participant

package
v0.0.0-...-38d06f3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2023 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package participant is an implementation of a `participant` in the t-of-n threshold signature of https://eprint.iacr.org/2020/540.pdf

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DkgParticipant 

type DkgParticipant struct {
	Curve elliptic.Curve
	State *DkgState
	Id    uint32
	Round uint
}

DkgParticipant is a DKG player that contains information needed to perform DKG rounds and finally get info for signing rounds.

func NewDkgParticipant 

func NewDkgParticipant(curve elliptic.Curve, id uint32) *DkgParticipant

func (*DkgParticipant) DkgRound1 

func (dp *DkgParticipant) DkgRound1(threshold, total uint32) (*DkgRound1Bcast, error)

DkgRound1 performs round 1 distributed key generation operation [spec] fig 5: DistKeyGenRound1

func (*DkgParticipant) DkgRound2 

func (dp *DkgParticipant) DkgRound2(inBcast map[uint32]*DkgRound1Bcast) (*DkgRound2Bcast, map[uint32]*DkgRound2P2PSend, []uint32, error)

DkgRound2 implements distributed key generation round 2 [spec] fig 5: DistKeyGenRound2

func (*DkgParticipant) DkgRound3 

func (dp *DkgParticipant) DkgRound3(inBcast map[uint32]*DkgRound2Bcast, inP2P map[uint32]*DkgRound2P2PSend) (*DkgRound3Bcast, []uint32, error)

DkgRound3 computes dkg round 3 as shown in [spec] fig. 5: DistKeyGenRoun3

func (*DkgParticipant) DkgRound4 

func (dp *DkgParticipant) DkgRound4(inBcast map[uint32]*DkgRound3Bcast) (*DkgResult, []uint32, error)

DkgRound4 computes dkg round 4 as shown in [spec] fig. 5: DistKeyGenRound4

type DkgParticipantCommitment 

type DkgParticipantCommitment struct {
	PublicKey   *paillier.PublicKey
	ProofParams *dealer.ProofParams
	Commitment  core.Commitment
}

type DkgParticipantData 

type DkgParticipantData struct {
	PublicKey   *paillier.PublicKey
	ProofParams *dealer.ProofParams
}

type DkgResult 

type DkgResult struct {
	SecretKey       *paillier.SecretKey
	ShamirShare     *v1.ShamirShare
	EcdsaPublicKey  *curves.EcPoint
	PublicShares    []*curves.EcPoint
	ParticipantData map[uint32]*DkgParticipantData
}

DkgResult is all the data generated from the DKG

type DkgRound1Bcast 

type DkgRound1Bcast struct {
	Identifier       uint32
	Ci               core.Commitment
	Pki              *paillier.PublicKey
	H1i, H2i, Ni     *big.Int
	Proof1i, Proof2i *proof.CdlProof
}

DkgRound1Bcast contains values to be broadcast to all players after the completion of DKG round 1

type DkgRound2Bcast 

type DkgRound2Bcast struct {
	Di *core.Witness
}

DkgRound2Bcast contains value that will be echo broadcast to all other players.

type DkgRound2P2PSend 

type DkgRound2P2PSend struct {
	Xij *v1.ShamirShare
}

DkgRound2P2PSend contains value that will be P2PSend to all other player Pj

type DkgRound3Bcast 

type DkgRound3Bcast struct {
	PsfProof paillier.PsfProof
}

type DkgState 

type DkgState struct {
	// Round 1 variables
	D  *core.Witness
	Sk *paillier.SecretKey
	Pk *paillier.PublicKey
	N  *big.Int
	H1 *big.Int
	H2 *big.Int
	// This participants verifiers from FeldmanShare
	V []*v1.ShareVerifier
	// This participants shares from FeldmanShare
	X         []*v1.ShamirShare
	Y         *curves.EcPoint
	Threshold uint32
	Limit     uint32
	// Commitments and paillier public keys received from other participants
	OtherParticipantData map[uint32]*DkgParticipantCommitment
	// xi returned from Round 3
	ShamirShare *v1.ShamirShare
	// X1,...,Xn returned from Round 3
	PublicShares []*curves.EcPoint
}

dkgstate encapsulates all the values used in the dkg rounds state machine

type Participant 

type Participant struct {
	ShamirShare v1.ShamirShare
	SecretKey   *paillier.SecretKey
}

Participant is a tECDSA player that receives information from a trusted dealer

func (Participant) PrepareToSign 

func (p Participant) PrepareToSign(pubKey *curves.EcPoint,
	verify curves.EcdsaVerify,
	curve elliptic.Curve,
	keyGenType dealer.KeyGenType,
	publicSharesMap map[uint32]*dealer.PublicShare,
	pubKeys map[uint32]*paillier.PublicKey) (*Signer, error)

PrepareToSign creates a Signer out of a Participant. The expected co-signers for the signing rounds are expected to be exactly those included in the publicSharesMap

type Round1Bcast 

type Round1Bcast struct {
	Identifier uint32
	C          core.Commitment
	Ctxt       *big.Int
	Proof      *proof.Range1Proof
}

Round1Bcast contains values to be broadcast to all players after the completion of singing round 1

type Round1P2PSend 

type Round1P2PSend struct {
	Range1Proof *proof.Range1Proof
}

type Round2P2PSend 

type Round2P2PSend struct {
	Proof2, Proof3 *proof.ResponseProof
}

Round2P2PSend is all the values that need to be sent to each player

type Round3Bcast 

type Round3Bcast struct {
	// Note that DeltaElement is some element of the entire δ vector.
	// In this round, it's δ_i. For the recepients of this message in the next round
	// this will be δ_j
	DeltaElement *big.Int
}

Round3Bcast represents the value to be broadcast to all players at the conclusion of round 3

type Round4Bcast 

type Round4Bcast struct {
	Witness *core.Witness
}

Round4Bcast are the values to be broadcast to the other players at the conclusion of signing round 4

type Round5Bcast 

type Round5Bcast struct {
	Rbar  *curves.EcPoint
	Proof *proof.PdlProof
}

Round5Bcast are the values to be broadcast to the other players at the conclusion of signing round 5

type Round5P2PSend 

type Round5P2PSend struct {
	PdlProof *proof.PdlProof
}

Round5P2PSend are the values sent to each participant at the conclusion of signing round 5

type Round6FullBcast 

type Round6FullBcast struct {
	// Note that SElement is some element of the entire s vector.
	// In this round, it's s_i. For the recepients of this message in the final
	// sign output round, this will be s_j
	SElement *big.Int
}

Round6FullBcast are the values to be broadcast to the other players This is the s_i value from §5.fig 5.SignRound6.step 9

type Signer 

type Signer struct {
	SecretKey       *paillier.SecretKey            // paillier secret key assigned to this signer
	ShamirShare     *v1.ShamirShare                // secret signing share for this signer
	PublicSharesMap map[uint32]*dealer.PublicShare // public shares of our cosigners
	Id              uint32                         // The ID assigned to this signer's shamir share
	// This is minimum number of signers required to produce a valid signature,
	// not the security Threshold (as specified in [spec][GG20])
	Threshold uint
	PublicKey *curves.EcPoint
	Curve     elliptic.Curve
	Round     uint // current signing round in our linear state machine
	// contains filtered or unexported fields
}

Signer is a tECDSA player that holds the additive shares needed for performing the signing operation

func NewSigner 

func NewSigner(info *dealer.ParticipantData, cosigners []uint32) (*Signer, error)

NewSigner C=creates a new signer from a dealer-provided output and a specific set of co-signers

func (*Signer) SignOutput 

func (signer *Signer) SignOutput(in map[uint32]*Round6FullBcast) (*curves.EcdsaSignature, []uint32, error)

SignOutput performs the signature aggregation step in [spec] §5.fig 5

func (*Signer) SignRound1 

func (signer *Signer) SignRound1() (*Round1Bcast, map[uint32]*Round1P2PSend, []uint32, error)

SignRound1 performs round 1 signing operation Trusted Dealer Mode: see [spec] fig 7: SignRound1 DKG Mode: see [spec] fig 8: SignRound1 NOTE: Pseudocode shows N~, h1, h2, the curve's g, q, and signer's public key as inputs Since `signer` already knows the paillier secret and public keys, this input is not necessary here `participant.PrepareToSign` receives the other inputs and stores them as state variables.

func (*Signer) SignRound2 

func (signer *Signer) SignRound2(inBcast map[uint32]*Round1Bcast, inP2P map[uint32]*Round1P2PSend) (map[uint32]*Round2P2PSend, []uint32, error)

SignRound2 performs round 2 signing operations for a single signer Trusted Dealer Mode: see [spec] fig 7: SignRound2 DKG Mode: see [spec] fig 8: SignRound2

func (*Signer) SignRound3 

func (s *Signer) SignRound3(inP2P map[uint32]*Round2P2PSend) (*Round3Bcast, []uint32, error)

SignRound3 performs the round 3 signing operation according to Trusted Dealer Mode: see [spec] fig 7: SignRound3 DKG Mode: see [spec] fig 8: SignRound3

func (*Signer) SignRound4 

func (s *Signer) SignRound4(inBcast map[uint32]*Round3Bcast) (*Round4Bcast, []uint32, error)

SignRound4 performs the round 4 signing operation. It takes input the delta_j values broadcast from signers at the conclusion of round 3. Trusted Dealer Mode: see [spec] fig 7: SignRound4 DKG Mode: see [spec] fig 8: SignRound4

func (*Signer) SignRound5 

func (signer *Signer) SignRound5(inBcast map[uint32]*Round4Bcast) (*Round5Bcast, map[uint32]*Round5P2PSend, []uint32, error)

SignRound5 performs the round 5 signing operation. It takes input the Witness values broadcast from signers at the conclusion of round 4. Trusted Dealer Mode: see [spec] fig 7: SignRound5 DKG Mode: see [spec] fig 8: SignRound5

func (*Signer) SignRound6Full 

func (signer *Signer) SignRound6Full(hash []byte, inBcast map[uint32]*Round5Bcast, inP2P map[uint32]*Round5P2PSend) (*Round6FullBcast, []uint32, error)

SignRound6Full performs the round 6 signing operation according to Trusted Dealer Mode: see [spec] fig 7: SignRound6 DKG Mode: see [spec] fig 8: SignRound6

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.