README
¶
Pedersen's Verifiable Secret Sharing
Secret sharing (also called secret splitting) refers to methods for distributing a secret among a group, in such a way that no individual holds any intelligible information about the secret, but when a sufficient number of individuals combine their 'shares', the secret may be reconstructed. Wikipedia
Secret sharing schemes are ideal for storing information that is highly sensitive and highly important, like for example encryption keys. Each of these pieces of information must be kept highly confidential, as their exposure could be disastrous; however, it is also critical that they should not be lost. Traditional methods for encryption are ill-suited for simultaneously achieving high levels of confidentiality and reliability. This is because when storing the encryption key, one must choose between keeping a single copy of the key in one location for maximum secrecy, or keeping multiple copies of the key in different locations for greater reliability. Increasing reliability of the key by storing multiple copies lowers confidentiality by creating additional attack vectors. Secret sharing schemes address this problem, and allow arbitrarily high levels of confidentiality and reliability to be achieved.
In cryptography, a secret sharing scheme is verifiable if auxiliary information is included that allows players to verify their shares as consistent. Wikipedia
The pedersen package implements verifiable secret sharing procedures that are defined by Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing conference paper.
Getting started
Any information on how to use this project can be found here.
License
Pedersen is released under MIT license. See LICENSE.
Documentation
¶
Index ¶
- Variables
- type Group
- type Option
- type Pedersen
- func (p *Pedersen) Combine(shares *Shares) ([]byte, error)
- func (p *Pedersen) GetConcLimit() int
- func (p *Pedersen) GetGroup() *Group
- func (p *Pedersen) GetParts() int
- func (p *Pedersen) GetThreshold() int
- func (p *Pedersen) Split(secret []byte, abscissae []*big.Int) (*Shares, error)
- func (p *Pedersen) Verify(abscissa *big.Int, part SecretPart, commitments []*big.Int) error
- func (p *Pedersen) VerifyShares(s *Shares) error
- type SecretPart
- type Shares
Constants ¶
This section is empty.
Variables ¶
var ( ErrNilPrime = errors.New("prime cannot be nil") ErrInvalidPrimeSize = fmt.Errorf("prime number size must be at least %d bits", minPrimeBitLen) ErrInvalidPrime = errors.New("invalid prime") ErrNilGenerator = errors.New("generator cannot be nil") ErrInvalidGenerator = errors.New("invalid generator") )
var ( ErrInvalidOptions = errors.New("invalid options") ErrInvalidThreshold = fmt.Errorf("threshold must be at least %d", minThreshold) )
errors
var ( ErrEmptySecret = errors.New("cannot split an empty secret") ErrInsufficientAbscissae = errors.New("abscissae cannot be less than parts") )
Functions ¶
This section is empty.
Types ¶
type Group ¶
Group represents a cyclic group. P and Q are large primes s.t. p=mq+1 where m is an integer. G and H are two generators of the unique subgroup of ℤ*q.
func NewSchnorrGroup ¶
Generate a new Schnorr group of given bits size.
type Option ¶
type Option func(*Pedersen)
Option represents an option for configuring a Pedersen struct.
func ConcLimit ¶
The ConcLimit option sets the maximum number of concurrent operations. If a negative number is provided, the number of concurrent operations is set to the number of CPUs.
func CyclicGroup ¶
The CyclicGroup option sets the cyclic group to be used.
type Pedersen ¶
type Pedersen struct {
// contains filtered or unexported fields
}
A Pedersen struct used for splitting, reconstructing, and verifying secrets.
func NewPedersen ¶
NewPedersen creates a new Pedersen struct with the provided (threshold, parts) scheme. With such a scheme a secret is split into parts shares, of which at least threshold are required to reconstruct the secret. A new randomly generated cyclic group is used if none is provided.
func (*Pedersen) GetConcLimit ¶
GetConcLimit returns the maximum number of concurrent operations of the Pedersen struct.
func (*Pedersen) GetThreshold ¶
GetThreshold returns the threshold of the Pedersen struct.
func (*Pedersen) Split ¶
Split takes a secret and generates a `parts` number of shares, `threshold` of which are required to reconstruct the secret. If the secret that has to be split is not representable in the cyclic group, the secret is split into chunks, and each chunk is split into secret parts according to Pedersen verifiable secret sharing. The abscissae are used to evaluate the polynomials at the given points. If abscissae is nil, random abscissae are generated.
func (*Pedersen) Verify ¶
Verify verifies if the provided secret part is valid, according to the provided abscissa value and commitments vector.
func (*Pedersen) VerifyShares ¶
VerifyShares verifies if every secret part is valid.
type SecretPart ¶
type SecretPart struct {
}
SecretPart represents a secret part associated to a shareholder.
func (*SecretPart) String ¶
func (p *SecretPart) String() string
Returns a string representation of a SecretPart struct.
type Shares ¶
type Shares struct {
// the secret parts.
// There is one abscissa for each shareholder, so if shareholderIdx represents
// the index of one shareholder, Abscissae[shareholderIdx] is the abscissa
// related to that shareholder.
Abscissae []*big.Int
// If the secret that has to be split is not representable in the cyclic group,
// the secret is split into chunks, and each chunk is split into secret parts according
// to Pedersen verifiable secret sharing.
// The first index of Parts represents the shareholder index, while the second index
// represents the chunk index (Parts[shareholderIdx][chunkIdx]).
Parts [][]SecretPart
// The first index of Commitments represents the chunk index so Commitments[chunkIdx]
// is the vector of commitments related to the chunk with index chunkIdx.
Commitments [][]*big.Int
}
Shares represents the shares obtained from splitting a secret.
Source Files
Directories