trezor-firmware/tools/ed25519cosi.py

from functools import reduce
import binascii
import ed25519raw


def combine_keys(pks):
    P = [ed25519raw.decodepoint(pk) for pk in pks]
    combine = reduce(ed25519raw.edwards, P)
    return ed25519raw.encodepoint(combine)


def combine_sig(R, sigs):
    S = [ed25519raw.decodeint(si) for si in sigs]
    s = sum(S) % ed25519raw.l
    sig = R + ed25519raw.encodeint(s)
    return sig


def get_nonce(sk, data, ctr):
    h = ed25519raw.H(sk)
    b = ed25519raw.b
    r = ed25519raw.Hint(bytes([h[i] for i in range(b >> 3, b >> 2)]) + data + binascii.unhexlify('%08x' % ctr))
    R = ed25519raw.scalarmult(ed25519raw.B, r)
    return r, ed25519raw.encodepoint(R)


def self_test(digest):

    def to_hex(by):
        return binascii.hexlify(by).decode()

    N = 3
    keyset = [0, 2]

    digest = binascii.unhexlify(digest)
    print('Digest: %s' % to_hex(digest))
    sks = []
    pks = []
    nonces = []
    commits = []
    sigs = []
    for i in range(0, N):
        print('----- Key %d ------' % (i + 1))
        seckey = bytes([0x41 + i]) * 32
        pubkey = ed25519raw.publickey(seckey)
        print('Secret Key: %s' % to_hex(seckey))
        print('Public Key: %s' % to_hex(pubkey))
        sks.append(seckey)
        pks.append(pubkey)
        ctr = 0
        r, R = get_nonce(seckey, digest, ctr)
        print('Local nonce:  %s' % to_hex(ed25519raw.encodeint(r)))
        print('Local commit: %s' % to_hex(R))
        nonces.append(r)
        commits.append(R)

    global_pk = combine_keys([pks[i] for i in keyset])
    global_R = combine_keys([commits[i] for i in keyset])
    print('-----------------')
    print('Global pubkey: %s' % to_hex(global_pk))
    print('Global commit: %s' % to_hex(global_R))
    print('-----------------')

    for i in range(0, N):
        seckey = sks[i]
        pubkey = pks[i]
        r = nonces[i]
        R = commits[i]
        h = ed25519raw.H(seckey)
        b = ed25519raw.b
        a = 2**(b - 2) + sum(2**i * ed25519raw.bit(h, i) for i in range(3, b - 2))
        S = (r + ed25519raw.Hint(global_R + global_pk + digest) * a) % ed25519raw.l
        print('Local sig %d: %s' % (i + 1, to_hex(ed25519raw.encodeint(S))))
        sigs.append(ed25519raw.encodeint(S))

    print('-----------------')
    sig = combine_sig(global_R, [sigs[i] for i in keyset])
    print('Global sig: %s' % to_hex(sig))
    ed25519raw.checkvalid(sig, digest, global_pk)
    print('Valid Signature!')


if __name__ == '__main__':
    import sys
    if len(sys.argv) > 1:
        self_test(digest=sys.argv[1])
    else:
        self_test(digest='4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b')
tools: simplify ed25519cosi 2017-10-01 17:42:29 +00:00			`from functools import reduce`
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00			`import binascii`
			`import ed25519raw`

tools: autopep8 2017-06-13 14:50:03 +00:00
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00			`def combine_keys(pks):`
tools: simplify ed25519cosi 2017-10-01 17:42:29 +00:00			`P = [ed25519raw.decodepoint(pk) for pk in pks]`
			`combine = reduce(ed25519raw.edwards, P)`
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00			`return ed25519raw.encodepoint(combine)`

tools: autopep8 2017-06-13 14:50:03 +00:00
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00			`def combine_sig(R, sigs):`
tools: simplify ed25519cosi 2017-10-01 17:42:29 +00:00			`S = [ed25519raw.decodeint(si) for si in sigs]`
			`s = sum(S) % ed25519raw.l`
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00			`sig = R + ed25519raw.encodeint(s)`
			`return sig`

tools: autopep8 2017-06-13 14:50:03 +00:00
			`def get_nonce(sk, data, ctr):`
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00			`h = ed25519raw.H(sk)`
			`b = ed25519raw.b`
tools: fix flake8 warnings 2017-09-05 21:15:47 +00:00			`r = ed25519raw.Hint(bytes([h[i] for i in range(b >> 3, b >> 2)]) + data + binascii.unhexlify('%08x' % ctr))`
tools: autopep8 2017-06-13 14:50:03 +00:00			`R = ed25519raw.scalarmult(ed25519raw.B, r)`
tools: fix small issues with keytool 2017-09-30 08:26:36 +00:00			`return r, ed25519raw.encodepoint(R)`
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00
tools: autopep8 2017-06-13 14:50:03 +00:00
tools: simplify ed25519cosi 2017-10-01 17:42:29 +00:00			`def self_test(digest):`
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00
tools: simplify ed25519cosi 2017-10-01 17:42:29 +00:00			`def to_hex(by):`
			`return binascii.hexlify(by).decode()`
tools: autopep8 2017-06-13 14:50:03 +00:00
tools: fix small issues with keytool 2017-09-30 08:26:36 +00:00			`N = 3`
			`keyset = [0, 2]`
tools: add header to ed25519raw.py, fix whitespace in keytool 2017-04-02 21:03:07 +00:00
tools: simplify ed25519cosi 2017-10-01 17:42:29 +00:00			`digest = binascii.unhexlify(digest)`
			`print('Digest: %s' % to_hex(digest))`
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00			`sks = []`
			`pks = []`
			`nonces = []`
			`commits = []`
			`sigs = []`
			`for i in range(0, N):`
tools: autopep8 2017-06-13 14:50:03 +00:00			`print('----- Key %d ------' % (i + 1))`
tools: fix small issues with keytool 2017-09-30 08:26:36 +00:00			`seckey = bytes([0x41 + i]) * 32`
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00			`pubkey = ed25519raw.publickey(seckey)`
tools: simplify ed25519cosi 2017-10-01 17:42:29 +00:00			`print('Secret Key: %s' % to_hex(seckey))`
			`print('Public Key: %s' % to_hex(pubkey))`
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00			`sks.append(seckey)`
			`pks.append(pubkey)`
			`ctr = 0`
build: sign all stuff using ed25519 cosi (2 out of 3) 2017-10-01 15:46:58 +00:00			`r, R = get_nonce(seckey, digest, ctr)`
tools: simplify ed25519cosi 2017-10-01 17:42:29 +00:00			`print('Local nonce: %s' % to_hex(ed25519raw.encodeint(r)))`
			`print('Local commit: %s' % to_hex(R))`
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00			`nonces.append(r)`
			`commits.append(R)`
tools: add header to ed25519raw.py, fix whitespace in keytool 2017-04-02 21:03:07 +00:00
build: sign all stuff using ed25519 cosi (2 out of 3) 2017-10-01 15:46:58 +00:00			`global_pk = combine_keys([pks[i] for i in keyset])`
			`global_R = combine_keys([commits[i] for i in keyset])`
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00			`print('-----------------')`
tools: simplify ed25519cosi 2017-10-01 17:42:29 +00:00			`print('Global pubkey: %s' % to_hex(global_pk))`
			`print('Global commit: %s' % to_hex(global_R))`
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00			`print('-----------------')`

tools: fix small issues with keytool 2017-09-30 08:26:36 +00:00			`for i in range(0, N):`
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00			`seckey = sks[i]`
			`pubkey = pks[i]`
			`r = nonces[i]`
			`R = commits[i]`
			`h = ed25519raw.H(seckey)`
			`b = ed25519raw.b`
build: sign all stuff using ed25519 cosi (2 out of 3) 2017-10-01 15:46:58 +00:00			`a = 2(b - 2) + sum(2i * ed25519raw.bit(h, i) for i in range(3, b - 2))`
			`S = (r + ed25519raw.Hint(global_R + global_pk + digest) * a) % ed25519raw.l`
tools: simplify ed25519cosi 2017-10-01 17:42:29 +00:00			`print('Local sig %d: %s' % (i + 1, to_hex(ed25519raw.encodeint(S))))`
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00			`sigs.append(ed25519raw.encodeint(S))`

			`print('-----------------')`
build: sign all stuff using ed25519 cosi (2 out of 3) 2017-10-01 15:46:58 +00:00			`sig = combine_sig(global_R, [sigs[i] for i in keyset])`
tools: simplify ed25519cosi 2017-10-01 17:42:29 +00:00			`print('Global sig: %s' % to_hex(sig))`
build: sign all stuff using ed25519 cosi (2 out of 3) 2017-10-01 15:46:58 +00:00			`ed25519raw.checkvalid(sig, digest, global_pk)`
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00			`print('Valid Signature!')`

tools: fix flake8 warnings 2017-09-05 21:15:47 +00:00
Added tool to test cooperative signing 2017-04-02 15:27:36 +00:00			`if __name__ == '__main__':`
tools: simplify ed25519cosi 2017-10-01 17:42:29 +00:00			`import sys`
tools: remove ed25519 dependency, prepare for ed25519cosi signing 2017-10-01 14:26:51 +00:00			`if len(sys.argv) > 1:`
tools: simplify ed25519cosi 2017-10-01 17:42:29 +00:00			`self_test(digest=sys.argv[1])`
tools: remove ed25519 dependency, prepare for ed25519cosi signing 2017-10-01 14:26:51 +00:00			`else:`
tools: simplify ed25519cosi 2017-10-01 17:42:29 +00:00			`self_test(digest='4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b')`