Package dk.hyperdivision.multisig_hmac

Class DerivedMultisigHMAC

java.lang.Object

dk.hyperdivision.multisig_hmac.MultisigHMAC

dk.hyperdivision.multisig_hmac.DerivedMultisigHMAC

public class DerivedMultisigHMAC
extends MultisigHMAC

Multisig scheme for HMAC authentication. Java implementation of https://github.com/emilbayes/multisig-hmac.

Author:

Amalie Due Jensen

Nested Class Summary

Nested classes/interfaces inherited from class dk.hyperdivision.multisig_hmac.MultisigHMAC

MultisigHMAC.Algorithm

Field Summary

Fields inherited from class dk.hyperdivision.multisig_hmac.MultisigHMAC

BYTES, KEYBYTES, PRIMITIVE

Constructor Summary

Constructors

Constructor	Description
DerivedMultisigHMAC(MultisigHMAC.Algorithm alg)	Constructs and initializes a new instance of Multisig HMAC and sets the algorithm to be used for subsequent methods.

Method Summary

Modifier and Type	Method	Description
Key	generate(int index, byte[] masterKey)	Derives a new sub key from a master seed Note that index should be counted from 0.
byte[]	generateMasterKey()	Generates a new cryptographically random master key
protected static byte[]	intToLittleEndian(int index)	Converts an integer into a little endian byte array
boolean	verify(byte[] masterKey, Signature signatures, byte[] message, int threshold)	Verifies a signature of data against dynamically derived keys from a master key

Methods inherited from class dk.hyperdivision.multisig_hmac.MultisigHMAC

combine, generate, getBYTES, getKEYBYTES, getPRIMITIVE, keyIndexes, leadingZeros, popCount, sign, verify, xorBytes

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

DerivedMultisigHMAC

public DerivedMultisigHMAC(MultisigHMAC.Algorithm alg)

Constructs and initializes a new instance of Multisig HMAC and sets the algorithm to be used for subsequent methods. In this case, a single master key is stored and used to derive keys ad hoc.

Parameters:

alg - - algorithm used for HMAC

Method Details

generateMasterKey

public byte[] generateMasterKey()

Generates a new cryptographically random master key

Returns:

master key

generate

public Key generate(int index, byte[] masterKey) throws InvalidKeyException, NoSuchAlgorithmException

Derives a new sub key from a master seed Note that index should be counted from 0. The bitfield/index used with the signature has as many bits as the largest index, hence in practice you want to keep the indexes low. Keys are derived using a KDF based on HMAC: b[0...BYTES] = HMAC(Key = masterKey, data = "derived" || U32LE(index) || 0x00) b[BYTES...] = HMAC(Key = masterKey, b[0...BYTES] || 0x01)

Parameters:

index - - index of the key

masterKey - - master key in bytes of length KEYBYTES used to derive keys

Returns:

the derived key in bytes of length KEYBYTES

Throws:

InvalidKeyException - - if the given key is inappropriate for initializing this HMAC

NoSuchAlgorithmException - - if the specified algorithm is not available

intToLittleEndian

protected static byte[] intToLittleEndian(int index)

Converts an integer into a little endian byte array

Parameters:

index - - integer which should be converted

Returns:

little endian byte array

verify

public boolean verify(byte[] masterKey, Signature signatures, byte[] message, int threshold) throws NoSuchAlgorithmException, InvalidKeyException, IllegalArgumentException

Verifies a signature of data against dynamically derived keys from a master key

Parameters:

masterKey - - master key in bytes of length KEYBYTES which the keys are derived from

signatures - - combined signature

message - - message which has been signed

threshold - - minimum number of used keys

Returns:

verification of the signature (true/false)

Throws:

NoSuchAlgorithmException - - if the specified algorithm is not available

InvalidKeyException - - if the given key is inappropriate for initializing this HMAC

IllegalArgumentException