gjkr

package
v0.14.0-rc Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 22, 2020 License: MIT Imports: 14 Imported by: 0

Documentation

Overview

Package gjkr contains code that implements Distributed Key Generation protocol described in [GJKR 99].

See http://docs.keep.network/random-beacon/dkg.html

[GJKR 99]: Gennaro R., Jarecki S., Krawczyk H., Rabin T. (1999) Secure
    Distributed Key Generation for Discrete-Log Based Cryptosystems. In:
    Stern J. (eds) Advances in Cryptology — EUROCRYPT ’99. EUROCRYPT 1999.
    Lecture Notes in Computer Science, vol 1592. Springer, Berlin, Heidelberg
    http://groups.csail.mit.edu/cis/pubs/stasio/vss.ps.gz

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RegisterUnmarshallers

func RegisterUnmarshallers(channel net.BroadcastChannel)

RegisterUnmarshallers initializes the given broadcast channel to be able to perform DKG protocol interactions by registering all the required protocol message unmarshallers. The channel needs to be fully initialized before Execute is called.

Types

type CombiningMember

type CombiningMember struct {
	*ReconstructingMember
	// contains filtered or unexported fields
}

CombiningMember represents one member in a threshold sharing group who is combining individual public keys of group members to receive group public key.

Executes Phase 12 of the protocol.

func (*CombiningMember) CombineGroupPublicKey

func (cm *CombiningMember) CombineGroupPublicKey()

CombineGroupPublicKey calculates a group public key by combining individual public keys. Group public key is calculated as a product of individual public keys of all group members including member themself.

`Y = Π y_j mod p` for `j`, where `y_j` is individual public key of each qualified group member. With elliptic curve, it is: `Y = Σ y_j`.

This function combines individual public keys of all Qualified Members who were approved for Phase 6. Three categories of individual public keys are considered:

  1. Current member's individual public key.
  2. Peer members' individual public keys - for members who passed a public key share points validation in Phase 8 and accusations resolution in Phase 9 and are still active group members.
  3. Misbehaved members' individual public keys - for QUAL members who were marked as disqualified or inactive and theirs individual private and public keys were reconstructed in Phase 11.

See Phase 12 of the protocol specification.

func (*CombiningMember) ComputeGroupPublicKeyShares

func (cm *CombiningMember) ComputeGroupPublicKeyShares()

ComputeGroupPublicKeyShares computes group public key shares for each individual member in the group. Those group public key shares are needed to perform the verification of relay entry signature shares coming from given group member.

func (*CombiningMember) InitializeFinalization

func (cm *CombiningMember) InitializeFinalization() *FinalizingMember

InitializeFinalization returns a member to perform next protocol operations.

func (CombiningMember) IsSenderAccepted

func (mc CombiningMember) IsSenderAccepted(senderID group.MemberIndex) bool

func (CombiningMember) IsSenderValid

func (mc CombiningMember) IsSenderValid(
	senderID group.MemberIndex,
	senderPublicKey []byte,
) bool

type CommitmentsVerifyingMember

type CommitmentsVerifyingMember struct {
	*CommittingMember
	// contains filtered or unexported fields
}

CommitmentsVerifyingMember represents one member in a distributed key generation group, after it has received secret shares and commitments from other group members and it performs verification of received values.

Executes Phase 4 of the protocol.

func (*CommitmentsVerifyingMember) InitializeSharesJustification

func (cvm *CommitmentsVerifyingMember) InitializeSharesJustification() *SharesJustifyingMember

InitializeSharesJustification returns a member to perform next protocol operations.

func (CommitmentsVerifyingMember) IsSenderAccepted

func (mc CommitmentsVerifyingMember) IsSenderAccepted(senderID group.MemberIndex) bool

func (CommitmentsVerifyingMember) IsSenderValid

func (mc CommitmentsVerifyingMember) IsSenderValid(
	senderID group.MemberIndex,
	senderPublicKey []byte,
) bool

func (*CommitmentsVerifyingMember) MarkInactiveMembers

func (cvm *CommitmentsVerifyingMember) MarkInactiveMembers(
	sharesMessages []*PeerSharesMessage,
	commitmentsMessages []*MemberCommitmentsMessage,
)

MarkInactiveMembers takes all messages from the previous DKG protocol execution phase and marks all member who did not send a message as IA.

func (*CommitmentsVerifyingMember) VerifyReceivedSharesAndCommitmentsMessages

func (cvm *CommitmentsVerifyingMember) VerifyReceivedSharesAndCommitmentsMessages(
	sharesMessages []*PeerSharesMessage,
	commitmentsMessages []*MemberCommitmentsMessage,
) (*SecretSharesAccusationsMessage, error)

VerifyReceivedSharesAndCommitmentsMessages verifies shares and commitments received in messages from other group members. Returns accusation message with IDs of members for which the verification failed. All those members are disqualified by the current member in this function.

Function returns error only if it is fatal to the protocol. Such situation should never happen.

Member is disqualified if: - messages contain invalid number of shares or commitments - shares can not be decrypted - shares are not valid against commitments

See Phase 4 of the protocol specification.

type CommittingMember

type CommittingMember struct {
	*SymmetricKeyGeneratingMember
	// contains filtered or unexported fields
}

CommittingMember represents one member in a distributed key generation group, after it has fully initialized ephemeral symmetric keys with all other group members.

Executes Phase 3 of the protocol.

func (*CommittingMember) CalculateMembersSharesAndCommitments

func (cm *CommittingMember) CalculateMembersSharesAndCommitments() (
	*PeerSharesMessage,
	*MemberCommitmentsMessage,
	error,
)

CalculateMembersSharesAndCommitments starts with generating coefficients for two polynomials. It then calculates shares for all group member and packs them into a broadcast message. Individual shares inside the message are encrypted with the symmetric key of the indended share receiver. Additionally, it calculates commitments to `a` coefficients of first polynomial using second's polynomial `b` coefficients.

If there are no symmetric keys established with all other group members, function yields an error.

See Phase 3 of the protocol specification.

func (*CommittingMember) InitializeCommitmentsVerification

func (cm *CommittingMember) InitializeCommitmentsVerification() *CommitmentsVerifyingMember

InitializeCommitmentsVerification returns a member to perform next protocol operations.

func (CommittingMember) IsSenderAccepted

func (mc CommittingMember) IsSenderAccepted(senderID group.MemberIndex) bool

func (CommittingMember) IsSenderValid

func (mc CommittingMember) IsSenderValid(
	senderID group.MemberIndex,
	senderPublicKey []byte,
) bool

type EphemeralKeyPairGeneratingMember

type EphemeralKeyPairGeneratingMember struct {
	*LocalMember
	// contains filtered or unexported fields
}

EphemeralKeyPairGeneratingMember represents one member in a distributed key generating group performing ephemeral key pair generation. It has a full list of `memberIDs` that belong to its threshold group.

Executes Phase 1 of the protocol.

func (*EphemeralKeyPairGeneratingMember) GenerateEphemeralKeyPair

func (em *EphemeralKeyPairGeneratingMember) GenerateEphemeralKeyPair() (
	*EphemeralPublicKeyMessage,
	error,
)

GenerateEphemeralKeyPair takes the group member list and generates an ephemeral ECDH keypair for every other group member. Generated public ephemeral keys are broadcasted within the group.

See Phase 1 of the protocol specification.

func (*EphemeralKeyPairGeneratingMember) InitializeSymmetricKeyGeneration

func (ekgm *EphemeralKeyPairGeneratingMember) InitializeSymmetricKeyGeneration() *SymmetricKeyGeneratingMember

InitializeSymmetricKeyGeneration performs a transition of the member state from phase 1 to phase 2. It returns a member instance ready to execute the next phase of the protocol.

func (EphemeralKeyPairGeneratingMember) IsSenderAccepted

func (mc EphemeralKeyPairGeneratingMember) IsSenderAccepted(senderID group.MemberIndex) bool

func (EphemeralKeyPairGeneratingMember) IsSenderValid

func (mc EphemeralKeyPairGeneratingMember) IsSenderValid(
	senderID group.MemberIndex,
	senderPublicKey []byte,
) bool

type EphemeralPublicKeyMessage

type EphemeralPublicKeyMessage struct {
	// contains filtered or unexported fields
}

EphemeralPublicKeyMessage is a message payload that carries the sender's ephemeral public keys generated for all other group members.

The receiver performs ECDH on a sender's ephemeral public key intended for the receiver and on the receiver's private ephemeral key, creating a symmetric key used for encrypting a conversation between the sender and the receiver. In case of an accusation for malicious behavior, the accusing party reveals its private ephemeral key so that all the other group members can resolve the accusation looking at messages exchanged between accuser and accused party. To validate correctness of accuser's private ephemeral key, all group members must know its ephemeral public key prior to exchanging any messages. Hence, this message contains all the generated public keys and it is broadcast within the group.

func (*EphemeralPublicKeyMessage) Marshal

func (epkm *EphemeralPublicKeyMessage) Marshal() ([]byte, error)

Marshal converts this EphemeralPublicKeyMessage to a byte array suitable for network communication.

func (*EphemeralPublicKeyMessage) SenderID

func (epkm *EphemeralPublicKeyMessage) SenderID() group.MemberIndex

SenderID returns protocol-level identifier of the message sender.

func (*EphemeralPublicKeyMessage) Type

func (epkm *EphemeralPublicKeyMessage) Type() string

Type returns a string describing an EphemeralPublicKeyMessage type for marshaling purposes.

func (*EphemeralPublicKeyMessage) Unmarshal

func (epkm *EphemeralPublicKeyMessage) Unmarshal(bytes []byte) error

Unmarshal converts a byte array produced by Marshal to an EphemeralPublicKeyMessage

type FinalizingMember

type FinalizingMember struct {
	*CombiningMember
}

FinalizingMember represents one member in a threshold key sharing group, after it completed distributed key generation.

Prepares a result to publish in Phase 13 of the protocol.

func (FinalizingMember) IsSenderAccepted

func (mc FinalizingMember) IsSenderAccepted(senderID group.MemberIndex) bool

func (FinalizingMember) IsSenderValid

func (mc FinalizingMember) IsSenderValid(
	senderID group.MemberIndex,
	senderPublicKey []byte,
) bool

func (*FinalizingMember) Result

func (fm *FinalizingMember) Result() *Result

Result can be either the successful computation of a round of distributed key generation, or a notification of failure. It returns the generated group public key and a private key share of a group key along with the disqualified and inactive members (as part of including the group state). The group private key share is used for signing and should never be revealed publicly.

type LocalMember

type LocalMember struct {
	// contains filtered or unexported fields
}

LocalMember represents one member in a threshold group, prior to the initiation of distributed key generation process

func NewMember

func NewMember(
	memberID group.MemberIndex,
	groupSize,
	dishonestThreshold int,
	membershipValidator group.MembershipValidator,
	seed *big.Int,
) (*LocalMember, error)

NewMember creates a new member in an initial state

func (*LocalMember) InitializeEphemeralKeysGeneration

func (lm *LocalMember) InitializeEphemeralKeysGeneration() *EphemeralKeyPairGeneratingMember

InitializeEphemeralKeysGeneration performs a transition of a member state from the local state to phase 1 of the protocol.

func (LocalMember) IsSenderAccepted

func (mc LocalMember) IsSenderAccepted(senderID group.MemberIndex) bool

func (LocalMember) IsSenderValid

func (mc LocalMember) IsSenderValid(
	senderID group.MemberIndex,
	senderPublicKey []byte,
) bool

type MemberCommitmentsMessage

type MemberCommitmentsMessage struct {
	// contains filtered or unexported fields
}

MemberCommitmentsMessage is a message payload that carries the sender's commitments to coefficients of the secret shares polynomial generated by member in the third phase of the protocol.

It is expected to be broadcast.

func (*MemberCommitmentsMessage) Marshal

func (mcm *MemberCommitmentsMessage) Marshal() ([]byte, error)

Marshal converts this MemberCommitmentsMessage to a byte array suitable for network communication.

func (*MemberCommitmentsMessage) SenderID

func (mcm *MemberCommitmentsMessage) SenderID() group.MemberIndex

SenderID returns protocol-level identifier of the message sender.

func (*MemberCommitmentsMessage) Type

func (mcm *MemberCommitmentsMessage) Type() string

Type returns a string describing a MemberCommitmentsMessage type for marshaling purposes.

func (*MemberCommitmentsMessage) Unmarshal

func (mcm *MemberCommitmentsMessage) Unmarshal(bytes []byte) error

Unmarshal converts a byte array produced by Marshal to a MemberCommitmentsMessage

type MemberPublicKeySharePointsMessage

type MemberPublicKeySharePointsMessage struct {
	// contains filtered or unexported fields
}

MemberPublicKeySharePointsMessage is a message payload that carries the sender's public key share points.

It is expected to be broadcast.

func (*MemberPublicKeySharePointsMessage) Marshal

func (mpspm *MemberPublicKeySharePointsMessage) Marshal() ([]byte, error)

Marshal converts this MemberPublicKeySharePointsMessage to a byte array suitable for network communication.

func (*MemberPublicKeySharePointsMessage) SenderID

SenderID returns protocol-level identifier of the message sender.

func (*MemberPublicKeySharePointsMessage) Type

Type returns a string describing MemberPublicKeySharePointsMessage type for marshaling purposes

func (*MemberPublicKeySharePointsMessage) Unmarshal

func (mpspm *MemberPublicKeySharePointsMessage) Unmarshal(bytes []byte) error

Unmarshal converts a byte array produced by Marshal to a MemberPublicKeySharePointsMessage.

type MisbehavedEphemeralKeysMessage

type MisbehavedEphemeralKeysMessage struct {
	// contains filtered or unexported fields
}

MisbehavedEphemeralKeysMessage is a message payload that carries sender's ephemeral private keys used to generate ephemeral symmetric keys to encrypt communication with members from QUAL set which were marked as disqualified or inactive. It is expected to be broadcast.

func (*MisbehavedEphemeralKeysMessage) Marshal

func (mekm *MisbehavedEphemeralKeysMessage) Marshal() ([]byte, error)

Marshal converts this MisbehavedEphemeralKeysMessage to a byte array suitable for network communication.

func (*MisbehavedEphemeralKeysMessage) SenderID

SenderID returns protocol-level identifier of the message sender.

func (*MisbehavedEphemeralKeysMessage) Type

Type returns a string describing MisbehavedEphemeralKeysMessage type for marshalling purposes.

func (*MisbehavedEphemeralKeysMessage) Unmarshal

func (mekm *MisbehavedEphemeralKeysMessage) Unmarshal(bytes []byte) error

Unmarshal converts a byte array produced by Marshal to a MisbehavedEphemeralKeysMessage.

type PeerSharesMessage

type PeerSharesMessage struct {
	// contains filtered or unexported fields
}

PeerSharesMessage is a message payload that carries shares `s_ij` and `t_ij` calculated by the sender `i` for all other group members individually.

It is expected to be broadcast within the group.

func (*PeerSharesMessage) Marshal

func (psm *PeerSharesMessage) Marshal() ([]byte, error)

Marshal converts this PeerSharesMessage to a byte array suitable for network communication.

func (*PeerSharesMessage) SenderID

func (psm *PeerSharesMessage) SenderID() group.MemberIndex

SenderID returns protocol-level identifier of the message sender.

func (*PeerSharesMessage) Type

func (psm *PeerSharesMessage) Type() string

Type returns a string describing a PeerSharesMessage type for marshaling purposes

func (*PeerSharesMessage) Unmarshal

func (psm *PeerSharesMessage) Unmarshal(bytes []byte) error

Unmarshal converts a byte array produced by Marshal to a PeerSharesMessage.

type PointsAccusationsMessage

type PointsAccusationsMessage struct {
	// contains filtered or unexported fields
}

PointsAccusationsMessage is a message payload that carries all of the sender's accusations against other members of the threshold group after public key share points validation. If all other members behaved honestly from the sender's point of view, this message should be broadcast but with an empty map of `accusedMembersKeys`. It is expected to be broadcast.

func (*PointsAccusationsMessage) Marshal

func (pam *PointsAccusationsMessage) Marshal() ([]byte, error)

Marshal converts this PointsAccusationsMessage to a byte array suitable for network communication.

func (*PointsAccusationsMessage) SenderID

func (pam *PointsAccusationsMessage) SenderID() group.MemberIndex

SenderID returns protocol-level identifier of the message sender.

func (*PointsAccusationsMessage) Type

func (pam *PointsAccusationsMessage) Type() string

Type returns a string describing PointsAccusationsMessage type for marshaling purposes.

func (*PointsAccusationsMessage) Unmarshal

func (pam *PointsAccusationsMessage) Unmarshal(bytes []byte) error

Unmarshal converts a byte array produced by Marshal to a PointsAccusationsMessage.

type PointsJustifyingMember

type PointsJustifyingMember struct {
	*SharingMember
}

PointsJustifyingMember represents one member in a threshold key sharing group, after it completed public key share points verification and enters justification phase where it resolves public key share points accusations.

Executes Phase 9 of the protocol.

func (*PointsJustifyingMember) InitializeRevealing

func (pjm *PointsJustifyingMember) InitializeRevealing() *RevealingMember

InitializeRevealing returns a member to perform next protocol operations.

func (PointsJustifyingMember) IsSenderAccepted

func (mc PointsJustifyingMember) IsSenderAccepted(senderID group.MemberIndex) bool

func (PointsJustifyingMember) IsSenderValid

func (mc PointsJustifyingMember) IsSenderValid(
	senderID group.MemberIndex,
	senderPublicKey []byte,
) bool

func (*PointsJustifyingMember) MarkInactiveMembers

func (cvm *PointsJustifyingMember) MarkInactiveMembers(
	pointsAccusationsMessages []*PointsAccusationsMessage,
)

MarkInactiveMembers takes all messages from the previous DKG protocol execution phase and marks all member who did not send a message as IA.

func (*PointsJustifyingMember) ResolvePublicKeySharePointsAccusationsMessages

func (pjm *PointsJustifyingMember) ResolvePublicKeySharePointsAccusationsMessages(
	messages []*PointsAccusationsMessage,
) error

ResolvePublicKeySharePointsAccusationsMessages resolves complaints received in points accusations messages. The member calls this function to judge which party of the dispute is misbehaving.

Function should not receive accusation message sent by the current member. Members accused by the current member are disqualified in the previous phase, at the same time when an accusation against them is published.

If the current member is accused, it marks the accuser as disqualified without checking self shares. Each member consider itself as an honest participant.

This function needs to decrypt shares sent previously by the accused member to the accuser in an encrypted form. To do that it needs to recover a symmetric key used for data encryption. It takes private key revealed by the accuser and public key broadcasted by the accused and performs Elliptic Curve Diffie- Hellman operation between them.

Function returns error only if it is fatal to the protocol. Such situation should never happen.

Accuser is disqualified if:

  • accused the current member
  • the revealed private key does not match the public key previously broadcast by the accuser
  • accused inactive or already disqualified member and as a result, we do not have enough information to resolve that accusation
  • shares of the accused member are valid against public key share points
  • shares of the accused member can not be decrypted and the accuser didn't complain about this fact in phase 4 (protocol violation)

Accused member is disqualified if: - shares of the accused member can not be decrypted - shares of the accused member are not valid against public key share points

See Phase 9 of the protocol specification.

type QualifiedMember

type QualifiedMember struct {
	*SharesJustifyingMember
	// contains filtered or unexported fields
}

QualifiedMember represents one member in a threshold key sharing group, after it completed secret shares justification. The member holds a share of group group private key.

Executes Phase 6 of the protocol.

func (*QualifiedMember) CombineMemberShares

func (qm *QualifiedMember) CombineMemberShares()

CombineMemberShares sums up all `s` shares intended for this member. Combines secret shares calculated by current member `i` for itself `s_ii` with shares calculated by peer members `j` for this member `s_ji`.

`x_i = Σ s_ji mod q` for `j` in a group of players who passed secret shares accusations stage. `q` is the order of cyclic group formed over the alt_bn128 curve.

See Phase 6 of the protocol specification.

func (*QualifiedMember) InitializeSharing

func (qm *QualifiedMember) InitializeSharing() *SharingMember

InitializeSharing returns a member to perform next protocol operations.

func (QualifiedMember) IsSenderAccepted

func (mc QualifiedMember) IsSenderAccepted(senderID group.MemberIndex) bool

func (QualifiedMember) IsSenderValid

func (mc QualifiedMember) IsSenderValid(
	senderID group.MemberIndex,
	senderPublicKey []byte,
) bool

type ReconstructingMember

type ReconstructingMember struct {
	*RevealingMember
	// contains filtered or unexported fields
}

ReconstructingMember represents one member in a threshold sharing group who is reconstructing individual private and public keys of disqualified group members.

Executes Phase 11 of the protocol.

func (*ReconstructingMember) InitializeCombining

func (rm *ReconstructingMember) InitializeCombining() *CombiningMember

InitializeCombining returns a member to perform next protocol operations.

func (ReconstructingMember) IsSenderAccepted

func (mc ReconstructingMember) IsSenderAccepted(senderID group.MemberIndex) bool

func (ReconstructingMember) IsSenderValid

func (mc ReconstructingMember) IsSenderValid(
	senderID group.MemberIndex,
	senderPublicKey []byte,
) bool

func (*ReconstructingMember) MarkInactiveMembers

func (rm *ReconstructingMember) MarkInactiveMembers(
	messages []*MisbehavedEphemeralKeysMessage,
)

MarkInactiveMembers takes all messages from the previous DKG protocol execution phase and marks all member who did not send a message as IA.

func (*ReconstructingMember) ReconstructMisbehavedIndividualKeys

func (rm *ReconstructingMember) ReconstructMisbehavedIndividualKeys(
	messages []*MisbehavedEphemeralKeysMessage,
) error

ReconstructMisbehavedIndividualKeys reconstructs individual private key `z_m` and public key `y_m` of every disqualified or inactive member `m` from QUAL set. QUAL contains all group members which provided valid shares in Phase 3. To do that, it first needs to recover shares calculated by IA/DQ QUAL members `m` in Phase 3 for other members `k`. The shares were encrypted before broadcast, so ephemeral symmetric key needs to be recovered. This requires messages containing ephemeral private key revealed by member `k` used in communication with misbehaved member `m`.

See Phase 11 of the protocol specification.

type Result

type Result struct {
	// Group represents the group state, including members, disqualified,
	// and inactive members.
	Group *group.Group
	// Group public key generated by protocol execution.
	GroupPublicKey *bn256.G2
	// Share of the group private key. It is used for signing and should never
	// be revealed publicly.
	GroupPrivateKeyShare *big.Int
	// contains filtered or unexported fields
}

Result of distributed key generation protocol.

func Execute

func Execute(
	memberIndex group.MemberIndex,
	groupSize int,
	blockCounter chain.BlockCounter,
	channel net.BroadcastChannel,
	dishonestThreshold int,
	seed *big.Int,
	membershipValidator group.MembershipValidator,
	startBlockHeight uint64,
) (*Result, uint64, error)

Execute runs the GJKR distributed key generation protocol, given a broadcast channel to mediate with, a block counter used for time tracking, a player index to use in the group, dishonest threshold, and block height when DKG protocol should start. If the generation is successful, it returns a threshold group member which can participate in the signing group; if the generation fails, it returns an error.

func (*Result) GroupPublicKeyBytes

func (r *Result) GroupPublicKeyBytes() ([]byte, error)

GroupPublicKeyBytes returns marshalled group public key.

func (*Result) GroupPublicKeyShares

func (r *Result) GroupPublicKeyShares() map[group.MemberIndex]*bn256.G2

GroupPublicKeyShares returns shares of the group public key for each individual member of the group. They are used for verification of signatures received from other members created using their respective group private key share.

type RevealingMember

type RevealingMember struct {
	*PointsJustifyingMember
	// contains filtered or unexported fields
}

RevealingMember represents one member in a threshold sharing group who is revealing ephemeral private keys used to create ephemeral symmetric key to communicate with other members disqualified in Phase 9.

Executes Phase 10 of the protocol.

func (*RevealingMember) InitializeReconstruction

func (rm *RevealingMember) InitializeReconstruction() *ReconstructingMember

InitializeReconstruction returns a member to perform next protocol operations.

func (RevealingMember) IsSenderAccepted

func (mc RevealingMember) IsSenderAccepted(senderID group.MemberIndex) bool

func (RevealingMember) IsSenderValid

func (mc RevealingMember) IsSenderValid(
	senderID group.MemberIndex,
	senderPublicKey []byte,
) bool

func (*RevealingMember) RevealMisbehavedMembersKeys

func (rm *RevealingMember) RevealMisbehavedMembersKeys() (
	*MisbehavedEphemeralKeysMessage,
	error,
)

RevealMisbehavedMembersKeys reveals ephemeral private keys used to create an ephemeral symmetric key with members whose shares needs to be reconstructed. Those are members who provided valid shares in Phase 3 and qualified to QUAL set but were either marked as inactive or disqualified later. It returns a message containing a map of ephemeral private key for each member.

See Phase 10 of the protocol specification.

type SecretSharesAccusationsMessage

type SecretSharesAccusationsMessage struct {
	// contains filtered or unexported fields
}

SecretSharesAccusationsMessage is a message payload that carries all of the sender's accusations against other members of the threshold group. If all other members behaved honestly from the sender's point of view, this message should be broadcast but with an empty map of `accusedMembersKeys`.

It is expected to be broadcast.

func (*SecretSharesAccusationsMessage) Marshal

func (ssam *SecretSharesAccusationsMessage) Marshal() ([]byte, error)

Marshal converts this SecretSharesAccusationsMessage to a byte array suitable for network communication.

func (*SecretSharesAccusationsMessage) SenderID

SenderID returns protocol-level identifier of the message sender.

func (*SecretSharesAccusationsMessage) Type

Type returns a string describing a SecretSharesAccusationsMessage type for marshalling purposes.

func (*SecretSharesAccusationsMessage) Unmarshal

func (ssam *SecretSharesAccusationsMessage) Unmarshal(bytes []byte) error

Unmarshal converts a byte array produced by Marshal to a SecretSharesAccusationsMessage.

type SharesJustifyingMember

type SharesJustifyingMember struct {
	*CommitmentsVerifyingMember
}

SharesJustifyingMember represents one member in a threshold key sharing group, after it completed secret shares and commitments verification and enters justification phase where it resolves invalid share accusations.

Executes Phase 5 of the protocol.

func (*SharesJustifyingMember) InitializeQualified

func (sjm *SharesJustifyingMember) InitializeQualified() *QualifiedMember

InitializeQualified returns a member to perform next protocol operations.

func (SharesJustifyingMember) IsSenderAccepted

func (mc SharesJustifyingMember) IsSenderAccepted(senderID group.MemberIndex) bool

func (SharesJustifyingMember) IsSenderValid

func (mc SharesJustifyingMember) IsSenderValid(
	senderID group.MemberIndex,
	senderPublicKey []byte,
) bool

func (*SharesJustifyingMember) MarkInactiveMembers

func (cvm *SharesJustifyingMember) MarkInactiveMembers(
	sharesAccusationsMessages []*SecretSharesAccusationsMessage,
)

MarkInactiveMembers takes all messages from the previous DKG protocol execution phase and marks all member who did not send a message as IA.

func (*SharesJustifyingMember) ResolveSecretSharesAccusationsMessages

func (sjm *SharesJustifyingMember) ResolveSecretSharesAccusationsMessages(
	messages []*SecretSharesAccusationsMessage,
) error

ResolveSecretSharesAccusationsMessages resolves complaints received in secret shares accusations messages. The member calls this function to judge which party of the dispute is misbehaving.

Function should not receive accusation message sent by the current member. Members accused by the current member are disqualified in the previous phase, at the same time when an accusation against them is published.

If the current member is accused, it marks the accuser as disqualified without checking self shares. Each member consider itself as an honest participant.

This function needs to decrypt shares sent previously by the accused member to the accuser in an encrypted form. To do that it needs to recover a symmetric key used for data encryption. It takes private key revealed by the accuser and public key broadcasted by the accused and performs Elliptic Curve Diffie- Hellman operation on them.

Function returns error only if it is fatal to the protocol. Such situation should never happen.

Accuser is disqualified if:

  • accused the current member
  • the revealed private key does not match the public key previously broadcast by the accuser
  • accused inactive or already disqualified member and as a result, we do not have enough information to resolve that accusation
  • shares of the accused member are valid against commitments

Accused member is disqualified if: - shares of the accused member can not be decrypted - shares of the accused member are not valid against commitments

See Phase 5 of the protocol specification.

type SharingMember

type SharingMember struct {
	*QualifiedMember
	// contains filtered or unexported fields
}

SharingMember represents one member in a threshold key sharing group, after it has been qualified to the group private key sharing. A member shares public values of it's polynomial coefficients with peer members.

Executes Phase 7 and Phase 8 of the protocol.

func (*SharingMember) CalculatePublicKeySharePoints

func (sm *SharingMember) CalculatePublicKeySharePoints() *MemberPublicKeySharePointsMessage

CalculatePublicKeySharePoints calculates public values for member's coefficients.

It calculates: `A_k = g^a_k` for `k` in `[0..T]`.

What, using elliptic curve, is the same as: `A_k = G * a_k` for `k` in `[0..T]`. where `G` is curve's generator.

See Phase 7 of the protocol specification.

func (*SharingMember) InitializePointsJustification

func (sm *SharingMember) InitializePointsJustification() *PointsJustifyingMember

InitializePointsJustification returns a member to perform next protocol operations.

func (SharingMember) IsSenderAccepted

func (mc SharingMember) IsSenderAccepted(senderID group.MemberIndex) bool

func (SharingMember) IsSenderValid

func (mc SharingMember) IsSenderValid(
	senderID group.MemberIndex,
	senderPublicKey []byte,
) bool

func (*SharingMember) MarkInactiveMembers

func (sm *SharingMember) MarkInactiveMembers(
	keySharePointsMessages []*MemberPublicKeySharePointsMessage,
)

MarkInactiveMembers takes all messages from the previous DKG protocol execution phase and marks all member who did not send a message as IA.

func (*SharingMember) VerifyPublicKeySharePoints

func (sm *SharingMember) VerifyPublicKeySharePoints(
	messages []*MemberPublicKeySharePointsMessage,
) (*PointsAccusationsMessage, error)

VerifyPublicKeySharePoints validates public key share points received in messages from peer group members. It returns accusation message with ID of members for which the verification failed.

See Phase 8 of the protocol specification.

type SymmetricKeyGeneratingMember

type SymmetricKeyGeneratingMember struct {
	*EphemeralKeyPairGeneratingMember
	// contains filtered or unexported fields
}

SymmetricKeyGeneratingMember represents one member in a distributed key generating group performing ephemeral symmetric key generation.

Executes Phase 2 of the protocol.

func (*SymmetricKeyGeneratingMember) GenerateSymmetricKeys

func (sm *SymmetricKeyGeneratingMember) GenerateSymmetricKeys(
	ephemeralPubKeyMessages []*EphemeralPublicKeyMessage,
) error

GenerateSymmetricKeys attempts to generate symmetric keys for all remote group members via ECDH. It generates this symmetric key for each remote group member by doing an ECDH between the ephemeral private key generated for a remote group member, and the public key for this member, generated and broadcasted by the remote group member.

See Phase 2 of the protocol specification.

func (*SymmetricKeyGeneratingMember) InitializeCommitting

func (skgm *SymmetricKeyGeneratingMember) InitializeCommitting() *CommittingMember

InitializeCommitting returns a member to perform next protocol operations.

func (SymmetricKeyGeneratingMember) IsSenderAccepted

func (mc SymmetricKeyGeneratingMember) IsSenderAccepted(senderID group.MemberIndex) bool

func (SymmetricKeyGeneratingMember) IsSenderValid

func (mc SymmetricKeyGeneratingMember) IsSenderValid(
	senderID group.MemberIndex,
	senderPublicKey []byte,
) bool

func (*SymmetricKeyGeneratingMember) MarkInactiveMembers

func (em *SymmetricKeyGeneratingMember) MarkInactiveMembers(
	ephemeralPubKeyMessages []*EphemeralPublicKeyMessage,
)

MarkInactiveMembers takes all messages from the previous DKG protocol execution phase and marks all member who did not send a message as IA.

Directories

Path Synopsis
gen
pb

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL