npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

goosig

v0.10.0

Published

Group of unknown order signatures

Downloads

408

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

chjjchjjnodwebernodweberpinheadmzpinheadmz

Keywords

cryptogoosigrsa

Readme

GooSig

GooSig was created for the Handshake Project to address a very specific problem: an airdrop to Github users' RSA keys allows Github users to be identified on-chain. In order to anonymize who is receiving coins from the airdrop, cryptographic trickery is required: GooSig allows the creation of signatures originating from RSA private keys without revealing the RSA public key.

GooSig makes use of (G)roups of Unkn(o)wn (O)rder, and implements a cryptographic protocol devised by Dan Boneh and Riad S. Wahby at the Stanford Center for Blockchain Research. It was originally ported from the python reference implementation to javascript, but has since been implemented in C as well.

Usage

const Goo = require('goosig');
const rsa = require('bcrypto/lib/rsa');

// Generate RSA private key.
const priv = rsa.privateKeyGenerate(2048);

// Publish RSA public key.
const pub = rsa.publicKeyCreate(priv);

// GooSig context (using the RSA-2048 challenge modulus).
const goo = new Goo(Goo.RSA2048, 2, 3);

// Generate s_prime and C1 based on user's pubkey.
// Handshake contributors do this part.
// `s_prime` is the seed for the `s` scalar.
const s_prime = goo.generate();
const C1 = goo.challenge(s_prime, pub);

// At this point, C1 is inserted into a public
// merkle tree and added to the HNS consensus rules.

// Encrypt s_prime to user's pubkey.
const ct = goo.encrypt(s_prime, pub);

// User decrypts the encrypted payload.
const pt = goo.decrypt(ct, priv);

pt.equals(s_prime) === true;

// Sign the hash of the serialized airdrop proof.
// This proof includes an address.
// Handshake users do this part after retrieving
// s_prime and C1 from the encrypted public files.
const msg = Buffer.alloc(32, 0xff); // A sighash in reality.
const sig = goo.sign(msg, s_prime, priv);

// Verify the proof.
// The Handshake blockchain does this part.
// C1 effectively becomes the "identifier" for the key.
const result = goo.verify(msg, sig, C1);

result === true;

Moduli

The design of GooSig requires a public RSA modulus whose prime factorization is unknown.

In the early 1990s, RSA Labs generated several RSA moduli for the RSA factoring challenge. RSA Labs claims to have destroyed the hard drives containing the primes.

There are 4 built-in moduli exposed on the Goo object.

  • AOL1 - America Online Root CA 1 (now defunct) (2048 bit).
  • AOL2 - America Online Root CA 2 (now defunct) (4096 bit) - notable for being one of the few 4096 bit moduli in the wild.
  • RSA2048 - From the RSA factoring challenge, and at one point had a $200,000 bounty on it (2048 bit).
  • RSA617 - Also from the factoring challenge (2048 bit). Generated later, in 1997.

Original Links (archive.org):

The above links are preserved in the /etc directory.

The modulus definitions reside in lib/constants.js.

Benchmarks

GooSig verifications are fairly complex and difficult to optimize. C verification time is currently around 1ms with highend consumer-grade hardware. We hope to get sub-1ms verification times by mainnet launch.

Javascript

Timings for 4096-bit RSA GoUO, 2048-bit Signer PK:
 ◷ Generation: 64.00 ms, σ=5.71 ms, max=84.65 ms, min=60.80 ms
 ◷ Signing: 1097.95 ms, σ=48.20 ms, max=1196.90 ms, min=1025.47 ms
 ◷ Verifying: 61.25 ms, σ=6.40 ms, max=83.81 ms, min=58.02 ms

Timings for 4096-bit RSA GoUO, 4096-bit Signer PK:
 ◷ Generation: 65.08 ms, σ=2.29 ms, max=71.01 ms, min=63.59 ms
 ◷ Signing: 1768.06 ms, σ=284.67 ms, max=2469.98 ms, min=1526.67 ms
 ◷ Verifying: 59.30 ms, σ=0.66 ms, max=60.51 ms, min=58.26 ms

Timings for 2048-bit RSA GoUO, 2048-bit Signer PK:
 ◷ Generation: 10.77 ms, σ=0.40 ms, max=12.10 ms, min=10.45 ms
 ◷ Signing: 303.64 ms, σ=27.47 ms, max=372.32 ms, min=267.90 ms
 ◷ Verifying: 20.31 ms, σ=0.86 ms, max=22.36 ms, min=19.60 ms

Timings for 2048-bit RSA GoUO, 4096-bit Signer PK:
 ◷ Generation: 31.74 ms, σ=0.66 ms, max=33.81 ms, min=30.98 ms
 ◷ Signing: 779.28 ms, σ=163.26 ms, max=1261.87 ms, min=589.59 ms
 ◷ Verifying: 20.46 ms, σ=1.85 ms, max=27.17 ms, min=19.62 ms

C (libgmp)

Timings for 4096-bit RSA GoUO, 2048-bit Signer PK:
 ◷ Generation: 6.21 ms, σ=0.26 ms, max=7.11 ms, min=6.03 ms
 ◷ Signing: 95.29 ms, σ=7.54 ms, max=123.13 ms, min=91.12 ms
 ◷ Verifying: 4.15 ms, σ=0.17 ms, max=4.79 ms, min=4.06 ms

Timings for 4096-bit RSA GoUO, 4096-bit Signer PK:
 ◷ Generation: 6.37 ms, σ=0.12 ms, max=6.71 ms, min=6.24 ms
 ◷ Signing: 153.96 ms, σ=15.93 ms, max=194.38 ms, min=136.60 ms
 ◷ Verifying: 4.32 ms, σ=0.84 ms, max=7.47 ms, min=4.04 ms

Timings for 2048-bit RSA GoUO, 2048-bit Signer PK:
 ◷ Generation: 1.19 ms, σ=0.23 ms, max=2.03 ms, min=1.12 ms
 ◷ Signing: 26.22 ms, σ=3.92 ms, max=40.60 ms, min=23.92 ms
 ◷ Verifying: 1.34 ms, σ=0.02 ms, max=1.37 ms, min=1.31 ms

Timings for 2048-bit RSA GoUO, 4096-bit Signer PK:
 ◷ Generation: 3.93 ms, σ=0.11 ms, max=4.18 ms, min=3.81 ms
 ◷ Signing: 69.51 ms, σ=13.73 ms, max=97.56 ms, min=48.25 ms
 ◷ Verifying: 1.38 ms, σ=0.18 ms, max=2.04 ms, min=1.32 ms

Contribution and License Agreement

If you contribute code to this project, you are implicitly allowing your code to be distributed under the MIT license. You are also implicitly verifying that all code is your original work. </legalese>

License

Parts of this software are based on libGooPy.

libGooPy

  • Copyright (c) 2018, Dan Boneh, Riad S. Wahby (Apache License).

goosig.js

  • Copyright (c) 2018, Christopher Jeffrey (MIT License).

See LICENSE for more info.