v0

package
v1.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 11, 2022 License: Apache-2.0 Imports: 19 Imported by: 0

README

Secure Two-party Threshold ECDSA from ECDSA Assumptions

IMPORTANT: Version 0 of the protocol is experimental and not suitable for production use. It is kept here for backward compatability. We have added type conversion functions in the Version 1 package that can be used to migrate V0 data to V1 data types.

Package dkls implements the 2-of-2 threshold ECDSA signing algorithm of Secure Two-party Threshold ECDSA from ECDSA Assumptions.

Documentation

Overview

Package v0 implements the 2-of-2 threshold ECDSA signing algorithm of [Doerner, Kondi, Lee, and shelat](https://eprint.iacr.org/2018/499). For an example of use, look at sign.go.

It is currently a work in progress; do not use it in real-life scenarios yet. TODO: Docs to be completed.

Package dkls is an implementation of https://eprint.iacr.org/2018/499.pdf

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DKGEncoding 

func DKGEncoding() (address string, id string, aBytes []byte, bBytes []byte, err error)

DKGEncoding calls RunDKG and then encodes the Secrets

func DecodeReceiver 

func DecodeReceiver(params *Params, b []byte) (*seedOTReceiver, error)

DecodeReceiver decodes a Receiver object that was encoded after DKG.

func DecodeSender 

func DecodeSender(params *Params, b []byte) (*seedOTSender, error)

DecodeSender decodes a Sender field from the bob object that was encoded after DKG.

func EncodeReceiver 

func EncodeReceiver(r *seedOTReceiver) ([]byte, error)

EncodeReceiver encodes a Receiver field as a byte sequence after DKG has been completed.

func EncodeSecret 

func EncodeSecret(s *SecretShare) ([]byte, error)

EncodeSecret encodes a SecretShare object as a byte sequence after DKG has been completed.

func EncodeSender 

func EncodeSender(s *seedOTSender) ([]byte, error)

EncodeSender encodes a Sender field as a byte sequence after DKG has been completed.

func InitOT 

func InitOT() (receiver *seedOTReceiver, sender *seedOTSender, err error)

func NewPipeWrappers 

func NewPipeWrappers() (*pipeWrapper, *pipeWrapper)

func RunDKG 

func RunDKG() (aliceSecret *SecretShare, bobSecret *SecretShare, err error)

func SeedOTEncoding 

func SeedOTEncoding() (aBytes []byte, bBytes []byte, err error)

SeedOTEncoding calls AliceInitOT and then encodes the Receiver and Sender

func SignAlice 

func SignAlice(secret *SecretShare, cot *seedOTReceiver, m []byte, rw io.ReadWriter) error

SignAlice is an illustrative helper method which shows the overall flow for Alice. in practice this will be replaced by a method which actually sends messages back and forth.

func SignBob 

func SignBob(secret *SecretShare, cot *seedOTSender, m []byte, rw io.ReadWriter) error

SignBob is an illustrative helper method which shows the overall flow for Bob.

Types

type Alice 

type Alice struct {
	Receiver *seedOTReceiver
}

Alice struct encoding Alice's state during one execution of the overall signing algorithm. At the end of the joint computation, Alice will NOT obtain the signature.

func NewAlice 

func NewAlice(params *Params) *Alice

NewAlice creates a party that can participate in 2-of-2 DKG and threshold signature.

type AliceDkg 

type AliceDkg struct {
	AliceSecret *SecretShare
	// contains filtered or unexported fields
}

AliceDkg DKLS DKG implementation that satisfies the protocol iterator interface.

func NewAliceDkg 

func NewAliceDkg(params *Params) *AliceDkg

NewAliceDkg creates a new protocol that can compute a DKG as Alice

func (*AliceDkg) Next 

func (p *AliceDkg) Next(rw io.ReadWriter) error

Next runs the next step in the protocol and reports errors or increments the step index

func (*AliceDkg) Result 

func (a *AliceDkg) Result() (interface{}, error)

Result Returns an encoded version of Alice's secret share as sequence of bytes that can be used to initialize an AliceSign protocol.

func (*AliceDkg) SetDebug 

func (a *AliceDkg) SetDebug(log io.Writer)

type AliceSign 

type AliceSign struct {
	// contains filtered or unexported fields
}

AliceSign DKLS sign implementation that satisfies the protocol iterator interface.

func NewAliceSign 

func NewAliceSign(params *Params, msg []byte, dkgResult []byte, otResult []byte) (*AliceSign, error)

NewAliceSign creates a new protocol that can compute a signature as Alice. Requires dkg state that was produced at the end of DKG.Result().

func NewOTReceiver 

func NewOTReceiver(params *Params) *AliceSign

NewOTReceiver populates Alice's Receiver

func (*AliceSign) Next 

func (p *AliceSign) Next(rw io.ReadWriter) error

Next runs the next step in the protocol and reports errors or increments the step index

func (*AliceSign) Result 

func (a *AliceSign) Result() (interface{}, error)

Result always returns errNoSig. Alice does not compute a signature in the DKLS protocol; only Bob computes the signature.

func (*AliceSign) ResultOT 

func (a *AliceSign) ResultOT() (interface{}, error)

ResultOT Returns an encoded version of Alice's Receiver as sequence of bytes that can be used to initialize an AliceSign protocol.

func (*AliceSign) SetDebug 

func (a *AliceSign) SetDebug(log io.Writer)

type Bob 

type Bob struct {
	// Exported fields
	Sender *seedOTSender
	Sig    *curves.EcdsaSignature // The resulting digital signature
	// contains filtered or unexported fields
}

Bob struct encoding Bob's state during one execution of the overall signing algorithm. At the end of the joint computation, Bob will obtain the signature.

func NewBob 

func NewBob(params *Params) *Bob

NewBob creates a party that can participate in 2-of-2 DKG and threshold signature. This party is the receiver of the signature at the end.

type BobDkg 

type BobDkg struct {
	BobSecret *SecretShare
	// contains filtered or unexported fields
}

BobDkg DKLS DKG implementation that satisfies the protocol iterator interface.

func NewBobDkg 

func NewBobDkg(params *Params) *BobDkg

NewBobDkg Creates a new protocol that can compute a DKG as Bob

func (*BobDkg) Next 

func (p *BobDkg) Next(rw io.ReadWriter) error

Next runs the next step in the protocol and reports errors or increments the step index

func (*BobDkg) Result 

func (b *BobDkg) Result() (interface{}, error)

Result returns an encoded version of Alice as sequence of bytes that can be used to initialize an AliceSign protocol.

func (*BobDkg) SetDebug 

func (b *BobDkg) SetDebug(log io.Writer)

type BobSign 

type BobSign struct {
	// contains filtered or unexported fields
}

BobSign DKLS sign implementation that satisfies the protocol iterator interface.

func NewBobSign 

func NewBobSign(params *Params, msg []byte, dkgResult []byte, otResult []byte) (*BobSign, error)

NewBobSign creates a new protocol that can compute a signature as Bob. Requires dkg state that was produced at the end of DKG.Result().

func NewOTSender 

func NewOTSender(params *Params) *BobSign

NewOTSender populates Bob's Sender

func (*BobSign) Next 

func (p *BobSign) Next(rw io.ReadWriter) error

Next runs the next step in the protocol and reports errors or increments the step index

func (*BobSign) Result 

func (d *BobSign) Result() (interface{}, error)

Result If the signing protocol completed successfully, returns the signature that Bob computed as a *core.EcdsaSignature.

func (*BobSign) ResultOT 

func (b *BobSign) ResultOT() (interface{}, error)

ResultOT returns an encoded version of Bob's Sender as sequence of bytes that can be used to initialize a BobSign protocol.

func (*BobSign) SetDebug 

func (b *BobSign) SetDebug(log io.Writer)

type DkgResult 

type DkgResult struct {
	DkgState []byte
	Pubkey   *curves.EcPoint
}

DKG protocols produce the following result on successful completion

type MultiplyReceiver 

type MultiplyReceiver struct {
	TB []*big.Int
	// contains filtered or unexported fields
}

func NewMultiplyReceiver 

func NewMultiplyReceiver(multiplicity int, sender *seedOTSender) *MultiplyReceiver

func (*MultiplyReceiver) MultiplyInit 

func (receiver *MultiplyReceiver) MultiplyInit(idExt [32]byte, beta []*big.Int, w io.Writer) error

MultiplyInit Protocol 5., Multiplication, 3). Bob (receiver) encodes beta and initiates the cOT extension!

func (*MultiplyReceiver) MultiplyTransfer 

func (receiver *MultiplyReceiver) MultiplyTransfer(r io.Reader) error

MultiplyTransfer Protocol 5., Multiplication, 3) and 6). Bob finalizes the cOT extension. using that and Alice's multiplication message, Bob completes the multiplication protocol, including checks. at the end, Bob's values tB_j are populated.

type MultiplySender 

type MultiplySender struct {
	TA []*big.Int
	// contains filtered or unexported fields
}

func NewMultiplySender 

func NewMultiplySender(multiplicity int, receiver *seedOTReceiver) *MultiplySender

func (*MultiplySender) Multiply 

func (sender *MultiplySender) Multiply(idExt [32]byte, alpha []*big.Int, rw io.ReadWriter) error

Multiply Protocol 5., steps 3) 5), 7). Alice _responds_ to Bob's initial cOT message, using a vector of alphas as input. doesn't actually send that message yet, only stashes it, and moves onto the next steps of the multiplication protocol specifically, Alice can then do step 5) (compute the outputs of the multiplication protocol), also stashes this. finishes up by taking care of 7), after that, Alice is totally done with multiplication and has stashed the outputs.

type Params 

type Params struct {
	Curve     elliptic.Curve
	Scalar    curves.EcScalar
	Generator *curves.EcPoint
	// contains filtered or unexported fields
}

func NewParams 

func NewParams(curve elliptic.Curve, scalar curves.EcScalar) (*Params, error)

NewParams receives an implementation of the curve and scalar interfaces and sets the parameters needed for DKG and Threshold ECDSA of DKLS.

type ProtocolIterator 

type ProtocolIterator interface {
	// Next runs the next round of the protocol.
	// Inputs are read from rw.Read(); outputs are written to rw.Write().
	// Returns io.EOF when protocol has completed.
	Next(rw io.ReadWriter) error

	// Result returns the final result, if any, of the completed protocol.
	// Reports an error if the protocol has not yet terminated
	// or if an error was encountered during protocol execution.
	Result() (interface{}, error)

	// SetDebug enables or disables (passing a nil value as input) debugging.
	// At the moment, we only print the final dkls dkg result as json value to this log, but if needed more debugging
	// can be added for various steps of the other protocols.
	SetDebug(log io.Writer)
}

ProtocolIterator a generalized interface for multi-party protocols that follows the iterator pattern.

type ReceiverOTResult 

type ReceiverOTResult struct {
	OTState  []byte
	Receiver *seedOTReceiver
}

type Schnorr 

type Schnorr struct {
	Pub *curves.EcPoint // this is the public point.
	C   *big.Int
	S   *big.Int
	// contains filtered or unexported fields
}

func (*Schnorr) DecommitVerify 

func (proof *Schnorr) DecommitVerify(com []byte) error

func (*Schnorr) Prove 

func (proof *Schnorr) Prove(x *big.Int) error

func (*Schnorr) ProveCommit 

func (proof *Schnorr) ProveCommit(x *big.Int) ([]byte, error)

this "commits to" a schnorr proof which is later revealed; see Functionality 7. it mutates `st` by adding a proof to it, and then also returns the commitment to the proof.

func (*Schnorr) Verify 

func (proof *Schnorr) Verify() error

type SecretShare 

type SecretShare struct {
	PkI *Schnorr // this is a "schnorr statement" for pkI.
	SkI *big.Int // the witness
	Pk  *curves.EcPoint
	// contains filtered or unexported fields
}

func DecodeSecret 

func DecodeSecret(params *Params, b []byte) (*SecretShare, error)

DecodeSecret decodes a SecretShare object that was encoded after DKG.

func NewSecretShare 

func NewSecretShare(params *Params) *SecretShare

NewSecretShare creates a secret share.

type SenderOTResult 

type SenderOTResult struct {
	OTState []byte
	Sender  *seedOTSender
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.