{"id":27879632,"url":"https://github.com/handshake-org/goosig","last_synced_at":"2025-05-05T03:26:16.951Z","repository":{"id":57252496,"uuid":"154907523","full_name":"handshake-org/goosig","owner":"handshake-org","description":"Anonymous RSA signatures","archived":false,"fork":false,"pushed_at":"2023-09-24T12:11:29.000Z","size":3580,"stargazers_count":68,"open_issues_count":1,"forks_count":14,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-04-24T14:06:57.753Z","etag":null,"topics":["cryptography","privacy","rsa"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/handshake-org.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-10-27T00:14:17.000Z","updated_at":"2024-08-20T12:51:03.000Z","dependencies_parsed_at":"2024-06-18T17:12:07.522Z","dependency_job_id":null,"html_url":"https://github.com/handshake-org/goosig","commit_stats":{"total_commits":365,"total_committers":1,"mean_commits":365.0,"dds":0.0,"last_synced_commit":"1a9811eec6652dbe0f3b5ac299bba625a89dbc74"},"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/handshake-org%2Fgoosig","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/handshake-org%2Fgoosig/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/handshake-org%2Fgoosig/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/handshake-org%2Fgoosig/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/handshake-org","download_url":"https://codeload.github.com/handshake-org/goosig/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252431580,"owners_count":21746878,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","privacy","rsa"],"created_at":"2025-05-05T03:26:15.979Z","updated_at":"2025-05-05T03:26:16.940Z","avatar_url":"https://github.com/handshake-org.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GooSig\n\nGooSig was created for the [Handshake Project][handshake] to address a very\nspecific problem: an [airdrop] to Github users' RSA keys allows Github users to\nbe _identified on-chain_. In order to anonymize who is receiving coins from the\nairdrop, cryptographic trickery is required: GooSig allows the creation of\nsignatures originating from RSA private keys _without revealing the RSA public\nkey_.\n\nGooSig makes use of (G)roups of Unkn(o)wn (O)rder, and implements a\n[cryptographic protocol][protocol] devised by Dan Boneh and Riad S. Wahby at\nthe [Stanford Center for Blockchain Research][cbr]. It was originally ported\nfrom the python [reference implementation][libgoopy] to javascript, but has\nsince been [implemented in C][c] as well.\n\n## Usage\n\n``` js\nconst Goo = require('goosig');\nconst rsa = require('bcrypto/lib/rsa');\n\n// Generate RSA private key.\nconst priv = rsa.privateKeyGenerate(2048);\n\n// Publish RSA public key.\nconst pub = rsa.publicKeyCreate(priv);\n\n// GooSig context (using the RSA-2048 challenge modulus).\nconst goo = new Goo(Goo.RSA2048, 2, 3);\n\n// Generate s_prime and C1 based on user's pubkey.\n// Handshake contributors do this part.\n// `s_prime` is the seed for the `s` scalar.\nconst s_prime = goo.generate();\nconst C1 = goo.challenge(s_prime, pub);\n\n// At this point, C1 is inserted into a public\n// merkle tree and added to the HNS consensus rules.\n\n// Encrypt s_prime to user's pubkey.\nconst ct = goo.encrypt(s_prime, pub);\n\n// User decrypts the encrypted payload.\nconst pt = goo.decrypt(ct, priv);\n\npt.equals(s_prime) === true;\n\n// Sign the hash of the serialized airdrop proof.\n// This proof includes an address.\n// Handshake users do this part after retrieving\n// s_prime and C1 from the encrypted public files.\nconst msg = Buffer.alloc(32, 0xff); // A sighash in reality.\nconst sig = goo.sign(msg, s_prime, priv);\n\n// Verify the proof.\n// The Handshake blockchain does this part.\n// C1 effectively becomes the \"identifier\" for the key.\nconst result = goo.verify(msg, sig, C1);\n\nresult === true;\n```\n\n## Moduli\n\nThe design of GooSig requires a public RSA modulus whose prime factorization is\nunknown.\n\nIn the early 1990s, RSA Labs generated several [RSA moduli][numbers-wiki] for\nthe [RSA factoring challenge][challenge-wiki]. RSA Labs claims to have\n[destroyed the hard drives][faq] containing the primes.\n\nThere are 4 built-in moduli exposed on the `Goo` object.\n\n- [AOL1] - America Online Root CA 1 (now defunct) (2048 bit).\n- [AOL2] - America Online Root CA 2 (now defunct) (4096 bit) - notable for\n  being one of the few 4096 bit moduli in the wild.\n- [RSA2048] - From the [RSA factoring challenge][challenge-wiki], and at one\n  point had a $200,000 bounty on it (2048 bit).\n- [RSA617] - Also from the factoring challenge (2048 bit). Generated later, in\n  1997.\n\nOriginal Links (archive.org):\n\n- [Main Page][challenge]\n- [RSA Numbers][numbers]\n- [RSA Numbers Text File][txt]\n- [RSA-2048 Text File][RSA2048-txt]\n- [FAQ][faq]\n- [Another RSA Numbers List][list] (includes RSA-617)\n\nThe above links are preserved in the [/etc][etc] directory.\n\nThe modulus definitions reside in [lib/constants.js][constants].\n\n## Benchmarks\n\nGooSig verifications are fairly complex and difficult to optimize. C\nverification time is currently around 1ms with highend consumer-grade hardware.\nWe hope to get sub-1ms verification times by mainnet launch.\n\n### Javascript\n\n```\nTimings for 4096-bit RSA GoUO, 2048-bit Signer PK:\n ◷ Generation: 64.00 ms, σ=5.71 ms, max=84.65 ms, min=60.80 ms\n ◷ Signing: 1097.95 ms, σ=48.20 ms, max=1196.90 ms, min=1025.47 ms\n ◷ Verifying: 61.25 ms, σ=6.40 ms, max=83.81 ms, min=58.02 ms\n\nTimings for 4096-bit RSA GoUO, 4096-bit Signer PK:\n ◷ Generation: 65.08 ms, σ=2.29 ms, max=71.01 ms, min=63.59 ms\n ◷ Signing: 1768.06 ms, σ=284.67 ms, max=2469.98 ms, min=1526.67 ms\n ◷ Verifying: 59.30 ms, σ=0.66 ms, max=60.51 ms, min=58.26 ms\n\nTimings for 2048-bit RSA GoUO, 2048-bit Signer PK:\n ◷ Generation: 10.77 ms, σ=0.40 ms, max=12.10 ms, min=10.45 ms\n ◷ Signing: 303.64 ms, σ=27.47 ms, max=372.32 ms, min=267.90 ms\n ◷ Verifying: 20.31 ms, σ=0.86 ms, max=22.36 ms, min=19.60 ms\n\nTimings for 2048-bit RSA GoUO, 4096-bit Signer PK:\n ◷ Generation: 31.74 ms, σ=0.66 ms, max=33.81 ms, min=30.98 ms\n ◷ Signing: 779.28 ms, σ=163.26 ms, max=1261.87 ms, min=589.59 ms\n ◷ Verifying: 20.46 ms, σ=1.85 ms, max=27.17 ms, min=19.62 ms\n```\n\n### C (libgmp)\n\n```\nTimings for 4096-bit RSA GoUO, 2048-bit Signer PK:\n ◷ Generation: 6.21 ms, σ=0.26 ms, max=7.11 ms, min=6.03 ms\n ◷ Signing: 95.29 ms, σ=7.54 ms, max=123.13 ms, min=91.12 ms\n ◷ Verifying: 4.15 ms, σ=0.17 ms, max=4.79 ms, min=4.06 ms\n\nTimings for 4096-bit RSA GoUO, 4096-bit Signer PK:\n ◷ Generation: 6.37 ms, σ=0.12 ms, max=6.71 ms, min=6.24 ms\n ◷ Signing: 153.96 ms, σ=15.93 ms, max=194.38 ms, min=136.60 ms\n ◷ Verifying: 4.32 ms, σ=0.84 ms, max=7.47 ms, min=4.04 ms\n\nTimings for 2048-bit RSA GoUO, 2048-bit Signer PK:\n ◷ Generation: 1.19 ms, σ=0.23 ms, max=2.03 ms, min=1.12 ms\n ◷ Signing: 26.22 ms, σ=3.92 ms, max=40.60 ms, min=23.92 ms\n ◷ Verifying: 1.34 ms, σ=0.02 ms, max=1.37 ms, min=1.31 ms\n\nTimings for 2048-bit RSA GoUO, 4096-bit Signer PK:\n ◷ Generation: 3.93 ms, σ=0.11 ms, max=4.18 ms, min=3.81 ms\n ◷ Signing: 69.51 ms, σ=13.73 ms, max=97.56 ms, min=48.25 ms\n ◷ Verifying: 1.38 ms, σ=0.18 ms, max=2.04 ms, min=1.32 ms\n```\n\n## Contribution and License Agreement\n\nIf you contribute code to this project, you are implicitly allowing your code\nto be distributed under the MIT license. You are also implicitly verifying that\nall code is your original work. `\u003c/legalese\u003e`\n\n## License\n\nParts of this software are based on libGooPy.\n\n### libGooPy\n\n- Copyright (c) 2018, Dan Boneh, Riad S. Wahby (Apache License).\n\n### goosig.js\n\n- Copyright (c) 2018, Christopher Jeffrey (MIT License).\n\nSee LICENSE for more info.\n\n[handshake]: https://handshake.org\n[airdrop]: https://github.com/handshake-org/hs-airdrop\n[protocol]: https://github.com/kwantam/GooSig/blob/master/protocol.txt\n[libgoopy]: https://github.com/kwantam/GooSig\n[c]: https://github.com/handshake-org/goosig/tree/master/src/goo\n[AOL1]: https://ssl-tools.net/subjects/3c8008731e5ff9a0e7a6b0fb906fc6e439cbe862\n[AOL2]: https://ssl-tools.net/subjects/28ecf0993d30f9e4e607bef4f5c487f64a2a71a6\n[RSA617]: https://en.wikipedia.org/wiki/RSA_numbers#RSA-617\n[RSA2048]: https://en.wikipedia.org/wiki/RSA_numbers#RSA-2048\n[RSA2048-txt]: https://web.archive.org/web/20130521022803/http://www.rsa.com/rsalabs/challenges/factoring/RSA-2048.txt\n[challenge-wiki]: https://en.wikipedia.org/wiki/RSA_Factoring_Challenge\n[numbers-wiki]: https://en.wikipedia.org/wiki/RSA_numbers\n[challenge]: https://web.archive.org/web/20130507091636/http://www.rsa.com/rsalabs/node.asp?id=2092\n[numbers]: https://web.archive.org/web/20130507115513/http://www.rsa.com/rsalabs/node.asp?id=2093\n[txt]: https://web.archive.org/web/20130507115513/http://www.rsa.com/rsalabs/challenges/factoring/challengenumbers.txt\n[faq]: https://web.archive.org/web/20130502202924/http://www.rsa.com/rsalabs/node.asp?id=2094\n[list]: http://www.ontko.com/pub/rayo/primes/rsa_fact.html\n[etc]: https://github.com/handshake-org/goosig/tree/master/etc\n[constants]: https://github.com/handshake-org/goosig/blob/master/lib/internal/constants.js\n[cbr]: https://cbr.stanford.edu/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhandshake-org%2Fgoosig","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhandshake-org%2Fgoosig","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhandshake-org%2Fgoosig/lists"}