dkls

package
v0.0.3-gama Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 24, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

README

dkls

import "github.com/coinbase/kryptology/pkg/tecdsa/dkls"

Package dkls implements the 2-of-2 threshold ECDSA signing algorithm of [Doerner, Kondi, Lee, and shelat](https://eprint.iacr.org/2018/499). For an example of use, look at sign.go.

It is currently a work in progress; do not use it in real-life scenarios yet. TODO: Docs to be completed.

Index

func EncodeAlice

func EncodeAlice(a *Alice) ([]byte, error)

Encodes an alice object as a byte sequence after DKG has been completed.

func EncodeBob

func EncodeBob(b *Bob) ([]byte, error)

Encodes a bob object as a byte sequence after DKG has been completed.

func NewPipeWrappers

func NewPipeWrappers() (*pipeWrapper, *pipeWrapper)

type Alice

Alice struct encoding Alice's state during one execution of the overall signing algorithm. At the end of the joint computation, Alice will NOT obtain the signature.

type Alice struct {
    PkA      *Schnorr // this is a "schnorr statement" for pkA.
    Receiver *seedOTReceiver
    SkA      *big.Int // the witness
    Pk       *curves.EcPoint
    // contains filtered or unexported fields
}
func DecodeAlice
func DecodeAlice(params *Params, b []byte) (*Alice, error)

Decodes an alice object that was encoded after DKG.

func NewAlice
func NewAlice(params *Params) *Alice

NewAlice creates a party that can participate in 2-of-2 DKG and threshold signature.

func (*Alice) DKG
func (alice *Alice) DKG(rw io.ReadWriter) error
func (*Alice) Sign
func (alice *Alice) Sign(m []byte, rw io.ReadWriter) error

Sign this is an illustrative helper method which shows the overall flow for Alice. in practice this will be replaced by a method which actually sends messages back and forth.

type AliceDkg

AliceDkg DKLS DKG implementation that satisfies the protocol iterator interface.

type AliceDkg struct {
    // contains filtered or unexported fields
}
func NewAliceDkg
func NewAliceDkg(params *Params) *AliceDkg

NewAliceDkg creates a new protocol that can compute a DKG as Alice

func (*AliceDkg) Result
func (a *AliceDkg) Result() (interface{}, error)

Result Returns an encoded version of Alice as sequence of bytes that can be used to initialize an AliceSign protocol.

func (*AliceDkg) SetDebug
func (a *AliceDkg) SetDebug(log io.Writer)

type AliceSign

AliceSign DKLS sign implementation that satisfies the protocol iterator interface.

type AliceSign struct {
    // contains filtered or unexported fields
}
func NewAliceSign
func NewAliceSign(params *Params, msg []byte, dkgResult []byte) (*AliceSign, error)

Creates a new protocol that can compute a signature as Alice. Requires dkg state that was produced at the end of DKG.Result().

func (*AliceSign) Result
func (a *AliceSign) Result() (interface{}, error)

Result always returns errNoSig. Alice does not compute a signature in the DKLS protocol; only Bob computes the signature.

func (*AliceSign) SetDebug
func (a *AliceSign) SetDebug(log io.Writer)

type Bob

Bob struct encoding Bob's state during one execution of the overall signing algorithm. At the end of the joint computation, Bob will obtain the signature.

type Bob struct {
    // Exported fields
    PkB    *Schnorr // this is a "schnorr statement" for pkB.
    Sender *seedOTSender
    SkB    *big.Int
    Pk     *curves.EcPoint
    Sig    *curves.EcdsaSignature // The resulting digital signature
    // contains filtered or unexported fields
}
func DecodeBob
func DecodeBob(params *Params, b []byte) (*Bob, error)

Decodes an bob object that was encoded after DKG.

func NewBob
func NewBob(params *Params) *Bob

NewBob creates a party that can participate in 2-of-2 DKG and threshold signature. This party is the receiver of the signature at the end.

func (*Bob) DKG
func (bob *Bob) DKG(rw io.ReadWriter) error
func (*Bob) Sign
func (bob *Bob) Sign(m []byte, rw io.ReadWriter) error

Sign this is an illustrative helper method which shows the overall flow for Bob.

type BobDkg

BobDkg DKLS DKG implementation that satisfies the protocol iterator interface.

type BobDkg struct {
    // contains filtered or unexported fields
}
func NewBobDkg
func NewBobDkg(params *Params) *BobDkg

NewBobDkg Creates a new protocol that can compute a DKG as Bob

func (*BobDkg) Result
func (b *BobDkg) Result() (interface{}, error)

Result returns an encoded version of Alice as sequence of bytes that can be used to initialize an AliceSign protocol.

func (*BobDkg) SetDebug
func (b *BobDkg) SetDebug(log io.Writer)

type BobSign

BobSign DKLS sign implementation that satisfies the protocol iterator interface.

type BobSign struct {
    // contains filtered or unexported fields
}
func NewBobSign
func NewBobSign(params *Params, msg []byte, dkgResult []byte) (*BobSign, error)

NewBobSign creates a new protocol that can compute a signature as Bob. Requires dkg state that was produced at the end of DKG.Result().

func (*BobSign) Result
func (d *BobSign) Result() (interface{}, error)

If the signing protocol completed successfully, returns the signature that Bob computed as a *core.EcdsaSignature.

func (*BobSign) SetDebug
func (b *BobSign) SetDebug(log io.Writer)

type DkgResult

DKG protocols produce the following result on successful completion

type DkgResult struct {
    DkgState []byte
    Pubkey   *curves.EcPoint
}

type MultiplyReceiver

type MultiplyReceiver struct {
    TB []*big.Int
    // contains filtered or unexported fields
}
func NewMultiplyReceiver
func NewMultiplyReceiver(multiplicity int, sender *seedOTSender) *MultiplyReceiver
func (*MultiplyReceiver) MultiplyInit
func (receiver *MultiplyReceiver) MultiplyInit(idExt [32]byte, beta []*big.Int, w io.Writer) error

MultiplyInit Protocol 5., Multiplication, 3). Bob (receiver) encodes beta and initiates the cOT extension!

func (*MultiplyReceiver) MultiplyTransfer
func (receiver *MultiplyReceiver) MultiplyTransfer(r io.Reader) error

MultiplyTransfer Protocol 5., Multiplication, 3) and 6). Bob finalizes the cOT extension. using that and Alice's multiplication message, Bob completes the multiplication protocol, including checks. at the end, Bob's values tB_j are populated.

type MultiplySender

type MultiplySender struct {
    TA []*big.Int
    // contains filtered or unexported fields
}
func NewMultiplySender
func NewMultiplySender(multiplicity int, receiver *seedOTReceiver) *MultiplySender
func (*MultiplySender) Multiply
func (sender *MultiplySender) Multiply(idExt [32]byte, alpha []*big.Int, rw io.ReadWriter) error

Multiply Protocol 5., steps 3) 5), 7). Alice _responds_ to Bob's initial cOT message, using a vector of alphas as input. doesn't actually send that message yet, only stashes it, and moves onto the next steps of the multiplication protocol specifically, Alice can then do step 5) (compute the outputs of the multiplication protocol), also stashes this. finishes up by taking care of 7), after that, Alice is totally done with multiplication and has stashed the outputs.

type Params

type Params struct {
    Curve     elliptic.Curve
    Scalar    curves.EcScalar
    Generator *curves.EcPoint
    // contains filtered or unexported fields
}
func NewParams
func NewParams(curve elliptic.Curve, scalar curves.EcScalar) (*Params, error)

NewParams receives an implementation of the curve and scalar interfaces and sets the parameters needed for DKG and Threshold ECDSA of DKLS.

type ProtocolIterator

ProtocolIterator a generalized interface for multi-party protocols that follows the iterator pattern.

type ProtocolIterator interface {
    // Next runs the next round of the protocol.
    // Inputs are read from rw.Read(); outputs are written to rw.Write().
    // Returns io.EOF when protocol has completed.
    Next(rw io.ReadWriter) error

    // Result returns the final result, if any, of the completed protocol.
    // Reports an error if the protocol has not yet terminated
    // or if an error was encountered during protocol execution.
    Result() (interface{}, error)

    // SetDebug enables or disables (passing a nil value as input) debugging.
    // At the moment, we only print the final dkls dkg result as json value to this log, but if needed more debugging
    // can be added for various steps of the other protocols.
    SetDebug(log io.Writer)
}

type Schnorr

type Schnorr struct {
    Pub *curves.EcPoint // this is the public point.
    C   *big.Int
    S   *big.Int
    // contains filtered or unexported fields
}
func (*Schnorr) DecommitVerify
func (proof *Schnorr) DecommitVerify(com []byte) error
func (*Schnorr) Prove
func (proof *Schnorr) Prove(x *big.Int) error
func (*Schnorr) ProveCommit
func (proof *Schnorr) ProveCommit(x *big.Int) ([]byte, error)

this "commits to" a schnorr proof which is later revealed; see Functionality 7. it mutates `st` by adding a proof to it, and then also returns the commitment to the proof.

func (*Schnorr) Verify
func (proof *Schnorr) Verify() error

Generated by gomarkdoc

Documentation

Overview

Package dkls implements the 2-of-2 threshold ECDSA signing algorithm of [Doerner, Kondi, Lee, and shelat](https://eprint.iacr.org/2018/499). For an example of use, look at sign.go.

It is currently a work in progress; do not use it in real-life scenarios yet. TODO: Docs to be completed.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EncodeAlice

func EncodeAlice(a *Alice) ([]byte, error)

Encodes an alice object as a byte sequence after DKG has been completed.

func EncodeBob

func EncodeBob(b *Bob) ([]byte, error)

Encodes a bob object as a byte sequence after DKG has been completed.

func NewPipeWrappers

func NewPipeWrappers() (*pipeWrapper, *pipeWrapper)

Types

type Alice

type Alice struct {
	PkA      *Schnorr // this is a "schnorr statement" for pkA.
	Receiver *seedOTReceiver
	SkA      *big.Int // the witness
	Pk       *curves.EcPoint
	// contains filtered or unexported fields
}

Alice struct encoding Alice's state during one execution of the overall signing algorithm. At the end of the joint computation, Alice will NOT obtain the signature.

func DecodeAlice

func DecodeAlice(params *Params, b []byte) (*Alice, error)

Decodes an alice object that was encoded after DKG.

func NewAlice

func NewAlice(params *Params) *Alice

NewAlice creates a party that can participate in 2-of-2 DKG and threshold signature.

func (*Alice) DKG

func (alice *Alice) DKG(rw io.ReadWriter) error

func (*Alice) Sign

func (alice *Alice) Sign(m []byte, rw io.ReadWriter) error

Sign this is an illustrative helper method which shows the overall flow for Alice. in practice this will be replaced by a method which actually sends messages back and forth.

type AliceDkg

type AliceDkg struct {
	// contains filtered or unexported fields
}

AliceDkg DKLS DKG implementation that satisfies the protocol iterator interface.

func NewAliceDkg

func NewAliceDkg(params *Params) *AliceDkg

NewAliceDkg creates a new protocol that can compute a DKG as Alice

func (*AliceDkg) Next

func (p *AliceDkg) Next(rw io.ReadWriter) error

Next runs the next step in the protocol and reports errors or increments the step index

func (*AliceDkg) Result

func (a *AliceDkg) Result() (interface{}, error)

Result Returns an encoded version of Alice as sequence of bytes that can be used to initialize an AliceSign protocol.

func (*AliceDkg) SetDebug

func (a *AliceDkg) SetDebug(log io.Writer)

type AliceSign

type AliceSign struct {
	// contains filtered or unexported fields
}

AliceSign DKLS sign implementation that satisfies the protocol iterator interface.

func NewAliceSign

func NewAliceSign(params *Params, msg []byte, dkgResult []byte) (*AliceSign, error)

Creates a new protocol that can compute a signature as Alice. Requires dkg state that was produced at the end of DKG.Result().

func (*AliceSign) Next

func (p *AliceSign) Next(rw io.ReadWriter) error

Next runs the next step in the protocol and reports errors or increments the step index

func (*AliceSign) Result

func (a *AliceSign) Result() (interface{}, error)

Result always returns errNoSig. Alice does not compute a signature in the DKLS protocol; only Bob computes the signature.

func (*AliceSign) SetDebug

func (a *AliceSign) SetDebug(log io.Writer)

type Bob

type Bob struct {
	// Exported fields
	PkB    *Schnorr // this is a "schnorr statement" for pkB.
	Sender *seedOTSender
	SkB    *big.Int
	Pk     *curves.EcPoint
	Sig    *curves.EcdsaSignature // The resulting digital signature
	// contains filtered or unexported fields
}

Bob struct encoding Bob's state during one execution of the overall signing algorithm. At the end of the joint computation, Bob will obtain the signature.

func DecodeBob

func DecodeBob(params *Params, b []byte) (*Bob, error)

Decodes an bob object that was encoded after DKG.

func NewBob

func NewBob(params *Params) *Bob

NewBob creates a party that can participate in 2-of-2 DKG and threshold signature. This party is the receiver of the signature at the end.

func (*Bob) DKG

func (bob *Bob) DKG(rw io.ReadWriter) error

func (*Bob) Sign

func (bob *Bob) Sign(m []byte, rw io.ReadWriter) error

Sign this is an illustrative helper method which shows the overall flow for Bob.

type BobDkg

type BobDkg struct {
	// contains filtered or unexported fields
}

BobDkg DKLS DKG implementation that satisfies the protocol iterator interface.

func NewBobDkg

func NewBobDkg(params *Params) *BobDkg

NewBobDkg Creates a new protocol that can compute a DKG as Bob

func (*BobDkg) Next

func (p *BobDkg) Next(rw io.ReadWriter) error

Next runs the next step in the protocol and reports errors or increments the step index

func (*BobDkg) Result

func (b *BobDkg) Result() (interface{}, error)

Result returns an encoded version of Alice as sequence of bytes that can be used to initialize an AliceSign protocol.

func (*BobDkg) SetDebug

func (b *BobDkg) SetDebug(log io.Writer)

type BobSign

type BobSign struct {
	// contains filtered or unexported fields
}

BobSign DKLS sign implementation that satisfies the protocol iterator interface.

func NewBobSign

func NewBobSign(params *Params, msg []byte, dkgResult []byte) (*BobSign, error)

NewBobSign creates a new protocol that can compute a signature as Bob. Requires dkg state that was produced at the end of DKG.Result().

func (*BobSign) Next

func (p *BobSign) Next(rw io.ReadWriter) error

Next runs the next step in the protocol and reports errors or increments the step index

func (*BobSign) Result

func (d *BobSign) Result() (interface{}, error)

If the signing protocol completed successfully, returns the signature that Bob computed as a *core.EcdsaSignature.

func (*BobSign) SetDebug

func (b *BobSign) SetDebug(log io.Writer)

type DkgResult

type DkgResult struct {
	DkgState []byte
	Pubkey   *curves.EcPoint
}

DKG protocols produce the following result on successful completion

type MultiplyReceiver

type MultiplyReceiver struct {
	TB []*big.Int
	// contains filtered or unexported fields
}

func NewMultiplyReceiver

func NewMultiplyReceiver(multiplicity int, sender *seedOTSender) *MultiplyReceiver

func (*MultiplyReceiver) MultiplyInit

func (receiver *MultiplyReceiver) MultiplyInit(idExt [32]byte, beta []*big.Int, w io.Writer) error

MultiplyInit Protocol 5., Multiplication, 3). Bob (receiver) encodes beta and initiates the cOT extension!

func (*MultiplyReceiver) MultiplyTransfer

func (receiver *MultiplyReceiver) MultiplyTransfer(r io.Reader) error

MultiplyTransfer Protocol 5., Multiplication, 3) and 6). Bob finalizes the cOT extension. using that and Alice's multiplication message, Bob completes the multiplication protocol, including checks. at the end, Bob's values tB_j are populated.

type MultiplySender

type MultiplySender struct {
	TA []*big.Int
	// contains filtered or unexported fields
}

func NewMultiplySender

func NewMultiplySender(multiplicity int, receiver *seedOTReceiver) *MultiplySender

func (*MultiplySender) Multiply

func (sender *MultiplySender) Multiply(idExt [32]byte, alpha []*big.Int, rw io.ReadWriter) error

Multiply Protocol 5., steps 3) 5), 7). Alice _responds_ to Bob's initial cOT message, using a vector of alphas as input. doesn't actually send that message yet, only stashes it, and moves onto the next steps of the multiplication protocol specifically, Alice can then do step 5) (compute the outputs of the multiplication protocol), also stashes this. finishes up by taking care of 7), after that, Alice is totally done with multiplication and has stashed the outputs.

type Params

type Params struct {
	Curve     elliptic.Curve
	Scalar    curves.EcScalar
	Generator *curves.EcPoint
	// contains filtered or unexported fields
}

func NewParams

func NewParams(curve elliptic.Curve, scalar curves.EcScalar) (*Params, error)

NewParams receives an implementation of the curve and scalar interfaces and sets the parameters needed for DKG and Threshold ECDSA of DKLS.

type ProtocolIterator

type ProtocolIterator interface {
	// Next runs the next round of the protocol.
	// Inputs are read from rw.Read(); outputs are written to rw.Write().
	// Returns io.EOF when protocol has completed.
	Next(rw io.ReadWriter) error

	// Result returns the final result, if any, of the completed protocol.
	// Reports an error if the protocol has not yet terminated
	// or if an error was encountered during protocol execution.
	Result() (interface{}, error)

	// SetDebug enables or disables (passing a nil value as input) debugging.
	// At the moment, we only print the final dkls dkg result as json value to this log, but if needed more debugging
	// can be added for various steps of the other protocols.
	SetDebug(log io.Writer)
}

ProtocolIterator a generalized interface for multi-party protocols that follows the iterator pattern.

type Schnorr

type Schnorr struct {
	Pub *curves.EcPoint // this is the public point.
	C   *big.Int
	S   *big.Int
	// contains filtered or unexported fields
}

func (*Schnorr) DecommitVerify

func (proof *Schnorr) DecommitVerify(com []byte) error

func (*Schnorr) Prove

func (proof *Schnorr) Prove(x *big.Int) error

func (*Schnorr) ProveCommit

func (proof *Schnorr) ProveCommit(x *big.Int) ([]byte, error)

this "commits to" a schnorr proof which is later revealed; see Functionality 7. it mutates `st` by adding a proof to it, and then also returns the commitment to the proof.

func (*Schnorr) Verify

func (proof *Schnorr) Verify() error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL