Crate secret_sharing_and_dkg
source ·Expand description
§Secret sharing and distributed key generation
Implements Secret Sharing (SS), Verifiable Secret Sharing (VSS), Distributed Verifiable Secret Sharing (DVSS), Distributed Key Generation (DKG) and Publicly Verifiable Secret Sharing (PVSS) algorithms. DVSS and DKG do not require a trusted dealer. Also implements a distributed discrete log check.
- Shamir secret sharing (Requires a trusted dealer)
- Pedersen Verifiable Secret Sharing
- Pedersen Distributed Verifiable Secret Sharing
- Feldman Verifiable Secret Sharing
- Feldman Distributed Verifiable Secret Sharing
- Gennaro DKG from the paper Secure Distributed Key Generation for Discrete-Log Based Cryptosystems
- Distributed Key Generation from FROST
- Distributed discrete log (DLOG) check
- Publicly Verifiable Secret Sharing
Modules§
- Distributed Key Generation protocol as described in Fig. 4 of the paper VSS from Distributed ZK Proofs and Applications
- Feldman’s Verifiable Secret Sharing Scheme, with faster verification but slower sharing, by K. Baghery. As described in Fig 3 of the paper A Unified Framework for Verifiable Secret Sharing
- Publicly verifiable secret sharing protocols
- Distributed discrete log (DLOG) check
- Feldman Distributed Verifiable secret sharing and distributed key generation.
- Feldman Verifiable Secret Sharing Scheme. Based on the paper A practical scheme for non-interactive verifiable secret sharing The scheme works as follows for threshold
t
and totaln
: - This is the keygen implemented in the FROST paper in Figure 1. This is a slight addition to the DKG based on Feldman VSS as it contains a Schnorr proof of knowledge of the secret key.
- Based on the paper Secure Distributed Key Generation for Discrete-Log Based Cryptosystems Scheme is defined in Fig 2. The protocol is run in 2 phases: Phase1 where all participants generate a secret and share it using Pedersen VSS and in Phase 2 participants distribute commitments as per Feldman VSS and generate the public key at the end. The public key is assumed to be of the form
G*x
wherex
is the secret key andG
is the group generator. - Pedersen Distributed Verifiable secret sharing. Based on the paper “Non-interactive and information-theoretic secure verifiable secret sharing”, section 5. https://www.cs.cornell.edu/courses/cs754/2001fa/129.PDF Does not involve a trusted third party but assumes that all participants (and not just threshold) participate till the end. Even if one participant aborts, the protocol needs to be restarted. A workaround is for each participant to ignore the faulty participant’s share essentially making it such that the faulty participant was never there.
- Pedersen Verifiable secret sharing. Based on the paper “Non-interactive and information-theoretic secure verifiable secret sharing”, section 4. https://www.cs.cornell.edu/courses/cs754/2001fa/129.PDF. The basic idea is the following
- Shamir secret sharing