Crate orodruin

Source
Expand description

§Orodruin

Safe Rust Monero-like bLSAG ring signatures on Ristretto curve, as described in Zero to Monero.

§Ring signature

A “ring” is a set of public keys. A ring signature is a signature that can only be forged by a member of the ring, and while you can verify its authenticity, you cannot identify which member forged it.

This crate implements bLSAG, a kind of ring signature where a different signatures issued by the same key can be proved to be linked together (without breaking the anonymity). You may want to use single-use keys to avoid linkability.

Typical applications are anonymous voting systems and anonymous transactions (e.g. Monero).

§Features

  • Sign (feature alloc)
  • Verify (no-std)
  • Generic for cryptographic 512-bit hashers that impl digest::Digest (e.g. sha2) (feature digest)
  • Impl for blake2b-simd (feature blake2b)
  • You can easily impl other hashers
  • No guarantee about constant-time operation.
  • No guarantee about side-channel attack mitigation.
  • MSRV 1.75.0

Secret key, public key, key image types are 32 bytes each. Signature for a ring of N public keys is at least 64+32N bytes.

§Example

use orodruin::*;

let mut rng = rand::thread_rng();
let mut hasher = sha2::Sha512::default();

let secret_keys: Vec<SecretKey> = (0..4).map(|_| SecretKey::random(&mut rng)).collect();
let ring: Vec<PublicKey> = secret_keys.iter().map(SecretKey::public_key).collect();

for (i, secret_key) in secret_keys.into_iter().enumerate() {
	let message = i.to_be_bytes();
	let signature = sign(secret_key, &ring, i, &message, &mut rng, &mut hasher);
	assert_eq!(signature.verify(ring.iter(), &message, &mut hasher), Ok(()));
}

You can check whether two valid signatures have been signed by the same secret key by checking whether their .key_image are equal.

Structs§

KeyImage
Deterministic image of the private key
PublicKey
Ring public key
SecretKey
Ring secret key
Signature
Ring signature

Enums§

VerifyError
Error giving the reason why a signature is invalid

Traits§

Hasher
Something that can provide a cryptographic hash
Verifiable
A ring signature that can be verified

Functions§

sign
Assumes ring[secret_index] is sk’s public key
signatures_are_linked
Test whether two signatures were emitted by the same private key