---|---|---|
[positives] | Array.<Buffer> |
[] |
[negatives] | Array.<Buffer> |
[] |
Buffer
secp.commitmentToPubKey(commitment) ⇒ Retrieves pubKey from commit.
Kind: instance method of Secp
Param | Type |
---|---|
commitment | Buffer |
Buffer
secp.commitmentSerialize(commitment) ⇒ Serializes commitment.
Kind: instance method of Secp
Param | Type |
---|---|
commitment | Buffer |
Buffer
secp.commitmentParse(buffer) ⇒ Parses a commitment.
Kind: instance method of Secp
Param | Type |
---|---|
buffer | Buffer |
boolean
secp.verifyFromCommit(msg, sig, commitment) ⇒ Verify commitment.
Kind: instance method of Secp
Param | Type |
---|---|
msg | Buffer |
sig | Buffer |
commitment | Buffer |
boolean
secp.bulletProofVerify(commitment, rangeProof, extraData) ⇒ Verify with bullet proof that a committed value is positive.
Kind: instance method of Secp
Param | Type |
---|---|
commitment | Buffer |
rangeProof | Buffer |
extraData | Buffer |
boolean
secp.bulletProofVerifyMulti(commitments, rangeProofs, extraData) ⇒ Verify with bullet proof that a committed value is positive.
Kind: instance method of Secp
Param | Type |
---|---|
commitments | Buffer |
rangeProofs | Array.<Buffer> |
extraData | Buffer |
Buffer
secp.bulletProofCreate(amount, secretKey, nonce, extraData, [msg]) ⇒ Create a bulletproof. The blinding factor for commitment should be secretKey.
Kind: instance method of Secp
Param | Type | Default |
---|---|---|
amount | number |
|
secretKey | Buffer |
|
nonce | Buffer |
|
extraData | Buffer |
|
[msg] | Buffer |
Buffer.alloc(16, 0) |
Buffer
secp.bulletProofRewind(commitment, nonce, extraData, rangeProof) ⇒ Rewind a rangeProof to retrieve the amount
Kind: instance method of Secp
Param | Type |
---|---|
commitment | number |
nonce | number |
extraData | number |
rangeProof | number |
Buffer
secp.aggsigCreateSecnonce() ⇒ Creates a new secure nonce (as a SecretKey), guaranteed to be usable during aggsig creation.
Kind: instance method of Secp
Buffer
secp.aggsigSignSingle(msg, secretKey, pubKeySum) ⇒ Simple signature (nonce will be created).
Kind: instance method of Secp
Param | Type |
---|---|
msg | Buffer |
secretKey | Buffer |
pubKeySum | Buffer |
Buffer
secp.aggsigSignFromSecretKey(secretKey, msg, blindSum) ⇒ Calculates a signature for msg given the secretKey and an optional blindSum
Kind: instance method of Secp
Param | Type |
---|---|
secretKey | Buffer |
msg | Buffer |
blindSum | Buffer |
Buffer
secp.aggsigCalculatePartialSig(secretKey, secNonce, nonceSum, pubKeySum, msg) ⇒ Calculates a partial signature given the signer's secure key, the sum of all public nonces and (optionally) the sum of all public keys.
Kind: instance method of Secp
Param | Type | Description |
---|---|---|
secretKey | Buffer |
The signer's secret key |
secNonce | Buffer |
The signer's secret nonce (the public version of which was added to the nonceSum total) |
nonceSum | Buffer |
The sum of the public nonces of all signers participating in the full signature. This value is encoded in e. |
pubKeySum | Buffer |
(Optional) The sum of the public keys of all signers participating in the full signature. If included, this value is encoded in e. |
msg | Buffer |
The message to sign. |
Buffer
secp.aggsigVerifySingle(sig, msg, pubNonce, pubKey, pubKeyTotal, extraPubKey, isPartial) ⇒ Single-Signer (plain old Schnorr, sans-multisig) signature verification
Kind: instance method of Secp
Returns: Buffer
- - Signature on success
Param | Type | Description |
---|---|---|
sig | Buffer |
The signature |
msg | Buffer |
the message to verify |
pubNonce | Buffer |
if not null overrides the public nonce used to calculate e |
pubKey | Buffer |
the public key |
pubKeyTotal | Buffer |
The total of all public keys (for the message in e) |
extraPubKey | Buffer |
if not null, subtract this pubKey from sG |
isPartial | boolean |
whether this is a partial sig, or a fully-combined sig |
Buffer
secp.aggsigVerifyPartialSig(sig, pubNonceSum, pubKey, pubKeySum, msg) ⇒ Verifies a partial signature from a public key. All nonce and public
key sum values must be identical to those provided in the call to
[calculate_partial_sig
].
Kind: instance method of Secp
Param | Type | Description |
---|---|---|
sig | Buffer |
The signature to validate, created via a call to [calculate_partial_sig ] |
pubNonceSum | Buffer |
The sum of the public nonces of all signers participating in the full signature. This value is encoded in e. |
pubKey | Buffer |
Corresponding Public Key of the private key used to sign the message. |
pubKeySum | Buffer |
(Optional) The sum of the public keys of all signers participating in the full signature. If included, this value is encoded in e. |
msg | Buffer |
The message to verify. |
Buffer
secp.aggsigVerifySingleFromCommit(sig, msg, commit) ⇒ Simple verification a single signature from a commitment. The public key used to verify the signature is derived from the commit.
Kind: instance method of Secp
Param | Type | Description |
---|---|---|
sig | Buffer |
The Signature to verify |
msg | Buffer |
The message to sign. |
commit | Buffer |
The commitment to verify. The actual public key used during verification is derived from this commit. |
Buffer
secp.aggsigVerifyCompletedSig(sig, pubKey, pubKeySum, msg) ⇒ Verifies a completed (summed) signature, which must include the message and pubKey sum values that are used during signature creation time to create 'e'
Kind: instance method of Secp
Param | Type | Description |
---|---|---|
sig | Buffer |
The Signature to verify |
pubKey | Buffer |
Corresponding Public Key of the private key used to sign the message. |
pubKeySum | Buffer |
(Optional) The sum of the public keys of all signers participating in the full signature. If included, this value is encoded in e. Must be the same value as when the signature was created to verify correctly. |
msg | Buffer |
The message to verify. |
Buffer
secp.aggsigAddSignatures(partSigs, nonceSum) ⇒ Adds signatures
Kind: instance method of Secp
Param | Type |
---|---|
partSigs | Buffer |
nonceSum | Buffer |
Buffer
ZERO_8 :
Buffer
ZERO_32 :
Buffer
ZERO_64 :
PromiseLike.<ArrayBuffer>
sha256(v) ⇒ create random sha256 Buffer
Kind: global function
Param | Type |
---|---|
v | string |
Buffer
uInt64T(num) ⇒ Takes any number (native number, BN, or string) and converts it to uInt64T (64-bit BE Buffer) suitable for use by the C++ bindings.
Kind: global function
Param | Type | Description |
---|---|---|
num | number |
number to convert. |