lamport-ots's Introduction

🔏 Lamport One-Time Signatures 🔏

Lamport one-time signature scheme is a simple but effective mechanism for creating signatures built on top of hash functions. Any cryptograph hash function can be used to implement the scheme. Signatures using large hash functions are understood so far to be "quantum resistant"

⚠ Warning ⚠

The lamport one-time signature scheme uses 50% of your private key as the signature, this is why they are for one time use only.

Do not use a single private key to sign more than once piece of data.

Installation

With `npm`

npm install --save lamport-ots

With `yarn`

yarn add lamport-ots

Usage

Basic usage with `SHA256` hash function

const lamportSHA256 = require('lamport')

const { publicKey, privateKey } = lamportSHA256.keys()

const message = 'Hello, world!'
const signature = lamportSHA256.sign(message, privateKey)

// elsewhere...

if (lamportSHA256.verify(message, signature, publicKey)) {
  // Authenticity of message confirmed
} else {
  // Falsified signature, or tampered message
}

With a custom hash function

const lamport = require('lamport')

const lamportSomeHash = lamport(function (stringOrBuffer) {
  return someHashFrom(stringOrBuffer)
})

const { publicKey, privateKey } = lamportSomeHash.keys()

const message = 'Hello, world!'
const signature = lamportSomeHash.sign(message, privateKey)

// elsewhere...

if (lamportSomeHash.verify(message, signature, publicKey)) {
  // Authenticity of message confirmed
} else {
  // Falsified signature, or tampered message
}

API

`lamport(hash)`

hash must be a function that accepts either a String or a Buffer, and returns a Buffer of fixed length.

Returns a lamport "instance" with the following methods

keys()
sign(message, privateKey)
verify(message, signature, publicKey)

`lamport(hash).keys`

Returns an Object with a publicKey and privateKey property.

`lamport(hash).sign(message, privateKey)`

message must be either a String or a Buffer

privateKey should be a privateKey returned from keys that hasn't been used before.

Returns a Buffer representing the signature

`lamport(hash).verify(message, signature, publicKey`

message must be either a String or a Buffer

signature must be a Buffer

publicKey should be a publicKey returned from keys()

Returns a Boolean representing the validity of the signature

`lamport.keys`

`lamport.sign`

`lamport.verify`

The module exposes a lamport "instance" created with the sha256 hash function, which you can use directly.

Contributing

Contributions are welcome from anyone and everyone and the collaboration model used is the Collective Code Construction Contract

lamport-ots's People

Contributors

Stargazers

Watchers

lamport-ots's Issues

How to convert public key and signature to strings and back.

Hey! Thanks so much for making this awesome library. It does exactly what's needed without any fluff.
I'm in a situation where I want to give the public key and signature to someone as a string and then allow them to use those strings to verify the message at a later date. Here's the code I have so far:

function isVerified(part, inputText) {
        return lamportSHA256.verify(inputText, stringToUint8Array(part.signature), stringToPublicKey(part.publicKey));
}

function uint8ArrayToString(array) {
    return JSON.stringify(Array.from(array));
}

function stringToUint8Array(arrayString) {
    return new Uint8Array(JSON.parse(arrayString));
}

function publicKeyToString(publicKey) {
    console.log("publicKeyToString");
    const result = []
    publicKey.forEach((keyArray) => {
        result.push(uint8ArrayToString(keyArray));
    })
    return JSON.stringify(result)
}

function stringToPublicKey(pubKeyString) {
    const stringList = JSON.parse(pubKeyString);
    const result = [];
    stringList.forEach((keyString) => {
        result.push(stringToUint8Array(keyString));
    })
    return result;
}

function generateSignature(inputText) {
    const {publicKey, privateKey} = lamportSHA256.keys();
    const signature = lamportSHA256.sign(inputText, privateKey);
    return {publicKey: publicKeyToString(publicKey), signature: uint8ArrayToString(signature)};
}

However, I keep getting this error:

TypeError: readChunk(...).equals is not a function
verify/<
node_modules/lamport-ots/index.js:63

  60 | const verify = (input, sig, key) => {
  61 |   const msg = hash(input)
  62 |   return bitsForBuffer(msg).reduce((valid, bit, idx) => {
> 63 |     return valid && readChunk(key[bit], idx).equals(
     | ^  64 |       hash(readChunk(sig, idx))
  65 |     )
  66 |   }, true)

verify
node_modules/lamport-ots/index.js:62

  59 | 
  60 | const verify = (input, sig, key) => {
  61 |   const msg = hash(input)
> 62 |   return bitsForBuffer(msg).reduce((valid, bit, idx) => {
     | ^  63 |     return valid && readChunk(key[bit], idx).equals(
  64 |       hash(readChunk(sig, idx))
  65 |     )

isVerified
src/utils/cryptography.js:8

   5 | // try {
   6 |     const pk = stringToPublicKey(part.validationData.publicKey)
   7 |     console.log(pk);
>  8 |     return lamportSHA256.verify(inputText, stringToUint8Array(part.validationData.signature), pk);
     | ^   9 | // } catch {
  10 | //     return false;
  11 | // }

I'm not sure what I'm missing. When I switch to not converting to a string and back, it all works seamlessly. Even converting just the signature to a string and back seems to work fine. It's just the public key I'm struggling with. Maybe it's not actually an array of uint8Arrays? Would love some guidance here.

Thanks so much!

Recommend Projects

allouis / lamport-ots Goto Github PK

lamport-ots's Introduction

🔏 Lamport One-Time Signatures 🔏

⚠ Warning ⚠

Installation

With npm

With yarn

Usage

Basic usage with SHA256 hash function

With a custom hash function

API

lamport(hash)

lamport(hash).keys

lamport(hash).sign(message, privateKey)

lamport(hash).verify(message, signature, publicKey

lamport.keys

lamport.sign

lamport.verify