Documentation ¶
Overview ¶
This package implements the Deal cryptographic primitive, which is based * on poly/sharing.go * * Failures are frequent in large-scale systems. When reliability is paramount, * the system requires some guarentee that it will still be able to make * progress in the midst of failures. To do so, recovering critical information * from failed nodes is often needed. Herein is the importance of this package. * The deal package provides such reliability in the area of private keys. * * If a server wishes to have extra reliability for a private key it is using, * it can construct a Deal struct. A Deal will take the private key and * shard it into secret shares via poly/sharing.go logic. The server can * then give the shares to a group of other servers who can act as insurers * of the Deal. The insurers will keep the secret shares. If the original * server ever goes offline, another server could ask the insurers for their * secret shares and then combine them into the original secret key. Hence, this * server could continue in the place of the original and the sytem can continue * to make progress. * * This file provides structs for handling the cryptographic logic of this * process. Other files can use these primitives to build a more robust * system. In particular, there are 5 structs (3 public, 2 private): * * 1) Deal = respondible for sharding the secret, creating shares, and * tracking which shares belong to which insurers
*
- 2) State = responsible for keeping state about a given Deal such
- as shares recovered and messages that either certify the
- Deal or prove that it is malicious *
- 3) signature = proves that an insurer has signed off on a Deal.
- The signature could either be used to express
- approval or disapproval *
- 4) blameProof = provides proof that a given Deal share was malicously
- constructed. A valid blameProof proves that the Deal
- is untrustworthy and that the creator of the Deal is
- malicious *
- 5) Response = a union of signature and blameProof. This serves as a public
- wrapper for the two structs. *
- Further documentation for each of the different structs can be found below.
- It is suggested to start with the Deal struct referring to the others
- as necessary. Once a general knowledge of Deal is gained, the others
- will make more sense. *
- Code using this package will typically have the following flow (please see
- "Key Terms" below for a definition of terms used): *
- Step I: Take out the Deal *
- 1) The Dealer constructs a new Deal and stores it within a State. *
- Step II: Certify the Dealer *
- 1) The Dealer sends the Deal to the insurers. *
- 2) The insurers verify the Deal is well-formed and make sure that their
- secret shares are valid. *
- a) If a secret share is invalid, an insurer creates a blameProof and sends
- it back. *
- b) If the share is valid, an insurer creates a signature to send
- to the Dealer. *
- 3) The Dealer receives the message from the insurer. *
- a) If it is a valid blameProof, the Dealer must start all over and
- construct a non-malicious Deal (or, the system can ban this malicious
- Dealer). *
- b) If the message is a signature, the Dealer can add the signature
- to its State. *
- 4) Repeat steps 1-3 until the Dealer has collected enough
- signatures for the Deal to be certified. *
- Step III: Distribute the Deal *
- 1) Once the Deal is certified, the Dealer can then send the deal to
- clients. *
- 2) Clients can then request the signatures from the insurers to make sure
- the Deal is indeed certified. *
- a) This prevents a malicious Dealer from simply leaving out valid
- blameProofs and only sending good signatures to the clients. *
- 3) Once the client receives enough signatures, the client will then trust
- the Dealer to do work with the deald private key. *
- Step IV: Perform work for Clients *
- Step V: Reconstruct the Deal Secret (if the Dealer goes down) *
- 1) If the Dealer is unresponsive for too long, a client can inform the
- insurers of the Deal. *
- 2) The insurers can then check if the Dealer is indeed unresponsive. *
- a) If so, the insurer reveal its share and sends it to the client. *
- 3) The client repeats steps 1-2 until enough shares are recovered to
- reconstruct the secret. *
- 4) The client reconstructs the secret and takes over for the Dealer. * * *
- Key Terms:
- Dealer = the server making a Deal
- client = recipients of a Deal who are trusting the Dealer
- insurer = servers who store secret shares of a deal. Such servers help
- during secret reconstruction. *
- Users of this code = programmers wishing to use this code in programs
Package poly implements polynomial commitments, openings, and verifiable Shamir secret sharing.
Index ¶
- type Deal
- func (p *Deal) ConstructDeal(secretPair *config.KeyPair, longPair *config.KeyPair, t, r int, ...) *Deal
- func (p *Deal) DealerId() string
- func (p *Deal) DealerKey() abstract.Point
- func (p *Deal) Equal(p2 *Deal) bool
- func (p *Deal) Id() string
- func (p *Deal) Insurers() []abstract.Point
- func (p *Deal) MarshalBinary() ([]byte, error)
- func (p *Deal) MarshalSize() int
- func (p *Deal) MarshalTo(w io.Writer) (int, error)
- func (p *Deal) ProduceResponse(i int, gKeyPair *config.KeyPair) (*Response, error)
- func (p *Deal) PubPoly() *PubPoly
- func (p *Deal) RevealShare(i int, gKeyPair *config.KeyPair) abstract.Scalar
- func (p *Deal) String() string
- func (p *Deal) UnmarshalBinary(buf []byte) error
- func (p *Deal) UnmarshalFrom(r io.Reader) (int, error)
- func (p *Deal) UnmarshalInit(t, r, n int, suite abstract.Suite) *Deal
- func (p *Deal) VerifyRevealedShare(i int, share abstract.Scalar) error
- type PriPoly
- func (p *PriPoly) Add(p1, p2 *PriPoly) *PriPoly
- func (p1 *PriPoly) Equal(p2 *PriPoly) bool
- func (p *PriPoly) Eval(i int) abstract.Scalar
- func (p *PriPoly) Pick(g abstract.Group, k int, s0 abstract.Scalar, rand cipher.Stream) *PriPoly
- func (p *PriPoly) Secret() abstract.Scalar
- func (p *PriPoly) String() string
- type PriShares
- func (ps *PriShares) Empty(g abstract.Group, k, n int)
- func (ps *PriShares) Secret() abstract.Scalar
- func (ps *PriShares) SetShare(i int, s abstract.Scalar)
- func (ps *PriShares) Share(i int) abstract.Scalar
- func (ps *PriShares) Split(p *PriPoly, n int) *PriShares
- func (ps *PriShares) String() string
- type PubPoly
- func (pub *PubPoly) Add(p1, p2 *PubPoly) *PubPoly
- func (pub *PubPoly) Check(i int, share abstract.Scalar) bool
- func (pub *PubPoly) Commit(pri *PriPoly, b abstract.Point) *PubPoly
- func (p1 *PubPoly) Equal(p2 *PubPoly) bool
- func (pub *PubPoly) Eval(i int) abstract.Point
- func (pub *PubPoly) GetK() int
- func (pub *PubPoly) Init(g abstract.Group, k int, b abstract.Point) *PubPoly
- func (pub *PubPoly) InitNull(g abstract.Group, k int, b abstract.Point) *PubPoly
- func (pub *PubPoly) MarshalBinary() ([]byte, error)
- func (pub *PubPoly) MarshalSize() int
- func (pub *PubPoly) MarshalTo(w io.Writer) (int, error)
- func (pub *PubPoly) SecretCommit() abstract.Point
- func (p *PubPoly) String() string
- func (pub *PubPoly) UnmarshalBinary(b []byte) error
- func (pub *PubPoly) UnmarshalFrom(r io.Reader) (int, error)
- type PubShares
- type Receiver
- type Response
- func (r *Response) Equal(r2 *Response) bool
- func (r *Response) MarshalBinary() ([]byte, error)
- func (r *Response) MarshalSize() int
- func (r *Response) MarshalTo(w io.Writer) (int, error)
- func (r Response) String() string
- func (r *Response) UnmarshalBinary(buf []byte) error
- func (rp *Response) UnmarshalFrom(r io.Reader) (int, error)
- func (r *Response) UnmarshalInit(suite abstract.Suite) *Response
- type Schnorr
- func (s *Schnorr) AddPartialSig(ps *SchnorrPartialSig) error
- func (s *Schnorr) EmptySchnorrSig() *SchnorrSig
- func (s *Schnorr) Init(suite abstract.Suite, info Threshold, longterm *SharedSecret) *Schnorr
- func (s *Schnorr) NewRound(random *SharedSecret, h hash.Hash) error
- func (s *Schnorr) RevealPartialSig() *SchnorrPartialSig
- func (s *Schnorr) Sig() (*SchnorrSig, error)
- func (s *Schnorr) VerifySchnorrSig(sig *SchnorrSig, h hash.Hash) error
- type SchnorrPartialSig
- type SchnorrSig
- type SharedSecret
- type State
- type Threshold
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Deal ¶
type Deal struct {
// contains filtered or unexported fields
}
Deal structs are mechanisms by which a server can deal other servers * that an abstract.Scalar will be availble even if the secret's owner goes * down. The secret to be deald will be sharded into shared secrets that can * be combined using Lagrange Interpolation to produce the original secret. * Other servers will act as insurers maintaining a share. If a client ever * needs the secret to be reconstructed, it can contact the insurers to regain * the shares and reconstruct the secret. * * The insurers and secrets arrays should remain synchronized. In other words, * insurers[i] and secrets[i] should both refer to the same server. * * Note to users of this code: * * Here is a list of methods that should be called by each type of server: * * - Dealers * * ConstructDeal * * - Insurers * * ProduceResponse * * State.RevealShare (public wrapper to Deal.RevealShare in State struct) * * - Clients * * VerifyRevealedShare * * - All * * UnmarshalInit * * Id * * DealerId * * Insurers * * State.DealCertified * * State.SufficientSignatures
func (*Deal) ConstructDeal ¶
func (p *Deal) ConstructDeal(secretPair *config.KeyPair, longPair *config.KeyPair, t, r int, insurers []abstract.Point) *Deal
Constructs a new Deal to guarentee a secret. * * Arguments * secretPair = the keypair of the secret to be deald * longPair = the long term keypair of the Dealer * t = minimum number of shares needed to reconstruct the secret. * r = minimum signatures needed to certify the Deal * insurers = a list of the long-term public keys of the insurers. * * * It is expected that: * * t <= r <= len(insurers) * * secretPair.Suite == longPair.Suite * * Returns * A newly constructed Deal
func (*Deal) Equal ¶
Tests whether two Deal structs are equal * * Arguments * p2 = a pointer to the struct to test for equality * * Returns * true if equal, false otherwise
func (*Deal) Insurers ¶
Returns the list of insurers of the deal. A copy of insurers is return to prevent tampering.
func (*Deal) MarshalBinary ¶
Marshals a Deal struct into a byte array * * Returns * A buffer of the marshalled struct * The error status of the marshalling (nil if no error) * * Note * The buffer is formatted as follows: * * ||id||pubKey||pubPoly||==insurers_array==||==secrets==|| * * Remember: n == len(insurers) == len(secrets)
func (*Deal) MarshalSize ¶
Returns the number of bytes used by this struct when marshalled * * Returns * The marshal size * * Note * This function can be used after UnmarshalInit
func (*Deal) MarshalTo ¶
Marshals a Deal struct using an io.Writer * * Arguments * w = the writer to use for marshalling * * Returns * The number of bytes written * The error status of the write (nil if no errors)
func (*Deal) ProduceResponse ¶
For insurers, produces a response to a Deal. If the insurer's share is * valid, the function returns a Response expressing the insurer's approval. * Otherwise, a Response with a blameProof blaming the Dealer is made. * * Arguments * i = the index of the insurer in the insurers list * gkeypair = the long term public/private keypair of the insurer. * * Return * the Response, or nil if there is an error. * an error, nil otherwise.
func (*Deal) RevealShare ¶
An internal function, reveals the secret share that the insurer has been * protecting. The public version is State.RevealShare. * * Arguments * i = the index of the insurer * gkeyPair = the long-term keypair of the insurer * * Return * the revealed private share
func (*Deal) String ¶
Returns a string representation of the Deal for easy debugging * * Returns * The Deal's string representation
func (*Deal) UnmarshalBinary ¶
Unmarshals a Deal from a byte buffer * * Arguments * buf = the buffer containing the Deal * * Returns * The error status of the unmarshalling (nil if no error)
func (*Deal) UnmarshalFrom ¶
Unmarshals a Deal struct using an io.Reader * * Arguments * r = the reader to use for unmarshalling * * Returns * The number of bytes read * The error status of the read (nil if no errors)
func (*Deal) UnmarshalInit ¶
Initializes a Deal for unmarshalling * * Arguments * t = the minimum number of shares needed to reconstruct the scalar * r = the minimum number of positive Response's needed to cerifty the * deal * n = the total number of insurers. * suite = the suite used within the Deal * * Returns * An initialized Deal ready to be unmarshalled
func (*Deal) VerifyRevealedShare ¶
Verify that a revealed share is properly formed. This should be called by *in clients or others who request an insurer to reveal its shared secret. * * Arguments * i = the index of the share * share = the share to validate. * * Return * Whether the secret is valid
type PriPoly ¶
type PriPoly struct {
// contains filtered or unexported fields
}
Private polynomial for Shamir secret sharing.
func (*PriPoly) Add ¶
Set to the component-wise addition of two polynomials, which are assumed to be of the same degree and from the same Scalar field.
func (*PriPoly) Equal ¶
Test polynomials for equality component-wise. Assumes they are of the same degree and from the same Scalar field.
func (*PriPoly) Pick ¶
Create a fresh sharing polynomial in the Scalar space of a given group. Shares the provided Scalar s, or picks a random one if s == nil.
type PriShares ¶
type PriShares struct {
// contains filtered or unexported fields
}
Secret shares generated from a private polynomial.
func (*PriShares) Empty ¶
Initialize a set of secret-shares to an initially empty list, before populating using SetShare() and reconstruction.
func (*PriShares) Secret ¶
Use Lagrange interpolation to reconstruct a secret, from a private share array of which at least a threshold k of shares are populated (non-nil).
type PubPoly ¶
type PubPoly struct {
// contains filtered or unexported fields
}
A public commitment to a secret-sharing polynomial.
func (*PubPoly) Add ¶
Homomorphically add two public polynomial commitments, to form a public commitment to the sum of the two polynomials.
func (*PubPoly) Check ¶
Check a secret share against a public polynomial commitment. This amounts to evaluating the polynomial under homomorphic encryption.
func (*PubPoly) Commit ¶
Initialize to a public commitment to a given private polynomial. Create commitments as encryptions of a given base point b, or the standard base if b == nil.
func (*PubPoly) Equal ¶
Test polynomial commitments for equality. Assumes they are of the same degree and from the same group.
func (*PubPoly) GetK ¶
Return k : the number of shares needed to reconstruct a secret from the corresponding pripoly
func (*PubPoly) Init ¶
Initialize to an empty polynomial for a given group and threshold (degree), typically before using Decode() to fill in from a received message.
func (*PubPoly) InitNull ¶
InitNull does the same thing as Init PLUS initialize every points / coef to the Null Identity Element so we can use it like a "temp" / "aggregate" variable to add with others poly
func (*PubPoly) MarshalBinary ¶
Encode this polynomial into a byte slice exactly Len() bytes long.
func (*PubPoly) MarshalSize ¶
Return the encoded length of this polynomial commitment.
func (*PubPoly) SecretCommit ¶
Return the secret commit (constant term) from this polynomial.
func (*PubPoly) UnmarshalBinary ¶
Decode this polynomial from a slice exactly Len() bytes long.
type PubShares ¶
type PubShares struct {
// contains filtered or unexported fields
}
Public commitments to shares generated from a private polynomial.
func (*PubShares) SecretCommit ¶
Use Lagrange interpolation homomorphically to reconstruct a secret commitment, from an array of share commitments of which at least a threshold k of shares are populated (non-nil).
type Receiver ¶
type Receiver struct {
// contains filtered or unexported fields
}
Receiver Part : Receiver struct is basically the underlying structure of the general matrix. If a peer is a receiver, it will receive all deals and compute all of its share and then he will be able to generate the SharedSecret
func NewReceiver ¶
Returns a new Receiver
func (*Receiver) AddDeal ¶
Adddeal adds a deal to the array of deals the receiver already has. You must give the index of the receiver so the receiver can generate its response for this deal to the dealer, i.e. index is generally the index of the receiver in the matrix, and is usually fixed. It will return a Response to be sent back to the Dealer so he can verify its deal
func (*Receiver) Init ¶
Init a new Receiver struct info is the info about the structure of the polynomials used key is the long-term public key of the receiver
func (*Receiver) ProduceSharedSecret ¶
func (r *Receiver) ProduceSharedSecret() (*SharedSecret, error)
ProduceSharedSecret will generate the sharedsecret relative to this receiver it will throw an error if something is wrong such as not enough Dealers received The shared secret can be computed when all deals have been sent and basically consists of a
- Public Polynomial which is basically the sums of all Dealers's polynomial
- Share of the global Private Polynomial (which is to never be computed directly), which is basically SUM of fj(i) for a receiver i
type Response ¶
type Response struct {
// contains filtered or unexported fields
}
The Response struct is a union of the signature and blameProof types. * It is the public-facing message that insurers send in response to a Deal. * It hides the details of signature's and blameProofs so that users of * this code will not have to worry about them. * * Please see the signature and blameProof structs for more details.
func (*Response) Equal ¶
Tests whether two Response structs are equal * * Arguments * r2 = a pointer to the struct to test for equality * * Returns * true if equal, false otherwise
func (*Response) MarshalBinary ¶
Marshals a Response struct into a byte array * * Returns * A buffer of the marshalled struct * The error status of the marshalling (nil if no error) * * Note * The buffer is formatted as follows: * * ||signature_Or_blameProof_Length||Type||signature_or_blameProof||
func (*Response) MarshalSize ¶
Returns the number of bytes used by this struct when marshalled * * Returns * The marshal size * * Note * Since signature structs and blameProof structs can be of * variable length, this function is only useful for a Response that is * already unmarshalled. Do not call before unmarshalling.
func (*Response) MarshalTo ¶
Marshals a Response struct using an io.Writer * * Arguments * w = the writer to use for marshalling * * Returns * The number of bytes written * The error status of the write (nil if no errors)
func (Response) String ¶
Returns a string representation of the Response for easy debugging * * Returns * The Response's string representation
func (*Response) UnmarshalBinary ¶
Unmarshals a Response from a byte buffer * * Arguments * buf = the buffer containing the blameProof * * Returns * The error status of the unmarshalling (nil if no error)
func (*Response) UnmarshalFrom ¶
Unmarshals a Response struct using an io.Reader * * Arguments * r = the reader to use for unmarshalling * * Returns * The number of bytes read * The error status of the read (nil if no errors)
type Schnorr ¶
type Schnorr struct {
// contains filtered or unexported fields
}
Schnorr holds the data necessary to complete a distributed schnorr signature and will implement the necessary methods. You can setup a schnorr struct with a LongTerm shared secret and when you want to sign something, you will have to:
- Start a new round specifying the random shared secret chosen and the message to sign
- Generate the partial signature of the current node
- Collect every others partial signature
- Generate the signature
- Do whatever you want to do with
- Start a new round with the same schnorr struct
If you want to verify a given signature, use schnorr.VerifySignature(SchnorrSig, msg) CAREFUL: your schnorr signature is a LONG TERM signature, you must keep the same during all rounds, else you won't be able to verify any signatures. The following have to stay the same:
- LongTerm sharedSecret
- PolyInfo
If you know these are the same throughout differents rounds, you can create many schnorr structs. This is definitly NOT the way it is intented to be used, so use it at your own risks.
func NewSchnorr ¶
func NewSchnorr(suite abstract.Suite, info Threshold, longterm *SharedSecret) *Schnorr
Instantiates a Schnorr struct. A wrapper around Init
func (*Schnorr) AddPartialSig ¶
func (s *Schnorr) AddPartialSig(ps *SchnorrPartialSig) error
Receives a signature from other peers, adds it to its list of partial signatures and verifies it It returns an error if
- it can not validate this given partial signature against the longterm and random shared secret
- there is already a partial signature added for this index
NOTE : let s = RevealPartialSig(), s is NOT added automatically to the set of partial signature, for now you have to do it yourself by calling AddPartialSig(s)
func (*Schnorr) EmptySchnorrSig ¶
func (s *Schnorr) EmptySchnorrSig() *SchnorrSig
func (*Schnorr) NewRound ¶
func (s *Schnorr) NewRound(random *SharedSecret, h hash.Hash) error
Sets the random key for the d.schnorr algo + sets the msg to be signed. You call this function when you want a new signature to be issued on a specific message. The security of the distributed schnorr signature protocol is the same as for the regular : The random secret "must be fresh* for "each* signature / signed message (hence the 'NewRound')
func (*Schnorr) RevealPartialSig ¶
func (s *Schnorr) RevealPartialSig() *SchnorrPartialSig
Reveals the partial signature for this peer Si = Ri + H(m || V) * Pi with :
- Ri = share of the random secret for peer i
- V = public commitment of the random secret (i.e. Public random poly evaluated at point 0 )
- Pi = share of the longterm secret for peer i
This signature is to be sent to each other peer
func (*Schnorr) Sig ¶
func (s *Schnorr) Sig() (*SchnorrSig, error)
Generates the global schnorr signature by reconstructing the secret contained in the partial responses
func (*Schnorr) VerifySchnorrSig ¶
func (s *Schnorr) VerifySchnorrSig(sig *SchnorrSig, h hash.Hash) error
Verifies if a given signature is correct regarding the message. NOTE: This belongs to the schnorr structs however it can be called at any time you want. This check is static, meaning it only needs the longterm shared secret, and the signature to check. Think of the schnorr signature as a black box having two inputs:
- a message to be signed + a random secret ==> NewRound
- a message + a signature to check on ==> VerifySchnorrSig
type SchnorrPartialSig ¶
type SchnorrPartialSig struct { // The index of this partial signature regarding the global one // same as the "receiver" index in the joint.go code Index int // The partial signature itself Part *abstract.Scalar }
Partial Schnorr Sig represents the partial signatures that each peer must generate in order to create the "global" signature. This struct must be sent across each peer for each peer
func (*SchnorrPartialSig) Equal ¶
func (pss *SchnorrPartialSig) Equal(pss2 *SchnorrPartialSig) bool
type SchnorrSig ¶
type SchnorrSig struct { // the signature itself Signature *abstract.Scalar // the random public polynomial used during the signature generation Random *PubPoly }
SchnorrSig represents the final signature of a distribtued threshold schnorr signature which can be verified against a message This struct is not intended to be constructed manually but can be:
- produced by the Schnorr struct
- verified against a Schnorr struct
func (*SchnorrSig) Init ¶
func (s *SchnorrSig) Init(suite abstract.Suite, info Threshold) *SchnorrSig
Initialises the struct so it can decode itself
type SharedSecret ¶
type SharedSecret struct { PubPoly Share *abstract.Scalar // and the index to use where the share can be checked against the shared // public polynomial // f(i) = share for peer i Index int }Pub *
Represent the output of a VSS Pedersen scheme : a global public polynomial and a share of its related priv poly for a peer A SharedSecret is generated by the receiver's func : ProduceSharedSecret This SharedSecret is used by the distributed t-n Schnorr algorithm as a shared key.
type State ¶
type State struct { // The actual deal Deal Deal // obtained from insurers. This is what will be used to reconstruct the // deald secret. PriShares PriShares // contains filtered or unexported fields }
The State struct is responsible for maintaining state about Deal * structs. It consists of three main pieces: * * 1. The deal itself, which should be treated like an immutable object * 2. The shared secrets the server has recovered so far * 3. A list of responses from insurers cerifying or blaming the deal * * Each server should have one State per Deal * * Note to users of this code: * * To add a share to PriShares, do: * * p.PriShares.SetShare(index, share) * * To reconstruct the secret, do: * * p.PriShares.Secret() * * Be warned that Secret will panic unless there are enough shares to * reconstruct the secret. (See poly/sharing.go for more info) * * TODO Consider if it is worth adding a String function
func (*State) AddResponse ¶
Adds a response from an insurer to the State. Checks to see whether the response * is valid and then adds it. * * Arguments * i = the index in the signature array this signature belongs * response = the response to add * * Returns * nil if the deal was added succesfully, an error otherwise.
func (*State) DealCertified ¶
This public function checks whether the Deal is certified. Three things * must hold for this to be the case: * * 1) The deal must be syntatically valid. * 2) It must have >= r valid signatures * 3) It must not have any valid blameProofs * * * Use this function when determining whether a deal is safe to be accepted. * * Please see dealCertified for more details.
func (*State) Init ¶
Initializes a new State * * Arguments * deal = the deal to keep track of * * Returns * An initialized State
func (*State) RevealShare ¶
A public wrapper for Deal.RevealShare, ensures that a share is only * revealed for a Deal that has received a sufficient number of signatures. * An insurer should call this function on behalf of a client after verifying * that the Dealer is non-responsive. * * Arguments * i = the index of the insurer * gkeyPair = the long-term keypair of the insurer * * Return * (share, error) * share = the revealed private share, or nil if the deal share is corrupted * error = nil if successful, error if the deal share is corrupted * * This error checking insures that a good insurer who has produced a valid blameproof does * not reveal an incorrect share. * * Postcondition * panics if an insufficient number of signatures have been received * * * Note * The reason that SufficientSignatures is used instead of DealCertified is * to prevent the following senario: * * 1) A malicious server creates a deal and selects as an insurer another * malicious peer. The malicious peer is given an invalid share. * * 2) The other insurers certify the deal and the malicious insurer does * not respond. * * 3) The malicious server enters the system and gives its deal to clients. * * 4) The malicious insurer then sends out the valid blameProof. * * 5) Now, the good insurers are unable to reveal the secret and reconstruct * the deal. * * 6) The malicious server leaves the system. The insurance policy is now * useless. * * To prevent this, blameproofs are not taken into consideration. As a result, * any server that produces an invalid share risks having its secret revealed * at any moment after the deal has garnered enough signatures to be * considered certified otherwise. This is further incentive to create valid deals.
func (*State) SufficientSignatures ¶
This public function checks whether the State has received enough signatures * for a deal to be considered certified. It ignores any valid blame proofs. * * Use this function when determining whether it is safe to reveal a share. * * Please see dealCertified for more details.
type Threshold ¶
type Threshold struct { // How many peer do we need to reconstruct a secret T int // How many peers do we need to verify R int // How many peers are collaborating into constructing the shared secret ( i.e. MatrixShare is of size NxN) N int }
PolyInfo describe the information needed to construct (and verify) a matrixShare