Closed chris-wood closed 2 years ago
One question I had is whether blind signatures that use techniques other than RSA would be able to implement this API?
Yeah, I think so. I could prototype blind BLS using this API as a sanity check. We don't have a BLS implementation yet, as far as I know, so that would have to be in a separate PR. Sounds like a TODO project for the next couple of weeks!
@cjpatton, @armfazh: I applied your suggestions. I think this PR is now ready for approval and merge. I'll squash before we merge.
@armfazh is there a way to silence the linter that complains about use of math/rand
? I'm using it to mock crypto/rand
. Do we have a way to do this already?
@armfazh is there a way to silence the linter that complains about use of
math/rand
? I'm using it to mockcrypto/rand
. Do we have a way to do this already?
It looks like your goal is to just have a deterministic stream of bits for testing purposes. You can do this by implementing your own io.Reader, which is all that crypto/rand.Reader is: https://pkg.go.dev/crypto/rand#pkg-variables
It looks like your goal is to just have a deterministic stream of bits for testing purposes. You can do this by implementing your own io.Reader, which is all that crypto/rand.Reader is: https://pkg.go.dev/crypto/rand#pkg-variables
Oh, yes, duh. That is simpler. Pushed that change!
@cjpatton suggestions applied, and the deterministic variant was dropped. Please let me know if more changes are needed!
This change adds a generic interface for two-message blind signature protocols, along with a concrete implementation of the blind RSA protocol as currently being specified by the CFRG. This protocol is a very simple wrapper around the existing RSA implementation in the Go standard library.
I'm starting this as a draft PR since I have questions around how we might create signers and verifiers, and how the ergonomics of the API look:
RSASigner
andRSAVerifier
constructors acceptcrypto.rsa
types as input, or more standardized formats for keying material (PKCS12 for private keys, for example)?Blind
function. If the randomness isnil
, the signature is deterministic, and vice versa. Internally, we still always need a source of randomness to generate the blind, which we pull fromcrypto/rand
. Does this sort of knob for controlling signature randomness make sense, or should we instead have aBlindDeterministic
(or whatever) variant?cc @wbl, @cjpatton, @claucece
Closes #307.