poly

package
v0.0.0-...-0b3308b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 19, 2017 License: MPL-2.0 Imports: 14 Imported by: 3

Documentation

Overview 

This package implements the Deal cryptographic primitive, which is based
* on poly/sharing.go
*
* Failures are frequent in large-scale systems. When reliability is paramount,
* the system requires some guarentee that it will still be able to make
* progress in the midst of failures. To do so, recovering critical information
* from failed nodes is often needed. Herein is the importance of this package.
* The deal package provides such reliability in the area of private keys.
*
* If a server wishes to have extra reliability for a private key it is using,
* it can construct a Deal struct. A Deal will take the private key and
* shard it into secret shares via poly/sharing.go logic. The server can
* then give the shares to a group of other servers who can act as insurers
* of the Deal. The insurers will keep the secret shares. If the original
* server ever goes offline, another server could ask the insurers for their
* secret shares and then combine them into the original secret key. Hence, this
* server could continue in the place of the original and the sytem can continue
* to make progress.
*
* This file provides structs for handling the cryptographic logic of this
* process. Other files can use these primitives to build a more robust
* system. In particular, there are 5 structs (3 public, 2 private):
*
*   1) Deal = respondible for sharding the secret, creating shares, and
*                tracking which shares belong to which insurers

*

  • 2) State = responsible for keeping state about a given Deal such
  • as shares recovered and messages that either certify the
  • Deal or prove that it is malicious *
  • 3) signature = proves that an insurer has signed off on a Deal.
  • The signature could either be used to express
  • approval or disapproval *
  • 4) blameProof = provides proof that a given Deal share was malicously
  • constructed. A valid blameProof proves that the Deal
  • is untrustworthy and that the creator of the Deal is
  • malicious *
  • 5) Response = a union of signature and blameProof. This serves as a public
  • wrapper for the two structs. *
  • Further documentation for each of the different structs can be found below.
  • It is suggested to start with the Deal struct referring to the others
  • as necessary. Once a general knowledge of Deal is gained, the others
  • will make more sense. *
  • Code using this package will typically have the following flow (please see
  • "Key Terms" below for a definition of terms used): *
  • Step I: Take out the Deal *
  • 1) The Dealer constructs a new Deal and stores it within a State. *
  • Step II: Certify the Dealer *
  • 1) The Dealer sends the Deal to the insurers. *
  • 2) The insurers verify the Deal is well-formed and make sure that their
  • secret shares are valid. *
  • a) If a secret share is invalid, an insurer creates a blameProof and sends
  • it back. *
  • b) If the share is valid, an insurer creates a signature to send
  • to the Dealer. *
  • 3) The Dealer receives the message from the insurer. *
  • a) If it is a valid blameProof, the Dealer must start all over and
  • construct a non-malicious Deal (or, the system can ban this malicious
  • Dealer). *
  • b) If the message is a signature, the Dealer can add the signature
  • to its State. *
  • 4) Repeat steps 1-3 until the Dealer has collected enough
  • signatures for the Deal to be certified. *
  • Step III: Distribute the Deal *
  • 1) Once the Deal is certified, the Dealer can then send the deal to
  • clients. *
  • 2) Clients can then request the signatures from the insurers to make sure
  • the Deal is indeed certified. *
  • a) This prevents a malicious Dealer from simply leaving out valid
  • blameProofs and only sending good signatures to the clients. *
  • 3) Once the client receives enough signatures, the client will then trust
  • the Dealer to do work with the deald private key. *
  • Step IV: Perform work for Clients *
  • Step V: Reconstruct the Deal Secret (if the Dealer goes down) *
  • 1) If the Dealer is unresponsive for too long, a client can inform the
  • insurers of the Deal. *
  • 2) The insurers can then check if the Dealer is indeed unresponsive. *
  • a) If so, the insurer reveal its share and sends it to the client. *
  • 3) The client repeats steps 1-2 until enough shares are recovered to
  • reconstruct the secret. *
  • 4) The client reconstructs the secret and takes over for the Dealer. * * *
  • Key Terms:
  • Dealer = the server making a Deal
  • client = recipients of a Deal who are trusting the Dealer
  • insurer = servers who store secret shares of a deal. Such servers help
  • during secret reconstruction. *
  • Users of this code = programmers wishing to use this code in programs

Package poly implements polynomial commitments, openings, and verifiable Shamir secret sharing.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Deal 

type Deal struct {
	// contains filtered or unexported fields
}

Deal structs are mechanisms by which a server can deal other servers * that an abstract.Scalar will be availble even if the secret's owner goes * down. The secret to be deald will be sharded into shared secrets that can * be combined using Lagrange Interpolation to produce the original secret. * Other servers will act as insurers maintaining a share. If a client ever * needs the secret to be reconstructed, it can contact the insurers to regain * the shares and reconstruct the secret. * * The insurers and secrets arrays should remain synchronized. In other words, * insurers[i] and secrets[i] should both refer to the same server. * * Note to users of this code: * * Here is a list of methods that should be called by each type of server: * * - Dealers * * ConstructDeal * * - Insurers * * ProduceResponse * * State.RevealShare (public wrapper to Deal.RevealShare in State struct) * * - Clients * * VerifyRevealedShare * * - All * * UnmarshalInit * * Id * * DealerId * * Insurers * * State.DealCertified * * State.SufficientSignatures

func (*Deal) ConstructDeal 

func (p *Deal) ConstructDeal(secretPair *config.KeyPair,
	longPair *config.KeyPair, t, r int, insurers []abstract.Point) *Deal

Constructs a new Deal to guarentee a secret. * * Arguments * secretPair = the keypair of the secret to be deald * longPair = the long term keypair of the Dealer * t = minimum number of shares needed to reconstruct the secret. * r = minimum signatures needed to certify the Deal * insurers = a list of the long-term public keys of the insurers. * * * It is expected that: * * t <= r <= len(insurers) * * secretPair.Suite == longPair.Suite * * Returns * A newly constructed Deal

func (*Deal) DealerId 

func (p *Deal) DealerId() string

Returns the id of the Dealer (aka its long term public key)

func (*Deal) DealerKey 

func (p *Deal) DealerKey() abstract.Point

Returns a copy of the Dealer's long term public key

func (*Deal) Equal 

func (p *Deal) Equal(p2 *Deal) bool

Tests whether two Deal structs are equal * * Arguments * p2 = a pointer to the struct to test for equality * * Returns * true if equal, false otherwise

func (*Deal) Id 

func (p *Deal) Id() string

Returns the id of the Deal

func (*Deal) Insurers 

func (p *Deal) Insurers() []abstract.Point

Returns the list of insurers of the deal. A copy of insurers is return to prevent tampering.

func (*Deal) MarshalBinary 

func (p *Deal) MarshalBinary() ([]byte, error)

Marshals a Deal struct into a byte array * * Returns * A buffer of the marshalled struct * The error status of the marshalling (nil if no error) * * Note * The buffer is formatted as follows: * * ||id||pubKey||pubPoly||==insurers_array==||==secrets==|| * * Remember: n == len(insurers) == len(secrets)

func (*Deal) MarshalSize 

func (p *Deal) MarshalSize() int

Returns the number of bytes used by this struct when marshalled * * Returns * The marshal size * * Note * This function can be used after UnmarshalInit

func (*Deal) MarshalTo 

func (p *Deal) MarshalTo(w io.Writer) (int, error)

Marshals a Deal struct using an io.Writer * * Arguments * w = the writer to use for marshalling * * Returns * The number of bytes written * The error status of the write (nil if no errors)

func (*Deal) ProduceResponse 

func (p *Deal) ProduceResponse(i int, gKeyPair *config.KeyPair) (*Response, error)

For insurers, produces a response to a Deal. If the insurer's share is * valid, the function returns a Response expressing the insurer's approval. * Otherwise, a Response with a blameProof blaming the Dealer is made. * * Arguments * i = the index of the insurer in the insurers list * gkeypair = the long term public/private keypair of the insurer. * * Return * the Response, or nil if there is an error. * an error, nil otherwise.

func (*Deal) PubPoly 

func (p *Deal) PubPoly() *PubPoly

func (*Deal) RevealShare 

func (p *Deal) RevealShare(i int, gKeyPair *config.KeyPair) abstract.Scalar

An internal function, reveals the secret share that the insurer has been * protecting. The public version is State.RevealShare. * * Arguments * i = the index of the insurer * gkeyPair = the long-term keypair of the insurer * * Return * the revealed private share

func (*Deal) String 

func (p *Deal) String() string

Returns a string representation of the Deal for easy debugging * * Returns * The Deal's string representation

func (*Deal) UnmarshalBinary 

func (p *Deal) UnmarshalBinary(buf []byte) error

Unmarshals a Deal from a byte buffer * * Arguments * buf = the buffer containing the Deal * * Returns * The error status of the unmarshalling (nil if no error)

func (*Deal) UnmarshalFrom 

func (p *Deal) UnmarshalFrom(r io.Reader) (int, error)

Unmarshals a Deal struct using an io.Reader * * Arguments * r = the reader to use for unmarshalling * * Returns * The number of bytes read * The error status of the read (nil if no errors)

func (*Deal) UnmarshalInit 

func (p *Deal) UnmarshalInit(t, r, n int, suite abstract.Suite) *Deal

Initializes a Deal for unmarshalling * * Arguments * t = the minimum number of shares needed to reconstruct the scalar * r = the minimum number of positive Response's needed to cerifty the * deal * n = the total number of insurers. * suite = the suite used within the Deal * * Returns * An initialized Deal ready to be unmarshalled

func (*Deal) VerifyRevealedShare 

func (p *Deal) VerifyRevealedShare(i int, share abstract.Scalar) error

Verify that a revealed share is properly formed. This should be called by *in clients or others who request an insurer to reveal its shared secret. * * Arguments * i = the index of the share * share = the share to validate. * * Return * Whether the secret is valid

type PriPoly 

type PriPoly struct {
	// contains filtered or unexported fields
}

Private polynomial for Shamir secret sharing.

func (*PriPoly) Add 

func (p *PriPoly) Add(p1, p2 *PriPoly) *PriPoly

Set to the component-wise addition of two polynomials, which are assumed to be of the same degree and from the same Scalar field.

func (*PriPoly) Equal 

func (p1 *PriPoly) Equal(p2 *PriPoly) bool

Test polynomials for equality component-wise. Assumes they are of the same degree and from the same Scalar field.

func (*PriPoly) Eval 

func (p *PriPoly) Eval(i int) abstract.Scalar

Evaluate the polynomial to produce the secret for party i.

func (*PriPoly) Pick 

func (p *PriPoly) Pick(g abstract.Group, k int, s0 abstract.Scalar,
	rand cipher.Stream) *PriPoly

Create a fresh sharing polynomial in the Scalar space of a given group. Shares the provided Scalar s, or picks a random one if s == nil.

func (*PriPoly) Secret 

func (p *PriPoly) Secret() abstract.Scalar

Return the shared secret from a private sharing polynomial.

func (*PriPoly) String 

func (p *PriPoly) String() string

Dump a string representation of the polynomial.

type PriShares 

type PriShares struct {
	// contains filtered or unexported fields
}

Secret shares generated from a private polynomial.

func (*PriShares) Empty 

func (ps *PriShares) Empty(g abstract.Group, k, n int)

Initialize a set of secret-shares to an initially empty list, before populating using SetShare() and reconstruction.

func (*PriShares) Secret 

func (ps *PriShares) Secret() abstract.Scalar

Use Lagrange interpolation to reconstruct a secret, from a private share array of which at least a threshold k of shares are populated (non-nil).

func (*PriShares) SetShare 

func (ps *PriShares) SetShare(i int, s abstract.Scalar)

Set node i's share.

func (*PriShares) Share 

func (ps *PriShares) Share(i int) abstract.Scalar

Return a given node i's share.

func (*PriShares) Split 

func (ps *PriShares) Split(p *PriPoly, n int) *PriShares

Create a desired number of secret-shares from a private polynomial, each of which is typically to be distributed to a distinct party. Any k of these shares may be used to reconstruct the original secret. Amounts to evaluating the private polynomial at positions 1, ..., n.

func (*PriShares) String 

func (ps *PriShares) String() string

type PubPoly 

type PubPoly struct {
	// contains filtered or unexported fields
}

A public commitment to a secret-sharing polynomial.

func (*PubPoly) Add 

func (pub *PubPoly) Add(p1, p2 *PubPoly) *PubPoly

Homomorphically add two public polynomial commitments, to form a public commitment to the sum of the two polynomials.

func (*PubPoly) Check 

func (pub *PubPoly) Check(i int, share abstract.Scalar) bool

Check a secret share against a public polynomial commitment. This amounts to evaluating the polynomial under homomorphic encryption.

func (*PubPoly) Commit 

func (pub *PubPoly) Commit(pri *PriPoly, b abstract.Point) *PubPoly

Initialize to a public commitment to a given private polynomial. Create commitments as encryptions of a given base point b, or the standard base if b == nil.

func (*PubPoly) Equal 

func (p1 *PubPoly) Equal(p2 *PubPoly) bool

Test polynomial commitments for equality. Assumes they are of the same degree and from the same group.

func (*PubPoly) Eval 

func (pub *PubPoly) Eval(i int) abstract.Point

Homomorphically evaluate a commitment to the share for party i.

func (*PubPoly) GetK 

func (pub *PubPoly) GetK() int

Return k : the number of shares needed to reconstruct a secret from the corresponding pripoly

func (*PubPoly) Init 

func (pub *PubPoly) Init(g abstract.Group, k int, b abstract.Point) *PubPoly

Initialize to an empty polynomial for a given group and threshold (degree), typically before using Decode() to fill in from a received message.

func (*PubPoly) InitNull 

func (pub *PubPoly) InitNull(g abstract.Group, k int, b abstract.Point) *PubPoly

InitNull does the same thing as Init PLUS initialize every points / coef to the Null Identity Element so we can use it like a "temp" / "aggregate" variable to add with others poly

func (*PubPoly) MarshalBinary 

func (pub *PubPoly) MarshalBinary() ([]byte, error)

Encode this polynomial into a byte slice exactly Len() bytes long.

func (*PubPoly) MarshalSize 

func (pub *PubPoly) MarshalSize() int

Return the encoded length of this polynomial commitment.

func (*PubPoly) MarshalTo 

func (pub *PubPoly) MarshalTo(w io.Writer) (int, error)

func (*PubPoly) SecretCommit 

func (pub *PubPoly) SecretCommit() abstract.Point

Return the secret commit (constant term) from this polynomial.

func (*PubPoly) String 

func (p *PubPoly) String() string

Dump a string representation of the polynomial commitment.

func (*PubPoly) UnmarshalBinary 

func (pub *PubPoly) UnmarshalBinary(b []byte) error

Decode this polynomial from a slice exactly Len() bytes long.

func (*PubPoly) UnmarshalFrom 

func (pub *PubPoly) UnmarshalFrom(r io.Reader) (int, error)

type PubShares 

type PubShares struct {
	// contains filtered or unexported fields
}

Public commitments to shares generated from a private polynomial.

func (*PubShares) SecretCommit 

func (ps *PubShares) SecretCommit() abstract.Point

Use Lagrange interpolation homomorphically to reconstruct a secret commitment, from an array of share commitments of which at least a threshold k of shares are populated (non-nil).

func (*PubShares) SetShare 

func (ps *PubShares) SetShare(i int, p abstract.Point)

Set node i's share commitment.

func (*PubShares) Share 

func (ps *PubShares) Share(i int) abstract.Point

Return the share commitment for a given party i.

func (*PubShares) Split 

func (ps *PubShares) Split(pub *PubPoly, n int) *PubShares

Create individual share commitments from a polynomial commitment, one for each of n parties. Homomorphically evaluates the polynomial at positions 1, ..., n.

func (*PubShares) String 

func (ps *PubShares) String() string

type Receiver 

type Receiver struct {
	// contains filtered or unexported fields
}

Receiver Part : Receiver struct is basically the underlying structure of the general matrix. If a peer is a receiver, it will receive all deals and compute all of its share and then he will be able to generate the SharedSecret

func NewReceiver 

func NewReceiver(suite abstract.Suite, info Threshold, key *config.KeyPair) *Receiver

Returns a new Receiver

func (*Receiver) AddDeal 

func (r *Receiver) AddDeal(index int, deal *Deal) (*Response, error)

Adddeal adds a deal to the array of deals the receiver already has. You must give the index of the receiver so the receiver can generate its response for this deal to the dealer, i.e. index is generally the index of the receiver in the matrix, and is usually fixed. It will return a Response to be sent back to the Dealer so he can verify its deal

func (*Receiver) Init 

func (r *Receiver) Init(suite abstract.Suite, info Threshold, key *config.KeyPair) *Receiver

Init a new Receiver struct info is the info about the structure of the polynomials used key is the long-term public key of the receiver

func (*Receiver) ProduceSharedSecret 

func (r *Receiver) ProduceSharedSecret() (*SharedSecret, error)

ProduceSharedSecret will generate the sharedsecret relative to this receiver it will throw an error if something is wrong such as not enough Dealers received The shared secret can be computed when all deals have been sent and basically consists of a

  1. Public Polynomial which is basically the sums of all Dealers's polynomial
  2. Share of the global Private Polynomial (which is to never be computed directly), which is basically SUM of fj(i) for a receiver i

type Response 

type Response struct {
	// contains filtered or unexported fields
}

The Response struct is a union of the signature and blameProof types. * It is the public-facing message that insurers send in response to a Deal. * It hides the details of signature's and blameProofs so that users of * this code will not have to worry about them. * * Please see the signature and blameProof structs for more details.

func (*Response) Equal 

func (r *Response) Equal(r2 *Response) bool

Tests whether two Response structs are equal * * Arguments * r2 = a pointer to the struct to test for equality * * Returns * true if equal, false otherwise

func (*Response) MarshalBinary 

func (r *Response) MarshalBinary() ([]byte, error)

Marshals a Response struct into a byte array * * Returns * A buffer of the marshalled struct * The error status of the marshalling (nil if no error) * * Note * The buffer is formatted as follows: * * ||signature_Or_blameProof_Length||Type||signature_or_blameProof||

func (*Response) MarshalSize 

func (r *Response) MarshalSize() int

Returns the number of bytes used by this struct when marshalled * * Returns * The marshal size * * Note * Since signature structs and blameProof structs can be of * variable length, this function is only useful for a Response that is * already unmarshalled. Do not call before unmarshalling.

func (*Response) MarshalTo 

func (r *Response) MarshalTo(w io.Writer) (int, error)

Marshals a Response struct using an io.Writer * * Arguments * w = the writer to use for marshalling * * Returns * The number of bytes written * The error status of the write (nil if no errors)

func (Response) String 

func (r Response) String() string

Returns a string representation of the Response for easy debugging * * Returns * The Response's string representation

func (*Response) UnmarshalBinary 

func (r *Response) UnmarshalBinary(buf []byte) error

Unmarshals a Response from a byte buffer * * Arguments * buf = the buffer containing the blameProof * * Returns * The error status of the unmarshalling (nil if no error)

func (*Response) UnmarshalFrom 

func (rp *Response) UnmarshalFrom(r io.Reader) (int, error)

Unmarshals a Response struct using an io.Reader * * Arguments * r = the reader to use for unmarshalling * * Returns * The number of bytes read * The error status of the read (nil if no errors)

func (*Response) UnmarshalInit 

func (r *Response) UnmarshalInit(suite abstract.Suite) *Response

Initializes a Response struct for unmarshalling * * Arguments * suite = the suite used for the signature or blameProof * * Returns * An initialized Response ready to be unmarshalled

type Schnorr 

type Schnorr struct {
	// contains filtered or unexported fields
}

Schnorr holds the data necessary to complete a distributed schnorr signature and will implement the necessary methods. You can setup a schnorr struct with a LongTerm shared secret and when you want to sign something, you will have to:

  • Start a new round specifying the random shared secret chosen and the message to sign
  • Generate the partial signature of the current node
  • Collect every others partial signature
  • Generate the signature
  • Do whatever you want to do with
  • Start a new round with the same schnorr struct

If you want to verify a given signature, use schnorr.VerifySignature(SchnorrSig, msg) CAREFUL: your schnorr signature is a LONG TERM signature, you must keep the same during all rounds, else you won't be able to verify any signatures. The following have to stay the same:

  • LongTerm sharedSecret
  • PolyInfo

If you know these are the same throughout differents rounds, you can create many schnorr structs. This is definitly NOT the way it is intented to be used, so use it at your own risks.

func NewSchnorr 

func NewSchnorr(suite abstract.Suite, info Threshold, longterm *SharedSecret) *Schnorr

Instantiates a Schnorr struct. A wrapper around Init

func (*Schnorr) AddPartialSig 

func (s *Schnorr) AddPartialSig(ps *SchnorrPartialSig) error

Receives a signature from other peers, adds it to its list of partial signatures and verifies it It returns an error if

  • it can not validate this given partial signature against the longterm and random shared secret
  • there is already a partial signature added for this index

NOTE : let s = RevealPartialSig(), s is NOT added automatically to the set of partial signature, for now you have to do it yourself by calling AddPartialSig(s)

func (*Schnorr) EmptySchnorrSig 

func (s *Schnorr) EmptySchnorrSig() *SchnorrSig

func (*Schnorr) Init 

func (s *Schnorr) Init(suite abstract.Suite, info Threshold, longterm *SharedSecret) *Schnorr

Initializes the Schnorr struct

func (*Schnorr) NewRound 

func (s *Schnorr) NewRound(random *SharedSecret, h hash.Hash) error

Sets the random key for the d.schnorr algo + sets the msg to be signed. You call this function when you want a new signature to be issued on a specific message. The security of the distributed schnorr signature protocol is the same as for the regular : The random secret "must be fresh* for "each* signature / signed message (hence the 'NewRound')

func (*Schnorr) RevealPartialSig 

func (s *Schnorr) RevealPartialSig() *SchnorrPartialSig

Reveals the partial signature for this peer Si = Ri + H(m || V) * Pi with :

  • Ri = share of the random secret for peer i
  • V = public commitment of the random secret (i.e. Public random poly evaluated at point 0 )
  • Pi = share of the longterm secret for peer i

This signature is to be sent to each other peer

func (*Schnorr) Sig 

func (s *Schnorr) Sig() (*SchnorrSig, error)

Generates the global schnorr signature by reconstructing the secret contained in the partial responses

func (*Schnorr) VerifySchnorrSig 

func (s *Schnorr) VerifySchnorrSig(sig *SchnorrSig, h hash.Hash) error

Verifies if a given signature is correct regarding the message. NOTE: This belongs to the schnorr structs however it can be called at any time you want. This check is static, meaning it only needs the longterm shared secret, and the signature to check. Think of the schnorr signature as a black box having two inputs:

  • a message to be signed + a random secret ==> NewRound
  • a message + a signature to check on ==> VerifySchnorrSig

type SchnorrPartialSig 

type SchnorrPartialSig struct {
	// The index of this partial signature regarding the global one
	// same as the "receiver" index in the joint.go code
	Index int

	// The partial signature itself
	Part *abstract.Scalar
}

Partial Schnorr Sig represents the partial signatures that each peer must generate in order to create the "global" signature. This struct must be sent across each peer for each peer

func (*SchnorrPartialSig) Equal 

func (pss *SchnorrPartialSig) Equal(pss2 *SchnorrPartialSig) bool

type SchnorrSig 

type SchnorrSig struct {

	// the signature itself
	Signature *abstract.Scalar

	// the random public polynomial used during the signature generation
	Random *PubPoly
}

SchnorrSig represents the final signature of a distribtued threshold schnorr signature which can be verified against a message This struct is not intended to be constructed manually but can be:

  • produced by the Schnorr struct
  • verified against a Schnorr struct

func (*SchnorrSig) Equal 

func (s *SchnorrSig) Equal(s2 *SchnorrSig) bool

Tests on equality

func (*SchnorrSig) Init 

func (s *SchnorrSig) Init(suite abstract.Suite, info Threshold) *SchnorrSig

Initialises the struct so it can decode itself

type SharedSecret 

type SharedSecret struct {

	// The shared public polynomial
	Pub *PubPoly

	// The share of the shared secret
	Share *abstract.Scalar

	// The index where the share has been evaluated in the shared private polynomial
	// and the index to use where the share can be checked against the shared
	// public polynomial
	// f(i) = share for peer i
	Index int
}

Represent the output of a VSS Pedersen scheme : a global public polynomial and a share of its related priv poly for a peer A SharedSecret is generated by the receiver's func : ProduceSharedSecret This SharedSecret is used by the distributed t-n Schnorr algorithm as a shared key.

type State 

type State struct {

	// The actual deal
	Deal Deal

	// Primarily used by clients, contains shares the client has currently
	// obtained from insurers. This is what will be used to reconstruct the
	// deald secret.
	PriShares PriShares
	// contains filtered or unexported fields
}

The State struct is responsible for maintaining state about Deal * structs. It consists of three main pieces: * * 1. The deal itself, which should be treated like an immutable object * 2. The shared secrets the server has recovered so far * 3. A list of responses from insurers cerifying or blaming the deal * * Each server should have one State per Deal * * Note to users of this code: * * To add a share to PriShares, do: * * p.PriShares.SetShare(index, share) * * To reconstruct the secret, do: * * p.PriShares.Secret() * * Be warned that Secret will panic unless there are enough shares to * reconstruct the secret. (See poly/sharing.go for more info) * * TODO Consider if it is worth adding a String function

func (*State) AddResponse 

func (ps *State) AddResponse(i int, response *Response) error

Adds a response from an insurer to the State. Checks to see whether the response * is valid and then adds it. * * Arguments * i = the index in the signature array this signature belongs * response = the response to add * * Returns * nil if the deal was added succesfully, an error otherwise.

func (*State) DealCertified 

func (ps *State) DealCertified() error

This public function checks whether the Deal is certified. Three things * must hold for this to be the case: * * 1) The deal must be syntatically valid. * 2) It must have >= r valid signatures * 3) It must not have any valid blameProofs * * * Use this function when determining whether a deal is safe to be accepted. * * Please see dealCertified for more details.

func (*State) Init 

func (ps *State) Init(deal Deal) *State

Initializes a new State * * Arguments * deal = the deal to keep track of * * Returns * An initialized State

func (*State) RevealShare 

func (ps *State) RevealShare(i int, gKeyPair *config.KeyPair) (abstract.Scalar, error)

A public wrapper for Deal.RevealShare, ensures that a share is only * revealed for a Deal that has received a sufficient number of signatures. * An insurer should call this function on behalf of a client after verifying * that the Dealer is non-responsive. * * Arguments * i = the index of the insurer * gkeyPair = the long-term keypair of the insurer * * Return * (share, error) * share = the revealed private share, or nil if the deal share is corrupted * error = nil if successful, error if the deal share is corrupted * * This error checking insures that a good insurer who has produced a valid blameproof does * not reveal an incorrect share. * * Postcondition * panics if an insufficient number of signatures have been received * * * Note * The reason that SufficientSignatures is used instead of DealCertified is * to prevent the following senario: * * 1) A malicious server creates a deal and selects as an insurer another * malicious peer. The malicious peer is given an invalid share. * * 2) The other insurers certify the deal and the malicious insurer does * not respond. * * 3) The malicious server enters the system and gives its deal to clients. * * 4) The malicious insurer then sends out the valid blameProof. * * 5) Now, the good insurers are unable to reveal the secret and reconstruct * the deal. * * 6) The malicious server leaves the system. The insurance policy is now * useless. * * To prevent this, blameproofs are not taken into consideration. As a result, * any server that produces an invalid share risks having its secret revealed * at any moment after the deal has garnered enough signatures to be * considered certified otherwise. This is further incentive to create valid deals.

func (*State) SufficientSignatures 

func (ps *State) SufficientSignatures() error

This public function checks whether the State has received enough signatures * for a deal to be considered certified. It ignores any valid blame proofs. * * Use this function when determining whether it is safe to reveal a share. * * Please see dealCertified for more details.

type Threshold 

type Threshold struct {
	// How many peer do we need to reconstruct a secret
	T int
	// How many peers do we need to verify
	R int
	// How many peers are collaborating into constructing the shared secret ( i.e. MatrixShare is of size NxN)
	N int
}

PolyInfo describe the information needed to construct (and verify) a matrixShare

func (*Threshold) Equal 

func (p *Threshold) Equal(p2 Threshold) bool

PolyInfo marshalling :

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.