github/tss-lib
1
1
Fork 0
mirror of https://github.com/SwingbyProtocol/tss-lib.git synced 2026-01-11 06:48:22 -05:00
Code Issues Packages Projects Releases Wiki Activity
672 Commits 8 Branches 3 Tags
master
Commit Graph

59 Commits

Author SHA1 Message Date
Gustavo Frederico
1e02560e7e Merging the branch that has CGGMP21 Oct changes onto the master branch. Resolving conflicts (listed below). In general, file versions of CGGMP21 Oct were chosen and security patches or small recent improvements from the master branch were copied over. 
Merge branch 'master' into feature/cggmp21oct-tss-lib-tmp-merge

# Conflicts:
#	.github/workflows/test.yml
#	Makefile
#	README.md
#	crypto/ckd/child_key_derivation.go
#	crypto/ecpoint.go
#	crypto/mta/proofs.go
#	crypto/mta/range_proof.go
#	crypto/mta/share_protocol.go
#	crypto/mta/share_protocol_test.go
#	crypto/paillier/paillier.go
#	crypto/vss/feldman_vss.go
#	ecdsa/keygen/ecdsa-keygen.pb.go
#	ecdsa/keygen/local_party.go
#	ecdsa/keygen/local_party_test.go
#	ecdsa/keygen/messages.go
#	ecdsa/keygen/prepare.go
#	ecdsa/keygen/round_1.go
#	ecdsa/keygen/round_2.go
#	ecdsa/keygen/round_3.go
#	ecdsa/keygen/round_4.go
#	ecdsa/keygen/save_data.go
#	ecdsa/resharing/ecdsa-resharing.pb.go
#	ecdsa/resharing/local_party_test.go
#	ecdsa/resharing/messages.go
#	ecdsa/resharing/round_1_old_step_1.go
#	ecdsa/resharing/round_4_new_step_2.go
#	ecdsa/signing/ecdsa-signing.pb.go
#	ecdsa/signing/finalize.go
#	ecdsa/signing/key_derivation_util.go
#	ecdsa/signing/local_party.go
#	ecdsa/signing/local_party_test.go
#	ecdsa/signing/messages.go
#	ecdsa/signing/prepare.go
#	ecdsa/signing/round_1.go
#	ecdsa/signing/round_2.go
#	ecdsa/signing/round_3.go
#	ecdsa/signing/round_4.go
#	ecdsa/signing/round_5.go
#	ecdsa/signing/round_6.go
#	ecdsa/signing/round_7.go
#	ecdsa/signing/rounds.go
#	eddsa/keygen/eddsa-keygen.pb.go
#	eddsa/keygen/local_party.go
#	eddsa/keygen/local_party_test.go
#	eddsa/keygen/messages.go
#	eddsa/keygen/round_1.go
#	eddsa/keygen/round_2.go
#	eddsa/keygen/round_3.go
#	eddsa/keygen/save_data.go
#	eddsa/keygen/test_utils.go
#	eddsa/resharing/eddsa-resharing.pb.go
#	eddsa/resharing/local_party.go
#	eddsa/resharing/local_party_test.go
#	eddsa/resharing/messages.go
#	eddsa/resharing/round_1_old_step_1.go
#	eddsa/resharing/round_4_new_step_2.go
#	eddsa/signing/eddsa-signing.pb.go
#	eddsa/signing/finalize.go
#	eddsa/signing/local_party.go
#	eddsa/signing/local_party_test.go
#	eddsa/signing/messages.go
#	eddsa/signing/prepare.go
#	eddsa/signing/round_1.go
#	eddsa/signing/round_2.go
#	eddsa/signing/round_3.go
#	eddsa/signing/rounds.go
#	eddsa/signing/utils.go
#	go.mod
#	go.sum
#	protob/ecdsa-keygen.proto
#	protob/ecdsa-resharing.proto
#	protob/ecdsa-signing.proto
#	protob/eddsa-keygen.proto
#	protob/eddsa-resharing.proto
#	protob/eddsa-signing.proto
#	protob/message.proto
#	protob/signature.proto
#	test/_ecdsa_fixtures/keygen_data_0.json
#	test/_ecdsa_fixtures/keygen_data_1.json
#	test/_ecdsa_fixtures/keygen_data_2.json
#	test/_ecdsa_fixtures/keygen_data_3.json
#	test/_ecdsa_fixtures/keygen_data_4.json
#	test/_eddsa_fixtures/keygen_data_0.json
#	test/_eddsa_fixtures/keygen_data_1.json
#	test/_eddsa_fixtures/keygen_data_2.json
#	test/_eddsa_fixtures/keygen_data_3.json
#	test/_eddsa_fixtures/keygen_data_4.json
#	test/config.go
#	tss/message.pb.go
#	tss/params.go
#	tss/party.go
#	tss/wire.go
 2021-12-17 16:03:49 -05:00
Gustavo Frederico
f81d9700a2 Adding identification of abort for ECDSA signing. 2021-11-22 19:08:19 -05:00
Gustavo Frederico
36573fc6ee Initial updates of the October version of the CGGMP21 paper. Work in progress. 2021-11-15 21:38:27 -05:00
Gustavo Frederico
ac1d2cc9a0 Identification of aborts with unit test. 2021-10-26 23:39:42 -04:00
Gustavo Frederico
4397af0043 keygen: adding a Schnorr proof in round 1. Adding missing ridi and rid. Adding Xi and Ai to the hashes and messages. Adding Schnorr zkp in round 3. Adding proof verifications in round 4. 2021-10-18 18:39:19 -04:00
ycen
ac37ece47f ecdsa-keygen parallization and code clean 2021-09-30 18:00:10 +08:00
ycen
06fd3376c8 Fix ecdsa/keygen E2E test not run 2021-09-27 15:04:43 +08:00
ycen
356a99831b Fix broken eddsa caused by change of zkp/sch 2021-09-23 14:17:39 +08:00
ycen
1ff2f61744 Update ecdsa-keygen protol 2021-09-23 13:49:11 +08:00
ycen
07d80fc111 Rename round name to presign/sign 2021-09-09 20:09:39 +08:00
ycen
18a04094ef Parallized processing proof generation and verify 2021-09-09 16:06:54 +08:00
Patrick Cen
97d9fe472b CGGMP protocol update. 
One round signing and thre round presign protocol according to the CGGMP
paper.
 2021-09-09 00:53:33 +08:00
Fitz
856d77b7fb Curve as parameter (#137) 
* move curve into tss.Parameters

* regen proto with full package name

* pass curve through parameter

* add curve name in ecpoint json serialization
 2021-07-06 11:51:20 +08:00
creamwhip
9ed01e22ed remove unused VoidMessage and update protoc to v3.17.3 and protoc-gen-go to v1.27.1 2021-06-29 18:44:54 +08:00
Gustavo Frederico
d92727e29c Adding a void message to support peer visibility / sync at the client. This void message does not affect the functionality of any protocol. 2021-06-29 18:44:54 +08:00
Gustavo Frederico
f3dab69047 Matching binance-chain tss-lib commit c318b67738db63fc6d2b3455dfc7a4da34421eda. 
Removing the witness in signing as the verifier only trusts its own Ntilde,h1,h2.
 2021-05-06 20:40:12 -04:00
Gustavo Frederico
f0e216cf60 Resharing identifiable abort - adding certain proofs and verifications that are also in keygen, for more security 2021-02-24 19:04:55 -05:00
Gustavo Frederico
4f6b24d703 Resharing identifiable abort - adding more unit tests, some refactoring to share code with keygen 2021-02-24 12:59:24 -05:00
Gustavo Frederico
508bebc60f Identifiable abort - initial changes - work in progress 2021-02-18 21:53:09 -05:00
Gustavo Frederico
3bc0bdfee3 Identifiable aborts in resharing - initial changes - work in progress 2021-02-12 07:29:56 -05:00
Gustavo Frederico
09bd254909 Adding identification of aborts per section 4.1 of the paper. A pair of ECDSA keys is created in round 1 for player authentication. It signs the Paillier public key first. It then signs the shares in round 2. In case the Feldman check fails in round 3, evidence is broadcasted. Round 4 is now split into normal logic and handling an abort. When handling the abort, an independent player (not the plaintiff, not the accused one) will re-verify the signature of the share and re-check the Feldman shares. The outcome of the abort identification may indeed blame the accused party if the Feldman check fails, or else it may blame the plaintiff for trying to frame the accused party. 2020-12-11 12:52:24 -05:00
cong
9d8889d446 Internal mobile wrapper eddsa (#124) 
* [R4R] Add eddsa (#88)

* [R4R] Add eddsa keygen and signing (#3)

* add eddsa signing and keygen

* contruct extended element from x,y

* update dep

* fix test

* fix bug

* delete unused code

* add resharing

* fix comments

* refactor RejectionSampl;e

* rename variable (#4)

* delete printf

* update dependency

* resolve conflict

* Update readme about EdDSA (#91)

* update readme about eddsa

* minor fix

* S in eddsa signature is not encoded correctly

* fix msg in eddsa hasn't to be a int.

* fix unit test

* register DGRound4Message for eddsa resharing (#99)

Co-authored-by: yutianwu <wzxingbupt@gmail.com>
Co-authored-by: dylenfu <dylenfu@126.com>
 2020-12-08 16:50:06 +08:00
Gustavo Frederico
e1c437d493 keygen ECDSA: changes to support the identification of aborts. Work in progress. 2020-11-30 07:17:14 -05:00
Gustavo Frederico
fdfaeb0e80 keygen: adding two proofs of section 3.1 Phase 3: that N_i is square-free and that the player knows x_i using Schnorr's protocol. 2020-11-25 08:57:56 -05:00
Luke Plaster
b06239d7fa ecdsa/signing: rename UIJ to MuIJ in protobuf structs 2020-11-15 16:25:25 +08:00
Luke Plaster
eafa3ee947 ecdsa/signing: type 7 abort done 2020-11-15 16:25:25 +08:00
Luke Plaster
6ab828b4aa ecdsa/signing: type 7 abort almost done 2020-11-15 16:24:46 +08:00
Luke Plaster
431b61fbc2 ecdsa/signing: include signature for C2 ciphertext in r2 msg for type 7 aborts 2020-11-15 16:24:46 +08:00
Luke Plaster
b18b0dc602 protob: minor edit to comment for ECPoint 2020-11-15 16:24:46 +08:00
Luke Plaster
44002c7423 ecdsa/signing: remove unused k_i_randomness in round 6 abort msg 2020-11-15 16:24:46 +08:00
Luke Plaster
6dab731e4d ecdsa, eddsa: pbufs finishing touches, green tests 2020-11-15 16:24:46 +08:00
Luke Plaster
641739359b ECPoint message migration in protobufs 2020-11-15 16:24:46 +08:00
Luke Plaster
7935d1ca99 ecdsa/signing: implement 'type 7' identified abort (blame), use google.golang.org/protobuf v1.24.0 2020-11-15 16:24:46 +08:00
Luke Plaster
8a04ef0a60 ecdsa/signing: implement 'type 5' identified abort (blame) 2020-11-15 16:24:46 +08:00
Luke Plaster
5ecf8d3e67 protob/eddsa-resharing: minor fix for eddsa protobuf name when regenerated 2020-11-15 16:24:46 +08:00
Luke Plaster
b3d748f4a0 ecdsa/signing: simplify, use rSigmaI in FinalizeGetOurSigShare 2020-11-15 16:24:46 +08:00
Luke Plaster
b6b577da8d eddsa/signing: add identifable abort for phase 7 2020-11-15 16:24:46 +08:00
Luke Plaster
ded99ead3d ecdsa/signing: add the one-round signing API 2020-11-15 16:24:10 +08:00
Luke Plaster
0853e024a7 ecdsa/signing: populate and save the one-round state struct 2020-11-15 16:24:10 +08:00
Luke Plaster
b8a5c29282 ecdsa/signing: implement round 5 ZKP of consistency between Rdash_i and E_i(k_i) 
ported from the kzen impl: https://git.io/Jf69a
 2020-11-15 16:23:52 +08:00
Luke Plaster
31714eb366 ecdsa/signing: implement the remaining rounds for gg20 2020-11-15 16:23:52 +08:00
Luke Plaster
754085f87b ecdsa/signing: implement gg20 round 3 2020-11-15 16:23:52 +08:00
Luke Plaster
74cf79fdef protob: update message defs for gg20 2020-11-15 16:21:48 +08:00
Luke Plaster
faa5e228dd ecdsa/signing: rename 'theta' to 'delta' for correctness 2020-11-15 16:21:34 +08:00
Luke Plaster
da6040f736 protob: fix go package of signature protobuf source 2020-03-30 17:50:25 +08:00
yutianwu
abd66f8884 [R4R] Add eddsa (#88) 
* [R4R] Add eddsa keygen and signing (#3)

* add eddsa signing and keygen

* contruct extended element from x,y

* update dep

* fix test

* fix bug

* delete unused code

* add resharing

* fix comments

* refactor RejectionSampl;e

* rename variable (#4)

* delete printf

* update dependency

* resolve conflict
 2020-03-06 11:34:06 +08:00
Luke Plaster
769ccf744f [security] ecdsa: add proof of discrete log to prove that the two elements h_1, h_2 generate the same group mod N 2020-03-05 12:05:16 +08:00
Luke Plaster
1e5e2dd5ed [security] resharing: wait for final acks from the new committee before ending (#75) 
This is the fix for a vulnerability reported by Omer Shlomovits of KZen Networks (ZenGo).

It adds a final ack round to the re-sharing protocol where the new committee sends acks to members of both the old and new committees before they save any data to disk.

Other Changes:

* readme: mention the UpdateFromBytes bool arg changes, misc edits

* resharing: edit a comment in round 4

* remove the confusing to committee bools

* resharing: remove a redundant line in round 5
 2019-11-12 15:24:18 +08:00
Luke Plaster
570cd35f9e protob: add copyright headers 2019-10-24 16:52:27 +08:00
Luke Plaster
641f146b15 add SignatureData protobuf message to replace LocalSignData 
and use it in the mobile interface
 2019-10-24 16:48:08 +08:00