import "github.com/coinbase/kryptology/pkg/tecdsa/dkls"Package dkls implements the 2-of-2 threshold ECDSA signing algorithm of [Doerner, Kondi, Lee, and shelat](https://eprint.iacr.org/2018/499\)\. For an example of use, look at sign.go.
It is currently a work in progress; do not use it in real-life scenarios yet. TODO: Docs to be completed.
- func EncodeAlice(a *Alice) ([]byte, error)
- func EncodeBob(b *Bob) ([]byte, error)
- func NewPipeWrappers() (*pipeWrapper, *pipeWrapper)
- type Alice
- type AliceDkg
- type AliceSign
- type Bob
- type BobDkg
- type BobSign
- type DkgResult
- type MultiplyReceiver
- type MultiplySender
- type Params
- type ProtocolIterator
- type Schnorr
func EncodeAlice
func EncodeAlice(a *Alice) ([]byte, error)Encodes an alice object as a byte sequence after DKG has been completed.
func EncodeBob
func EncodeBob(b *Bob) ([]byte, error)Encodes a bob object as a byte sequence after DKG has been completed.
func NewPipeWrappers
func NewPipeWrappers() (*pipeWrapper, *pipeWrapper)type Alice
Alice struct encoding Alice's state during one execution of the overall signing algorithm. At the end of the joint computation, Alice will NOT obtain the signature.
type Alice struct {
PkA *Schnorr // this is a "schnorr statement" for pkA.
Receiver *seedOTReceiver
SkA *big.Int // the witness
Pk *curves.EcPoint
// contains filtered or unexported fields
}func DecodeAlice
func DecodeAlice(params *Params, b []byte) (*Alice, error)Decodes an alice object that was encoded after DKG.
func NewAlice
func NewAlice(params *Params) *AliceNewAlice creates a party that can participate in 2-of-2 DKG and threshold signature.
func (*Alice) DKG
func (alice *Alice) DKG(rw io.ReadWriter) errorfunc (*Alice) Sign
func (alice *Alice) Sign(m []byte, rw io.ReadWriter) errorSign this is an illustrative helper method which shows the overall flow for Alice. in practice this will be replaced by a method which actually sends messages back and forth.
type AliceDkg
AliceDkg DKLS DKG implementation that satisfies the protocol iterator interface.
type AliceDkg struct {
// contains filtered or unexported fields
}func NewAliceDkg
func NewAliceDkg(params *Params) *AliceDkgNewAliceDkg creates a new protocol that can compute a DKG as Alice
func (*AliceDkg) Result
func (a *AliceDkg) Result() (interface{}, error)Result Returns an encoded version of Alice as sequence of bytes that can be used to initialize an AliceSign protocol.
func (*AliceDkg) SetDebug
func (a *AliceDkg) SetDebug(log io.Writer)type AliceSign
AliceSign DKLS sign implementation that satisfies the protocol iterator interface.
type AliceSign struct {
// contains filtered or unexported fields
}func NewAliceSign
func NewAliceSign(params *Params, msg []byte, dkgResult []byte) (*AliceSign, error)Creates a new protocol that can compute a signature as Alice. Requires dkg state that was produced at the end of DKG.Result().
func (*AliceSign) Result
func (a *AliceSign) Result() (interface{}, error)Result always returns errNoSig. Alice does not compute a signature in the DKLS protocol; only Bob computes the signature.
func (*AliceSign) SetDebug
func (a *AliceSign) SetDebug(log io.Writer)type Bob
Bob struct encoding Bob's state during one execution of the overall signing algorithm. At the end of the joint computation, Bob will obtain the signature.
type Bob struct {
// Exported fields
PkB *Schnorr // this is a "schnorr statement" for pkB.
Sender *seedOTSender
SkB *big.Int
Pk *curves.EcPoint
Sig *curves.EcdsaSignature // The resulting digital signature
// contains filtered or unexported fields
}func DecodeBob
func DecodeBob(params *Params, b []byte) (*Bob, error)Decodes an bob object that was encoded after DKG.
func NewBob
func NewBob(params *Params) *BobNewBob creates a party that can participate in 2-of-2 DKG and threshold signature. This party is the receiver of the signature at the end.
func (*Bob) DKG
func (bob *Bob) DKG(rw io.ReadWriter) errorfunc (*Bob) Sign
func (bob *Bob) Sign(m []byte, rw io.ReadWriter) errorSign this is an illustrative helper method which shows the overall flow for Bob.
type BobDkg
BobDkg DKLS DKG implementation that satisfies the protocol iterator interface.
type BobDkg struct {
// contains filtered or unexported fields
}func NewBobDkg
func NewBobDkg(params *Params) *BobDkgNewBobDkg Creates a new protocol that can compute a DKG as Bob
func (*BobDkg) Result
func (b *BobDkg) Result() (interface{}, error)Result returns an encoded version of Alice as sequence of bytes that can be used to initialize an AliceSign protocol.
func (*BobDkg) SetDebug
func (b *BobDkg) SetDebug(log io.Writer)type BobSign
BobSign DKLS sign implementation that satisfies the protocol iterator interface.
type BobSign struct {
// contains filtered or unexported fields
}func NewBobSign
func NewBobSign(params *Params, msg []byte, dkgResult []byte) (*BobSign, error)NewBobSign creates a new protocol that can compute a signature as Bob. Requires dkg state that was produced at the end of DKG.Result().
func (*BobSign) Result
func (d *BobSign) Result() (interface{}, error)If the signing protocol completed successfully, returns the signature that Bob computed as a *core.EcdsaSignature.
func (*BobSign) SetDebug
func (b *BobSign) SetDebug(log io.Writer)type DkgResult
DKG protocols produce the following result on successful completion
type DkgResult struct {
DkgState []byte
Pubkey *curves.EcPoint
}type MultiplyReceiver
type MultiplyReceiver struct {
TB []*big.Int
// contains filtered or unexported fields
}func NewMultiplyReceiver
func NewMultiplyReceiver(multiplicity int, sender *seedOTSender) *MultiplyReceiverfunc (*MultiplyReceiver) MultiplyInit
func (receiver *MultiplyReceiver) MultiplyInit(idExt [32]byte, beta []*big.Int, w io.Writer) errorMultiplyInit Protocol 5., Multiplication, 3). Bob (receiver) encodes beta and initiates the cOT extension!
func (*MultiplyReceiver) MultiplyTransfer
func (receiver *MultiplyReceiver) MultiplyTransfer(r io.Reader) errorMultiplyTransfer Protocol 5., Multiplication, 3) and 6). Bob finalizes the cOT extension. using that and Alice's multiplication message, Bob completes the multiplication protocol, including checks. at the end, Bob's values tB_j are populated.
type MultiplySender
type MultiplySender struct {
TA []*big.Int
// contains filtered or unexported fields
}func NewMultiplySender
func NewMultiplySender(multiplicity int, receiver *seedOTReceiver) *MultiplySenderfunc (*MultiplySender) Multiply
func (sender *MultiplySender) Multiply(idExt [32]byte, alpha []*big.Int, rw io.ReadWriter) errorMultiply Protocol 5., steps 3) 5), 7). Alice _responds_ to Bob's initial cOT message, using a vector of alphas as input. doesn't actually send that message yet, only stashes it, and moves onto the next steps of the multiplication protocol specifically, Alice can then do step 5) (compute the outputs of the multiplication protocol), also stashes this. finishes up by taking care of 7), after that, Alice is totally done with multiplication and has stashed the outputs.
type Params
type Params struct {
Curve elliptic.Curve
Scalar curves.EcScalar
Generator *curves.EcPoint
// contains filtered or unexported fields
}func NewParams
func NewParams(curve elliptic.Curve, scalar curves.EcScalar) (*Params, error)NewParams receives an implementation of the curve and scalar interfaces and sets the parameters needed for DKG and Threshold ECDSA of DKLS.
type ProtocolIterator
ProtocolIterator a generalized interface for multi-party protocols that follows the iterator pattern.
type ProtocolIterator interface {
// Next runs the next round of the protocol.
// Inputs are read from rw.Read(); outputs are written to rw.Write().
// Returns io.EOF when protocol has completed.
Next(rw io.ReadWriter) error
// Result returns the final result, if any, of the completed protocol.
// Reports an error if the protocol has not yet terminated
// or if an error was encountered during protocol execution.
Result() (interface{}, error)
// SetDebug enables or disables (passing a nil value as input) debugging.
// At the moment, we only print the final dkls dkg result as json value to this log, but if needed more debugging
// can be added for various steps of the other protocols.
SetDebug(log io.Writer)
}type Schnorr
type Schnorr struct {
Pub *curves.EcPoint // this is the public point.
C *big.Int
S *big.Int
// contains filtered or unexported fields
}func (*Schnorr) DecommitVerify
func (proof *Schnorr) DecommitVerify(com []byte) errorfunc (*Schnorr) Prove
func (proof *Schnorr) Prove(x *big.Int) errorfunc (*Schnorr) ProveCommit
func (proof *Schnorr) ProveCommit(x *big.Int) ([]byte, error)this "commits to" a schnorr proof which is later revealed; see Functionality 7. it mutates `st` by adding a proof to it, and then also returns the commitment to the proof.
func (*Schnorr) Verify
func (proof *Schnorr) Verify() errorGenerated by gomarkdoc