There’s A New Crypto Library In Town — And This One Focuses on Privacy: Kryptology

There’s A New Crypto Library In Town — And This One Focuses on Privacy: Kryptology

We need to build a new Internet. One that is build on mathematics and certainty, rather than the patchy version we have now. For this we need a layer of cryptography at the lowest level, and build software interfaces on top of this. Along with this we now have cryptographic methods which can now provide a foundation of trust, and which preserve privacy. And so the old libraries of OpenSSL are being squeezed out in favour of the new ones which are built on a solid foundation.

The latest of these new “privacy-aware” libraries is Kryptology, and created by Coinbase. This library provides the APIs that developers need, in order to apply to areas of blockchain development. This library include BLS (Boneh-Lynn-Shacham (BLS) signatures, Zero-knowledge Proofs (ZKPs) and Shamir Secret Shares (SSS). With BLS we can digitally sign for data, but also preserve its privacy. Applications of this include group signatures, where multiple entities can merge their signing keys together and provide a single signature for a transaction. With SSS, we can split encryption keys up into shares, and then distribute them across a network. When required, we can call these shares back to reconstruct the key.

The focus for Coinbase seems to be the application of privacy coins, and where no tracking can be applied to the usage of these digital coins. This should support full anonymity for transactions, as opposed to Bitcoin which only supports pseudo-anonymity. And which language have they used? Well, it’s good old Golang. The Gopher is really building a more trusted world.

So let’s take a simple example of generating a BBS (Boneh, Boyen, and Shacham) signature.

BBS Signatures

Can we produce a digital signature for a group of members, and then for it not to be possible to know who has signed within the group? This problem was solved in 2004 with BBS signatures and where Boneh, Boyen and Shacham defined this in [1]. With a group signature, we create a membership of a group with defined private keys. These are defined as members, and the signature of any member cannot be seen from the signature, in terms of the public key of the signature. With BBS, we can also blind signatures, and where Bob to sign a messsage, without knowing the message.

With group signatures use a group manager and which responsible for signing things on behalf of the members. The key features of group signatures are:

• Soundness and completeness. This means that it is always possible to check valid signatures, and that an invalid one will always fail.
• Unforgeable. This means that we can only create a signature when the members of the group are involved.
• Anonymity. This means that it will not be possible to reveal any of the signers of a message. This can only be revealed with the group manager’s secret key.
• Traceability. This means that the group manager can reveal the signer with its secret key.
• Unlinkability. This means that given two or more signed messages, it is not possible to trace that they are signed by the same member.
• Coalition resistance. This means that it is not possible to create a signature without the consent of one of the members.

With group signatures, we create a group private key, and which differs from each of the private keys of members. Then the group private key can produce private keys, and can also be used to reveal the signer of a message. With this, we must also revoke the private key of a member, and this is done with a public announcement of the revocation. This can then also create a new group private address, and which revokes the private key of a member.

The method uses pairing-based cryptography we have two cyclic groups (G1 and G2), and which are of an order of a prime number (n). A pairing on (G1,G2,GT) defines the function e:G1×G2→GT, and where g1 is a generator for G1 and g2 is a generator for G2. In this case we will take a number of SHA-256 hashes, and then sign this with the group private key[here]:

package main

import (
	"fmt"

	"os"

	"github.com/coinbase/kryptology/pkg/core/curves"
	"github.com/coinbase/kryptology/pkg/signatures/bbs"
)

func main() {

	curve := curves.BLS12381(&curves.PointBls12381G2{})
	msg1 := "Hello"
	msg2 := "Hello"
	msg3 := "Hello"

	argCount := len(os.Args[1:])

	if argCount > 0 {
		msg1 = os.Args[1]
	}
	if argCount > 1 {
		msg2 = os.Args[2]
	}
	if argCount > 2 {
		msg3 = os.Args[3]
	}

	var msgs []curves.Scalar
	msgs = append(msgs, curve.Scalar.Hash([]byte(msg1)))
	msgs = append(msgs, curve.Scalar.Hash([]byte(msg2)))
	msgs = append(msgs, curve.Scalar.Hash([]byte(msg3)))

	pk, sk, _ := bbs.NewKeys(curve)

	generators := new(bbs.MessageGenerators).Init(pk, len(msgs))

	sig, _ := sk.Sign(generators, msgs)

	err := pk.Verify(sig, generators, msgs)

	fmt.Printf("Message 1: %s, Message 2: %s, Message 3: %s\n", msg1, msg2, msg3)
	fmt.Printf("Private key: %s\nPublic Key %s\n", sk, pk)

	if err == nil {
		fmt.Println("BBS Signature Proven")
	} else {
		fmt.Println("BBS Signature Not Proven")
	}

}

A sample run [here]:

Message 1: hello, Message 2: hello, Message 3: hello
Private key: &{%!s(*curves.ScalarBls12381=&{0xc0000a7120 0xc0000d0038})}
Public Key &{%!s(*curves.PointBls12381G2=&{0xc000146ea0})}
BBS Signature Proven

And here is the running code:

Conclusions

So, say goodbye to old crypto, and hello to the building of a new (and more trusted) World!

References

[1] Boneh, D., Boyen, X., & Shacham, H. (2004, August). Short group signatures. In Annual International Cryptology Conference (pp. 41–55). Springer, Berlin, Heidelberg.