Skip to content

cryptoballot/rsablind

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits

.scrutinizer.yml

.scrutinizer.yml

 
 

.travis.yml

.travis.yml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

doc.go

doc.go

 
 

rsa.go

rsa.go

 
 

rsablind.go

rsablind.go

 
 

rsablind_test.go

rsablind_test.go

 
 

Repository files navigation

RSA Blind

RSA Blind Signing using a Full Domain Hash

Build Status Build Status Go Report Card Coverage Status Scrutinizer Issues GoDoc

This library implements a Full-Domain-Hash RSA Blind Signature Scheme.

In cryptography, a blind signature is a form of digital signature in which the content of a message is disguised (blinded) before it is signed. The entity signing the message does not know the contents of the message being signed.

Caveats

  1. This library has not undergone a security review or audit and should not be used in production code.

  2. The key used to sign the blinded messages should not be used for any other purpose. Re-using this key in other contexts opens it up to attack.

  3. Use the Full-Domain-Hash package (https://github.com/cryptoballot/fdh) to expand the size of your hash to a secure size. You should use a full-domain-hash size of at least 1024 bits, but bigger is better. However, this hash size needs to remain significantly smaller than your key size to avoid RSA verification failures. A good rule of thumb is to use 2048 bit keys and 1536 bit hashes, or 4096 bit keys and 3072 bit hashes (hash size is 3/4 the key size). You may also opt to use a SHA-3 SHAKE hash (SHAKE-128 or SHAKE-256) in lieu of a full-domain-hash.

  4. To prevent against an Index Calculation Attack (see http://www.jscoron.fr/publications/isodcc.pdf), be sure to use a properly sized RSA key and hash digest. The RSA key should be at least 2048 bits (larger is better) and the hash digest should be at least 1024 bits (larger is better).

Example

package main

import (
	"crypto"
	"crypto/rand"
	"crypto/rsa"
	_ "crypto/sha256"
	"fmt"
	"github.com/cryptoballot/fdh"
	"github.com/cryptoballot/rsablind"
)

func main() {
	message := []byte("ATTACKATDAWN")

	keysize := 2048
	hashize := 1536

	// We do a SHA256 full-domain-hash expanded to 1536 bits (3/4 the key size)
	hashed := fdh.Sum(crypto.SHA256, hashize, message)

	// Generate a key
	key, _ := rsa.GenerateKey(rand.Reader, keysize)

	// Blind the hashed message
	blinded, unblinder, err := rsablind.Blind(&key.PublicKey, hashed)
	if err != nil {
		panic(err)
	}

	// Blind sign the blinded message
	sig, err := rsablind.BlindSign(key, blinded)
	if err != nil {
		panic(err)
	}

	// Unblind the signature
	unblindedSig := rsablind.Unblind(&key.PublicKey, sig, unblinder)

	// Verify the original hashed message against the unblinded signature
	if err := rsablind.VerifyBlindSignature(&key.PublicKey, hashed, unblindedSig); err != nil {
		panic("failed to verify signature")
	} else {
		fmt.Println("ALL IS WELL")
	}
}

About

RSA Blind Signature Scheme for golang

Topics

golang cryptography rsa rsa-signature blind-signatures full-domain-hash

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

28 stars

Watchers

3 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages