Ecdsa bitcoin

ecdsa bitcoin

One of Bitcoin vulnerabilities is caused by ECDSA weak randomness. A random number is not cryptographically secure, which leads to private. Simply stated, a bitcoin transaction is a transfer of spending control between different parties over a pre-specified amount of satoshis. A satoshi is the smallest​. Filippo Valsorda. Exploiting ECDSA. Failures in the. Bitcoin Blockchain. HITB2014KUL. Page 2. CloudFlare security team. @FiloSottile. I mess with cryptography. ecdsa bitcoin

Package ecdsa

Overview ▾

Package ecdsa implements the Elliptic Curve Digital Signature Algorithm, as defined in FIPS 186-3.

This implementation derives the nonce from an AES-CTR CSPRNG keyed by:

SHA2-512(priv.D || entropy || hash)[:32]

The CSPRNG key is indifferentiable from a random oracle as shown in [Coron], the AES-CTR stream is indifferentiable from a random oracle under standard cryptographic assumptions (see [Larsson] for examples).

References:

[Coron] https://cs.nyu.edu/~dodis/ps/merkle.pdf [Larsson] https://www.nada.kth.se/kurser/kth/2D1441/semteo03/lecturenotes/assump.pdf

▾ Example

Index ▾

func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error)
func SignASN1(rand io.Reader, priv *PrivateKey, hash []byte) ([]byte, error)
func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool
func VerifyASN1(pub *PublicKey, hash, sig []byte) bool
type PrivateKey
    func GenerateKey(c elliptic.Curve, rand io.Reader) (*PrivateKey, error)
    func (priv *PrivateKey) Equal(x crypto.PrivateKey) bool
    func (priv *PrivateKey) Public() crypto.PublicKey
    func (priv *PrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
type PublicKey
    func (pub *PublicKey) Equal(x crypto.PublicKey) bool

Package files

ecdsa.goecdsa_noasm.go

func Sign¶

func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error)

Sign signs a hash (which should be the result of hashing a larger message) using the private key, priv. If the hash is longer than the bit-length of the private key's curve order, the hash will be truncated to that length. It returns the signature as a pair of integers. The security of the private key depends on the entropy of rand.

func SignASN1¶1.15

func SignASN1(rand io.Reader, priv *PrivateKey, hash []byte) ([]byte, error)

SignASN1 signs a hash (which should be the result of hashing a larger message) using the private key, priv. If the hash is longer than the bit-length of the private key's curve order, the hash will be truncated to that length. It returns the ASN.1 encoded signature. The security of the private key depends on the entropy of rand.

func Verify¶

func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool

Verify verifies the signature in r, s of hash using the public key, pub. Its return value records whether the signature is valid.

func VerifyASN1¶1.15

func VerifyASN1(pub *PublicKey, hash, sig []byte) bool

VerifyASN1 verifies the ASN.1 encoded signature, sig, of hash using the public key, pub. Its return value records whether the signature is valid.

type PrivateKey¶

PrivateKey represents an ECDSA private key.

type PrivateKey struct { PublicKey D *big.Int }

func GenerateKey¶

func GenerateKey(c elliptic.Curve, rand io.Reader) (*PrivateKey, error)

GenerateKey generates a public and private key pair.

func (*PrivateKey) Equal¶1.15

func (priv *PrivateKey) Equal(x crypto.PrivateKey) bool

Equal reports whether priv and x have the same value.

See PublicKey.Equal for details on how Curve is compared.

func (*PrivateKey) Public¶1.4

func (priv *PrivateKey) Public() crypto.PublicKey

Public returns the public key corresponding to priv.

func (*PrivateKey) Sign¶1.4

func (priv *PrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign signs digest with priv, reading randomness from rand. The opts argument is not currently used but, in keeping with the crypto.Signer interface, should be the hash function used to digest the message.

This method implements crypto.Signer, which is an interface to support keys where the private part is kept in, for example, a hardware module. Common uses should use the Sign function in this package directly.

type PublicKey¶

PublicKey represents an ECDSA public key.

type PublicKey struct { elliptic.Curve X, Y *big.Int }

func (*PublicKey) Equal¶1.15

func (pub *PublicKey) Equal(x crypto.PublicKey) bool

Equal reports whether pub and x have the same value.

Two keys are only considered to have the same value if they have the same Curve value. Note that for example elliptic.P256() and elliptic.P256().Params() are different values, as the latter is a generic not constant time implementation.

Источник: https://golang.org/pkg/crypto/ecdsa/

0 thoughts to “Ecdsa bitcoin”

Leave a Reply

Your email address will not be published. Required fields are marked *