An ECDSA threshold signature algorithm implemented in Rust.

Related tags

Cryptography rust cryptography ecdsa tss
Overview

Open TSS LOGO

BuildLicense: GPLv3

Open TSS

This project is a Rust implementation of multi-party {t,n}-threshold signature scheme(TSS).

The current version of this library supports ECDSA, other algorithms such as EdDSA, BLS, etc. will be integrated soon. Please look forward to it!

Multi-Party ECDSA

ECDSA is widely used in crypto-currencies, such as BTC, Ethereum (secp256k1 curve), etc.

The multi-party ECDSA protocol in this library is implemented based on class group. It currently includes two protocols:

  • Key Generation for creating secret shares.
  • Signing for using the secret shares to generate a signature. This can be divided into two phases, Offline and Online:
    • The Offline phase is independent of the message to be signed and can be calculated in advance.
    • Simply passing the message (and the output of Offline) to the Online phase, and you can get the signature very quickly.

The ECDSA in this library includes schemes described in [DMZ+21](published in Asiacrypt 2021).

Protocol Introduction
[DMZ+21] - This paper proposes efficient multi-party threshold ECDSA protocols from CL encryptions based on class groups.
- This protocol avoids the low order assumption, which is a strong and non-standard assumption, and reduces the communication cost in keygen.

Usage

Let's take KeyGen for example, only need three steps. Assuming $(t,n) = (1,3)$ , party ids are 1, 2, 3.

Step 1: New a Phase object.

let partyid = "1".to_string();
let params = Parameters {
    threshold: 1,
    share_count: 3,
};
let party_ids = vec!["1".to_string(), "2".to_string(), "3".to_string()];
let mut keygen = KeyGenPhase::new(partyid, params, &Some(party_ids)).unwrap();

Step 2: Start by calling process_begin, which returns the message to be sent in the next round.

let sending_msg: SendingMessages = keygen.process_begin().unwrap();

According to the SendingMessages type(Broadcast, P2P, etc.) and content, we can package the index(from, self partyid) with the message(msg) to the other participant(s).

match sending_msg {
    SendingMessages::BroadcastMessage(msg) => {
        // broadcast the msg to all(including self).
    }
    SendingMessages::P2pMessage(msg) => {
        // send according to the k,v in the msg. k is the index which v will to be sent to.
    }
    SendingMessages::SubsetMessage(msg) => {
        // send according to the k in the party_ids or subset(used in sign phase). k is the index which msg will to be sent to.
    }
    _ => {}
}

Step 3: Handling messages by msg_handler.

When a message has been received, got the recv_from and recv_msg, and then pass them into msg_handler, which returns a result or the message to be sent in the next round.

loop {
    // let (recv_from, recv_msg) = According to the last round of SendingMessages
    let recv_from = "".to_string();
    let recv_msg = vec![0u8];
    let sending_msg = keygen.msg_handler(recv_from, &recv_msg).unwrap();
    match sending_msg {
        SendingMessages::KeyGenSuccessWithResult(msg) => {
            // got the keygen result
            break;
        }
        _ => {
            // other sending messages, ref Step 2.
        }
    }
}

Once SendingMessages::KeyGenSuccessWithResult is received, it indicates completion.

  • A local test shows how to use these functions.

  • The usage of SignOffline, SignOnline are similar to KeyGen. Please ref here for more details.

References

Contact

You could reach us by email.

License

The OpenTSS library is licensed under the GNU General Public License v3.0.

You might also like...
Pure Rust implementation of the Leighton Micali Signature scheme.

Leighton-Micali Hash-Based Signatures LMS implementation in Rust according to the IETF RFC 8554. This implementation is binary compatible with the ref

Fraunhofer AISEC 6 Jun 2, 2022
specs & benchmarks for the ZPrize 3 - High Throughput Signature Verification

Zprize: High Throughput Signature Verification How fast do you think you can verify our ECDSA signatures on Aleo? This year's Zprize is winner-take-al

null 6 Oct 21, 2023
dWallet Network, a composable modular signature network is the home of dWallets

Welcome to dWallet Network dWallet Network, a composable modular signature network is the home of dWallets. A dWallet is a noncollusive and massively

dWallet Labs 8 Feb 26, 2024
An implementation of the FP-Growth algorithm in pure Rust.

fp-growth-rs An implementation of the FP-Growth algorithm in pure Rust, which is inspired by enaeseth/python-fp-growth. Usage Add this to your Cargo.t

JmPotato 13 Dec 20, 2022
A simple and secure rust command-line tool to protect your text by encrypting and decrypting it using the robust AES-256 algorithm.

Secret Keeper A simple and secure command-line tool to protect your text by encrypting and decrypting it using the robust AES-256 algorithm. Built wit

Kunal Bagaria 9 May 11, 2023
Hindley–Milner Algorithm J implementation in Rust.

Algorithm J Hindley–Milner Algorithm J implementation in Rust. Showcase Usage To run the repl, use the following command: $ cargo run If you want to t

Miguel Gomes 5 Feb 21, 2024
A fast, non-cryptographic, minimally DoS-resistant hashing algorithm for Rust.
A fast, non-cryptographic, minimally DoS-resistant hashing algorithm for Rust.

Foldhash This repository contains foldhash, a fast, non-cryptographic, minimally DoS-resistant hashing algorithm implemented in Rust designed for comp

Orson Peters 155 Oct 23, 2024
Reference implementation for the Poseidon Snark-friendly Hash algorithm.

Dusk-Poseidon Reference implementation for the Poseidon Hashing algorithm. Reference Starkad and Poseidon: New Hash Functions for Zero Knowledge Proof

Dusk Network 96 Jan 2, 2023
An implementation of Jakobsson's Fractal Hash Sequence Traversal algorithm

fractal-hash-traversal An implementation of Jakobsson's Fractal Hash Sequence Traversal algorithm. There is at least one hash traversal algorithm that

Dan Cline 1 Jan 12, 2022
Comments
  • How to recover one valid {t,n} threshold (PublicKey, PrivateKey) pair ?

    How to recover one valid {t,n} threshold (PublicKey, PrivateKey) pair ?

    Amazing library. We really love it. For work, we can't use the Signing function, instead we need to generate a valid {t,n} threshold ecdsa (PublicKey, PrivateKey) pair. We can even ask the t out of n clients to send their local private keys to the final computer that will generate the final valid pair. Also this process will be used only once as we no longer use the same party again.

    Let's rewrite here our scenario

    1. n computers generate their local secrets.
    2. Using signing function on a dummy message, {t,n} can recover the PublicKey of the final pair from the signed dummy message.
    3. At a certain point in time, t of these n computers will share their keys to a special node.
    4. This special node should be able to recover (create) a valid {t,n} threshold ECDSA (Public,Private) key pair.
    5. We discard the party as we no longer need it.

    Think it as a 3rd party authentication service that is able to recreate the final (PublicKey,PrivateKey) pair. Or think it as an escrow multi sig. We know from the beginning the multi sig address, and after some time t out of n will allow one node to create the (PublicKey, PrivateKey) to claim control over the multi-sig address.

    Any idea of how to do it ? We really appreciate if you can help us, otherwise we can not use this amazing library in our work.

    opened by daevontkhplanesw 1
Owner
LatticeX Foundation
LatticeX Foundation
GitHub
Multy-party threshold ECDSA Substrate node

Webb DKG ??️ The Webb DKG ??‍✈️ ⚠️ Beta Software ⚠️ Running the DKG Currently the easiest way to run the DKG is to use a 3-node local testnet using dk

webb 42 Dec 19, 2022
Cryptographic signature algorithms: ECDSA, Ed25519

RustCrypto: signatures Support for digital signatures, which provide authentication of data using public-key cryptography. All algorithms reside in th

Rust Crypto 300 Jan 8, 2023
ECDSA Signature Server

Simple REST API used for serving ECDSA signatures to prevent automation software from minting NFTs in bulk.

Jonathan 3 Nov 30, 2022
Two-party and multi-party ECDSA protocols based on class group with Rust

CG-MPC-ECDSA This project aims to implement two-party and multi-party ECDSA protocols based on class group with Rust. It currently includes schemes de

LatticeX Foundation 16 Mar 17, 2022
A pure-Rust implementation of various threshold secret sharing schemes

Threshold Secret Sharing Efficient pure-Rust library for secret sharing, offering efficient share generation and reconstruction for both traditional S

Snips 137 Dec 29, 2022
🔑 Threshold Shamir's secret sharing in Rust

Rusty Secrets Rusty Secrets is an implementation of a threshold Shamir's secret sharing scheme. Documentation (latest) Documentation (master) Design g

Spin Research 233 Dec 17, 2022
Rust library for practical time-lock encryption using `drand` threshold network

tlock-rs: Practical Timelock Encryption/Decryption in Rust This repo contains pure Rust implementation of drand/tlock scheme. It provides time-based e

Timofey 32 Jan 8, 2023
A pairing-based threshold cryptosystem for collaborative decryption and signatures used in HoneybadgerBFT implementation

threshold_crypto A pairing-based threshold cryptosystem for collaborative decryption and signatures. The threshold_crypto crate provides cryptographic

null 166 Dec 29, 2022
Baek-Zheng threshold cryptosystem on top of BLS12-381

bzte A rust implementation of the Baek-Zhang threshold cryptosystem on top of BLS12-381 using arkworks Why threshold encrypt? The advantage of thresho

null 4 Jun 28, 2022
Gentle reminders to commit when your inserts/deletes cross a threshold

DiffDing It's easy to get lost in what you're doing. Diff ding counts the changes in your repo and reminds you to commit your changes once you exceed

Trevor Coleman 4 Dec 2, 2022