kyber: go.dedis.ch/kyber/share Index | Files | Directories

package share

import "go.dedis.ch/kyber/share"

Package share implements Shamir secret sharing and polynomial commitments. Shamir's scheme allows you to split a secret value into multiple parts, so called shares, by evaluating a secret sharing polynomial at certain indices. The shared secret can only be reconstructed (via Lagrange interpolation) if a threshold of the participants provide their shares. A polynomial commitment scheme allows a committer to commit to a secret sharing polynomial so that a verifier can check the claimed evaluations of the committed polynomial. Both schemes of this package are core building blocks for more advanced secret sharing techniques.

Index

Package Files

poly.go

func RecoverCommit Uses

func RecoverCommit(g kyber.Group, shares []*PubShare, t, n int) (kyber.Point, error)

RecoverCommit reconstructs the secret commitment p(0) from a list of public shares using Lagrange interpolation.

func RecoverSecret Uses

func RecoverSecret(g kyber.Group, shares []*PriShare, t, n int) (kyber.Scalar, error)

RecoverSecret reconstructs the shared secret p(0) from a list of private shares using Lagrange interpolation.

type PriPoly Uses

type PriPoly struct {
    // contains filtered or unexported fields
}

PriPoly represents a secret sharing polynomial.

func CoefficientsToPriPoly Uses

func CoefficientsToPriPoly(g kyber.Group, coeffs []kyber.Scalar) *PriPoly

CoefficientsToPriPoly returns a PriPoly based on the given coefficients

func NewPriPoly Uses

func NewPriPoly(group kyber.Group, t int, s kyber.Scalar, rand cipher.Stream) *PriPoly

NewPriPoly creates a new secret sharing polynomial using the provided cryptographic group, the secret sharing threshold t, and the secret to be shared s. If s is nil, a new s is chosen using the provided randomness stream rand.

func RecoverPriPoly Uses

func RecoverPriPoly(g kyber.Group, shares []*PriShare, t, n int) (*PriPoly, error)

RecoverPriPoly takes a list of shares and the parameters t and n to reconstruct the secret polynomial completely, i.e., all private coefficients. It is up to the caller to make sure that there are enough shares to correctly re-construct the polynomial. There must be at least t shares.

func (*PriPoly) Add Uses

func (p *PriPoly) Add(q *PriPoly) (*PriPoly, error)

Add computes the component-wise sum of the polynomials p and q and returns it as a new polynomial.

func (*PriPoly) Coefficients Uses

func (p *PriPoly) Coefficients() []kyber.Scalar

Coefficients return the list of coefficients representing p. This information is generally PRIVATE and should not be revealed to a third party lightly.

func (*PriPoly) Commit Uses

func (p *PriPoly) Commit(b kyber.Point) *PubPoly

Commit creates a public commitment polynomial for the given base point b or the standard base if b == nil.

func (*PriPoly) Equal Uses

func (p *PriPoly) Equal(q *PriPoly) bool

Equal checks equality of two secret sharing polynomials p and q. If p and q are trivially unequal (e.g., due to mismatching cryptographic groups or polynomial size), this routine returns in variable time. Otherwise it runs in constant time regardless of whether it eventually returns true or false.

func (*PriPoly) Eval Uses

func (p *PriPoly) Eval(i int) *PriShare

Eval computes the private share v = p(i).

func (*PriPoly) Mul Uses

func (p *PriPoly) Mul(q *PriPoly) *PriPoly

Mul multiples p and q together. The result is a polynomial of the sum of the two degrees of p and q. NOTE: it does not check for null coefficients after the multiplication, so the degree of the polynomial is "always" as described above. This is only for use in secret sharing schemes. It is not a general polynomial multiplication routine.

func (*PriPoly) Secret Uses

func (p *PriPoly) Secret() kyber.Scalar

Secret returns the shared secret p(0), i.e., the constant term of the polynomial.

func (*PriPoly) Shares Uses

func (p *PriPoly) Shares(n int) []*PriShare

Shares creates a list of n private shares p(1),...,p(n).

func (*PriPoly) String Uses

func (p *PriPoly) String() string

func (*PriPoly) Threshold Uses

func (p *PriPoly) Threshold() int

Threshold returns the secret sharing threshold.

type PriShare Uses

type PriShare struct {
    I   int          // Index of the private share
    V   kyber.Scalar // Value of the private share
}

PriShare represents a private share.

func (*PriShare) Hash Uses

func (p *PriShare) Hash(s kyber.HashFactory) []byte

Hash returns the hash representation of this share

func (*PriShare) String Uses

func (p *PriShare) String() string

type PubPoly Uses

type PubPoly struct {
    // contains filtered or unexported fields
}

PubPoly represents a public commitment polynomial to a secret sharing polynomial.

func NewPubPoly Uses

func NewPubPoly(g kyber.Group, b kyber.Point, commits []kyber.Point) *PubPoly

NewPubPoly creates a new public commitment polynomial.

func RecoverPubPoly Uses

func RecoverPubPoly(g kyber.Group, shares []*PubShare, t, n int) (*PubPoly, error)

RecoverPubPoly reconstructs the full public polynomial from a set of public shares using Lagrange interpolation.

func (*PubPoly) Add Uses

func (p *PubPoly) Add(q *PubPoly) (*PubPoly, error)

Add computes the component-wise sum of the polynomials p and q and returns it as a new polynomial. NOTE: If the base points p.b and q.b are different then the base point of the resulting PubPoly cannot be computed without knowing the discrete logarithm between p.b and q.b. In this particular case, we are using p.b as a default value which of course does not correspond to the correct base point and thus should not be used in further computations.

func (*PubPoly) Check Uses

func (p *PubPoly) Check(s *PriShare) bool

Check a private share against a public commitment polynomial.

func (*PubPoly) Commit Uses

func (p *PubPoly) Commit() kyber.Point

Commit returns the secret commitment p(0), i.e., the constant term of the polynomial.

func (*PubPoly) Equal Uses

func (p *PubPoly) Equal(q *PubPoly) bool

Equal checks equality of two public commitment polynomials p and q. If p and q are trivially unequal (e.g., due to mismatching cryptographic groups), this routine returns in variable time. Otherwise it runs in constant time regardless of whether it eventually returns true or false.

func (*PubPoly) Eval Uses

func (p *PubPoly) Eval(i int) *PubShare

Eval computes the public share v = p(i).

func (*PubPoly) Info Uses

func (p *PubPoly) Info() (base kyber.Point, commits []kyber.Point)

Info returns the base point and the commitments to the polynomial coefficients.

func (*PubPoly) Shares Uses

func (p *PubPoly) Shares(n int) []*PubShare

Shares creates a list of n public commitment shares p(1),...,p(n).

func (*PubPoly) Threshold Uses

func (p *PubPoly) Threshold() int

Threshold returns the secret sharing threshold.

type PubShare Uses

type PubShare struct {
    I   int         // Index of the public share
    V   kyber.Point // Value of the public share
}

PubShare represents a public share.

func (*PubShare) Hash Uses

func (p *PubShare) Hash(s kyber.HashFactory) []byte

Hash returns the hash representation of this share.

Directories

PathSynopsis
pvssPackage pvss implements public verifiable secret sharing as introduced in "A Simple Publicly Verifiable Secret Sharing Scheme and its Application to Electronic Voting" by Berry Schoenmakers.

Package share imports 8 packages (graph). Updated 2019-11-13. Refresh now. Tools for package owners.