feat!: hide dkg public params from bindings

ferveo-python/examples/server_api_precomputed.py

@@ -92,7 +92,7 @@ def gen_eth_addr(i: int) -> str:
 
 # The client should have access to the public parameters of the DKG
 
-plaintext = decrypt_with_shared_secret(ciphertext, aad, shared_secret, dkg.public_params)
+plaintext = decrypt_with_shared_secret(ciphertext, aad, shared_secret)
 assert bytes(plaintext) == msg
 
 print("Success!")

ferveo-python/examples/server_api_simple.py

@@ -95,7 +95,7 @@ def gen_eth_addr(i: int) -> str:
 
 # The client should have access to the public parameters of the DKG
 
-plaintext = decrypt_with_shared_secret(ciphertext, aad, shared_secret, dkg.public_params)
+plaintext = decrypt_with_shared_secret(ciphertext, aad, shared_secret)
 assert bytes(plaintext) == msg
 
 print("Success!")

ferveo-python/ferveo/__init__.pyi

@@ -79,8 +79,6 @@ class Dkg:
 
     public_key: DkgPublicKey
 
-    public_params: DkgPublicParameters
-
     def generate_transcript(self) -> Transcript:
         ...
 
@@ -115,15 +113,6 @@ class DecryptionSharePrecomputed:
         ...
 
 
-class DkgPublicParameters:
-    @staticmethod
-    def from_bytes(data: bytes) -> DkgPublicParameters:
-        ...
-
-    def __bytes__(self) -> bytes:
-        ...
-
-
 class AggregatedTranscript:
 
     def __init__(self, messages: Sequence[Tuple[Validator, Transcript]]):
@@ -188,7 +177,6 @@ def decrypt_with_shared_secret(
         ciphertext: Ciphertext,
         aad: bytes,
         shared_secret: SharedSecret,
-        dkg_params: DkgPublicParameters,
 ) -> bytes:
     ...
 

ferveo-python/test/test_ferveo.py

@@ -99,15 +99,15 @@ def scenario_for_variant(variant, shares_num, threshold, shares_to_use):
 
     if variant == "simple" and len(decryption_shares) < threshold:
         with pytest.raises(ThresholdEncryptionError):
-            decrypt_with_shared_secret(ciphertext, aad, shared_secret, dkg.public_params)
+            decrypt_with_shared_secret(ciphertext, aad, shared_secret)
         return
 
     if variant == "precomputed" and len(decryption_shares) < shares_num:
         with pytest.raises(ThresholdEncryptionError):
-            decrypt_with_shared_secret(ciphertext, aad, shared_secret, dkg.public_params)
+            decrypt_with_shared_secret(ciphertext, aad, shared_secret)
         return
 
-    plaintext = decrypt_with_shared_secret(ciphertext, aad, shared_secret, dkg.public_params)
+    plaintext = decrypt_with_shared_secret(ciphertext, aad, shared_secret)
     assert bytes(plaintext) == msg
 
 

ferveo-python/test/test_serialization.py

@@ -2,7 +2,6 @@
     Keypair,
     Validator,
     Dkg,
-    DkgPublicParameters,
     DkgPublicKey
 )
 
@@ -22,18 +21,6 @@ def gen_eth_addr(i: int) -> str:
 validators.sort(key=lambda v: v.address)
 
 
-def make_dkg_public_params():
-    me = validators[0]
-    dkg = Dkg(
-        tau=tau,
-        shares_num=shares_num,
-        security_threshold=security_threshold,
-        validators=validators,
-        me=me,
-    )
-    return dkg.public_params
-
-
 def make_dkg_public_key():
     me = validators[0]
     dkg = Dkg(
@@ -51,14 +38,6 @@ def make_shared_secret():
     pass
 
 
-def test_dkg_public_parameters_serialization():
-    dkg_public_params = make_dkg_public_params()
-    serialized = bytes(dkg_public_params)
-    deserialized = DkgPublicParameters.from_bytes(serialized)
-    # TODO: Implement comparison
-    # assert dkg_public_params == deserialized
-
-
 # def test_shared_secret_serialization():
 #     shared_secret = create_shared_secret_instance()
 #     serialized = bytes(shared_secret)

ferveo-wasm/examples/node/src/main.test.ts

@@ -66,7 +66,7 @@ function setupTest() {
     tau,
     sharesNum,
     threshold,
-    validator_keypairs,
+    validatorKeypairs: validator_keypairs,
     validators,
     dkg,
     messages,
@@ -83,9 +83,8 @@ describe("ferveo-wasm", () => {
       tau,
       sharesNum,
       threshold,
-      validator_keypairs,
+      validatorKeypairs,
       validators,
-      dkg,
       messages,
       msg,
       aad,
@@ -94,7 +93,7 @@ describe("ferveo-wasm", () => {
 
     // Having aggregated the transcripts, the validators can now create decryption shares
     const decryptionShares: DecryptionShareSimple[] = [];
-    zip(validators, validator_keypairs).forEach(([validator, keypair]) => {
+    zip(validators, validatorKeypairs).forEach(([validator, keypair]) => {
       expect(validator.publicKey.equals(keypair.publicKey)).toBe(true);
 
       const dkg = new Dkg(tau, sharesNum, threshold, validators, validator);
@@ -124,7 +123,6 @@ describe("ferveo-wasm", () => {
       ciphertext,
       aad,
       sharedSecret,
-      dkg.publicParams()
     );
     expect(Buffer.from(plaintext)).toEqual(msg);
   });
@@ -134,9 +132,8 @@ describe("ferveo-wasm", () => {
       tau,
       sharesNum,
       threshold,
-      validator_keypairs,
+      validatorKeypairs,
       validators,
-      dkg,
       messages,
       msg,
       aad,
@@ -145,7 +142,7 @@ describe("ferveo-wasm", () => {
 
     // Having aggregated the transcripts, the validators can now create decryption shares
     const decryptionShares: DecryptionSharePrecomputed[] = [];
-    zip(validators, validator_keypairs).forEach(([validator, keypair]) => {
+    zip(validators, validatorKeypairs).forEach(([validator, keypair]) => {
       const dkg = new Dkg(tau, sharesNum, threshold, validators, validator);
       const aggregate = dkg.aggregateTranscript(messages);
       const isValid = aggregate.verify(sharesNum, messages);
@@ -171,7 +168,6 @@ describe("ferveo-wasm", () => {
       ciphertext,
       aad,
       sharedSecret,
-      dkg.publicParams()
     );
     expect(Buffer.from(plaintext)).toEqual(msg);
   });

ferveo-wasm/tests/node.rs

@@ -13,7 +13,6 @@ type TestSetup = (
     Vec<Keypair>,
     Vec<Validator>,
     ValidatorArray,
-    Dkg,
     ValidatorMessageArray,
     Vec<u8>,
     Vec<u8>,
@@ -86,7 +85,6 @@ fn setup_dkg() -> TestSetup {
         validator_keypairs,
         validators,
         validators_js,
-        dkg,
         messages_js,
         msg,
         aad,
@@ -103,7 +101,6 @@ fn tdec_simple() {
         validator_keypairs,
         validators,
         validators_js,
-        dkg,
         messages_js,
         msg,
         aad,
@@ -144,13 +141,8 @@ fn tdec_simple() {
         combine_decryption_shares_simple(&decryption_shares_js).unwrap();
 
     // The client should have access to the public parameters of the DKG
-    let plaintext = decrypt_with_shared_secret(
-        &ciphertext,
-        &aad,
-        &shared_secret,
-        &dkg.public_params(),
-    )
-    .unwrap();
+    let plaintext =
+        decrypt_with_shared_secret(&ciphertext, &aad, &shared_secret).unwrap();
     assert_eq!(msg, plaintext);
 }
 
@@ -163,7 +155,6 @@ fn tdec_precomputed() {
         validator_keypairs,
         validators,
         validators_js,
-        dkg,
         messages_js,
         msg,
         aad,
@@ -204,12 +195,7 @@ fn tdec_precomputed() {
         combine_decryption_shares_precomputed(&decryption_shares_js).unwrap();
 
     // The client should have access to the public parameters of the DKG
-    let plaintext = decrypt_with_shared_secret(
-        &ciphertext,
-        &aad,
-        &shared_secret,
-        &dkg.public_params(),
-    )
-    .unwrap();
+    let plaintext =
+        decrypt_with_shared_secret(&ciphertext, &aad, &shared_secret).unwrap();
     assert_eq!(msg, plaintext);
 }

ferveo/src/api.rs

@@ -10,9 +10,8 @@ use rand::RngCore;
 use serde::{Deserialize, Serialize};
 use serde_with::serde_as;
 pub use tpke::api::{
-    decrypt_with_shared_secret, prepare_combine_simple,
-    share_combine_precomputed, share_combine_simple, Ciphertext, Fr, G1Affine,
-    G1Prepared, SecretBox, E,
+    prepare_combine_simple, share_combine_precomputed, share_combine_simple,
+    Ciphertext, Fr, G1Affine, G1Prepared, SecretBox, E,
 };
 
 pub type PublicKey = ferveo_common::PublicKey<E>;
@@ -23,7 +22,8 @@ pub type ValidatorMessage = (Validator, Transcript);
 
 pub use crate::EthereumAddress;
 use crate::{
-    do_verify_aggregation, Error, PVSSMap, PubliclyVerifiableSS, Result,
+    do_verify_aggregation, Error, PVSSMap, PubliclyVerifiableParams,
+    PubliclyVerifiableSS, Result,
 };
 
 pub type DecryptionSharePrecomputed = tpke::api::DecryptionSharePrecomputed;
@@ -53,6 +53,21 @@ pub fn encrypt(
     Ok(ciphertext)
 }
 
+pub fn decrypt_with_shared_secret(
+    ciphertext: &Ciphertext,
+    aad: &[u8],
+    shared_secret: &SharedSecret,
+) -> Result<Vec<u8>> {
+    let dkg_public_params = DkgPublicParameters::default();
+    tpke::api::decrypt_with_shared_secret(
+        ciphertext,
+        aad,
+        &shared_secret.0,
+        &dkg_public_params.g1_inv,
+    )
+    .map_err(Error::from)
+}
+
 #[serde_as]
 #[derive(Copy, Clone, Debug, PartialEq, Serialize, Deserialize)]
 pub struct DkgPublicKey(
@@ -257,7 +272,15 @@ pub struct DecryptionShareSimple {
 #[derive(Clone, Debug, PartialEq, Serialize, Deserialize)]
 pub struct DkgPublicParameters {
     #[serde_as(as = "serialization::SerdeAs")]
-    pub g1_inv: G1Prepared,
+    pub(crate) g1_inv: G1Prepared,
+}
+
+impl Default for DkgPublicParameters {
+    fn default() -> Self {
+        DkgPublicParameters {
+            g1_inv: PubliclyVerifiableParams::<E>::default().g_inv(),
+        }
+    }
 }
 
 impl DkgPublicParameters {
@@ -400,8 +423,7 @@ mod test_ferveo_api {
         let plaintext = decrypt_with_shared_secret(
             &ciphertext,
             aad,
-            &shared_secret,
-            &dkg.0.pvss_params.g_inv(),
+            &SharedSecret(shared_secret),
         )
         .unwrap();
         assert_eq!(plaintext, msg);
@@ -415,8 +437,7 @@ mod test_ferveo_api {
         let result = decrypt_with_shared_secret(
             &ciphertext,
             aad,
-            &shared_secret,
-            &dkg.0.pvss_params.g_inv(),
+            &SharedSecret(shared_secret),
         );
         assert!(result.is_err());
     }
@@ -494,13 +515,9 @@ mod test_ferveo_api {
             decryption_shares[..security_threshold as usize].to_vec();
 
         let shared_secret = combine_shares_simple(&decryption_shares);
-        let plaintext = decrypt_with_shared_secret(
-            &ciphertext,
-            aad,
-            &shared_secret.0,
-            &dkg.public_params().g1_inv,
-        )
-        .unwrap();
+        let plaintext =
+            decrypt_with_shared_secret(&ciphertext, aad, &shared_secret)
+                .unwrap();
         assert_eq!(plaintext, msg);
 
         // Let's say that we've only received `security_threshold - 1` shares
@@ -509,12 +526,8 @@ mod test_ferveo_api {
             decryption_shares[..security_threshold as usize - 1].to_vec();
 
         let shared_secret = combine_shares_simple(&decryption_shares);
-        let result = decrypt_with_shared_secret(
-            &ciphertext,
-            aad,
-            &shared_secret.0,
-            &dkg.public_params().g1_inv,
-        );
+        let result =
+            decrypt_with_shared_secret(&ciphertext, aad, &shared_secret);
         assert!(result.is_err());
     }