forked from iotexproject/iotex-core
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dkg.go
193 lines (179 loc) · 5.96 KB
/
dkg.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
// Copyright (c) 2018 IoTeX
// This is an alpha (internal) release and is not suitable for production. This source code is provided 'as is' and no
// warranties are given as to title or non-infringement, merchantability or fitness for purpose and, to the extent
// permitted by law, all liability for your use of the code is disclaimed. This source code is governed by Apache
// License 2.0 that can be found in the LICENSE file.
package crypto
//#include "lib/blslib/dkg.h"
//#include "lib/blslib/random.h"
//#cgo darwin LDFLAGS: -L${SRCDIR}/lib/blslib -ltblsmnt_macos
//#cgo linux LDFLAGS: -L${SRCDIR}/lib/blslib -ltblsmnt_ubuntu
import "C"
import "errors"
// DKG represents a dkg struct singleton that contains the set of cryptography functions
var DKG dkg
type dkg struct {
}
// KeyPairGeneration generates a dkg key pair
func (d *dkg) KeyPairGeneration(shares [][]uint32, statusMatrix [][numnodes]bool) ([]byte, []byte, []uint32, error) {
if len(shares) != numnodes || len(statusMatrix) != numnodes || len(shares[0]) != sigSize {
return []byte{}, []byte{}, []uint32{}, errors.New("dimension of shares or statusMatrix is incorrect")
}
var Qs C.ec160_point_aff
var Qt C.ec_point_aff_twist
var sharesSer [numnodes][sigSize]C.uint32_t
var statusMatrixSer [numnodes][numnodes]C.uint8_t
var askSer [privkeySize]C.uint32_t
for i := 0; i < numnodes; i++ {
for j := 0; j < sigSize; j++ {
sharesSer[i][j] = (C.uint32_t)(shares[i][j])
}
for j := 0; j < numnodes; j++ {
if statusMatrix[i][j] {
statusMatrixSer[i][j] = 1
} else {
statusMatrixSer[i][j] = 0
}
}
}
C.dkg_keypair_gen(&sharesSer[0], &statusMatrixSer[0], &askSer[0], &Qs, &Qt)
s, err := pointSerialization(Qs)
if err != nil {
return []byte{}, []byte{}, []uint32{}, err
}
t, err := twistPointSerialization(Qt)
if err != nil {
return []byte{}, []byte{}, []uint32{}, err
}
ask := make([]uint32, privkeySize)
for i, x := range askSer {
ask[i] = uint32(x)
}
return s, t, ask, nil
}
// SkGeneration generates a secret key
func (d *dkg) SkGeneration() []uint32 {
var sk [privkeySize]C.uint32_t
C.dkg_sk_generation(&sk[0])
result := make([]uint32, len(sk))
for i, x := range sk {
result[i] = (uint32)(x)
}
return result
}
// Init is the share initialization method using shamir secret sharing
func (d *dkg) Init(ms []uint32, ids [][]uint8) ([][]uint32, [][]uint32, [][]byte, error) {
if len(ids) != numnodes {
return [][]uint32{}, [][]uint32{}, [][]byte{}, errors.New("dimension of ids is incorrect")
}
var idsSer [numnodes][idlength]C.uint8_t
var msSer [privkeySize]C.uint32_t
var shares [numnodes][sigSize]C.uint32_t
var coeffs [Degree + 1][sigSize]C.uint32_t
var witnesses [Degree + 1]C.ec160_point_aff
for i := 0; i < numnodes; i++ {
for j := 0; j < idlength; j++ {
idsSer[i][j] = (C.uint8_t)(ids[i][j])
}
}
for i := 0; i < privkeySize; i++ {
msSer[i] = (C.uint32_t)(ms[i])
}
ok := C.dkg_init(&msSer[0], &coeffs[0], &idsSer[0], &shares[0], &witnesses[0])
if ok == 1 {
coeffsDes := make([][]uint32, Degree+1)
for i := 0; i < Degree+1; i++ {
coeffsDes[i] = make([]uint32, sigSize)
for j := 0; j < sigSize; j++ {
coeffsDes[i][j] = (uint32)(coeffs[i][j])
}
}
sharesDes := make([][]uint32, numnodes)
for i := 0; i < numnodes; i++ {
sharesDes[i] = make([]uint32, sigSize)
for j := 0; j < sigSize; j++ {
sharesDes[i][j] = (uint32)(shares[i][j])
}
}
var witnessByte [][]byte
for _, point := range witnesses {
wb, err := pointSerialization(point)
if err != nil {
return [][]uint32{}, [][]uint32{}, [][]byte{}, err
}
witnessByte = append(witnessByte, wb)
}
return coeffsDes, sharesDes, witnessByte, nil
}
return [][]uint32{}, [][]uint32{}, [][]byte{}, errors.New("Failed to initialize shamir secret sharing")
}
// SharesCollect collects and verifies the received keys
func (d *dkg) SharesCollect(id []uint8, shares [][]uint32, witnesses [][][]byte) ([numnodes]bool, error) {
if len(shares) != numnodes || len(shares[0]) != sigSize || len(witnesses) != numnodes || len(witnesses[0]) != Degree+1 {
return [numnodes]bool{}, errors.New("dimension of shares or witnesses is incorrect")
}
var idSer [idlength]C.uint8_t
var sharesSer [numnodes][sigSize]C.uint32_t
var witnessList [numnodes][Degree + 1]C.ec160_point_aff
var sharestatus [numnodes]C.uint8_t
for i := 0; i < numnodes; i++ {
for j := 0; j < sigSize; j++ {
sharesSer[i][j] = (C.uint32_t)(shares[i][j])
}
for j := 0; j < Degree+1; j++ {
point, err := pointDeserialization(witnesses[i][j])
if err != nil {
return [numnodes]bool{}, errors.New("Failed to deserialize point")
}
witnessList[i][j] = point
}
}
for i := 0; i < idlength; i++ {
idSer[i] = (C.uint8_t)(id[i])
}
C.dkg_shares_collect(&idSer[0], &sharesSer[0], &witnessList[0], &sharestatus[0])
var result [numnodes]bool
for i := 0; i < numnodes; i++ {
if sharestatus[i] == 1 {
result[i] = true
}
}
return result, nil
}
// ShareVerify verifies the received secret share
func (d *dkg) ShareVerify(id []uint8, share []uint32, witness [][]byte) (bool, error) {
if len(share) != sigSize || len(witness) != Degree+1 {
return false, errors.New("dimension of share or witness is incorrect")
}
var idSer [idlength]C.uint8_t
var shareSer [sigSize]C.uint32_t
var witnessSer [Degree + 1]C.ec160_point_aff
for i := 0; i < sigSize; i++ {
shareSer[i] = (C.uint32_t)(share[i])
}
for i := 0; i < Degree+1; i++ {
point, err := pointDeserialization(witness[i])
if err != nil {
return false, errors.New("failed to deserialize point")
}
witnessSer[i] = point
}
for i := 0; i < idlength; i++ {
idSer[i] = (C.uint8_t)(id[i])
}
result := C.dkg_share_verify(&idSer[0], &shareSer[0], &witnessSer[0])
if result == 1 {
return true, nil
}
return false, nil
}
// RndGenerate generates a random byte array of IDLENGTH size
func RndGenerate() []uint8 {
var rnd [idlength]C.uint8_t
C.rnd_generate(&rnd[0], (C.uint32_t)(idlength))
result := make([]uint8, len(rnd))
for i, x := range rnd {
result[i] = (uint8)(x)
}
return result
}