dkg

package
v0.15.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 9, 2024 License: GPL-3.0 Imports: 7 Imported by: 0

Documentation

Overview

Package dkg implements the Distributed Key Generation (DKG) protocol of [DKLs18](https://eprint.iacr.org/2018/499.pdf). The DKG protocol is defined in "Protocol 2" page 7, of the paper. The Zero Knowledge Proof ideal functionalities are realized using schnorr proofs. Moreover, the seed OT is realized using the Verified Simplest OT protocol.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Alice

type Alice struct {
	// contains filtered or unexported fields
}

Alice struct encoding Alice's state during one execution of the overall signing algorithm. At the end of the joint computation, Alice will NOT obtain the signature.

func NewAlice

func NewAlice(curve *curves.Curve) *Alice

NewAlice creates a party that can participate in 2-of-2 DKG and threshold signature.

func (*Alice) Output

func (alice *Alice) Output() *AliceOutput

Output returns the output of the DKG operation. Must be called after step 9. Calling it before that step has undefined behaviour.

func (*Alice) Round10DkgRound6Ot

func (alice *Alice) Round10DkgRound6Ot(challengeOpenings []simplest.ChallengeOpening) error

Round10DkgRound6Ot is a thin wrapper around the 6th round of seed OT protocol.

func (*Alice) Round2CommitToProof

func (alice *Alice) Round2CommitToProof(bobSeed [simplest.DigestSize]byte) (*Round2Output, error)

Round2CommitToProof steps 1) and 2) of protocol 2 on page 7.

func (*Alice) Round4VerifyAndReveal

func (alice *Alice) Round4VerifyAndReveal(proof *schnorr.Proof) (*schnorr.Proof, error)

Round4VerifyAndReveal step 4 of protocol 2 on page 7.

func (*Alice) Round6DkgRound2Ot

func (alice *Alice) Round6DkgRound2Ot(proof *schnorr.Proof) ([]simplest.ReceiversMaskedChoices, error)

Round6DkgRound2Ot is a thin wrapper around the 2nd round of seed OT protocol.

func (*Alice) Round8DkgRound4Ot

func (alice *Alice) Round8DkgRound4Ot(challenge []simplest.OtChallenge) ([]simplest.OtChallengeResponse, error)

Round8DkgRound4Ot is a thin wrapper around the 4th round of seed OT protocol.

type AliceOutput

type AliceOutput struct {
	// PublicKey is the joint public key of Alice and Bob.
	// This value is public.
	PublicKey curves.Point

	// SecretKeyShare is Alice's secret key for the joint public key.
	// This output must be kept secret. If it is lost, the users will lose access and cannot create signatures.
	SecretKeyShare curves.Scalar

	// SeedOtResult are the outputs that the receiver will obtain as a result of running the "random" OT protocol.
	// This output must be kept secret. Although, if it is lost the users can run another OT protocol and obtain
	// new values to replace it.
	SeedOtResult *simplest.ReceiverOutput
}

AliceOutput is the result of running DKG for Alice. It contains both the public and secret values that are needed for signing.

type Bob

type Bob struct {
	// contains filtered or unexported fields
}

Bob struct encoding Bob's state during one execution of the overall signing algorithm. At the end of the joint computation, Bob will obtain the signature.

func NewBob

func NewBob(curve *curves.Curve) *Bob

NewBob creates a party that can participate in 2-of-2 DKG and threshold signature. This party is the receiver of the signature at the end.

func (*Bob) Output

func (bob *Bob) Output() *BobOutput

Output returns the output of the DKG operation. Must be called after step 9. Calling it before that step has undefined behaviour.

func (*Bob) Round1GenerateRandomSeed

func (bob *Bob) Round1GenerateRandomSeed() ([simplest.DigestSize]byte, error)

Round1GenerateRandomSeed Bob flips random coins, and sends these to Alice in this round, Bob flips 32 random bytes and sends them to Alice. note that this is not _explicitly_ given as part of the protocol in https://eprint.iacr.org/2018/499.pdf, Protocol 1). rather, it is part of our generation of a unique session identifier, for use in subsequent schnorr proofs / seed OT / etc. we do it by having each party sample 32 bytes, then by appending _both_ as salts. secure if either party is honest

func (*Bob) Round3SchnorrProve

func (bob *Bob) Round3SchnorrProve(round2Output *Round2Output) (*schnorr.Proof, error)

Round3SchnorrProve receives Bob's Commitment and returns schnorr statment + proof. Steps 1 and 3 of protocol 2 on page 7.

func (*Bob) Round5DecommitmentAndStartOt

func (bob *Bob) Round5DecommitmentAndStartOt(proof *schnorr.Proof) (*schnorr.Proof, error)

Round5DecommitmentAndStartOt step 5 of protocol 2 on page 7.

func (*Bob) Round7DkgRound3Ot

func (bob *Bob) Round7DkgRound3Ot(compressedReceiversMaskedChoice []simplest.ReceiversMaskedChoices) ([]simplest.OtChallenge, error)

Round7DkgRound3Ot is a thin wrapper around the 3rd round of seed OT protocol.

func (*Bob) Round9DkgRound5Ot

func (bob *Bob) Round9DkgRound5Ot(challengeResponses []simplest.OtChallengeResponse) ([]simplest.ChallengeOpening, error)

Round9DkgRound5Ot is a thin wrapper around the 5th round of seed OT protocol.

type BobOutput

type BobOutput struct {
	// PublicKey is the joint public key of Alice and Bob.
	// This value is public.
	PublicKey curves.Point

	// SecretKeyShare is Bob's secret key for the joint public key.
	// This output must be kept secret. If it is lost, the users will lose access and cannot create signatures.
	SecretKeyShare curves.Scalar

	// SeedOtResult are the outputs that the sender will obtain as a result of running the "random" OT protocol.
	// This output must be kept secret. Although, if it is lost the users can run another OT protocol and obtain
	// new values to replace it.
	SeedOtResult *simplest.SenderOutput
}

BobOutput is the result of running DKG for Bob. It contains both the public and secret values that are needed for signing.

type Round2Output

type Round2Output struct {
	// Seed is the random value used to derive the joint unique session id.
	Seed [simplest.DigestSize]byte

	// Commitment is the commitment to the ZKP to Alice's secret key share.
	Commitment schnorr.Commitment
}

Round2Output contains the output of the 2nd round of DKG.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL