Documentation
¶
Overview ¶
package acss implements "Asynchronous Complete Secret Sharing" as described in
https://iotaledger.github.io/crypto-tss/talks/async-dkg/slides-async-dkg.html#/5/6
Here is a copy of the pseudo code from the slide mentioned above (just in case):
> // dealer with input s > sample random polynomial ϕ such that ϕ(0) = s > C, S := VSS.Share(ϕ, f+1, n) > E := [PKI.Enc(S[i], pkᵢ) for each party i] > > // party i (including the dealer) > RBC(C||E) > sᵢ := PKI.Dec(eᵢ, skᵢ) > if decrypt fails or VSS.Verify(C, i, sᵢ) == false: > send <IMPLICATE, i, skᵢ> to all parties > else: > send <OK> > > on receiving <OK> from n-f parties: > send <READY> to all parties > > on receiving <READY> from f+1 parties: > send <READY> to all parties > > on receiving <READY> from n-f parties: > if sᵢ is valid: > out = true > output sᵢ > > on receiving <IMPLICATE, j, skⱼ>: > sⱼ := PKI.Dec(eⱼ, skⱼ) > if decrypt fails or VSS.Verify(C, j, sⱼ) == false: > if out == true: > send <RECOVER, i, skᵢ> to all parties > return > > on receiving <RECOVER, j, skⱼ>: > sⱼ := PKI.Dec(eⱼ, skⱼ) > if VSS.Verify(C, j, sⱼ): T = T ∪ {sⱼ} > > wait until len(T) >= f+1: > sᵢ = SSS.Recover(T, f+1, n)(i) > out = true > output sᵢ
On the adaptations and sources:
> More details and references to the papers are bellow: > > Here the references for the Asynchronous Secret-Sharing that I was referring to. > It is purely based on (Feldman) Verifiable Secret Sharing and does not rely on any PVSS schemes > requiring fancy NIZKP (and thus trades network-complexity vs computational-complexity): > > * [1], Section IV. A. we use the ACSS scheme from [2] but replace its Pedersen > commitment with a Feldman polynomial commitment to achieve Homomorphic-Partial-Commitment. > > * In [2], Section 5.3. they explain the Pedersen-based hbACSS0 and give some proof sketch. > The complete description and analysis of hbACSS0 can be found in [3]. However, as mentioned > before they use Kate-commitments instead of Feldman/Pedersen. This has better message > complexity especially when multiple secrets are shared at the same time, but in our case > that would need to be replaced with Feldman making it much simpler and not losing any security. > Actually, [3] is just a pre-print, the official published version is [4], but [4] also contains > other, non-relevant, variants like hbACSS1 and hbACSS2 and much more analysis. > So, I found [3] a bit more helpful, although it is just the preliminary version. > They also provide their reference implementation in [5], which is also what the > authors of [1] used for their practical DKG results. > > [1] Practical Asynchronous Distributed Key Generation https://eprint.iacr.org/2021/1591 > [2] Asynchronous Data Dissemination and its Applications https://eprint.iacr.org/2021/777 > [3] Brief Note: Asynchronous Verifiable Secret Sharing with Optimal Resilience and Linear Amortized Overhead https://arxiv.org/pdf/1902.06095.pdf > [4] hbACSS: How to Robustly Share Many Secrets https://eprint.iacr.org/2021/159 > [5] https://github.com/tyurek/hbACSS
A PoC implementation: <https://github.com/Wollac/async.go>.
The Crypto part shown the pseudo-code above is replaced in the implementation with the scheme allowing to keep the private keys secret. The scheme implementation is taken from the PoC mentioned above. It is described in <https://hackmd.io/@CcRtfCBnRbW82-AdbFJUig/S1qcPiUN5>.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Source Files
Directories