latticex-foundation / opentss Goto Github PK

View Code? Open in Web Editor NEW

128.0 4.0 30.0 222 KB

An ECDSA threshold signature algorithm implemented in Rust.

License: GNU General Public License v3.0

Rust 100.00%

cryptography ecdsa rust tss

opentss's Introduction

Open TSS

This project is a Rust implementation of multi-party {t,n}-threshold signature scheme(TSS).

The current version of this library supports ECDSA, other algorithms such as EdDSA, BLS, etc. will be integrated soon. Please look forward to it!

Multi-Party ECDSA

ECDSA is widely used in crypto-currencies, such as BTC, Ethereum (secp256k1 curve), etc.

The multi-party ECDSA protocol in this library is implemented based on class group. It currently includes two protocols:

Key Generation for creating secret shares.
Signing for using the secret shares to generate a signature. This can be divided into two phases, Offline and Online:
- The Offline phase is independent of the message to be signed and can be calculated in advance.
- Simply passing the message (and the output of Offline) to the Online phase, and you can get the signature very quickly.

The ECDSA in this library includes schemes described in [DMZ+21](published in Asiacrypt 2021).

Protocol	Introduction
[DMZ+21]	- This paper proposes efficient multi-party threshold ECDSA protocols from CL encryptions based on class groups. - This protocol avoids the low order assumption, which is a strong and non-standard assumption, and reduces the communication cost in keygen.

Usage

Let's take KeyGen for example, only need three steps. Assuming $(t,n) = (1,3)$, party ids are 1, 2, 3.

Step 1: New a Phase object.

let partyid = "1".to_string();
let params = Parameters {
    threshold: 1,
    share_count: 3,
};
let party_ids = vec!["1".to_string(), "2".to_string(), "3".to_string()];
let mut keygen = KeyGenPhase::new(partyid, params, &Some(party_ids)).unwrap();

Step 2: Start by calling process_begin, which returns the message to be sent in the next round.

let sending_msg: SendingMessages = keygen.process_begin().unwrap();

According to the SendingMessages type(Broadcast, P2P, etc.) and content, we can package the index(from, self partyid) with the message(msg) to the other participant(s).

match sending_msg {
    SendingMessages::BroadcastMessage(msg) => {
        // broadcast the msg to all(including self).
    }
    SendingMessages::P2pMessage(msg) => {
        // send according to the k,v in the msg. k is the index which v will to be sent to.
    }
    SendingMessages::SubsetMessage(msg) => {
        // send according to the k in the party_ids or subset(used in sign phase). k is the index which msg will to be sent to.
    }
    _ => {}
}

Step 3: Handling messages by msg_handler.

When a message has been received, got the recv_from and recv_msg, and then pass them into msg_handler, which returns a result or the message to be sent in the next round.

loop {
    // let (recv_from, recv_msg) = According to the last round of SendingMessages
    let recv_from = "".to_string();
    let recv_msg = vec![0u8];
    let sending_msg = keygen.msg_handler(recv_from, &recv_msg).unwrap();
    match sending_msg {
        SendingMessages::KeyGenSuccessWithResult(msg) => {
            // got the keygen result
            break;
        }
        _ => {
            // other sending messages, ref Step 2.
        }
    }
}

Once SendingMessages::KeyGenSuccessWithResult is received, it indicates completion.

A local test shows how to use these functions.
The usage of SignOffline, SignOnline are similar to KeyGen. Please ref here for more details.

References

[DMZ+21] https://eprint.iacr.org/2022/297

Contact

You could reach us by email.

License

The OpenTSS library is licensed under the GNU General Public License v3.0.

opentss's People

Contributors

Stargazers

Watchers

opentss's Issues

How to recover one valid {t,n} threshold (PublicKey, PrivateKey) pair ?

Amazing library. We really love it. For work, we can't use the Signing function, instead we need to generate a valid {t,n} threshold ecdsa (PublicKey, PrivateKey) pair. We can even ask the t out of n clients to send their local private keys to the final computer that will generate the final valid pair. Also this process will be used only once as we no longer use the same party again.

Let's rewrite here our scenario

n computers generate their local secrets.
Using signing function on a dummy message, {t,n} can recover the PublicKey of the final pair from the signed dummy message.
At a certain point in time, t of these n computers will share their keys to a special node.
This special node should be able to recover (create) a valid {t,n} threshold ECDSA (Public,Private) key pair.
We discard the party as we no longer need it.

Think it as a 3rd party authentication service that is able to recreate the final (PublicKey,PrivateKey) pair.
Or think it as an escrow multi sig. We know from the beginning the multi sig address, and after some time t out of n will allow one node to create the (PublicKey, PrivateKey) to claim control over the multi-sig address.

Any idea of how to do it ? We really appreciate if you can help us, otherwise we can not use this amazing library in our work.

pub mod communication;
pub mod protocols;
pub mod utilities;

use crate::communication::sending_messages::*;
use curv::elliptic::curves::{Point, Scalar, Secp256k1};
use protocols::multi_party::dmz21::common::*;
use protocols::multi_party::dmz21::keygen::*;
pub type CU = Secp256k1;
pub type FE = Scalar<Secp256k1>;
pub type GE = Point<Secp256k1>;

fn main() {
    // step 1：新建一个Phase对象。
    println!("第 1 步：新建一个Phase对象。");
    let partyid = "1".to_string();
    let params = Parameters {
        threshold: 1,
        share_count: 3,
    };
    let party_ids = vec!["1".to_string(), "2".to_string(), "3".to_string()];
    let mut keygen = KeyGenPhase::new(partyid, params, &Some(party_ids)).unwrap();
    // step 2：首先调用process_begin，返回下一轮要发送的消息。
    println!("第 2 步：首先调用process_begin，返回下一轮要发送的消息。");
    let sending_msg: SendingMessages = keygen.process_begin().unwrap();
    match sending_msg {
        SendingMessages::BroadcastMessage(msg) => {
            // broadcast the msg to all(including self).
            println!("1");
        }
        SendingMessages::P2pMessage(msg) => {
            // send according to the k,v in the msg. k is the index which v will to be sent to.
            println!("2");
        }
        SendingMessages::SubsetMessage(msg) => {
            // send according to the k in the party_ids or subset(used in sign phase). k is the index which msg will to be sent to.
            println!("3");
        }
        _ => {}
    }

    // step 3：通过 处理消息msg_handler。
    println!("第 3 步：通过 处理消息msg_handler。");
    loop {
        // let (recv_from, recv_msg) = According to the last round of SendingMessages
        let recv_from = "".to_string();
        let recv_msg = vec![0u8];
        let sending_msg = keygen.msg_handler(recv_from, &recv_msg).unwrap();
        match sending_msg {
            SendingMessages::KeyGenSuccessWithResult(msg) => {
                println!("{}", msg);
                // got the keygen result
                break;
            }
            _ => {
                // other sending messages, ref Step 2.
            }
        }
    }
}

Errors are shown below

latticex-foundation / opentss Goto Github PK

opentss's Introduction

Open TSS

Multi-Party ECDSA

Usage

References

Contact

License

opentss's People

Contributors

Stargazers

Watchers

Forkers

opentss's Issues

How to recover one valid {t,n} threshold (PublicKey, PrivateKey) pair ?

Final Signature Verification Function as sample code. Please!.

Could you provide sample code for verifying the signature

Could you please provide a sample code?

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent