kyber: Index | Files

package dkg

import ""

Package dkg implements the protocol described in "Secure Distributed Key Generation for Discrete-Log Based Cryptosystems" by R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. DKG enables a group of participants to generate a distributed key with each participants holding only a share of the key. The key is also never computed locally but generated distributively whereas the public part of the key is known by every participants. The underlying basis for this protocol is the VSS protocol implemented in the share/vss package.

The protocol works as follow:

1. Each participant instantiates a DistKeyShare (DKS) struct.
2. Then each participant runs an instance of the VSS protocol:
  - each participant generates their deals with the method `Deals()` and then
   sends them to the right recipient.
  - each participant processes the received deal with `ProcessDeal()` and
   broadcasts the resulting response.
  - each participant processes the response with `ProcessResponse()`. If a
   justification is returned, it must be broadcasted.
3. Each participant can check if step 2. is done by calling
`Certified()`.Those participants where Certified() returned true, belong to
the set of "qualified" participants who will generate the distributed
secret. To get the list of qualified participants, use QUAL().
4. Each QUAL participant generates their secret commitments calling
 `SecretCommits()` and broadcasts them to the QUAL set.
5. Each QUAL participant processes the received secret commitments using
 `SecretCommits()`. If there is an error, it can return a commitment complaint
 (ComplaintCommits) that must be broadcasted to the QUAL set.
6. Each QUAL participant receiving a complaint can process it with
 `ProcessComplaintCommits()` which returns the secret share
 (ReconstructCommits) given from the malicious participant. This structure
 must be broadcasted to all the QUAL participant.
7. At this point, every QUAL participant can issue the distributed key by
 calling `DistKeyShare()`.


Package Files


type ComplaintCommits Uses

type ComplaintCommits struct {
    // Index of the Verifier _issuing_ the ComplaintCommit
    Index uint32
    // DealerIndex being the index of the Dealer who issued the SecretCommits
    DealerIndex uint32
    // Deal that has been given from the Dealer (at DealerIndex) to this node
    // (at Index)
    Deal *vss.Deal
    // Signature made by the verifier
    Signature []byte

ComplaintCommits is sent if the secret commitments revealed by a peer are not valid.

func (*ComplaintCommits) Hash Uses

func (cc *ComplaintCommits) Hash(s Suite) []byte

Hash returns the hash value of this struct used in the signature process.

type Deal Uses

type Deal struct {
    // Index of the Dealer in the list of participants
    Index uint32
    // Deal issued for another participant
    Deal *vss.EncryptedDeal

Deal holds the Deal for one participant as well as the index of the issuing Dealer.

NOTE: Doing that in vss.go would be possible but then the Dealer is always
assumed to be a member of the participants. It's only the case here.

type DistKeyGenerator Uses

type DistKeyGenerator struct {
    // contains filtered or unexported fields

DistKeyGenerator is the struct that runs the DKG protocol.

func NewDistKeyGenerator Uses

func NewDistKeyGenerator(suite Suite, longterm kyber.Scalar, participants []kyber.Point, t int) (*DistKeyGenerator, error)

NewDistKeyGenerator returns a DistKeyGenerator out of the suite, the longterm secret key, the list of participants, and the threshold t parameter. It returns an error if the secret key's commitment can't be found in the list of participants.

func (*DistKeyGenerator) Certified Uses

func (d *DistKeyGenerator) Certified() bool

Certified returns true if at least t deals are certified (see vss.Verifier.DealCertified()). If the distribution is certified, the protocol can continue using d.SecretCommits().

func (*DistKeyGenerator) Deals Uses

func (d *DistKeyGenerator) Deals() (map[int]*Deal, error)

Deals returns all the deals that must be broadcasted to all participants. The deal corresponding to this DKG is already added to this DKG and is ommitted from the returned map. To know to which participant a deal belongs to, loop over the keys as indices in the list of participants:

for i,dd := range distDeals {

This method panics if it can't process its own deal.

func (*DistKeyGenerator) DistKeyShare Uses

func (d *DistKeyGenerator) DistKeyShare() (*DistKeyShare, error)

DistKeyShare generates the distributed key relative to this receiver It throws an error if something is wrong such as not enough deals received. The shared secret can be computed when all deals have been sent and basically consists of a public point and a share. The public point is the sum of all aggregated individual public commits of each individual secrets. the share is evaluated from the global Private Polynomial, basically SUM of fj(i) for a receiver i.

func (*DistKeyGenerator) Finished Uses

func (d *DistKeyGenerator) Finished() bool

Finished returns true if the DKG has operated the protocol correctly and has all necessary information to generate the DistKeyShare() by itself. It returns false otherwise.

func (*DistKeyGenerator) ProcessComplaintCommits Uses

func (d *DistKeyGenerator) ProcessComplaintCommits(cc *ComplaintCommits) (*ReconstructCommits, error)

ProcessComplaintCommits takes any ComplaintCommits revealed through ProcessSecretCommits() from other participants in QUAL. It returns the ReconstructCommits message that must be broadcasted to every other participant in QUAL so the polynomial in question can be reconstructed.

func (*DistKeyGenerator) ProcessDeal Uses

func (d *DistKeyGenerator) ProcessDeal(dd *Deal) (*Response, error)

ProcessDeal takes a Deal created by Deals() and stores and verifies it. It returns a Response to broadcast to every other participants. It returns an error in case the deal has already been stored, or if the deal is incorrect (see `vss.Verifier.ProcessEncryptedDeal()`).

func (*DistKeyGenerator) ProcessJustification Uses

func (d *DistKeyGenerator) ProcessJustification(j *Justification) error

ProcessJustification takes a justification and validates it. It returns an error in case the justification is wrong.

func (*DistKeyGenerator) ProcessReconstructCommits Uses

func (d *DistKeyGenerator) ProcessReconstructCommits(rs *ReconstructCommits) error

ProcessReconstructCommits takes a ReconstructCommits message and stores it along any others. If there are enough messages to recover the coefficients of the public polynomials of the malicious dealer in question, then the polynomial is recovered.

func (*DistKeyGenerator) ProcessResponse Uses

func (d *DistKeyGenerator) ProcessResponse(resp *Response) (*Justification, error)

ProcessResponse takes a response from every other peer. If the response designates the deal of another participants than this dkg, this dkg stores it and returns nil with a possible error regarding the validity of the response. If the response designates a deal this dkg has issued, then the dkg will process the response, and returns a justification.

func (*DistKeyGenerator) ProcessSecretCommits Uses

func (d *DistKeyGenerator) ProcessSecretCommits(sc *SecretCommits) (*ComplaintCommits, error)

ProcessSecretCommits takes a SecretCommits from every other participant and verifies and stores it. It returns an error in case the SecretCommits is invalid. In case the SecretCommits are valid, but this dkg can't verify its share, it returns a ComplaintCommits that must be broadcasted to every other participant. It returns (nil,nil) otherwise.

func (*DistKeyGenerator) QUAL Uses

func (d *DistKeyGenerator) QUAL() []int

QUAL returns the index in the list of participants that forms the QUALIFIED set as described in the "New-DKG" protocol by Rabin. Basically, it consists of all participants that are not disqualified after having exchanged all deals, responses and justification. This is the set that is used to extract the distributed public key with SecretCommits() and ProcessSecretCommits().

func (*DistKeyGenerator) SecretCommits Uses

func (d *DistKeyGenerator) SecretCommits() (*SecretCommits, error)

SecretCommits returns the commitments of the coefficients of the secret polynomials. This secret commits must be broadcasted to every other participant and must be processed by ProcessSecretCommits. In this manner, the coefficients are revealed through a Feldman VSS scheme. This dkg must have its deal certified, otherwise it returns an error. The SecretCommits returned is already added to this dkg's list of SecretCommits.

func (*DistKeyGenerator) SetTimeout Uses

func (d *DistKeyGenerator) SetTimeout()

SetTimeout triggers the timeout on all verifiers, and thus makes sure all verifiers have either responded, or have a StatusComplaint response.

type DistKeyShare Uses

type DistKeyShare struct {
    // Coefficients of the public polynomial holding the public key
    Commits []kyber.Point
    // Share of the distributed secret
    Share *share.PriShare

DistKeyShare holds the share of a distributed key for a participant.

func (*DistKeyShare) Commitments Uses

func (d *DistKeyShare) Commitments() []kyber.Point

Commitments implements the dss.DistKeyShare interface so either pedersen or rabin dkg can be used with dss.

func (*DistKeyShare) PriShare Uses

func (d *DistKeyShare) PriShare() *share.PriShare

PriShare implements the dss.DistKeyShare interface so either pedersen or rabin dkg can be used with dss.

func (*DistKeyShare) Public Uses

func (d *DistKeyShare) Public() kyber.Point

Public returns the public key associated with the distributed private key.

type Justification Uses

type Justification struct {
    // Index of the Dealer who answered with this Justification
    Index uint32
    // Justification issued from the Dealer
    Justification *vss.Justification

Justification holds the Justification from a Dealer as well as the index of the Dealer in question.

type ReconstructCommits Uses

type ReconstructCommits struct {
    // Id of the session
    SessionID []byte
    // Index of the verifier who received the deal
    Index uint32
    // DealerIndex is the index of the dealer who issued the Deal
    DealerIndex uint32
    // Share contained in the Deal
    Share *share.PriShare
    // Signature over all over fields generated by the issuing verifier
    Signature []byte

ReconstructCommits holds the information given by a participant who reveals the deal received from a peer that has received a ComplaintCommits.

func (*ReconstructCommits) Hash Uses

func (rc *ReconstructCommits) Hash(s Suite) []byte

Hash returns the hash value of this struct used in the signature process.

type Response Uses

type Response struct {
    // Index of the Dealer for which this response is for
    Index uint32
    // Response issued from another participant
    Response *vss.Response

Response holds the Response from another participant as well as the index of the target Dealer.

type SecretCommits Uses

type SecretCommits struct {
    // Index of the Dealer in the list of participants
    Index uint32
    // Commitments generated by the Dealer
    Commitments []kyber.Point
    // SessionID generated by the Dealer tied to the Deal
    SessionID []byte
    // Signature from the Dealer
    Signature []byte

SecretCommits is sent during the distributed public key reconstruction phase, basically a Feldman VSS scheme.

func (*SecretCommits) Hash Uses

func (sc *SecretCommits) Hash(s Suite) []byte

Hash returns the hash value of this struct used in the signature process.

type Suite Uses

type Suite vss.Suite

Suite wraps the functionalities needed by the dkg package

Package dkg imports 9 packages (graph). Updated 2020-05-06. Refresh now. Tools for package owners.