v0

package
v1.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 11, 2022 License: Apache-2.0 Imports: 19 Imported by: 0

README

Secure Two-party Threshold ECDSA from ECDSA Assumptions

IMPORTANT: Version 0 of the protocol is experimental and not suitable for production use. It is kept here for backward compatability. We have added type conversion functions in the Version 1 package that can be used to migrate V0 data to V1 data types.

Package dkls implements the 2-of-2 threshold ECDSA signing algorithm of Secure Two-party Threshold ECDSA from ECDSA Assumptions.

Documentation

Overview

Package v0 implements the 2-of-2 threshold ECDSA signing algorithm of [Doerner, Kondi, Lee, and shelat](https://eprint.iacr.org/2018/499). For an example of use, look at sign.go.

It is currently a work in progress; do not use it in real-life scenarios yet. TODO: Docs to be completed.

Package dkls is an implementation of https://eprint.iacr.org/2018/499.pdf

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DKGEncoding

func DKGEncoding() (address string, id string, aBytes []byte, bBytes []byte, err error)

DKGEncoding calls RunDKG and then encodes the Secrets

func DecodeReceiver

func DecodeReceiver(params *Params, b []byte) (*seedOTReceiver, error)

DecodeReceiver decodes a Receiver object that was encoded after DKG.

func DecodeSender

func DecodeSender(params *Params, b []byte) (*seedOTSender, error)

DecodeSender decodes a Sender field from the bob object that was encoded after DKG.

func EncodeReceiver

func EncodeReceiver(r *seedOTReceiver) ([]byte, error)

EncodeReceiver encodes a Receiver field as a byte sequence after DKG has been completed.

func EncodeSecret

func EncodeSecret(s *SecretShare) ([]byte, error)

EncodeSecret encodes a SecretShare object as a byte sequence after DKG has been completed.

func EncodeSender

func EncodeSender(s *seedOTSender) ([]byte, error)

EncodeSender encodes a Sender field as a byte sequence after DKG has been completed.

func InitOT

func InitOT() (receiver *seedOTReceiver, sender *seedOTSender, err error)

func NewPipeWrappers

func NewPipeWrappers() (*pipeWrapper, *pipeWrapper)

func RunDKG

func RunDKG() (aliceSecret *SecretShare, bobSecret *SecretShare, err error)

func SeedOTEncoding

func SeedOTEncoding() (aBytes []byte, bBytes []byte, err error)

SeedOTEncoding calls AliceInitOT and then encodes the Receiver and Sender

func SignAlice

func SignAlice(secret *SecretShare, cot *seedOTReceiver, m []byte, rw io.ReadWriter) error

SignAlice is an illustrative helper method which shows the overall flow for Alice. in practice this will be replaced by a method which actually sends messages back and forth.

func SignBob

func SignBob(secret *SecretShare, cot *seedOTSender, m []byte, rw io.ReadWriter) error

SignBob is an illustrative helper method which shows the overall flow for Bob.

Types

type Alice

type Alice struct {
	Receiver *seedOTReceiver
}

Alice struct encoding Alice's state during one execution of the overall signing algorithm. At the end of the joint computation, Alice will NOT obtain the signature.

func NewAlice

func NewAlice(params *Params) *Alice

NewAlice creates a party that can participate in 2-of-2 DKG and threshold signature.

type AliceDkg

type AliceDkg struct {
	AliceSecret *SecretShare
	// contains filtered or unexported fields
}

AliceDkg DKLS DKG implementation that satisfies the protocol iterator interface.

func NewAliceDkg

func NewAliceDkg(params *Params) *AliceDkg

NewAliceDkg creates a new protocol that can compute a DKG as Alice

func (*AliceDkg) Next

func (p *AliceDkg) Next(rw io.ReadWriter) error

Next runs the next step in the protocol and reports errors or increments the step index

func (*AliceDkg) Result

func (a *AliceDkg) Result() (interface{}, error)

Result Returns an encoded version of Alice's secret share as sequence of bytes that can be used to initialize an AliceSign protocol.

func (*AliceDkg) SetDebug

func (a *AliceDkg) SetDebug(log io.Writer)

type AliceSign

type AliceSign struct {
	// contains filtered or unexported fields
}

AliceSign DKLS sign implementation that satisfies the protocol iterator interface.

func NewAliceSign

func NewAliceSign(params *Params, msg []byte, dkgResult []byte, otResult []byte) (*AliceSign, error)

NewAliceSign creates a new protocol that can compute a signature as Alice. Requires dkg state that was produced at the end of DKG.Result().

func NewOTReceiver

func NewOTReceiver(params *Params) *AliceSign

NewOTReceiver populates Alice's Receiver

func (*AliceSign) Next

func (p *AliceSign) Next(rw io.ReadWriter) error

Next runs the next step in the protocol and reports errors or increments the step index

func (*AliceSign) Result

func (a *AliceSign) Result() (interface{}, error)

Result always returns errNoSig. Alice does not compute a signature in the DKLS protocol; only Bob computes the signature.

func (*AliceSign) ResultOT

func (a *AliceSign) ResultOT() (interface{}, error)

ResultOT Returns an encoded version of Alice's Receiver as sequence of bytes that can be used to initialize an AliceSign protocol.

func (*AliceSign) SetDebug

func (a *AliceSign) SetDebug(log io.Writer)

type Bob

type Bob struct {
	// Exported fields
	Sender *seedOTSender
	Sig    *curves.EcdsaSignature // The resulting digital signature
	// contains filtered or unexported fields
}

Bob struct encoding Bob's state during one execution of the overall signing algorithm. At the end of the joint computation, Bob will obtain the signature.

func NewBob

func NewBob(params *Params) *Bob

NewBob creates a party that can participate in 2-of-2 DKG and threshold signature. This party is the receiver of the signature at the end.

type BobDkg

type BobDkg struct {
	BobSecret *SecretShare
	// contains filtered or unexported fields
}

BobDkg DKLS DKG implementation that satisfies the protocol iterator interface.

func NewBobDkg

func NewBobDkg(params *Params) *BobDkg

NewBobDkg Creates a new protocol that can compute a DKG as Bob

func (*BobDkg) Next

func (p *BobDkg) Next(rw io.ReadWriter) error

Next runs the next step in the protocol and reports errors or increments the step index

func (*BobDkg) Result

func (b *BobDkg) Result() (interface{}, error)

Result returns an encoded version of Alice as sequence of bytes that can be used to initialize an AliceSign protocol.

func (*BobDkg) SetDebug

func (b *BobDkg) SetDebug(log io.Writer)

type BobSign

type BobSign struct {
	// contains filtered or unexported fields
}

BobSign DKLS sign implementation that satisfies the protocol iterator interface.

func NewBobSign

func NewBobSign(params *Params, msg []byte, dkgResult []byte, otResult []byte) (*BobSign, error)

NewBobSign creates a new protocol that can compute a signature as Bob. Requires dkg state that was produced at the end of DKG.Result().

func NewOTSender

func NewOTSender(params *Params) *BobSign

NewOTSender populates Bob's Sender

func (*BobSign) Next

func (p *BobSign) Next(rw io.ReadWriter) error

Next runs the next step in the protocol and reports errors or increments the step index

func (*BobSign) Result

func (d *BobSign) Result() (interface{}, error)

Result If the signing protocol completed successfully, returns the signature that Bob computed as a *core.EcdsaSignature.

func (*BobSign) ResultOT

func (b *BobSign) ResultOT() (interface{}, error)

ResultOT returns an encoded version of Bob's Sender as sequence of bytes that can be used to initialize a BobSign protocol.

func (*BobSign) SetDebug

func (b *BobSign) SetDebug(log io.Writer)

type DkgResult

type DkgResult struct {
	DkgState []byte
	Pubkey   *curves.EcPoint
}

DKG protocols produce the following result on successful completion

type MultiplyReceiver

type MultiplyReceiver struct {
	TB []*big.Int
	// contains filtered or unexported fields
}

func NewMultiplyReceiver

func NewMultiplyReceiver(multiplicity int, sender *seedOTSender) *MultiplyReceiver

func (*MultiplyReceiver) MultiplyInit

func (receiver *MultiplyReceiver) MultiplyInit(idExt [32]byte, beta []*big.Int, w io.Writer) error

MultiplyInit Protocol 5., Multiplication, 3). Bob (receiver) encodes beta and initiates the cOT extension!

func (*MultiplyReceiver) MultiplyTransfer

func (receiver *MultiplyReceiver) MultiplyTransfer(r io.Reader) error

MultiplyTransfer Protocol 5., Multiplication, 3) and 6). Bob finalizes the cOT extension. using that and Alice's multiplication message, Bob completes the multiplication protocol, including checks. at the end, Bob's values tB_j are populated.

type MultiplySender

type MultiplySender struct {
	TA []*big.Int
	// contains filtered or unexported fields
}

func NewMultiplySender

func NewMultiplySender(multiplicity int, receiver *seedOTReceiver) *MultiplySender

func (*MultiplySender) Multiply

func (sender *MultiplySender) Multiply(idExt [32]byte, alpha []*big.Int, rw io.ReadWriter) error

Multiply Protocol 5., steps 3) 5), 7). Alice _responds_ to Bob's initial cOT message, using a vector of alphas as input. doesn't actually send that message yet, only stashes it, and moves onto the next steps of the multiplication protocol specifically, Alice can then do step 5) (compute the outputs of the multiplication protocol), also stashes this. finishes up by taking care of 7), after that, Alice is totally done with multiplication and has stashed the outputs.

type Params

type Params struct {
	Curve     elliptic.Curve
	Scalar    curves.EcScalar
	Generator *curves.EcPoint
	// contains filtered or unexported fields
}

func NewParams

func NewParams(curve elliptic.Curve, scalar curves.EcScalar) (*Params, error)

NewParams receives an implementation of the curve and scalar interfaces and sets the parameters needed for DKG and Threshold ECDSA of DKLS.

type ProtocolIterator

type ProtocolIterator interface {
	// Next runs the next round of the protocol.
	// Inputs are read from rw.Read(); outputs are written to rw.Write().
	// Returns io.EOF when protocol has completed.
	Next(rw io.ReadWriter) error

	// Result returns the final result, if any, of the completed protocol.
	// Reports an error if the protocol has not yet terminated
	// or if an error was encountered during protocol execution.
	Result() (interface{}, error)

	// SetDebug enables or disables (passing a nil value as input) debugging.
	// At the moment, we only print the final dkls dkg result as json value to this log, but if needed more debugging
	// can be added for various steps of the other protocols.
	SetDebug(log io.Writer)
}

ProtocolIterator a generalized interface for multi-party protocols that follows the iterator pattern.

type ReceiverOTResult

type ReceiverOTResult struct {
	OTState  []byte
	Receiver *seedOTReceiver
}

type Schnorr

type Schnorr struct {
	Pub *curves.EcPoint // this is the public point.
	C   *big.Int
	S   *big.Int
	// contains filtered or unexported fields
}

func (*Schnorr) DecommitVerify

func (proof *Schnorr) DecommitVerify(com []byte) error

func (*Schnorr) Prove

func (proof *Schnorr) Prove(x *big.Int) error

func (*Schnorr) ProveCommit

func (proof *Schnorr) ProveCommit(x *big.Int) ([]byte, error)

this "commits to" a schnorr proof which is later revealed; see Functionality 7. it mutates `st` by adding a proof to it, and then also returns the commitment to the proof.

func (*Schnorr) Verify

func (proof *Schnorr) Verify() error

type SecretShare

type SecretShare struct {
	PkI *Schnorr // this is a "schnorr statement" for pkI.
	SkI *big.Int // the witness
	Pk  *curves.EcPoint
	// contains filtered or unexported fields
}

func DecodeSecret

func DecodeSecret(params *Params, b []byte) (*SecretShare, error)

DecodeSecret decodes a SecretShare object that was encoded after DKG.

func NewSecretShare

func NewSecretShare(params *Params) *SecretShare

NewSecretShare creates a secret share.

type SenderOTResult

type SenderOTResult struct {
	OTState []byte
	Sender  *seedOTSender
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL