npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

z-dsa

v1.0.3

Published

Z Digital Signature

Downloads

11

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

zninjazninja

Keywords

DSAdigital-signaturehash based digital signatureShamirLamport

Readme

z-dsa

Z Digital Signature Algorithm - Hash Based

One time signature schema.

INSPIRAITON:

Shamir's secret threshold and Lamport signature schema.

GOAL:

Keep security while reducing keys and signature size.

WARNING: Do not use this in production yet. It is not tested enough.

I am not an expert, but I would like to see opinions if experienced persons about my work.

INSTALL

npm i z-dsa

Example

const zdsa = require("z-dsa")();
const crypto = require("crypto");
var keys = zdsa.keyPairNew();
var msg = crypto.randomBytes(32);
var signature = zdsa.sign(keys.private, msg);
console.log("zdsa",keys.private.length,keys.public.length,signature.length);
console.log(zdsa.verify(keys.public, msg, signature));

How it works.

We need at least one hash function or two different.

First hash function should be a strongerone, second can be weak as even md5.

First hash function will be used to generate signature, while second is used to generate public key.

I will show example with a minimum security.

We will define few constants.

CELL_SIZE_L -> as 32 // size of first hash function output in bytes like sha256

CELL_SIZE_S -> as 16 // size of second hash function output in bytes like md5

HASH_COUNT -> as 64 // number of hashes used to generate private key

so PRIVATE_KEY_BYTES = CELL_SIZE_L*HASH_COUNT /// size of private key in bytes - 2048 for our case

PUBLIC_KEY_BYTES = CELL_SIZE_S*HASH_COUNT /// size of public key in bytes - 1024 for our case

SIGNATURE_BYTES = CELL_SIZE_L * CELL_SIZE_L /// size of signature in bytes - 1024 for our case

SHARE_COEFFICIENT= 22 // percent of minimum shares in percent

MIN_SHARE_COUNT = round(HASH_COUNT/100*SHARE_COEFFICIENT) - 14 in our case

KEY CREATION

Allice will generate random bytes (Nonce) of CELL_SIZE_L size and will generate Shamir's threshold share

with HASH_COUNT shares and MIN_SHARE_COUNT threshold.

Each share must be CELL_SIZE_L+1 size in bytes.

To create private key from shares we exclude first byte of each share and join all shares together.

That is Allice private key.

To generate public key we hash each share from private key with second hash function together with nonce and joing them together.

That is Allice public key and she can share it with the world.

SIGNATURE CREATION

We will call first hash function as HL.

To create signature we need message M which size can be up to CELL_SIZE_L size in bytes and Allice private key.

She will hash message M with HL and iterate over each byte then MOD byte value with HASH_COUNT.

HM = HL(M)

foreach HM as B

I = B MOD HASH_COUNT

She will choose share from private key by calculated index I to insert into signature.

That is her signature.

VERIFYING SIGNATURE

We will call second hash function as HS.

Bob would like to verify the signature.

Hi will need message M, Allice public key Pk and Allice signature S.

First hi will iterate over shares in signature to collect MIN_SHARE_COUNT different shares.

Then Bob will recover Nonce with collected shares if hi has rigth shares in signature.

Then hi will hash message in the same way like on signature creation

HM = HL(M)

foreach HM as NUM=>B

I = B MOD HASH_COUNT

NUM is index of HM byte also index of signature share.

I is index of public key part where part Pk[I] = HS(S[NUM]|Nonce)

So if Bob realize that all Pk[I] = HS(S[NUM]|Nonce) equals, signature is valid.

Hope I expalined good enough. Since I do better with code then with explaining what codes do.