Skip to content
/ lamport-ots Public

πŸ” Lamport One-Time Signatures in JavaScript πŸ”

License

MPL-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

allouis/lamport-ots

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

17 Commits

.gitignore

.gitignore

Β 
Β 

LICENSE

LICENSE

Β 
Β 

README.md

README.md

Β 
Β 

index.js

index.js

Β 
Β 

package-lock.json

package-lock.json

Β 
Β 

package.json

package.json

Β 
Β 

test.js

test.js

Β 
Β 

Repository files navigation

πŸ” Lamport One-Time Signatures πŸ”

Lamport one-time signature scheme is a simple but effective mechanism for creating signatures built on top of hash functions. Any cryptograph hash function can be used to implement the scheme. Signatures using large hash functions are understood so far to be "quantum resistant"

⚠ Warning ⚠

The lamport one-time signature scheme uses 50% of your private key as the signature, this is why they are for one time use only.

Do not use a single private key to sign more than once piece of data.

Installation

With npm

npm install --save lamport-ots

With yarn

yarn add lamport-ots

Usage

Basic usage with SHA256 hash function

const lamportSHA256 = require('lamport')

const { publicKey, privateKey } = lamportSHA256.keys()

const message = 'Hello, world!'
const signature = lamportSHA256.sign(message, privateKey)

// elsewhere...

if (lamportSHA256.verify(message, signature, publicKey)) {
  // Authenticity of message confirmed
} else {
  // Falsified signature, or tampered message
}

With a custom hash function

const lamport = require('lamport')

const lamportSomeHash = lamport(function (stringOrBuffer) {
  return someHashFrom(stringOrBuffer)
})

const { publicKey, privateKey } = lamportSomeHash.keys()

const message = 'Hello, world!'
const signature = lamportSomeHash.sign(message, privateKey)

// elsewhere...

if (lamportSomeHash.verify(message, signature, publicKey)) {
  // Authenticity of message confirmed
} else {
  // Falsified signature, or tampered message
}

API

lamport(hash)

hash must be a function that accepts either a String or a Buffer, and returns a Buffer of fixed length.

Returns a lamport "instance" with the following methods

  • keys()
  • sign(message, privateKey)
  • verify(message, signature, publicKey)

lamport(hash).keys

Returns an Object with a publicKey and privateKey property.

lamport(hash).sign(message, privateKey)

message must be either a String or a Buffer

privateKey should be a privateKey returned from keys that hasn't been used before.

Returns a Buffer representing the signature

lamport(hash).verify(message, signature, publicKey

message must be either a String or a Buffer

signature must be a Buffer

publicKey should be a publicKey returned from keys()

Returns a Boolean representing the validity of the signature

lamport.keys

lamport.sign

lamport.verify

The module exposes a lamport "instance" created with the sha256 hash function, which you can use directly.

Contributing

Contributions are welcome from anyone and everyone and the collaboration model used is the Collective Code Construction Contract

About

πŸ” Lamport One-Time Signatures in JavaScript πŸ”

Topics

cryptography signature ots lamport

Resources

Readme

License

MPL-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages