Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



14 Commits

Repository files navigation

The CHURP code is an academic research prototype, and meant to elucidate protocol details and for proofs-of-concept, and benchmarking. It has not been developed in a production environment and is not meant for deployment.


CHURP: Dynamic-Committee Proactive Secret Sharing


Achieving decentralization requires decentralized cryptography. CHURP (CHUrn-Robust Proactive secret sharing) is a cryptographic protocol for secret sharing in decentralized settings, where committee nodes may come and go. In such a setting, traditional secret sharing (e.g., Shamir's) is no longer secure. Featuring several fundamental innovations, CHURP accomplishes the mission while being 2300x more efficient than previous schemes!

Getting Started

This the repo for CHURP code (in Golang). Below you can find build and usage instructions.

If you want to run a demo or play with pre-complied CHURP, the easiest way to get started is to use docker. Please refer to the docker document for installation instructions.

If you want to build CHURP from source, we've prepared a special builder docker image for that, with dependecies installed. (If you really want to build/run the code natively, please refer to the dockerfiles.)


We release compiled executables in the docker image churp/churp. For example, to run a demo of 5 nodes, you can use the script which is part of the docker image:

docker run -ti churp/churp bash
# ./ 5 2 starts a demo with n=5 nodes using a polynomial of degree t=2. Note that we require n >= 2t+1.


We prepared a special builder docker image for building CHURP from source code. Make sure you're in the root of the repo (i.e., the directory that has src), then run the following to launch the builder:

docker run -ti -v $(pwd)/src:/src --workdir /src churp/builder bash
# make  # build using the provided Makefile


At a high level, CHURP provides the following API:

  • initialize(t, [nodeList], ...): Set the required parameters for CHURP: t stands for the threshold and nodeList represents the set of nodes that form a committee. Some other parameters that need to be set are the epoch duration and commitment scheme parameters.

  • (Optional) storeSecret(SK): Distribute the secret SK using (t, n)-sharing (n=|nodeList|) such that each node in nodeList stores a share of the secret. (Note that this function is optional. For some applications, the secret might be generated randomly using Distributed Key Generation protocols.)

  • changeCommittee([newNodeList]): Execute CHURP to handoff the secret SK from the old committee, nodeList, to the new committee, newNodeList.

  • (Optional) retrieveSecret() -> SK: Reconstruct the secret from shares retrieved from nodes in the nodeList. (Note that this function is optional, i.e., CHURP works without any need to explicitly reconstruct the secret.)


Currently CHURP is built on Pairing Based Cryptography library (LGPL) and its Go wrapper, GNU Multi Precision library and its Go wrapper (BSD), and Google Protobuffer.