frostrb 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +10 -9
- data/lib/frost/dkg/secret_package.rb +53 -0
- data/lib/frost/dkg.rb +28 -19
- data/lib/frost/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e3824b64152fafddb21b2189891156852ec6a3b079274d81cbe6e0d5732ee848
|
|
4
|
+
data.tar.gz: 8e28eeb4c71d9b4d9636e922fd71772c86b98819c4ed2f4ea7416dc085961a7b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 26b6c5dbfa59991e7ab0f6bddb11ca1dd4219cdd5c6101fb62d106fd7d982c5afb2107149332cba55db3448afce3286b4807a32415f2bcc8b63b90e00871e298
|
|
7
|
+
data.tar.gz: b80e53aaaff5733bf0b5f1091f2a2a7c5903fbb008551e8924aa285b61e2e8044a2f594a481f5cfca2aefe5fd72de101b6ae9e4533e7b623a6c30687052a652f
|
data/README.md
CHANGED
|
@@ -80,14 +80,14 @@ DKG can be run as below.
|
|
|
80
80
|
max_signer = 5
|
|
81
81
|
min_signer = 3
|
|
82
82
|
|
|
83
|
-
|
|
83
|
+
secret_packages = {}
|
|
84
84
|
round1_outputs = {}
|
|
85
85
|
# Round 1:
|
|
86
86
|
# For each participant, perform the first part of the DKG protocol.
|
|
87
87
|
1.upto(max_signer) do |i|
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
round1_outputs[i] =
|
|
88
|
+
secret_package = FROST::DKG.generate_secret(i, min_signer, max_signer, group)
|
|
89
|
+
secret_packages[i] = secret_package
|
|
90
|
+
round1_outputs[i] = secret_package.public_package
|
|
91
91
|
end
|
|
92
92
|
|
|
93
93
|
# Each participant sends their commitments and proof to other participants.
|
|
@@ -98,8 +98,9 @@ end
|
|
|
98
98
|
|
|
99
99
|
# Each participant verify knowledge of proof in received package.
|
|
100
100
|
received_package.each do |id, packages|
|
|
101
|
+
secret_package = secret_packages[id]
|
|
101
102
|
packages.each do |package|
|
|
102
|
-
expect(FROST::DKG.verify_proof_of_knowledge(package)).to be true
|
|
103
|
+
expect(FROST::DKG.verify_proof_of_knowledge(secret_package, package)).to be true
|
|
103
104
|
end
|
|
104
105
|
end
|
|
105
106
|
|
|
@@ -107,11 +108,11 @@ end
|
|
|
107
108
|
# Each participant generate share for other participants and send it.
|
|
108
109
|
received_shares = {}
|
|
109
110
|
1.upto(max_signer) do |i|
|
|
110
|
-
|
|
111
|
+
secret_package = secret_packages[i] # own secret
|
|
111
112
|
1.upto(max_signer) do |o|
|
|
112
113
|
next if i == o
|
|
113
114
|
received_shares[o] ||= []
|
|
114
|
-
received_shares[o] << [i,
|
|
115
|
+
received_shares[o] << [i, secret_package.gen_share(o)]
|
|
115
116
|
end
|
|
116
117
|
end
|
|
117
118
|
|
|
@@ -127,11 +128,11 @@ end
|
|
|
127
128
|
signing_shares = {}
|
|
128
129
|
1.upto(max_signer) do |i|
|
|
129
130
|
shares = received_shares[i].map { |_, share| share }
|
|
130
|
-
signing_shares[i] = FROST::DKG.compute_signing_share(
|
|
131
|
+
signing_shares[i] = FROST::DKG.compute_signing_share(secret_packages[i], shares)
|
|
131
132
|
end
|
|
132
133
|
|
|
133
134
|
# Participant 1 compute group public key.
|
|
134
|
-
group_pubkey = FROST::DKG.compute_group_pubkey(
|
|
135
|
+
group_pubkey = FROST::DKG.compute_group_pubkey(secret_packages[1], received_package[1])
|
|
135
136
|
|
|
136
137
|
# The subsequent signing phase is the same as above with signing_shares as the secret.
|
|
137
138
|
```
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
module FROST
|
|
2
|
+
module DKG
|
|
3
|
+
# Package to hold participants' secret share.
|
|
4
|
+
class SecretPackage
|
|
5
|
+
|
|
6
|
+
attr_reader :identifier
|
|
7
|
+
attr_reader :polynomial
|
|
8
|
+
attr_reader :public_package
|
|
9
|
+
attr_reader :min_signers
|
|
10
|
+
attr_reader :max_signers
|
|
11
|
+
|
|
12
|
+
# Constructor.
|
|
13
|
+
# @param [Integer] identifier The identifier of this owner.
|
|
14
|
+
# @param [Integer] min_signers Minimum number of signers.
|
|
15
|
+
# @param [Integer] max_signers Maximum number of signers.
|
|
16
|
+
# @param [FROST::Polynomial] polynomial Polynomial with secret share.
|
|
17
|
+
def initialize(identifier, min_signers, max_signers, polynomial)
|
|
18
|
+
raise ArgumentError, "identifier must be Integer." unless identifier.is_a?(Integer)
|
|
19
|
+
raise ArgumentError, "identifier must be greater than 0." if identifier < 1
|
|
20
|
+
raise ArgumentError, "min_signers must be Integer." unless min_signers.is_a?(Integer)
|
|
21
|
+
raise ArgumentError, "max_signers must be Integer." unless max_signers.is_a?(Integer)
|
|
22
|
+
raise ArgumentError, "polynomial must be FROST::Polynomial." unless polynomial.is_a?(FROST::Polynomial)
|
|
23
|
+
raise ArgumentError, "max_signers must be greater than or equal to min_signers." if max_signers < min_signers
|
|
24
|
+
raise ArgumentError, "Number of coefficients of polynomial and min_signers do not match." unless min_signers == polynomial.coefficients.length
|
|
25
|
+
|
|
26
|
+
@identifier = identifier
|
|
27
|
+
@min_signers = min_signers
|
|
28
|
+
@max_signers = max_signers
|
|
29
|
+
@polynomial = polynomial
|
|
30
|
+
@public_package = Package.new(identifier, polynomial.gen_commitments, polynomial.gen_proof_of_knowledge(identifier))
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
# Generate secret share for identifier.
|
|
34
|
+
# @param [Integer] identifier
|
|
35
|
+
# @return [FROST::SecretShare] Generate share.
|
|
36
|
+
def gen_share(identifier)
|
|
37
|
+
polynomial.gen_share(identifier)
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
# Get group.
|
|
41
|
+
# @return [ECDSA::Group]
|
|
42
|
+
def group
|
|
43
|
+
polynomial.group
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
# Get verification point.
|
|
47
|
+
# @return [ECDSA::Point]
|
|
48
|
+
def verification_point
|
|
49
|
+
polynomial.verification_point
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
data/lib/frost/dkg.rb
CHANGED
|
@@ -2,6 +2,7 @@ module FROST
|
|
|
2
2
|
# Distributed Key Generation feature.
|
|
3
3
|
module DKG
|
|
4
4
|
|
|
5
|
+
autoload :SecretPackage, "frost/dkg/secret_package"
|
|
5
6
|
autoload :Package, "frost/dkg/package"
|
|
6
7
|
|
|
7
8
|
module_function
|
|
@@ -10,17 +11,18 @@ module FROST
|
|
|
10
11
|
# Participant generate key and commitments, proof of knowledge for secret.
|
|
11
12
|
# @param [Integer] identifier
|
|
12
13
|
# @param [ECDSA::Group] group Group of elliptic curve.
|
|
13
|
-
# @return [
|
|
14
|
+
# @return [FROST::DKG::SecretPackage] Secret received_package for owner.
|
|
14
15
|
def generate_secret(identifier, min_signers, max_signers, group)
|
|
15
16
|
raise ArgumentError, "identifier must be Integer" unless identifier.is_a?(Integer)
|
|
16
17
|
raise ArgumentError, "identifier must be greater than 0." if identifier < 1
|
|
17
18
|
raise ArgumentError, "group must be ECDSA::Group." unless group.is_a?(ECDSA::Group)
|
|
19
|
+
raise ArgumentError, "min_signers must be Integer." unless min_signers.is_a?(Integer)
|
|
20
|
+
raise ArgumentError, "max_singers must be Integer." unless max_signers.is_a?(Integer)
|
|
18
21
|
raise ArgumentError, "max_signers must be greater than or equal to min_signers." if max_signers < min_signers
|
|
19
22
|
|
|
20
23
|
secret = FROST::SigningKey.generate(group)
|
|
21
|
-
# Every participant P_i samples t random values (a_{i0}, ..., a_{i(t−1)}) ← Z_q
|
|
22
24
|
polynomial = secret.gen_poly(min_signers - 1)
|
|
23
|
-
|
|
25
|
+
SecretPackage.new(identifier, min_signers, max_signers, polynomial)
|
|
24
26
|
end
|
|
25
27
|
|
|
26
28
|
# Generate proof of knowledge for secret.
|
|
@@ -43,38 +45,45 @@ module FROST
|
|
|
43
45
|
end
|
|
44
46
|
|
|
45
47
|
# Verify proof of knowledge for received commitment.
|
|
46
|
-
# @param [FROST::DKG::
|
|
48
|
+
# @param [FROST::DKG::SecretPackage] secret_package Verifier's secret package.
|
|
49
|
+
# @param [FROST::DKG::Package] received_package Received received_package.
|
|
47
50
|
# @return [Boolean]
|
|
48
|
-
def verify_proof_of_knowledge(
|
|
49
|
-
raise ArgumentError, "
|
|
51
|
+
def verify_proof_of_knowledge(secret_package, received_package)
|
|
52
|
+
raise ArgumentError, "secret_package must be FROST::DKG::SecretPackage." unless secret_package.is_a?(FROST::DKG::SecretPackage)
|
|
53
|
+
raise ArgumentError, "received_package must be FROST::DKG::Package." unless received_package.is_a?(FROST::DKG::Package)
|
|
54
|
+
raise FROST::Error, "Invalid number of commitments in package." unless secret_package.min_signers == received_package.commitments.length
|
|
50
55
|
|
|
51
|
-
verification_key =
|
|
52
|
-
msg = FROST.encode_identifier(
|
|
53
|
-
[verification_key.to_hex +
|
|
56
|
+
verification_key = received_package.verification_key
|
|
57
|
+
msg = FROST.encode_identifier(received_package.identifier, verification_key.group) +
|
|
58
|
+
[verification_key.to_hex + received_package.proof.r.to_hex].pack("H*")
|
|
54
59
|
challenge = Hash.hdkg(msg, verification_key.group)
|
|
55
|
-
|
|
60
|
+
received_package.proof.r == verification_key.group.generator * received_package.proof.s + (verification_key * challenge).negate
|
|
56
61
|
end
|
|
57
62
|
|
|
58
63
|
# Compute signing share using received shares from other participants
|
|
59
|
-
# @param [FROST::
|
|
64
|
+
# @param [FROST::DKG::SecretPackage] secret_package Own secret received_package.
|
|
60
65
|
# @param [Array] received_shares Array of FROST::SecretShare received by other participants.
|
|
61
66
|
# @return [FROST::SecretShare] Signing share.
|
|
62
|
-
def compute_signing_share(
|
|
63
|
-
raise ArgumentError, "polynomial must be FROST::
|
|
67
|
+
def compute_signing_share(secret_package, received_shares)
|
|
68
|
+
raise ArgumentError, "polynomial must be FROST::DKG::SecretPackage." unless secret_package.is_a?(FROST::DKG::SecretPackage)
|
|
69
|
+
raise FROST::Error, "Invalid number of received_shares." unless secret_package.max_signers - 1 == received_shares.length
|
|
70
|
+
|
|
64
71
|
identifier = received_shares.first.identifier
|
|
65
72
|
s_id = received_shares.sum {|share| share.share}
|
|
66
|
-
field = ECDSA::PrimeField.new(
|
|
73
|
+
field = ECDSA::PrimeField.new(secret_package.group.order)
|
|
67
74
|
FROST::SecretShare.new(
|
|
68
|
-
identifier, field.mod(s_id +
|
|
75
|
+
identifier, field.mod(s_id + secret_package.gen_share(identifier).share), secret_package.group)
|
|
69
76
|
end
|
|
70
77
|
|
|
71
78
|
# Compute Group public key.
|
|
72
|
-
# @param [FROST::
|
|
79
|
+
# @param [FROST::DKG::SecretPackage] secret_package Own secret received_package.
|
|
73
80
|
# @param [Array] received_packages Array of FROST::DKG::Package received by other participants.
|
|
74
81
|
# @return [ECDSA::Point] Group public key.
|
|
75
|
-
def compute_group_pubkey(
|
|
76
|
-
raise ArgumentError, "polynomial must be FROST::
|
|
77
|
-
|
|
82
|
+
def compute_group_pubkey(secret_package, received_packages)
|
|
83
|
+
raise ArgumentError, "polynomial must be FROST::DKG::SecretPackage." unless secret_package.is_a?(FROST::DKG::SecretPackage)
|
|
84
|
+
raise FROST::Error, "Invalid number of received_packages." unless secret_package.max_signers - 1 == received_packages.length
|
|
85
|
+
|
|
86
|
+
received_packages.inject(secret_package.verification_point) {|sum, package| sum + package.commitments.first }
|
|
78
87
|
end
|
|
79
88
|
end
|
|
80
89
|
end
|
data/lib/frost/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: frostrb
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- azuchi
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-02-
|
|
11
|
+
date: 2024-02-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ecdsa_ext
|
|
@@ -61,6 +61,7 @@ files:
|
|
|
61
61
|
- lib/frost/commitments.rb
|
|
62
62
|
- lib/frost/dkg.rb
|
|
63
63
|
- lib/frost/dkg/package.rb
|
|
64
|
+
- lib/frost/dkg/secret_package.rb
|
|
64
65
|
- lib/frost/hash.rb
|
|
65
66
|
- lib/frost/nonce.rb
|
|
66
67
|
- lib/frost/polynomial.rb
|