Documentation ¶
Overview ¶
Package participant is an implementation of a `participant` in the t-of-n threshold signature of https://eprint.iacr.org/2020/540.pdf
Index ¶
- type DkgParticipant
- func (dp *DkgParticipant) DkgRound1(threshold, total uint32) (*DkgRound1Bcast, error)
- func (dp *DkgParticipant) DkgRound2(inBcast map[uint32]*DkgRound1Bcast) (*DkgRound2Bcast, map[uint32]*DkgRound2P2PSend, []uint32, error)
- func (dp *DkgParticipant) DkgRound3(inBcast map[uint32]*DkgRound2Bcast, inP2P map[uint32]*DkgRound2P2PSend) (*DkgRound3Bcast, []uint32, error)
- func (dp *DkgParticipant) DkgRound4(inBcast map[uint32]*DkgRound3Bcast) (*DkgResult, []uint32, error)
- type DkgParticipantCommitment
- type DkgParticipantData
- type DkgResult
- type DkgRound1Bcast
- type DkgRound2Bcast
- type DkgRound2P2PSend
- type DkgRound3Bcast
- type DkgState
- type Participant
- type Round1Bcast
- type Round1P2PSend
- type Round2P2PSend
- type Round3Bcast
- type Round4Bcast
- type Round5Bcast
- type Round5P2PSend
- type Round6FullBcast
- type Signer
- func (signer *Signer) SignOutput(in map[uint32]*Round6FullBcast) (*curves.EcdsaSignature, []uint32, error)
- func (signer *Signer) SignRound1() (*Round1Bcast, map[uint32]*Round1P2PSend, []uint32, error)
- func (signer *Signer) SignRound2(inBcast map[uint32]*Round1Bcast, inP2P map[uint32]*Round1P2PSend) (map[uint32]*Round2P2PSend, []uint32, error)
- func (s *Signer) SignRound3(inP2P map[uint32]*Round2P2PSend) (*Round3Bcast, []uint32, error)
- func (s *Signer) SignRound4(inBcast map[uint32]*Round3Bcast) (*Round4Bcast, []uint32, error)
- func (signer *Signer) SignRound5(inBcast map[uint32]*Round4Bcast) (*Round5Bcast, map[uint32]*Round5P2PSend, []uint32, error)
- func (signer *Signer) SignRound6Full(hash []byte, inBcast map[uint32]*Round5Bcast, inP2P map[uint32]*Round5P2PSend) (*Round6FullBcast, []uint32, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DkgParticipant ¶
DkgParticipant is a DKG player that contains information needed to perform DKG rounds and finally get info for signing rounds.
func NewDkgParticipant ¶
func NewDkgParticipant(curve elliptic.Curve, id uint32) *DkgParticipant
func (*DkgParticipant) DkgRound1 ¶
func (dp *DkgParticipant) DkgRound1(threshold, total uint32) (*DkgRound1Bcast, error)
DkgRound1 performs round 1 distributed key generation operation [spec] fig 5: DistKeyGenRound1
func (*DkgParticipant) DkgRound2 ¶
func (dp *DkgParticipant) DkgRound2(inBcast map[uint32]*DkgRound1Bcast) (*DkgRound2Bcast, map[uint32]*DkgRound2P2PSend, []uint32, error)
DkgRound2 implements distributed key generation round 2 [spec] fig 5: DistKeyGenRound2
func (*DkgParticipant) DkgRound3 ¶
func (dp *DkgParticipant) DkgRound3(inBcast map[uint32]*DkgRound2Bcast, inP2P map[uint32]*DkgRound2P2PSend) (*DkgRound3Bcast, []uint32, error)
DkgRound3 computes dkg round 3 as shown in [spec] fig. 5: DistKeyGenRoun3
func (*DkgParticipant) DkgRound4 ¶
func (dp *DkgParticipant) DkgRound4(inBcast map[uint32]*DkgRound3Bcast) (*DkgResult, []uint32, error)
DkgRound4 computes dkg round 4 as shown in [spec] fig. 5: DistKeyGenRound4
type DkgParticipantCommitment ¶ added in v1.8.8
type DkgParticipantCommitment struct { PublicKey *paillier.PublicKey ProofParams *dealer.ProofParams Commitment core.Commitment }
type DkgParticipantData ¶
type DkgParticipantData struct { PublicKey *paillier.PublicKey ProofParams *dealer.ProofParams }
type DkgResult ¶
type DkgResult struct { SecretKey *paillier.SecretKey EcdsaPublicKey *curves.EcPoint ParticipantData map[uint32]*DkgParticipantData }
DkgResult is all the data generated from the DKG
type DkgRound1Bcast ¶
type DkgRound1Bcast struct { Identifier uint32 Ci core.Commitment Pki *paillier.PublicKey H1i, H2i, Ni *big.Int Proof1i, Proof2i *proof.CdlProof }
DkgRound1Bcast contains values to be broadcast to all players after the completion of DKG round 1
type DkgRound2Bcast ¶
DkgRound2Bcast contains value that will be echo broadcast to all other players.
type DkgRound2P2PSend ¶
type DkgRound2P2PSend struct {
Xij *v1.ShamirShare
}
DkgRound2P2PSend contains value that will be P2PSend to all other player Pj
type DkgRound3Bcast ¶ added in v1.8.18
type DkgState ¶
type DkgState struct { // Round 1 variables D *core.Witness Sk *paillier.SecretKey Pk *paillier.PublicKey N *big.Int H1 *big.Int H2 *big.Int // This participants verifiers from FeldmanShare V []*v1.ShareVerifier // This participants shares from FeldmanShare X []*v1.ShamirShare Y *curves.EcPoint Threshold uint32 Limit uint32 // Commitments and paillier public keys received from other participants OtherParticipantData map[uint32]*DkgParticipantCommitment ShamirShare *v1.ShamirShare PublicShares []*curves.EcPoint }
dkgstate encapsulates all the values used in the dkg rounds state machine
type Participant ¶
Participant is a tECDSA player that receives information from a trusted dealer
func (Participant) PrepareToSign ¶
func (p Participant) PrepareToSign(pubKey *curves.EcPoint, verify curves.EcdsaVerify, curve elliptic.Curve, keyGenType dealer.KeyGenType, publicSharesMap map[uint32]*dealer.PublicShare, pubKeys map[uint32]*paillier.PublicKey) (*Signer, error)
PrepareToSign creates a Signer out of a Participant. The expected co-signers for the signing rounds are expected to be exactly those included in the publicSharesMap
type Round1Bcast ¶
type Round1Bcast struct { Identifier uint32 C core.Commitment Ctxt *big.Int Proof *proof.Range1Proof }
Round1Bcast contains values to be broadcast to all players after the completion of singing round 1
type Round1P2PSend ¶
type Round1P2PSend struct {
Range1Proof *proof.Range1Proof
}
type Round2P2PSend ¶ added in v1.8.17
type Round2P2PSend struct {
Proof2, Proof3 *proof.ResponseProof
}
Round2P2PSend is all the values that need to be sent to each player
type Round3Bcast ¶
type Round3Bcast struct { // Note that DeltaElement is some element of the entire δ vector. // In this round, it's δ_i. For the recepients of this message in the next round // this will be δ_j DeltaElement *big.Int }
Round3Bcast represents the value to be broadcast to all players at the conclusion of round 3
type Round4Bcast ¶
Round4Bcast are the values to be broadcast to the other players at the conclusion of signing round 4
type Round5Bcast ¶
Round5Bcast are the values to be broadcast to the other players at the conclusion of signing round 5
type Round5P2PSend ¶
Round5P2PSend are the values sent to each participant at the conclusion of signing round 5
type Round6FullBcast ¶
type Round6FullBcast struct { // Note that SElement is some element of the entire s vector. // In this round, it's s_i. For the recepients of this message in the final // sign output round, this will be s_j SElement *big.Int }
Round6FullBcast are the values to be broadcast to the other players This is the s_i value from §5.fig 5.SignRound6.step 9
type Signer ¶
type Signer struct { SecretKey *paillier.SecretKey // paillier secret key assigned to this signer Id uint32 // The ID assigned to this signer's shamir share // This is minimum number of signers required to produce a valid signature, // not the security Threshold (as specified in [spec][GG20]) Threshold uint PublicKey *curves.EcPoint Curve elliptic.Curve Round uint // current signing round in our linear state machine // contains filtered or unexported fields }
Signer is a tECDSA player that holds the additive shares needed for performing the signing operation
func NewSigner ¶
func NewSigner(info *dealer.ParticipantData, cosigners []uint32) (*Signer, error)
NewSigner C=creates a new signer from a dealer-provided output and a specific set of co-signers
func (*Signer) SignOutput ¶
func (signer *Signer) SignOutput(in map[uint32]*Round6FullBcast) (*curves.EcdsaSignature, []uint32, error)
SignOutput performs the signature aggregation step in [spec] §5.fig 5
func (*Signer) SignRound1 ¶
func (signer *Signer) SignRound1() (*Round1Bcast, map[uint32]*Round1P2PSend, []uint32, error)
SignRound1 performs round 1 signing operation Trusted Dealer Mode: see [spec] fig 7: SignRound1 DKG Mode: see [spec] fig 8: SignRound1 NOTE: Pseudocode shows N~, h1, h2, the curve's g, q, and signer's public key as inputs Since `signer` already knows the paillier secret and public keys, this input is not necessary here `participant.PrepareToSign` receives the other inputs and stores them as state variables.
func (*Signer) SignRound2 ¶
func (signer *Signer) SignRound2(inBcast map[uint32]*Round1Bcast, inP2P map[uint32]*Round1P2PSend) (map[uint32]*Round2P2PSend, []uint32, error)
SignRound2 performs round 2 signing operations for a single signer Trusted Dealer Mode: see [spec] fig 7: SignRound2 DKG Mode: see [spec] fig 8: SignRound2
func (*Signer) SignRound3 ¶
func (s *Signer) SignRound3(inP2P map[uint32]*Round2P2PSend) (*Round3Bcast, []uint32, error)
SignRound3 performs the round 3 signing operation according to Trusted Dealer Mode: see [spec] fig 7: SignRound3 DKG Mode: see [spec] fig 8: SignRound3
func (*Signer) SignRound4 ¶
func (s *Signer) SignRound4(inBcast map[uint32]*Round3Bcast) (*Round4Bcast, []uint32, error)
SignRound4 performs the round 4 signing operation. It takes input the delta_j values broadcast from signers at the conclusion of round 3. Trusted Dealer Mode: see [spec] fig 7: SignRound4 DKG Mode: see [spec] fig 8: SignRound4
func (*Signer) SignRound5 ¶
func (signer *Signer) SignRound5(inBcast map[uint32]*Round4Bcast) (*Round5Bcast, map[uint32]*Round5P2PSend, []uint32, error)
SignRound5 performs the round 5 signing operation. It takes input the Witness values broadcast from signers at the conclusion of round 4. Trusted Dealer Mode: see [spec] fig 7: SignRound5 DKG Mode: see [spec] fig 8: SignRound5
func (*Signer) SignRound6Full ¶
func (signer *Signer) SignRound6Full(hash []byte, inBcast map[uint32]*Round5Bcast, inP2P map[uint32]*Round5P2PSend) (*Round6FullBcast, []uint32, error)
SignRound6Full performs the round 6 signing operation according to Trusted Dealer Mode: see [spec] fig 7: SignRound6 DKG Mode: see [spec] fig 8: SignRound6