search

cloudflare / circl

CIRCL: Cloudflare Interoperable Reusable Cryptographic Library
http://blog.cloudflare.com/introducing-circl
Other
1.28k stars 143 forks source link

Add blind RSA protocol support #308

Closed chris-wood closed 2 years ago

chris-wood commented 2 years ago

This change adds a generic interface for two-message blind signature protocols, along with a concrete implementation of the blind RSA protocol as currently being specified by the CFRG. This protocol is a very simple wrapper around the existing RSA implementation in the Go standard library.

I'm starting this as a draft PR since I have questions around how we might create signers and verifiers, and how the ergonomics of the API look:

  1. Should the RSASigner and RSAVerifier constructors accept crypto.rsa types as input, or more standardized formats for keying material (PKCS12 for private keys, for example)?
  2. Currently, one controls signature randomness by either supplying (or not) a source of randomness to the Blind function. If the randomness is nil, the signature is deterministic, and vice versa. Internally, we still always need a source of randomness to generate the blind, which we pull from crypto/rand. Does this sort of knob for controlling signature randomness make sense, or should we instead have a BlindDeterministic (or whatever) variant?
  3. Where do we stick the Go LICENSE file (which is required to reuse and modify their code)?
  4. ... there are probably other things we might want to ask ourselves =)

cc @wbl, @cjpatton, @claucece

Closes #307.

chris-wood commented 2 years ago

One question I had is whether blind signatures that use techniques other than RSA would be able to implement this API?

Yeah, I think so. I could prototype blind BLS using this API as a sanity check. We don't have a BLS implementation yet, as far as I know, so that would have to be in a separate PR. Sounds like a TODO project for the next couple of weeks!

chris-wood commented 2 years ago

@cjpatton, @armfazh: I applied your suggestions. I think this PR is now ready for approval and merge. I'll squash before we merge.

chris-wood commented 2 years ago

@armfazh is there a way to silence the linter that complains about use of math/rand? I'm using it to mock crypto/rand. Do we have a way to do this already?

cjpatton commented 2 years ago

@armfazh is there a way to silence the linter that complains about use of math/rand? I'm using it to mock crypto/rand. Do we have a way to do this already?

It looks like your goal is to just have a deterministic stream of bits for testing purposes. You can do this by implementing your own io.Reader, which is all that crypto/rand.Reader is: https://pkg.go.dev/crypto/rand#pkg-variables

chris-wood commented 2 years ago

It looks like your goal is to just have a deterministic stream of bits for testing purposes. You can do this by implementing your own io.Reader, which is all that crypto/rand.Reader is: https://pkg.go.dev/crypto/rand#pkg-variables

Oh, yes, duh. That is simpler. Pushed that change!

chris-wood commented 2 years ago

@cjpatton suggestions applied, and the deterministic variant was dropped. Please let me know if more changes are needed!