vss

README

Verifiable Secret Sharing (VSS)

Implementation of the Verifiable Secret Sharing (VSS) in Go using Feldman's and Pedersen's scheme.

You can optionally choose Pedersen's share blinding by using the option WithBlinding.

Note that the default Feldman's scheme is, at best, secure against computationally bounded adversaries, namely the intractability of computing discrete logarithms.

This package:

• supports splitting and recombining a *big.Int in the finite field of an elliptic curve;
• supports verifying shares given commitments produced by a dealer during split.

License

This library is licences under BSD 2-Clause License.

Documentation

Overview

Package vss provides an implementation of Verifiable Secret Sharing (VSS) using elliptic curve cryptography.

It enables a secret to be split into multiple parts, with a specified threshold required to reconstruct it, while also allowing each part to be independently verified for integrity.

Both Feldman and Pedersen verification strategies are supported.

Index

• Constants
• func Combine(Q *big.Int, shares []*Share) (*big.Int, error)
• func Split(curve elliptic.Curve, rand io.Reader, Q *big.Int, secret *big.Int, ...) ([]*Share, []*ECPoint, error)
• func WithBlinding() option
• type ECPoint
• type Share
  • func (share *Share) Verify(curve elliptic.Curve, threshold int, commits []*ECPoint, opts ...option) (bool, error)

Constants

const (
	MaxParts     = 255
	MaxThreshold = 255
)

Functions

func Combine

func Combine(Q *big.Int, shares []*Share) (*big.Int, error)

Combine reconstructs the original secret by performing Lagrange interpolation over the provided shares. It requires an exact threshold of shares to successfully reconstruct the secret.

This function is not typically called in a Distributed Key Generation (DKG) scheme, except at disaster recovery cases, and requires collaboration of a threshold of participants.

The parameter Q indicates the polynomial finite field order.

Returns the reconstructed secret.

func Split

func Split(
	curve elliptic.Curve,
	rand io.Reader,
	Q *big.Int,
	secret *big.Int,
	parts, threshold int,
	opts ...option,
) ([]*Share, []*ECPoint, error)

Split divides a secret into multiple shares with a specified threshold and generates elliptic curve commitments for verification. Each share can be verified independently to ensure integrity.

The parameter Q indicates the polynomial finite field order, and secret should be in the interval [0, Q).

WithBlinding can be used as option to enable blinding of the shares using Pedersen's strategy.

This function is typically executed from the dealer.

Returns a list of shares, each with an x and y coordinate and a list of commitments for verifying shares.

func WithBlinding

func WithBlinding() option

WithBlinding enables blinding of the shares according to Pedersen. In this case, the secret commitments slice will be augmented with blinding commitments. Both Split and Verify should use the same option.

Types

type ECPoint

type ECPoint struct {
	X, Y *big.Int
}

ECPoint represents a point on an elliptic curve, with X and Y coordinates.

type Share

type Share struct {
	X, Y *big.Int
}

Share represents a secret share with an x-coordinate and corresponding y-coordinate, generated from a polynomial in a finite field.

func (*Share) Verify

func (share *Share) Verify(
	curve elliptic.Curve,
	threshold int,
	commits []*ECPoint,
	opts ...option,
) (bool, error)

Verify checks the integrity of a share using commitments generated by the dealer from the original polynomial coefficients. It ensures that the share's y-coordinate corresponds to the polynomial evaluated at the x-coordinate.

This function is typically executed by each participant upon receiving a share along with the commitments published by a dealer.