acss

package
v1.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 2, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

package acss implements "Asynchronous Complete Secret Sharing" as described in

https://iotaledger.github.io/crypto-tss/talks/async-dkg/slides-async-dkg.html#/5/6

Here is a copy of the pseudo code from the slide mentioned above (just in case):

> // dealer with input s > sample random polynomial ϕ such that ϕ(0) = s > C, S := VSS.Share(ϕ, f+1, n) > E := [PKI.Enc(S[i], pkᵢ) for each party i] > > // party i (including the dealer) > RBC(C||E) > sᵢ := PKI.Dec(eᵢ, skᵢ) > if decrypt fails or VSS.Verify(C, i, sᵢ) == false: > send <IMPLICATE, i, skᵢ> to all parties > else: > send <OK> > > on receiving <OK> from n-f parties: > send <READY> to all parties > > on receiving <READY> from f+1 parties: > send <READY> to all parties > > on receiving <READY> from n-f parties: > if sᵢ is valid: > out = true > output sᵢ > > on receiving <IMPLICATE, j, skⱼ>: > sⱼ := PKI.Dec(eⱼ, skⱼ) > if decrypt fails or VSS.Verify(C, j, sⱼ) == false: > if out == true: > send <RECOVER, i, skᵢ> to all parties > return > > on receiving <RECOVER, j, skⱼ>: > sⱼ := PKI.Dec(eⱼ, skⱼ) > if VSS.Verify(C, j, sⱼ): T = T ∪ {sⱼ} > > wait until len(T) >= f+1: > sᵢ = SSS.Recover(T, f+1, n)(i) > out = true > output sᵢ

On the adaptations and sources:

> More details and references to the papers are bellow: > > Here the references for the Asynchronous Secret-Sharing that I was referring to. > It is purely based on (Feldman) Verifiable Secret Sharing and does not rely on any PVSS schemes > requiring fancy NIZKP (and thus trades network-complexity vs computational-complexity): > > * [1], Section IV. A. we use the ACSS scheme from [2] but replace its Pedersen > commitment with a Feldman polynomial commitment to achieve Homomorphic-Partial-Commitment. > > * In [2], Section 5.3. they explain the Pedersen-based hbACSS0 and give some proof sketch. > The complete description and analysis of hbACSS0 can be found in [3]. However, as mentioned > before they use Kate-commitments instead of Feldman/Pedersen. This has better message > complexity especially when multiple secrets are shared at the same time, but in our case > that would need to be replaced with Feldman making it much simpler and not losing any security. > Actually, [3] is just a pre-print, the official published version is [4], but [4] also contains > other, non-relevant, variants like hbACSS1 and hbACSS2 and much more analysis. > So, I found [3] a bit more helpful, although it is just the preliminary version. > They also provide their reference implementation in [5], which is also what the > authors of [1] used for their practical DKG results. > > [1] Practical Asynchronous Distributed Key Generation https://eprint.iacr.org/2021/1591 > [2] Asynchronous Data Dissemination and its Applications https://eprint.iacr.org/2021/777 > [3] Brief Note: Asynchronous Verifiable Secret Sharing with Optimal Resilience and Linear Amortized Overhead https://arxiv.org/pdf/1902.06095.pdf > [4] hbACSS: How to Robustly Share Many Secrets https://eprint.iacr.org/2021/159 > [5] https://github.com/tyurek/hbACSS

A PoC implementation: <https://github.com/Wollac/async.go>.

The Crypto part shown the pseudo-code above is replaced in the implementation with the scheme allowing to keep the private keys secret. The scheme implementation is taken from the PoC mentioned above. It is described in <https://hackmd.io/@CcRtfCBnRbW82-AdbFJUig/S1qcPiUN5>.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func New

func New(
	suite suites.Suite,
	peers []gpa.NodeID,
	peerPKs map[gpa.NodeID]kyber.Point,
	f int,
	me gpa.NodeID,
	mySK kyber.Scalar,
	dealer gpa.NodeID,
	dealCB func(int, []byte) []byte,
	log *logger.Logger,
) gpa.GPA

Types

type Output

type Output struct {
	PriShare *share.PriShare // Private share, received by this instance.
	Commits  []kyber.Point   // Feldman's commitment to the shared polynomial.
}

Directories

Path Synopsis
This package is a copy of <https://github.com/Wollac/async.go/tree/main/pkg/acss/crypto>
This package is a copy of <https://github.com/Wollac/async.go/tree/main/pkg/acss/crypto>

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL