aos-signature alternatives and similar packages
Based on the "Cryptography" category.
Alternatively, view aos-signature alternatives based on common mentions on social networks and blogs.
-
cryptohash
DISCONTINUED. efficient and practical cryptohashing in haskell. DEPRECATED in favor of cryptonite -
cipher-blowfish
DISCONTINUED. DEPRECATED by cryptonite; A collection of cryptographic block and stream ciphers in haskell -
cipher-aes
DEPRECATED - use cryptonite - a comprehensive fast AES implementation for haskell that supports aesni and advanced cryptographic modes. -
crypto-pubkey
DISCONTINUED. DEPRECATED - use cryptonite - Cryptographic public key related algorithms in haskell (RSA,DSA,DH,ElGamal) -
cipher-aes128
DISCONTINUED. Based on cipher-aes, but using a crypto-api interface and providing resulting IVs for each mode -
crypto-numbers
DISCONTINUED. DEPRECATED - use cryptonite - Cryptographic number related function and algorithms -
crypto-random
DISCONTINUED. DEPRECATED - use cryptonite - Cryptographic random class and entropy gatherer with safe API for haskell
CodeRabbit: AI Code Reviews for Developers
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of aos-signature or a related project?
Popular Comparisons
README
A ring signature, also know as a Spontaneous Anonymous Group (SAG) or 1-out-of-n signature, convinces a verifier that a message is signed by any member in a group of n independent signers without allowing the verifier to identify who the signer was.
Abe-Ohkubo-Suzuki Ring Signatures
In their paper, "1-out-of-n Signatures from a Variety of Keys"[1], Abe, Ohkubo and Suzuki (AOS) present a method to construct a 1-out-of-n signature scheme that allows mixture use of different flavours of keys at the same time.
Linkable Spontaneous Anonymous Group (LSAG) Signature
Liu, et al.[2] add the property of linkability to ring signatures. Linkability means that two signatures by the same signer can be identified as such, but the signer remains anonymous. It adds the feature of claimability, which allows a signer to claim responsibility by providing proof of having generated a given signature.
A LSAG signature scheme satisfies three properties:
- Anonymity: A signer cannot be distinguished from a pool of
t
commitments (public keys). - Spontaneity: No group secret, group manager of secret sharing setup stage.
- Linkability: Two signatures by the same signer can be linked.
A LSAG Signature Scheme over elliptic curves
It consists of two parts: signature generation and signature verification. Let L = {y0, ..., yt-1} be a list of t
public keys. Let H:{0, 1}* -> Zn where H
is a cryptographic hash function and n
is the order of the elliptic curve over a finite field Fq. For i ∈ {0, ..., t-1},
each user i
has a distinct public key yi and a private key xi.
Signature Generation
Let k ∈ {0, ..., t-1} be the position of the prover's public key in the list L
of public keys. Let xk be its private key. The LSAG signature of a message m ∈ {0,1}* is generated by the following steps:
Compute h by encoding the hash of the public keys to a point in the curve, while hiding its discrete logarithm, and y = [xk] * h. Both computations are the product of a scalar and a point in the curve.
Select u ∈ Zn and compute the first challenge chk+1 = H(L, y, m, [u] * g, [u] * h)
For i in {k+1, ..., t-1, 0, ... k-1}, choose si ∈ Zn and compute the remaining challenges: chi+1 = H(L, y, m, [si] * g + [chi] * yi, [si] * h + [chi] * y)
With the last chk computed, calculate sk = (u - xk * chk) mod n
The signature is (ch0, [s0, ..., st-1], y).
Signature Verification
Given a message m
, a signature of a message (ch0, [s0, ..., st-1], y) and a list of public keys L
, an honest verifier checks a signature as follows:
For i in {0, ..., t-1} compute chi+1 = H(L, y, m, [si] * g + [chi] * yi, [si] * h + [chi] * y), where h = [H(L)] * g.
Check whether c0 is equal to H(L, y, m, [st-1] * g + [cht-1] * yt-1, [st-1] * h + [cht-1] * y)
testSignature
:: ECC.Curve
-> Int
-> ByteString
-> IO Bool
testSignature curve nParticipants msg = do
-- Generate public and private keys
(pubKey, privKey) <- ECC.generate curve
-- Generate random foreign participants
extPubKeys <- genNPubKeys curve nParticipants
-- Position of the signer's key in the set of public keys
k <- fromInteger <$> generateBetween 0 (toInteger $ length extPubKeys - 1)
-- List of public keys
let pubKeys = insert k pubKey extPubKeys
-- Sign message with list of public keys and signer's key pair
signature <- sign pubKeys (pubKey, privKey) msg
-- Verify signature
pure $ verify pubKeys signature msg
References:
- M. Abe, M. Ohkubo, K. Suzuki. "1-out-of-n Signatures from a Variety of Keys", 2002
- K. Liu, K. Wei, S. Wong. "Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups", 2004
Notation:
[b] * P
: multiplication of a point P and a scalar b over an elliptic curve defined over a finite field modulo a prime number
License
Copyright 2018-2020 Adjoint Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*Note that all licence references and agreements mentioned in the aos-signature README section above
are relevant to that project's source code only.