Implementations of the Coconut signing scheme, cross-compatible between Rust and Go.

Coconut

Coconut [paper] is a distributed cryptographic signing scheme providing a high degree of privacy for its users. You can find an overview of how to use it in the Coconut section of the Nym documentation.

A simple explanation is also available in blog form.

This repo contains Go and Rust implementations of Coconut. They are interoperable - credentials created and re-randomized in Rust can be verified in Go, and vice versa.

License

Coconut is released under the Apache-2.0 license. See inside the LICENSES folder of each project.

Owner
Nym
Protecting user privacy at the network and application levels, using mixnets and threshold credential systems.
Nym
https://github.com/nymtech/coconut
Comments
  • Add benchmarks

    Add benchmarks

    Benchmark reports are in the README.

    Edit

    Aggregate benchmarks to produce_blinded_signatures and unblind_prove_and_verify. I've also built out scaffolding to test both with varying number of authorities. So far it seems that both scale quite a bit worse then linear. Not sure if threshold plays a part we can vary it as well.

    I've also cleaned up the README so that we only link to the global reports index.html

  • Impl TryFroms, remove some copying

    Impl TryFroms, remove some copying

    Impls TryFrom for most (maybe all structs). I've opted to do TryFrom<&[u8]>, so try_from() has a bounds check where applicable. We might have gotten a slight performance improvement in the process, but that is not the point here, I'm trying to make code more idiomatic.

  • Replace rand_core with rand

    Replace rand_core with rand

    • We no longer need to have a random generator in Paremeters, thread_rng should be functionally equivalent to OsRng we've been using
    • Bumps dependencies to latest versions
  • Nym coconut credentials

    Nym coconut credentials

    Updates in the Coconut library:

    • Remove the use of nu in the showing protocol to provide unconditional unlinkability
    • Add signature verification and integrity checks in the issuance and aggregation protocols
    • Checks and corrections in the zk proofs
  • impl Serialize and Clone on top of Base58

    impl Serialize and Clone on top of Base58

    Macros to implement SerDe and Clone on top of Bytable and Base58. This gives us almost blanket implementations with few lines of code. So we'll be able to yank them out once native support lands

  • Base58 trait

    Base58 trait

    • Introduce a Base58 trait until we get proper SerDe support.
    • Introduces a Bytable trait so we can impl Base58 for out of crate types

    We'll do a cleanup round after we integrate coconut into validator-api, for now this provides a pretty clean serde interface

Related tags
Security coconut
An improvement on the PoC for the privacy-preserving contact discovery scheme I implemented as part of my UCL masters degree

Privacy-Preserving Contact Discovery / ARKE - PoC This is an improved version of the work I submitted as part of my masters degree dissertation at UCL

Dec 18, 2021
Container Signing
 Container Signing

cosign Container Signing, Verification and Storage in an OCI registry. Cosign aims to make signatures invisible infrastructure. Info Cosign is develop

Jan 7, 2023
Signing prototype

sigstore signing CLI tool ⚠️ Not ready for use yet! sigstore CLI is a generic tool to sign blobs, tarballs etc and establish a trust root using the si

Dec 18, 2022
A RSA signing server model, allows to create valid signed certificates that cant be modified
A RSA signing server model, allows to create valid signed certificates that cant be modified

Omega Description a RSA signing server model, allows to create valid signed certificates that cant be modified Requirements MySQL Server GoLang 1.17 I

Nov 15, 2021
Libdns-exoscale - A template for developers to use when creating new libdns provider implementations

DEVELOPER INSTRUCTIONS: This repo is a template for developers to use when creat

Jan 18, 2022
Static binary analysis tool to compute shared strings references between binaries and output in JSON, YAML and YARA

StrTwins StrTwins is a binary analysis tool, powered by radare, that is capable to find shared code string references between executables and output i

May 3, 2022
Coraza WAF is a golang modsecurity compatible web application firewall library
 Coraza WAF is a golang modsecurity compatible web application firewall library

Coraza Web Application Firewall, this project is a Golang port of ModSecurity with the goal to become the first enterprise-grade Open Source Web Application Firewall, flexible and powerful enough to serve as the baseline for many projects.

Jan 9, 2023
SPIRE is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms
 SPIRE is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms

SPIRE (the SPIFFE Runtime Environment) is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms

Jan 2, 2023
A compact, cross-platform scanner that scans ports and recognizes fingerprints.

portscan A compact, cross-platform scanner that scans ports and recognizes fingerprints. Usage: Usage of ./portscan: -H headers request headers

Apr 4, 2022
✒ A self-hosted, cross-platform service to sign iOS apps using any CI as a builder
 ✒ A self-hosted, cross-platform service to sign iOS apps using any CI as a builder

iOS Signer Service A self-hosted, cross-platform service to sign iOS apps using any CI as a builder Introduction There are many reasons to install app

Jan 7, 2023
A produtivity tool built in go for cross platform use

This application is meant to implement some productivity tools in a way that could be easily used in a bunch of different environments. It will be easy to use and allow the user to easily hack it and modify it for their own use.

Nov 20, 2021
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
 DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Minify and Secure Docker containers (free and open source!) Don't change anything in your Docker container image and minify it by up to 30x making it

Dec 27, 2022
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

age age is a simple, modern and secure file encryption tool, format, and library. It features small explicit keys, no config options, and UNIX-style c

Dec 28, 2022
CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
 CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

depsdev CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security sig

May 11, 2023
A probably paranoid Golang utility library for securely hashing and encrypting passwords based on the Dropbox method. This implementation uses Blake2b, Scrypt and XSalsa20-Poly1305 (via NaCl SecretBox) to create secure password hashes that are also encrypted using a master passphrase.

goSecretBoxPassword This is a Golang library for securing passwords it is based on the Dropbox method for password storage. The both passphrases are f

Jan 3, 2023
Find secrets and passwords in container images and file systems
 Find secrets and passwords in container images and file systems

Find secrets and passwords in container images and file systems

Jan 1, 2023
Build awesome Golang desktop apps and beautiful interfaces with Vue.js, React.js, Framework 7, and more...
 Build awesome Golang desktop apps and beautiful interfaces with Vue.js, React.js, Framework 7, and more...

Guark Guark allows you to build beautiful user interfaces using modern web technologies such as Vue.js, React.js..., while your app logic handled and

Jan 1, 2023
Scan and analyze OSS dependencies and licenses from compiled Go binaries
 Scan and analyze OSS dependencies and licenses from compiled Go binaries

golicense - Go Binary OSS License Scanner golicense is a tool that scans compiled Go binaries and can output all the dependencies, their versions, and

Nov 6, 2022
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
 A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple to

Dec 31, 2022