keygen

package
v2.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 24, 2026 License: MIT Imports: 29 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// To change these parameters, you must first delete the text fixture files in test/_fixtures/ and then run the keygen test alone.
	// Then the signing and resharing tests will work with the new n, t configuration using the newly written fixture files.
	TestParticipants = test.TestParticipants
	TestThreshold    = test.TestParticipants / 2
)
View Source 
const (

	// Safe big len using random for ssid
	SafeBitLen = 1024
)
View Source 
const (
	TaskName = "ecdsa-keygen"
)

Variables

View Source 
var File_protob_ecdsa_keygen_proto protoreflect.FileDescriptor

Functions

func LoadNTildeH1H2FromTestFixture 

func LoadNTildeH1H2FromTestFixture(idx int) (NTildei, h1i, h2i *big.Int, err error)

func NewKGRound1Message 

func NewKGRound1Message(
	from *tss.PartyID,
	ct cmt.HashCommitment,
	paillierPK *paillier.PublicKey,
	nTildeI, h1I, h2I *big.Int,
	dlnProof1, dlnProof2 *dlnproof.Proof,
) (tss.ParsedMessage, error)

NewKGRound1Message creates a broadcast message for round 1 containing the commitment, Paillier public key, and DLN proofs.

func NewKGRound2Message1 

func NewKGRound2Message1(
	to, from *tss.PartyID,
	share *vss.Share,
	proof *facproof.ProofFac,
) tss.ParsedMessage

NewKGRound2Message1 creates a point-to-point message for round 2 containing a VSS share and factorization proof.

func NewKGRound2Message2 

func NewKGRound2Message2(
	from *tss.PartyID,
	deCommitment cmt.HashDeCommitment,
	proof *modproof.ProofMod,
) tss.ParsedMessage

NewKGRound2Message2 creates a broadcast message for round 2 containing the de-commitment and modulus proof.

func NewKGRound3Message 

func NewKGRound3Message(
	from *tss.PartyID,
	proof paillier.Proof,
) tss.ParsedMessage

NewKGRound3Message creates a broadcast message for round 3 containing the Paillier proof.

func NewLocalParty 

func NewLocalParty(
	params *tss.Parameters,
	out chan<- tss.Message,
	end chan<- *LocalPartySaveData,
	optionalPreParams ...LocalPreParams,
) tss.Party

Exported, used in `tss` client

Types

type DlnProofVerifier 

type DlnProofVerifier struct {
	// contains filtered or unexported fields
}

DlnProofVerifier verifies DLN proofs with bounded concurrency.

func NewDlnProofVerifier 

func NewDlnProofVerifier(concurrency int) *DlnProofVerifier

NewDlnProofVerifier creates a new DlnProofVerifier with the given concurrency limit.

func (*DlnProofVerifier) VerifyDLNProof1 

func (dpv *DlnProofVerifier) VerifyDLNProof1(
	m message,
	h1, h2, n *big.Int,
	onDone func(bool),
)

VerifyDLNProof1 asynchronously verifies the first DLN proof from the message and calls onDone with the result.

func (*DlnProofVerifier) VerifyDLNProof2 

func (dpv *DlnProofVerifier) VerifyDLNProof2(
	m message,
	h1, h2, n *big.Int,
	onDone func(bool),
)

VerifyDLNProof2 asynchronously verifies the second DLN proof from the message and calls onDone with the result.

type KGRound1Message 

type KGRound1Message struct {
	Commitment []byte   `protobuf:"bytes,1,opt,name=commitment,proto3" json:"commitment,omitempty"`
	PaillierN  []byte   `protobuf:"bytes,2,opt,name=paillier_n,json=paillierN,proto3" json:"paillier_n,omitempty"`
	NTilde     []byte   `protobuf:"bytes,3,opt,name=n_tilde,json=nTilde,proto3" json:"n_tilde,omitempty"`
	H1         []byte   `protobuf:"bytes,4,opt,name=h1,proto3" json:"h1,omitempty"`
	H2         []byte   `protobuf:"bytes,5,opt,name=h2,proto3" json:"h2,omitempty"`
	Dlnproof_1 [][]byte `protobuf:"bytes,6,rep,name=dlnproof_1,json=dlnproof1,proto3" json:"dlnproof_1,omitempty"`
	Dlnproof_2 [][]byte `protobuf:"bytes,7,rep,name=dlnproof_2,json=dlnproof2,proto3" json:"dlnproof_2,omitempty"`
	// contains filtered or unexported fields
}

Represents a BROADCAST message sent during Round 1 of the ECDSA TSS keygen protocol.

func (*KGRound1Message) Descriptor deprecated 

func (*KGRound1Message) Descriptor() ([]byte, []int)

Deprecated: Use KGRound1Message.ProtoReflect.Descriptor instead.

func (*KGRound1Message) GetCommitment 

func (x *KGRound1Message) GetCommitment() []byte

func (*KGRound1Message) GetDlnproof_1 

func (x *KGRound1Message) GetDlnproof_1() [][]byte

func (*KGRound1Message) GetDlnproof_2 

func (x *KGRound1Message) GetDlnproof_2() [][]byte

func (*KGRound1Message) GetH1 

func (x *KGRound1Message) GetH1() []byte

func (*KGRound1Message) GetH2 

func (x *KGRound1Message) GetH2() []byte

func (*KGRound1Message) GetNTilde 

func (x *KGRound1Message) GetNTilde() []byte

func (*KGRound1Message) GetPaillierN 

func (x *KGRound1Message) GetPaillierN() []byte

func (*KGRound1Message) ProtoMessage 

func (*KGRound1Message) ProtoMessage()

func (*KGRound1Message) ProtoReflect 

func (x *KGRound1Message) ProtoReflect() protoreflect.Message

func (*KGRound1Message) Reset 

func (x *KGRound1Message) Reset()

func (*KGRound1Message) String 

func (x *KGRound1Message) String() string

func (*KGRound1Message) UnmarshalCommitment 

func (m *KGRound1Message) UnmarshalCommitment() *big.Int

UnmarshalCommitment deserializes the hash commitment from the message.

func (*KGRound1Message) UnmarshalDLNProof1 

func (m *KGRound1Message) UnmarshalDLNProof1() (*dlnproof.Proof, error)

UnmarshalDLNProof1 deserializes the first DLN proof from the message.

func (*KGRound1Message) UnmarshalDLNProof2 

func (m *KGRound1Message) UnmarshalDLNProof2() (*dlnproof.Proof, error)

UnmarshalDLNProof2 deserializes the second DLN proof from the message.

func (*KGRound1Message) UnmarshalH1 

func (m *KGRound1Message) UnmarshalH1() *big.Int

UnmarshalH1 deserializes the H1 value from the message.

func (*KGRound1Message) UnmarshalH2 

func (m *KGRound1Message) UnmarshalH2() *big.Int

UnmarshalH2 deserializes the H2 value from the message.

func (*KGRound1Message) UnmarshalNTilde 

func (m *KGRound1Message) UnmarshalNTilde() *big.Int

UnmarshalNTilde deserializes the NTilde value from the message.

func (*KGRound1Message) UnmarshalPaillierPK 

func (m *KGRound1Message) UnmarshalPaillierPK() *paillier.PublicKey

UnmarshalPaillierPK deserializes the Paillier public key from the message.

func (*KGRound1Message) ValidateBasic 

func (m *KGRound1Message) ValidateBasic() bool

ValidateBasic checks that all required fields in the round 1 message are non-empty.

type KGRound2Message1 

type KGRound2Message1 struct {
	Share    []byte   `protobuf:"bytes,1,opt,name=share,proto3" json:"share,omitempty"`
	FacProof [][]byte `protobuf:"bytes,2,rep,name=facProof,proto3" json:"facProof,omitempty"`
	// contains filtered or unexported fields
}

Represents a P2P message sent to each party during Round 2 of the ECDSA TSS keygen protocol.

func (*KGRound2Message1) Descriptor deprecated 

func (*KGRound2Message1) Descriptor() ([]byte, []int)

Deprecated: Use KGRound2Message1.ProtoReflect.Descriptor instead.

func (*KGRound2Message1) GetFacProof 

func (x *KGRound2Message1) GetFacProof() [][]byte

func (*KGRound2Message1) GetShare 

func (x *KGRound2Message1) GetShare() []byte

func (*KGRound2Message1) ProtoMessage 

func (*KGRound2Message1) ProtoMessage()

func (*KGRound2Message1) ProtoReflect 

func (x *KGRound2Message1) ProtoReflect() protoreflect.Message

func (*KGRound2Message1) Reset 

func (x *KGRound2Message1) Reset()

func (*KGRound2Message1) String 

func (x *KGRound2Message1) String() string

func (*KGRound2Message1) UnmarshalFacProof 

func (m *KGRound2Message1) UnmarshalFacProof() (*facproof.ProofFac, error)

UnmarshalFacProof deserializes the factorization proof from the message.

func (*KGRound2Message1) UnmarshalShare 

func (m *KGRound2Message1) UnmarshalShare() *big.Int

UnmarshalShare deserializes the VSS share from the message.

func (*KGRound2Message1) ValidateBasic 

func (m *KGRound2Message1) ValidateBasic() bool

ValidateBasic checks that all required fields in the round 2 message 1 are non-empty.

type KGRound2Message2 

type KGRound2Message2 struct {
	DeCommitment [][]byte `protobuf:"bytes,1,rep,name=de_commitment,json=deCommitment,proto3" json:"de_commitment,omitempty"`
	ModProof     [][]byte `protobuf:"bytes,2,rep,name=modProof,proto3" json:"modProof,omitempty"`
	// contains filtered or unexported fields
}

Represents a BROADCAST message sent to each party during Round 2 of the ECDSA TSS keygen protocol.

func (*KGRound2Message2) Descriptor deprecated 

func (*KGRound2Message2) Descriptor() ([]byte, []int)

Deprecated: Use KGRound2Message2.ProtoReflect.Descriptor instead.

func (*KGRound2Message2) GetDeCommitment 

func (x *KGRound2Message2) GetDeCommitment() [][]byte

func (*KGRound2Message2) GetModProof 

func (x *KGRound2Message2) GetModProof() [][]byte

func (*KGRound2Message2) ProtoMessage 

func (*KGRound2Message2) ProtoMessage()

func (*KGRound2Message2) ProtoReflect 

func (x *KGRound2Message2) ProtoReflect() protoreflect.Message

func (*KGRound2Message2) Reset 

func (x *KGRound2Message2) Reset()

func (*KGRound2Message2) String 

func (x *KGRound2Message2) String() string

func (*KGRound2Message2) UnmarshalDeCommitment 

func (m *KGRound2Message2) UnmarshalDeCommitment() []*big.Int

UnmarshalDeCommitment deserializes the hash de-commitment from the message.

func (*KGRound2Message2) UnmarshalModProof 

func (m *KGRound2Message2) UnmarshalModProof() (*modproof.ProofMod, error)

UnmarshalModProof deserializes the modulus proof from the message.

func (*KGRound2Message2) ValidateBasic 

func (m *KGRound2Message2) ValidateBasic() bool

ValidateBasic checks that all required fields in the round 2 message 2 are non-empty.

type KGRound3Message 

type KGRound3Message struct {
	PaillierProof [][]byte `protobuf:"bytes,1,rep,name=paillier_proof,json=paillierProof,proto3" json:"paillier_proof,omitempty"`
	// contains filtered or unexported fields
}

Represents a BROADCAST message sent to each party during Round 3 of the ECDSA TSS keygen protocol.

func (*KGRound3Message) Descriptor deprecated 

func (*KGRound3Message) Descriptor() ([]byte, []int)

Deprecated: Use KGRound3Message.ProtoReflect.Descriptor instead.

func (*KGRound3Message) GetPaillierProof 

func (x *KGRound3Message) GetPaillierProof() [][]byte

func (*KGRound3Message) ProtoMessage 

func (*KGRound3Message) ProtoMessage()

func (*KGRound3Message) ProtoReflect 

func (x *KGRound3Message) ProtoReflect() protoreflect.Message

func (*KGRound3Message) Reset 

func (x *KGRound3Message) Reset()

func (*KGRound3Message) String 

func (x *KGRound3Message) String() string

func (*KGRound3Message) UnmarshalProofInts 

func (m *KGRound3Message) UnmarshalProofInts() paillier.Proof

UnmarshalProofInts deserializes the Paillier proof integers from the message.

func (*KGRound3Message) ValidateBasic 

func (m *KGRound3Message) ValidateBasic() bool

ValidateBasic checks that all required fields in the round 3 message are non-empty.

type LocalParty 

type LocalParty struct {
	*tss.BaseParty
	// contains filtered or unexported fields
}

LocalParty represents a local participant in the ECDSA key generation protocol.

func (*LocalParty) FirstRound 

func (p *LocalParty) FirstRound() tss.Round

FirstRound returns the first round of the ECDSA keygen protocol.

func (*LocalParty) PartyID 

func (p *LocalParty) PartyID() *tss.PartyID

PartyID returns the party's unique identifier.

func (*LocalParty) Start 

func (p *LocalParty) Start() error

Start begins the keygen protocol for this party.

func (*LocalParty) StoreMessage 

func (p *LocalParty) StoreMessage(msg tss.ParsedMessage) (bool, error)

StoreMessage validates and stores a protocol message in the appropriate round message slot.

func (*LocalParty) String 

func (p *LocalParty) String() string

String returns a human-readable representation of this party.

func (*LocalParty) Update 

func (p *LocalParty) Update(msg tss.ParsedMessage) (ok bool, err error)

Update processes a parsed protocol message for this party.

func (*LocalParty) UpdateFromBytes 

func (p *LocalParty) UpdateFromBytes(wireBytes []byte, from *tss.PartyID, isBroadcast bool) (bool, error)

UpdateFromBytes parses raw wire bytes into a message and updates this party.

func (*LocalParty) ValidateMessage 

func (p *LocalParty) ValidateMessage(msg tss.ParsedMessage) (bool, error)

ValidateMessage checks that the given message is well-formed and from a valid sender index.

type LocalPartySaveData 

type LocalPartySaveData struct {
	LocalPreParams
	LocalSecrets

	// original indexes (ki in signing preparation phase)
	Ks []*big.Int

	// n-tilde, h1, h2 for range proofs
	NTildej, H1j, H2j []*big.Int

	// public keys (Xj = uj*G for each Pj)
	BigXj       []*crypto.ECPoint     // Xj
	PaillierPKs []*paillier.PublicKey // pkj

	// used for test assertions (may be discarded)
	ECDSAPub *crypto.ECPoint // y
}

Everything in LocalPartySaveData is saved locally to user's HD when done

func BuildLocalSaveDataSubset 

func BuildLocalSaveDataSubset(sourceData LocalPartySaveData, sortedIDs tss.SortedPartyIDs) LocalPartySaveData

BuildLocalSaveDataSubset re-creates the LocalPartySaveData to contain data for only the list of signing parties.

func LoadKeygenTestFixtures 

func LoadKeygenTestFixtures(qty int, optionalStart ...int) ([]LocalPartySaveData, tss.SortedPartyIDs, error)

func LoadKeygenTestFixturesRandomSet 

func LoadKeygenTestFixturesRandomSet(qty, fixtureCount int) ([]LocalPartySaveData, tss.SortedPartyIDs, error)

func NewLocalPartySaveData 

func NewLocalPartySaveData(partyCount int) (saveData LocalPartySaveData)

NewLocalPartySaveData initializes a LocalPartySaveData with slices pre-allocated for the given party count.

func (LocalPartySaveData) OriginalIndex 

func (save LocalPartySaveData) OriginalIndex() (int, error)

OriginalIndex recovers a party's original index in the set of parties during keygen.

type LocalPreParams 

type LocalPreParams struct {
	PaillierSK *paillier.PrivateKey // ski
	NTildei,
	H1i, H2i,
	Alpha, Beta,
	P, Q *big.Int
}

LocalPreParams contains the pre-computed Paillier key and safe prime parameters for a party.

func GeneratePreParams 

func GeneratePreParams(timeout time.Duration, optionalConcurrency ...int) (*LocalPreParams, error)

GeneratePreParams finds two safe primes and computes the Paillier secret required for the protocol. This can be a time consuming process so it is recommended to do it out-of-band. If not specified, a concurrency value equal to the number of available CPU cores will be used. If pre-parameters could not be generated before the timeout, an error is returned.

func GeneratePreParamsWithContext 

func GeneratePreParamsWithContext(ctx context.Context, optionalConcurrency ...int) (*LocalPreParams, error)

GeneratePreParams finds two safe primes and computes the Paillier secret required for the protocol. This can be a time consuming process so it is recommended to do it out-of-band. If not specified, a concurrency value equal to the number of available CPU cores will be used. If pre-parameters could not be generated before the context is done, an error is returned.

func GeneratePreParamsWithContextAndRandom 

func GeneratePreParamsWithContextAndRandom(ctx context.Context, rand io.Reader, optionalConcurrency ...int) (*LocalPreParams, error)

GeneratePreParams finds two safe primes and computes the Paillier secret required for the protocol. This can be a time consuming process so it is recommended to do it out-of-band. If not specified, a concurrency value equal to the number of available CPU cores will be used. If pre-parameters could not be generated before the context is done, an error is returned.

func (LocalPreParams) Validate 

func (preParams LocalPreParams) Validate() bool

Validate returns true if the essential pre-parameters (Paillier key, NTilde, H1, H2) are non-nil.

func (LocalPreParams) ValidateWithProof 

func (preParams LocalPreParams) ValidateWithProof() bool

ValidateWithProof returns true if the pre-parameters and all proof-related fields (Alpha, Beta, P, Q) are non-nil.

type LocalSecrets 

type LocalSecrets struct {
	// secret fields (not shared, but stored locally)
	Xi, ShareID *big.Int // xi, kj
}

LocalSecrets holds the secret share data that is not shared with other parties.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.