The crypto package provides cryptographic primitives and utilities for the Lux Network ecosystem. It includes implementations for BLS signatures, key derivation, certificate handling, and secp256k1 operations, all optimized for blockchain applications.
- BLS Signatures: Threshold signature scheme supporting multi-party computation
- SLIP-10 HD Wallets: Hierarchical deterministic key derivation
- secp256k1: Elliptic curve operations for Ethereum compatibility
- Certificate Management: TLS certificate handling for node identity
- Key Factories: Secure key generation and management
go get github.com/luxfi/cryptoBLS (Boneh-Lynn-Shacham) signatures provide efficient threshold signature schemes:
import (
"github.com/luxfi/crypto/bls"
)
// Generate a private key
sk, err := bls.NewSecretKey()
if err != nil {
log.Fatal(err)
}
// Get the public key
pk := bls.PublicFromSecretKey(sk)
// Sign a message
message := []byte("Hello, Lux!")
signature := bls.Sign(sk, message)
// Verify the signature
valid := bls.Verify(pk, signature, message)Hierarchical deterministic key derivation following SLIP-10 standard:
import (
"github.com/luxfi/crypto/keychain"
)
// Create a new keychain from seed
seed := []byte("your-secure-seed-phrase")
kc, err := keychain.NewFromSeed(seed)
if err != nil {
log.Fatal(err)
}
// Derive a key at a specific path
key, err := kc.Derive([]uint32{44, 9000, 0, 0, 0})
if err != nil {
log.Fatal(err)
}Ethereum-compatible elliptic curve operations:
import (
"github.com/luxfi/crypto/secp256k1"
)
// Generate a private key
privKey, err := secp256k1.NewPrivateKey()
if err != nil {
log.Fatal(err)
}
// Get the public key
pubKey := privKey.PublicKey()
// Sign a message
messageHash := crypto.Keccak256([]byte("message"))
signature, err := privKey.Sign(messageHash)
if err != nil {
log.Fatal(err)
}
// Verify signature
valid := pubKey.Verify(messageHash, signature)TLS certificate management for node identity:
import (
"github.com/luxfi/crypto"
)
// Create a certificate structure
cert := &crypto.Certificate{
Raw: tlsCert.Raw,
PublicKey: tlsCert.PublicKey,
}
// Use with node identity generation
// nodeID := ids.NodeIDFromCert(cert)crypto/
├── bls/ # BLS signature scheme implementation
├── keychain/ # SLIP-10 HD key derivation
├── secp256k1/ # secp256k1 elliptic curve operations
├── certificate.go # TLS certificate structures
└── README.md # This file
- Key Storage: Never store private keys in plain text. Use secure key management systems.
- Randomness: This package uses cryptographically secure random number generation.
- Constant Time: Critical operations are implemented to be constant-time where applicable.
- Threshold Signatures: BLS signatures support threshold schemes for distributed signing.
The crypto package is optimized for blockchain operations:
- Fast signature verification for consensus
- Batch verification support in BLS
- Optimized elliptic curve operations
- Minimal memory allocations
Run the comprehensive test suite:
go test ./...Run benchmarks:
go test -bench=. ./...We welcome contributions! Please see our Contributing Guidelines for details.
- Clone the repository
- Install dependencies:
go mod download - Run tests:
go test ./... - Run linters:
golangci-lint run
This project is licensed under the BSD 3-Clause License. See the LICENSE file for details.