1

我有关键添加,对于曲线 secp256k1,工作:https ://crypto.stackexchange.com/a/83733/17505

use rand::Rng;
use secp256k1::{Secp256k1, SecretKey, PublicKey};

fn main() {
    let secp = Secp256k1::new();

    let seed_a = rand::thread_rng().gen::<[u8; 32]>();
    let mut skey_a = SecretKey::from_slice(&seed_a).expect("32 bytes, within curve order");
    let pkey_a = PublicKey::from_secret_key(&secp, &skey_a);

    println!("skey_a {:?}", skey_a);
    println!("pkey_a {:?}", pkey_a);

    let seed_b = rand::thread_rng().gen::<[u8; 32]>();
    let skey_b = SecretKey::from_slice(&seed_b).expect("32 bytes, within curve order");
    let pkey_b = PublicKey::from_secret_key(&secp, &skey_b);

    println!("skey_b {:?}", skey_b);
    println!("pkey_b {:?}", pkey_b);

    skey_a.add_assign(&seed_b).unwrap(); // there is no plain add, nor an obvious way to get the bytes out of an skey
    let skey_sum = skey_a;
    let pkey_sum_from_skeys = PublicKey::from_secret_key(&secp, &skey_sum);

    println!("skey_sum {:?}", skey_sum);
    println!("pkey_sum_from_skeys {:?}", pkey_sum_from_skeys);

    // calculate the sum of public keys without needing access to secret keys
    let pkey_sum_from_pkeys = pkey_a.combine(&pkey_b).unwrap();

    println!("pkey_sum_from_pkeys {:?}", pkey_sum_from_pkeys);
}

哪个输出:

skey_a SecretKey(ce9b44fedaa9aa82ee394a488df5ac55bdd3bd62c8cae45bebc1c91174fac2c2)
pkey_a PublicKey(c2d220e65b1a612405f7b18aa503132b2f29b9ac993bdcfc65ac3dfec4192856ad5da30b482ccb42c63c809703bb3cfac3644a586c8635f3178462d53e351fdf)
skey_b SecretKey(a8bfd58be7c9e14c27f0e60a00c1320e79698c8747cfa0cca0a2180267efc9ca)
pkey_b PublicKey(de8df52ed48d2c3320c03344a3fe859d61015e5f8d45b0df9aaa8d056c784e7e55a61a53630ee016e0bc8ac21d6ae4cd92e0ef91e74281d9410167b982764a8e)
skey_sum SecretKey(775b1a8ac2738bcf162a30528eb6de657c8e6d036151e4eccc9182870cb44b4b)
pkey_sum_from_skeys PublicKey(f91cf9ee526dab8a955709385c6ae5a7f757cf82278af1d670ab6b33f2f28d8716cbddf253047fa9ff6b152a6a1986213482d9ff6fdfc3883e481d7133d0045e)
pkey_sum_from_pkeys PublicKey(f91cf9ee526dab8a955709385c6ae5a7f757cf82278af1d670ab6b33f2f28d8716cbddf253047fa9ff6b152a6a1986213482d9ff6fdfc3883e481d7133d0045e)

ed25519-dalek 有类似的东西吗? https://docs.rs/ed25519-dalek/1.0.0/ed25519_dalek/

4

1 回答 1

1

我认为ed25519中没有相应的密钥添加规则。

我们可以通过查看如何从私钥生成公钥来看到这一点。

对于基于 DSA 的 secp256k1,我们有私钥 x,我们有公钥 x 由下式给出

y = g^x mod p

从中我们可以看出

y' = ya . yb mod p
   = (g^xa mod p) (g^xb mod p) mod p
   = g^xa g^xb mod p
   = g^(xa + xb) mod p

但是,EdDSA 私钥的推导是

y = hash_(x) * B

其中hash_(x)是 x 的 SHA-512 哈希的最低 256 位。问题是和hash_(x)之间没有关系。hash_(y)hash_(x+y)

于 2020-09-18T03:07:26.897 回答