nonce

package
v0.5.0-alpha.12 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 25, 2023 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

nonce package implements NonceDKG as described in <https://github.com/iotaledger/crypto-tss/>. > 4) Asynchronous nonce-DKG > Variant a) > > Setup > Run any DKG (preferably probably FROST-DKG) to derive the aggregated public key and private key share. > This leads to a synchronous, non-robust setup phase. > Nonce sharing (can be started any time before the signing process) > For every party i: > Sample secret s = a₀ > Run ACSSᵢ(s): > C=(A₀,A₁,…,Aₜ), e=(Enc_pk₀(y₀),…,Enc_pkₙ(yₙ)) ← VSSEncAndProve(s) > Broadcast (C,e) using Verified Reliable Broadcast (RBC) with predicate: C is valid > On termination of ACSSⱼ: > sʲᵢ ← output > Tᵢ ← Tᵢ ∪ {j} > Wait until |Tᵢ| ≥ n - f > Signing process > For every party i: > Input Tᵢ (bit vector) into Verified ACS with predicate: |Tᵢ| ≥ n - f > On termination of ACS: > 𝒯 ← {j | the j-th bit is set in at least f+1 elements of the output} > (One can show that |𝒯| ≥ f + 1 will always hold. Thus, one honest dealer will always be included.) > Wait until 𝒯 ⊆ Tᵢ > (as for each j in 𝒯 at least one honest peer observed a termination of ACSSⱼ, this will eventually succeed.) > σᵢ ← sum(sʲᵢ for j in 𝒯) > Create partial signature using the private key share and σᵢ as the nonce share > Aggregate t partial signatures to form the valid signature

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func New

func New(
	suite suites.Suite,
	nodeIDs []gpa.NodeID,
	peerPKs map[gpa.NodeID]kyber.Point,
	f int,
	me gpa.NodeID,
	mySK kyber.Scalar,
	log *logger.Logger,
) gpa.GPA

func NewInputAgreementResult added in v1.0.3

func NewInputAgreementResult(proposals map[gpa.NodeID][]int) gpa.Input

func NewInputStart added in v1.0.3

func NewInputStart() gpa.Input

Types

type Output

type Output struct {
	Indexes   []int           // Indexes used to construct the final key (exactly f+1 for the intermediate output).
	PubKey    kyber.Point     // The common/aggregated public key of the key set.
	PriShare  *share.PriShare // Final key share (can be nil until consensus is completed in the case of aggrExt==true).
	Commits   []kyber.Point   // Commitments for the final key shares.
	Threshold int
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL