pvss

package
v0.0.0-...-f726f7b Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 5, 2024 License: MIT Imports: 19 Imported by: 0

Documentation

Overview

This implements the NIZKPK presented in Distributed Key Generation in the Wild with the aims of increasing asynchronicity within AVSS

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AESdecrypt

func AESdecrypt(key []byte, cipherText []byte) (message *[]byte, err error)

func AESencrypt

func AESencrypt(key []byte, plainText []byte) (c *[]byte, err error)

func AVSSAddCommitment

func AVSSAddCommitment(C1 [][]common.Point, C2 [][]common.Point) ([][]common.Point, error)

To add commitments together

func AVSSVerifyPoint

func AVSSVerifyPoint(
	C [][]common.Point,
	m big.Int,
	index big.Int,
	alpha big.Int,
	alphaprime big.Int,
	beta big.Int,
	betaprime big.Int,
) bool

AVSSVerifyPoint - verify-point as described in Cachin et al 2002

func AVSSVerifyPoly

func AVSSVerifyPoly(
	C [][]common.Point,
	index big.Int,
	a pcmn.PrimaryPolynomial,
	aprime pcmn.PrimaryPolynomial,
	b pcmn.PrimaryPolynomial,
	bprime pcmn.PrimaryPolynomial,
) bool

AVSSVerifyPoly - verify-poly as described in Cachin et al 2002

func AVSSVerifyShare

func AVSSVerifyShare(C [][]common.Point, m big.Int, sigma big.Int, sigmaprime big.Int) bool

AVSSVerifyShare - Verify-share from Cachin et al. 2002

func AVSSVerifyShareCommitment

func AVSSVerifyShareCommitment(C [][]common.Point, m big.Int, gsigmahsigmaprime common.Point) bool

AVSSVerifyShareCommitment to test gsihr against C

func AddCommitments

func AddCommitments(commitments ...[]common.Point) (sumCommit []common.Point)

func AddPolynomials

func AddPolynomials(poly1 pcmn.PrimaryPolynomial, poly2 pcmn.PrimaryPolynomial) *pcmn.PrimaryPolynomial

AddPolynomials add two polynomials (modulo generator order Q)

func CreateAndPrepareShares

func CreateAndPrepareShares(nodes []pcmn.Node, secret big.Int, threshold int, privKey big.Int) ([]*pcmn.SigncryptedOutput, *[]common.Point, *pcmn.PrimaryPolynomial, error)

deprecated: use CreateShares and let client handle signcryption. Client may need to add more information before signcrypting (eg. broadcast id)

func CreateShares

func CreateShares(nodes []pcmn.Node, secret big.Int, threshold int) (*[]pcmn.PrimaryShare, *[]common.Point, error)

use this instead of CreateAndPrepareShares

func CreateSharesGen

func CreateSharesGen(nodes []pcmn.Node, secret big.Int, threshold int) (*[]pcmn.PrimaryShare, *[]pcmn.PrimaryShare, *[]common.Point, *[]common.Point, error)

CreateSharesGen - Creating shares for gennaro DKG

func ECDSASign

func ECDSASign(s string, privKey *big.Int) []byte

Signs using Ethereum ECDSA (where randomness is deterministic)

func ECDSASignBytes

func ECDSASignBytes(b []byte, privKey *big.Int) []byte

func ECDSAVerify

func ECDSAVerify(str string, pubKey *common.Point, signature []byte) bool

func ECDSAVerifyBytes

func ECDSAVerifyBytes(b []byte, pubKey *common.Point, signature []byte) bool

func EvaluateBivarPolyAtX

func EvaluateBivarPolyAtX(bivarPoly [][]big.Int, index big.Int) pcmn.PrimaryPolynomial

EvaluateBivarPolyAtX - evaluate bivar poly at given x

func EvaluateBivarPolyAtY

func EvaluateBivarPolyAtY(bivarPoly [][]big.Int, index big.Int) pcmn.PrimaryPolynomial

EvaluateBivarPolyAtY - evaluate bivar poly at given y

func GenerateNIZKPK

func GenerateNIZKPK(s big.Int, r big.Int) (big.Int, big.Int, big.Int)

Generates NIZK Proof with the aims of increasing asynchronicity within AVSS Returns proof in the form of c, u1, u2

func GenerateNIZKPKWithCommitments

func GenerateNIZKPKWithCommitments(s big.Int, r big.Int) (c big.Int, u1 big.Int, u2 big.Int, gs common.Point, gshr common.Point)

Generates NIZK Proof with commitments Returns proof in the form of c, u1, u2 gs and gshr

func GenerateRandomBivariatePolynomial

func GenerateRandomBivariatePolynomial(secret big.Int, threshold int) [][]big.Int

GenerateRandomBivariatePolynomial - create a bivariate polynomial which is defined by coeffs of all possible combinations of powers of x and y, such that powers of x and y are less than t (threshold). accepts param secret = f(0,0) Example coeff. matrix: f00, f01.y, f02.y^2 f10.x, f11.x.y, f12.x.y^2 f20.x^2, f21.x^2.y f22.x^2.y^2

func GetCommit

func GetCommit(polynomial pcmn.PrimaryPolynomial) []common.Point

Commit creates a public commitment polynomial

func GetCommitH

func GetCommitH(polynomial pcmn.PrimaryPolynomial) []common.Point

Commit creates a public commitment polynomial for the h base point

func GetCommitmentMatrix

func GetCommitmentMatrix(f [][]big.Int, fprime [][]big.Int) [][]common.Point

GetCommitmentMatrix - get a pedersen commitment matrix from two bivar polys

func LagrangeCurvePts

func LagrangeCurvePts(indexes []int, points []common.Point) *common.Point

LagrangeCurvePts finds the ^0 coefficient for points given in points an indexes given

func LagrangeInterpolatePolynomial

func LagrangeInterpolatePolynomial(points []common.Point) []big.Int

func LagrangePolys

func LagrangePolys(indexes []int, polys [][]common.Point) (res []common.Point)

LagrangePolys is used in PSS When each share is subshared, each share is associated with a commitment polynomial we then choose k such subsharings to form the refreshed shares and secrets those refreshed shares are lagrange interpolated, but they also correspond to a langrage interpolated polynomial commitment that is different from the original commitment here, we calculate this interpolated polynomial commitment

func LagrangeScalar

func LagrangeScalar(shares []pcmn.PrimaryShare, target int) *big.Int

func LagrangeScalarCP

func LagrangeScalarCP(pts []common.Point, target int) *big.Int

func PolyEval

func PolyEval(polynomial pcmn.PrimaryPolynomial, x big.Int) *big.Int

Exported function to evaluate polys

func RHS

func RHS(shareCommitment common.Point, pubPoly []common.Point, index big.Int) common.Point

func RandomBigInt

func RandomBigInt() *big.Int

func RandomPoly

func RandomPoly(secret big.Int, threshold int) *pcmn.PrimaryPolynomial

func Signcrypt

func Signcrypt(recipientPubKey common.Point, data []byte, privKey big.Int) (*pcmn.Signcryption, error)

func SumPoints

func SumPoints(pts ...common.Point) (sumPt common.Point)

func SumScalars

func SumScalars(scalars ...big.Int) big.Int

func UnSignCrypt

func UnSignCrypt(signcryption pcmn.Signcryption, privKey big.Int, senderPubKey common.Point) (*[]byte, error)

func UnsigncryptShare

func UnsigncryptShare(signcryption pcmn.Signcryption, privKey big.Int, sendingNodePubKey common.Point) (*[]byte, error)

func VerifyNIZKPK

func VerifyNIZKPK(c, u1, u2 big.Int, gs, gshr common.Point) bool

func VerifyPedersonCommitment

func VerifyPedersonCommitment(share pcmn.PrimaryShare, sharePrime pcmn.PrimaryShare, ci []common.Point, index big.Int) bool

Verify Pederson commitment, Equation (4) in Gennaro 2006

func VerifyShare

func VerifyShare(share pcmn.PrimaryShare, pubPoly []common.Point, index big.Int) bool

VerifyShare - verifies share against public polynomial

func VerifyShareCommitment

func VerifyShareCommitment(shareCommitment common.Point, pubPoly []common.Point, index big.Int) bool

VerifyShareCommitment - checks if a dlog commitment matches the original pubpoly

Types

type CSPaillierEC

type CSPaillierEC struct {
	SecParams *CSPaillierECSecParams

	PubKey *CSPaillierECPubKey
	SecKey *CSPaillierECSecKey
	// contains filtered or unexported fields
}

CSPaillierEC represents Camenisch-Shoup variant of Paillier to make it (Paillier) CCA2 secure. http://eprint.iacr.org/2002/161.pdf

func NewCSPaillierEC

func NewCSPaillierEC(secParams *CSPaillierECSecParams) *CSPaillierEC

func NewCSPaillierECFromPubKey

func NewCSPaillierECFromPubKey(pubKey *CSPaillierECPubKey) *CSPaillierEC

func NewCSPaillierECFromSecKey

func NewCSPaillierECFromSecKey(secKey *CSPaillierECSecKey) (*CSPaillierEC, error)

func (*CSPaillierEC) Abs

func (csp *CSPaillierEC) Abs(a *big.Int) (*big.Int, error)

func (*CSPaillierEC) Decrypt

func (csp *CSPaillierEC) Decrypt(u, e, v, label *big.Int) (*big.Int, error)

func (*CSPaillierEC) Encrypt

func (csp *CSPaillierEC) Encrypt(m, label *big.Int) (*big.Int, *big.Int, *big.Int, error)

Returns (u, e, v).

func (*CSPaillierEC) GetChallenge

func (csp *CSPaillierEC) GetChallenge() *big.Int

func (*CSPaillierEC) GetOpeningMsg

func (csp *CSPaillierEC) GetOpeningMsg(m *big.Int) (*big.Int, *Point)

Returns l = g1^m * h1^s where s is a random integer smaller than n/4.

func (*CSPaillierEC) GetProofData

func (csp *CSPaillierEC) GetProofData(c *big.Int) (*big.Int, *big.Int, *big.Int)

Prover should use this function to compute data for second (last) sigma protocol message.

func (*CSPaillierEC) GetProofRandomData

func (csp *CSPaillierEC) GetProofRandomData(u, e, label *big.Int) (*big.Int, *big.Int,
	*big.Int, *Point, *big.Int, error)

Prover (encryptor) should use this function to generate values for the first sigma protocol message.

func (*CSPaillierEC) SetProofRandomData

func (csp *CSPaillierEC) SetProofRandomData(u1, e1, v1 *big.Int, delta1 Point, l1, c *big.Int)

Verifier should call this function when it receives proof random data as the second protocol message.

func (*CSPaillierEC) SetVerifierEncData

func (csp *CSPaillierEC) SetVerifierEncData(u, e, v *big.Int, delta Point, label, l *big.Int)

Verifier should call this function when it receives l = g1^m * h1^s as the first protocol message.

func (*CSPaillierEC) Verify

func (csp *CSPaillierEC) Verify(rTilde, sTilde, mTilde *big.Int) bool

type CSPaillierECProverEncData

type CSPaillierECProverEncData struct {
	R *big.Int
	M *big.Int
}

type CSPaillierECProverRandomData

type CSPaillierECProverRandomData struct {
	S  *big.Int
	R1 *big.Int
	S1 *big.Int
	M1 *big.Int
}

type CSPaillierECPubKey

type CSPaillierECPubKey struct {
	N  *big.Int
	G  *big.Int
	Y1 *big.Int
	Y2 *big.Int
	Y3 *big.Int
	// the parameters below are for verifiable encryption
	Gamma                *secp256k1.KoblitzCurve // for discrete logarithm
	VerifiableEncGroupN  *big.Int
	VerifiableEncGroupG1 *big.Int
	VerifiableEncGroupH1 *big.Int
	K                    int
	K1                   int
}

CSPaillierECPubKey currently does not use auxiliary parameters/primes - no additional n, p, q parameters (as specified in a paper, original n, p, q can be used).

type CSPaillierECSecKey

type CSPaillierECSecKey struct {
	N  *big.Int
	G  *big.Int
	X1 *big.Int
	X2 *big.Int
	X3 *big.Int
	// the parameters below are for verifiable encryption
	Gamma                *secp256k1.KoblitzCurve // for discrete logarithm
	VerifiableEncGroupN  *big.Int
	VerifiableEncGroupG1 *big.Int
	VerifiableEncGroupH1 *big.Int
	K                    int
	K1                   int
}

type CSPaillierECSecParams

type CSPaillierECSecParams struct {
	L        int // length of p1 and q1 (l in a paper)
	RoLength int // ro is order of cyclic group Gamma (used for discrete logarithm)
	K        int // k in a paper; it must hold 2**K < min{p1, q1, ro}
	K1       int // k' in a paper; it must hold ro * 2**(K + K1 + 3) < n

}

type CSPaillierECVerifierEncData

type CSPaillierECVerifierEncData struct {
	U     *big.Int
	E     *big.Int
	V     *big.Int
	Label *big.Int
	Delta *Point
}

type CSPaillierECVerifierRandomData

type CSPaillierECVerifierRandomData struct {
	L      *big.Int
	U1     *big.Int
	E1     *big.Int
	V1     *big.Int
	Delta1 *Point
	L1     *big.Int
	C      *big.Int
}

type DLEQProof

type DLEQProof struct {
	C  big.Int      // challenge
	R  big.Int      // response
	VG common.Point // public commitment with respect to base point secp256k1.G
	VH common.Point // public commitment with respect to base point secp256k1.H
}

func GenerateDLEQProof

func GenerateDLEQProof(G common.Point, H common.Point, x big.Int) (p *DLEQProof, xG common.Point, xH common.Point)

func (*DLEQProof) VerifyDLEQProof

func (p *DLEQProof) VerifyDLEQProof(G common.Point, H common.Point, xG common.Point, xH common.Point) bool

type Point

type Point struct {
	X big.Int
	Y big.Int
}

type VerifiableEncGroupEC

type VerifiableEncGroupEC struct {
	*qr.RSASpecial
	G1 *big.Int
	H1 *big.Int
	// contains filtered or unexported fields
}

func NewVerifiableEncGroupEC

func NewVerifiableEncGroupEC(primes *qr.RSASpecialPrimes) (*VerifiableEncGroupEC, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL