frost/

directory
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 23, 2023 License: Apache-2.0

README

Hierarchical Threshold Signature Scheme in EdDSA

Introduction:

One of references of HTSS is

  1. A Hierarchical Threshold Signature
  2. Introduction to Hierarchical Threshold Signature(revised version)
  3. Example.

Table of Contents:

Implementations:

After the project is cloned, we need to run below commands to initialize/update the sub-modules:

$ make init

If you need to rebuild protobuf, please run below command to install tools and build protobuf.

# Install tools
$ make tools
# Build protobuf
$ make protobuf

Like the classical TSS, HTSS also contains three protocols:

  1. DKG: Distributed key generation for creating secret shares without any dealer.
  2. Signer: Signing for using the secret shares to generate a signature.
  3. Reshare: Refresh the secret share without changing the public key.

Remark:

  1. Comparing to TSS, each share in HTSS is generated by DKG having difference levels (or called rank). The level 0 is the highest.
  2. If all levels of shares are zero, then HTSS reduces to the classical TSS. (i.e. In this case, Birkhoff interpolation reduces to Lagrange Interpolation).
  3. After perform the progress of DKG, each participant will get (x-coordinate, share, rank). Assume that the threshold is 3. Therefore, any three shares (x-coordinate, rank): (x1, n1), (x2, n2), (x3, n3) with n1 <= n2 <= n3 can recover the secret or sign if and only if n_i <= i-1 for all 1 <= i <= 3. In general, assuming the threshold is t, any t shares (xi,ni) with ni <= nj for all i < j can recover the secret or sign if and only if n_i <= i-1 for all 1 <= i <= t.

Example:

Let threshold = 3, and participants = 4. Assume that the corresponding rank of each shareholder are 0, 1, 1, 2. Then authorized sets in this setting are

  1. 0, 1, 1
  2. 0, 1, 2
  3. 0, 1, 1, 2

The other combinations of shares can not recover the secret (e.g. 1, 1, 2).

DKG:

Use the same DKG in Fast Multiparty Threshold ECDSA with Fast Trustless Setup.

Signer:

Our implementation is FROST: Flexible Round-Optimized Schnorr Threshold Signatures.

EXAMPLE:

In progress...

References:

  1. FROST: Flexible Round-Optimized Schnorr Threshold Signatures
  2. Hierarchical Threshold Secret Sharing
  3. Dynamic and Verifiable Hierarchical Secret Sharing

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.