`import "go.dedis.ch/kyber/share"`

Package share implements Shamir secret sharing and polynomial commitments. Shamir's scheme allows you to split a secret value into multiple parts, so called shares, by evaluating a secret sharing polynomial at certain indices. The shared secret can only be reconstructed (via Lagrange interpolation) if a threshold of the participants provide their shares. A polynomial commitment scheme allows a committer to commit to a secret sharing polynomial so that a verifier can check the claimed evaluations of the committed polynomial. Both schemes of this package are core building blocks for more advanced secret sharing techniques.

- func RecoverCommit(g kyber.Group, shares []*PubShare, t, n int) (kyber.Point, error)
- func RecoverSecret(g kyber.Group, shares []*PriShare, t, n int) (kyber.Scalar, error)
- type PriPoly
- func CoefficientsToPriPoly(g kyber.Group, coeffs []kyber.Scalar) *PriPoly
- func NewPriPoly(group kyber.Group, t int, s kyber.Scalar, rand cipher.Stream) *PriPoly
- func RecoverPriPoly(g kyber.Group, shares []*PriShare, t, n int) (*PriPoly, error)
- func (p *PriPoly) Add(q *PriPoly) (*PriPoly, error)
- func (p *PriPoly) Coefficients() []kyber.Scalar
- func (p *PriPoly) Commit(b kyber.Point) *PubPoly
- func (p *PriPoly) Equal(q *PriPoly) bool
- func (p *PriPoly) Eval(i int) *PriShare
- func (p *PriPoly) Mul(q *PriPoly) *PriPoly
- func (p *PriPoly) Secret() kyber.Scalar
- func (p *PriPoly) Shares(n int) []*PriShare
- func (p *PriPoly) String() string
- func (p *PriPoly) Threshold() int
- type PriShare
- type PubPoly
- func NewPubPoly(g kyber.Group, b kyber.Point, commits []kyber.Point) *PubPoly
- func RecoverPubPoly(g kyber.Group, shares []*PubShare, t, n int) (*PubPoly, error)
- func (p *PubPoly) Add(q *PubPoly) (*PubPoly, error)
- func (p *PubPoly) Check(s *PriShare) bool
- func (p *PubPoly) Commit() kyber.Point
- func (p *PubPoly) Equal(q *PubPoly) bool
- func (p *PubPoly) Eval(i int) *PubShare
- func (p *PubPoly) Info() (base kyber.Point, commits []kyber.Point)
- func (p *PubPoly) Shares(n int) []*PubShare
- func (p *PubPoly) Threshold() int
- type PubShare

RecoverCommit reconstructs the secret commitment p(0) from a list of public shares using Lagrange interpolation.

RecoverSecret reconstructs the shared secret p(0) from a list of private shares using Lagrange interpolation.

❖

```
type PriPoly struct {
// contains filtered or unexported fields
}
```

PriPoly represents a secret sharing polynomial.

CoefficientsToPriPoly returns a PriPoly based on the given coefficients

NewPriPoly creates a new secret sharing polynomial using the provided cryptographic group, the secret sharing threshold t, and the secret to be shared s. If s is nil, a new s is chosen using the provided randomness stream rand.

RecoverPriPoly takes a list of shares and the parameters t and n to reconstruct the secret polynomial completely, i.e., all private coefficients. It is up to the caller to make sure that there are enough shares to correctly re-construct the polynomial. There must be at least t shares.

Add computes the component-wise sum of the polynomials p and q and returns it as a new polynomial.

Coefficients return the list of coefficients representing p. This information is generally PRIVATE and should not be revealed to a third party lightly.

Commit creates a public commitment polynomial for the given base point b or the standard base if b == nil.

Equal checks equality of two secret sharing polynomials p and q. If p and q are trivially unequal (e.g., due to mismatching cryptographic groups or polynomial size), this routine returns in variable time. Otherwise it runs in constant time regardless of whether it eventually returns true or false.

Eval computes the private share v = p(i).

Mul multiples p and q together. The result is a polynomial of the sum of the two degrees of p and q. NOTE: it does not check for null coefficients after the multiplication, so the degree of the polynomial is "always" as described above. This is only for use in secret sharing schemes. It is not a general polynomial multiplication routine.

Secret returns the shared secret p(0), i.e., the constant term of the polynomial.

Shares creates a list of n private shares p(1),...,p(n).

Threshold returns the secret sharing threshold.

❖

type PriShare struct { int // Index of the private share kyber.Scalar // Value of the private share }

PriShare represents a private share.

Hash returns the hash representation of this share

❖

```
type PubPoly struct {
// contains filtered or unexported fields
}
```

PubPoly represents a public commitment polynomial to a secret sharing polynomial.

NewPubPoly creates a new public commitment polynomial.

RecoverPubPoly reconstructs the full public polynomial from a set of public shares using Lagrange interpolation.

Add computes the component-wise sum of the polynomials p and q and returns it as a new polynomial. NOTE: If the base points p.b and q.b are different then the base point of the resulting PubPoly cannot be computed without knowing the discrete logarithm between p.b and q.b. In this particular case, we are using p.b as a default value which of course does not correspond to the correct base point and thus should not be used in further computations.

Check a private share against a public commitment polynomial.

Commit returns the secret commitment p(0), i.e., the constant term of the polynomial.

Equal checks equality of two public commitment polynomials p and q. If p and q are trivially unequal (e.g., due to mismatching cryptographic groups), this routine returns in variable time. Otherwise it runs in constant time regardless of whether it eventually returns true or false.

Eval computes the public share v = p(i).

Info returns the base point and the commitments to the polynomial coefficients.

Shares creates a list of n public commitment shares p(1),...,p(n).

Threshold returns the secret sharing threshold.

PubShare represents a public share.

Hash returns the hash representation of this share.

Path | Synopsis |
---|---|

dkg/rabin | Package dkg implements the protocol described in "Secure Distributed Key Generation for Discrete-Log Based Cryptosystems" by R. |

pvss | Package pvss implements public verifiable secret sharing as introduced in "A Simple Publicly Verifiable Secret Sharing Scheme and its Application to Electronic Voting" by Berry Schoenmakers. |

Package share imports 8 packages (graph). Updated 2020-06-01. Refresh now. Tools for package owners.