v0

package
v1.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 31, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

README

Secure Two-party Threshold ECDSA from ECDSA Assumptions

IMPORTANT: Version 0 of the protocol is experimental and not suitable for production use. It is kept here for backward compatability. We have added type conversion functions in the Version 1 package that can be used to migrate V0 data to V1 data types.

Package dkls implements the 2-of-2 threshold ECDSA signing algorithm of Secure Two-party Threshold ECDSA from ECDSA Assumptions.

Documentation

Overview

Package v0 implements the 2-of-2 threshold ECDSA signing algorithm of [Doerner, Kondi, Lee, and shelat](https://eprint.iacr.org/2018/499). For an example of use, look at sign.go.

It is currently a work in progress; do not use it in real-life scenarios yet. TODO: Docs to be completed.

Package dkls is an implementation of https://eprint.iacr.org/2018/499.pdf

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EncodeAlice

func EncodeAlice(a *Alice) ([]byte, error)

Encodes an alice object as a byte sequence after DKG has been completed.

func EncodeBob

func EncodeBob(b *Bob) ([]byte, error)

Encodes a bob object as a byte sequence after DKG has been completed.

func NewPipeWrappers

func NewPipeWrappers() (*pipeWrapper, *pipeWrapper)

Types

type Alice

type Alice struct {
	PkA      *Schnorr // this is a "schnorr statement" for pkA.
	Receiver *seedOTReceiver
	SkA      *big.Int // the witness
	Pk       *curves.EcPoint
	// contains filtered or unexported fields
}

Alice struct encoding Alice's state during one execution of the overall signing algorithm. At the end of the joint computation, Alice will NOT obtain the signature.

func DecodeAlice

func DecodeAlice(params *Params, b []byte) (*Alice, error)

Decodes an alice object that was encoded after DKG.

func NewAlice

func NewAlice(params *Params) *Alice

NewAlice creates a party that can participate in 2-of-2 DKG and threshold signature.

func (*Alice) DKG

func (alice *Alice) DKG(rw io.ReadWriter) error

func (*Alice) Sign

func (alice *Alice) Sign(m []byte, rw io.ReadWriter) error

Sign this is an illustrative helper method which shows the overall flow for Alice. in practice this will be replaced by a method which actually sends messages back and forth.

type AliceDkg

type AliceDkg struct {
	Alice *Alice
	// contains filtered or unexported fields
}

AliceDkg DKLS DKG implementation that satisfies the protocol iterator interface.

func NewAliceDkg

func NewAliceDkg(params *Params) *AliceDkg

NewAliceDkg creates a new protocol that can compute a DKG as Alice

func (*AliceDkg) Next

func (p *AliceDkg) Next(rw io.ReadWriter) error

Next runs the next step in the protocol and reports errors or increments the step index

func (*AliceDkg) Result

func (a *AliceDkg) Result() (interface{}, error)

Result Returns an encoded version of Alice as sequence of bytes that can be used to initialize an AliceSign protocol.

func (*AliceDkg) SetDebug

func (a *AliceDkg) SetDebug(log io.Writer)

type AliceSign

type AliceSign struct {
	// contains filtered or unexported fields
}

AliceSign DKLS sign implementation that satisfies the protocol iterator interface.

func NewAliceSign

func NewAliceSign(params *Params, msg []byte, dkgResult []byte) (*AliceSign, error)

Creates a new protocol that can compute a signature as Alice. Requires dkg state that was produced at the end of DKG.Result().

func (*AliceSign) Next

func (p *AliceSign) Next(rw io.ReadWriter) error

Next runs the next step in the protocol and reports errors or increments the step index

func (*AliceSign) Result

func (a *AliceSign) Result() (interface{}, error)

Result always returns errNoSig. Alice does not compute a signature in the DKLS protocol; only Bob computes the signature.

func (*AliceSign) SetDebug

func (a *AliceSign) SetDebug(log io.Writer)

type Bob

type Bob struct {
	// Exported fields
	PkB    *Schnorr // this is a "schnorr statement" for pkB.
	Sender *seedOTSender
	SkB    *big.Int
	Pk     *curves.EcPoint
	Sig    *curves.EcdsaSignature // The resulting digital signature
	// contains filtered or unexported fields
}

Bob struct encoding Bob's state during one execution of the overall signing algorithm. At the end of the joint computation, Bob will obtain the signature.

func DecodeBob

func DecodeBob(params *Params, b []byte) (*Bob, error)

Decodes an bob object that was encoded after DKG.

func NewBob

func NewBob(params *Params) *Bob

NewBob creates a party that can participate in 2-of-2 DKG and threshold signature. This party is the receiver of the signature at the end.

func (*Bob) DKG

func (bob *Bob) DKG(rw io.ReadWriter) error

func (*Bob) Sign

func (bob *Bob) Sign(m []byte, rw io.ReadWriter) error

Sign this is an illustrative helper method which shows the overall flow for Bob.

type BobDkg

type BobDkg struct {
	Bob *Bob
	// contains filtered or unexported fields
}

BobDkg DKLS DKG implementation that satisfies the protocol iterator interface.

func NewBobDkg

func NewBobDkg(params *Params) *BobDkg

NewBobDkg Creates a new protocol that can compute a DKG as Bob

func (*BobDkg) Next

func (p *BobDkg) Next(rw io.ReadWriter) error

Next runs the next step in the protocol and reports errors or increments the step index

func (*BobDkg) Result

func (b *BobDkg) Result() (interface{}, error)

Result returns an encoded version of Alice as sequence of bytes that can be used to initialize an AliceSign protocol.

func (*BobDkg) SetDebug

func (b *BobDkg) SetDebug(log io.Writer)

type BobSign

type BobSign struct {
	// contains filtered or unexported fields
}

BobSign DKLS sign implementation that satisfies the protocol iterator interface.

func NewBobSign

func NewBobSign(params *Params, msg []byte, dkgResult []byte) (*BobSign, error)

NewBobSign creates a new protocol that can compute a signature as Bob. Requires dkg state that was produced at the end of DKG.Result().

func (*BobSign) Next

func (p *BobSign) Next(rw io.ReadWriter) error

Next runs the next step in the protocol and reports errors or increments the step index

func (*BobSign) Result

func (d *BobSign) Result() (interface{}, error)

If the signing protocol completed successfully, returns the signature that Bob computed as a *core.EcdsaSignature.

func (*BobSign) SetDebug

func (b *BobSign) SetDebug(log io.Writer)

type DkgResult

type DkgResult struct {
	DkgState []byte
	Pubkey   *curves.EcPoint
}

DKG protocols produce the following result on successful completion

type MultiplyReceiver

type MultiplyReceiver struct {
	TB []*big.Int
	// contains filtered or unexported fields
}

func NewMultiplyReceiver

func NewMultiplyReceiver(multiplicity int, sender *seedOTSender) *MultiplyReceiver

func (*MultiplyReceiver) MultiplyInit

func (receiver *MultiplyReceiver) MultiplyInit(idExt [32]byte, beta []*big.Int, w io.Writer) error

MultiplyInit Protocol 5., Multiplication, 3). Bob (receiver) encodes beta and initiates the cOT extension!

func (*MultiplyReceiver) MultiplyTransfer

func (receiver *MultiplyReceiver) MultiplyTransfer(r io.Reader) error

MultiplyTransfer Protocol 5., Multiplication, 3) and 6). Bob finalizes the cOT extension. using that and Alice's multiplication message, Bob completes the multiplication protocol, including checks. at the end, Bob's values tB_j are populated.

type MultiplySender

type MultiplySender struct {
	TA []*big.Int
	// contains filtered or unexported fields
}

func NewMultiplySender

func NewMultiplySender(multiplicity int, receiver *seedOTReceiver) *MultiplySender

func (*MultiplySender) Multiply

func (sender *MultiplySender) Multiply(idExt [32]byte, alpha []*big.Int, rw io.ReadWriter) error

Multiply Protocol 5., steps 3) 5), 7). Alice _responds_ to Bob's initial cOT message, using a vector of alphas as input. doesn't actually send that message yet, only stashes it, and moves onto the next steps of the multiplication protocol specifically, Alice can then do step 5) (compute the outputs of the multiplication protocol), also stashes this. finishes up by taking care of 7), after that, Alice is totally done with multiplication and has stashed the outputs.

type Params

type Params struct {
	Curve     elliptic.Curve
	Scalar    curves.EcScalar
	Generator *curves.EcPoint
	// contains filtered or unexported fields
}

func NewParams

func NewParams(curve elliptic.Curve, scalar curves.EcScalar) (*Params, error)

NewParams receives an implementation of the curve and scalar interfaces and sets the parameters needed for DKG and Threshold ECDSA of DKLS.

type ProtocolIterator

type ProtocolIterator interface {
	// Next runs the next round of the protocol.
	// Inputs are read from rw.Read(); outputs are written to rw.Write().
	// Returns io.EOF when protocol has completed.
	Next(rw io.ReadWriter) error

	// Result returns the final result, if any, of the completed protocol.
	// Reports an error if the protocol has not yet terminated
	// or if an error was encountered during protocol execution.
	Result() (interface{}, error)

	// SetDebug enables or disables (passing a nil value as input) debugging.
	// At the moment, we only print the final dkls dkg result as json value to this log, but if needed more debugging
	// can be added for various steps of the other protocols.
	SetDebug(log io.Writer)
}

ProtocolIterator a generalized interface for multi-party protocols that follows the iterator pattern.

type Schnorr

type Schnorr struct {
	Pub *curves.EcPoint // this is the public point.
	C   *big.Int
	S   *big.Int
	// contains filtered or unexported fields
}

func (*Schnorr) DecommitVerify

func (proof *Schnorr) DecommitVerify(com []byte) error

func (*Schnorr) Prove

func (proof *Schnorr) Prove(x *big.Int) error

func (*Schnorr) ProveCommit

func (proof *Schnorr) ProveCommit(x *big.Int) ([]byte, error)

this "commits to" a schnorr proof which is later revealed; see Functionality 7. it mutates `st` by adding a proof to it, and then also returns the commitment to the proof.

func (*Schnorr) Verify

func (proof *Schnorr) Verify() error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL