From 590c68c82e0ad5f9eb8c10d1205288566ae2b3ea Mon Sep 17 00:00:00 2001 From: Jakub Nowakowski Date: Wed, 29 Aug 2018 14:20:36 +0200 Subject: [PATCH 01/12] Fixed error message --- pkg/tecdsa/signer_keygen.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/tecdsa/signer_keygen.go b/pkg/tecdsa/signer_keygen.go index 4c68b98a01..818d08b52c 100644 --- a/pkg/tecdsa/signer_keygen.go +++ b/pkg/tecdsa/signer_keygen.go @@ -222,7 +222,7 @@ func (ls *LocalSigner) CombineDsaKeyShares( if len(revealedShares) != ls.groupParameters.GroupSize { return nil, fmt.Errorf( - "all group members should reveal shares; Got %v, expected %v", + "all group members should reveal shares; got %v, expected %v", len(revealedShares), ls.groupParameters.GroupSize, ) From 19196796e26726e68d3a38051b8403d09bc6686d Mon Sep 17 00:00:00 2001 From: Jakub Nowakowski Date: Wed, 29 Aug 2018 14:22:18 +0200 Subject: [PATCH 02/12] Register signers in group on initialization --- pkg/tecdsa/signer_keygen_test.go | 7 +++++++ pkg/tecdsa/signer_sign_test.go | 7 +++++++ pkg/tecdsa/signer_smoke_test.go | 7 +++++++ 3 files changed, 21 insertions(+) diff --git a/pkg/tecdsa/signer_keygen_test.go b/pkg/tecdsa/signer_keygen_test.go index 0cc622c2b3..5088d74ab4 100644 --- a/pkg/tecdsa/signer_keygen_test.go +++ b/pkg/tecdsa/signer_keygen_test.go @@ -282,6 +282,13 @@ func createNewLocalGroup() ([]*LocalSigner, *PublicParameters, error) { ) } + // Register signers' IDs + for i := 0; i < len(localSigners); i++ { + for j := 0; j < len(localSigners); j++ { + localSigners[i].signerGroup.RegisterSignerID(localSigners[j].ID) + } + } + return localSigners, groupParameters, nil } diff --git a/pkg/tecdsa/signer_sign_test.go b/pkg/tecdsa/signer_sign_test.go index bc722a4e76..a79d67a70c 100644 --- a/pkg/tecdsa/signer_sign_test.go +++ b/pkg/tecdsa/signer_sign_test.go @@ -510,6 +510,13 @@ func TestSignAndCombineRound6(t *testing.T) { signatureFactorPublic: signatureFactorPublic, signatureFactorPublicHash: signatureFactorPublicHash, } + + } + + for i := 0; i < len(signers); i++ { + for j := 0; j < len(signers); j++ { + signers[i].signerGroup.RegisterSignerID(signers[j].ID) + } } messageHash := make([]byte, 32) // m diff --git a/pkg/tecdsa/signer_smoke_test.go b/pkg/tecdsa/signer_smoke_test.go index ee3a5fad87..6fbef1a80d 100644 --- a/pkg/tecdsa/signer_smoke_test.go +++ b/pkg/tecdsa/signer_smoke_test.go @@ -337,6 +337,13 @@ func generateNewLocalGroup() ( ) } + // Register signers' IDs + for i := 0; i < len(localSigners); i++ { + for j := 0; j < len(localSigners); j++ { + localSigners[i].signerGroup.RegisterSignerID(localSigners[j].ID) + } + } + return localSigners, parameters, nil } From 84766293e2e2b85bf279d276b7ef4bfff154af39 Mon Sep 17 00:00:00 2001 From: Jakub Nowakowski Date: Wed, 29 Aug 2018 14:22:47 +0200 Subject: [PATCH 03/12] Check if signers group is complete --- pkg/tecdsa/signer_smoke_test.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/tecdsa/signer_smoke_test.go b/pkg/tecdsa/signer_smoke_test.go index 6fbef1a80d..7f1ef4c0a2 100644 --- a/pkg/tecdsa/signer_smoke_test.go +++ b/pkg/tecdsa/signer_smoke_test.go @@ -56,6 +56,10 @@ func TestFullInitAndSignPath(t *testing.T) { // generation process // for i, signer := range localSigners { + if groupComplete, err := signer.IsSignerGroupComplete(); !groupComplete || err != nil { + t.Fatal(err) + } + masterPublicKeyShareMessagesKeyGeneration[i], err = signer.GenerateMasterPublicKeyShare() if err != nil { t.Fatal(err) From 1cb11eb9ae5a889bb9cd1b5020c46fd95ef52a7c Mon Sep 17 00:00:00 2001 From: Jakub Nowakowski Date: Wed, 29 Aug 2018 14:24:08 +0200 Subject: [PATCH 04/12] Check if signer is active --- pkg/tecdsa/signer_keygen.go | 4 ++++ pkg/tecdsa/signer_setup.go | 8 ++++++++ pkg/tecdsa/signer_sign.go | 16 ++++++++++++++++ 3 files changed, 28 insertions(+) diff --git a/pkg/tecdsa/signer_keygen.go b/pkg/tecdsa/signer_keygen.go index 818d08b52c..7b0f3a6605 100644 --- a/pkg/tecdsa/signer_keygen.go +++ b/pkg/tecdsa/signer_keygen.go @@ -239,6 +239,10 @@ func (ls *LocalSigner) CombineDsaKeyShares( if commitmentMsg.signerID == revealedSharesMsg.signerID { foundMatchingRevealMessage = true + if !ls.signerGroup.IsActiveSigner(commitmentMsg.signerID) { + return nil, fmt.Errorf("signer with ID %s is not in active signers group", commitmentMsg.signerID) + } + if revealedSharesMsg.isValid( ls.commitmentMasterPublicKey, commitmentMsg.publicKeyShareCommitment, diff --git a/pkg/tecdsa/signer_setup.go b/pkg/tecdsa/signer_setup.go index dce97a711a..69aba44aad 100644 --- a/pkg/tecdsa/signer_setup.go +++ b/pkg/tecdsa/signer_setup.go @@ -53,6 +53,14 @@ func (sc *signerCore) CombineMasterPublicKeyShares( ) } + for _, message := range masterPublicKeySharesMessages[1:] { + if !sc.signerGroup.IsActiveSigner(message.signerID) { + return nil, fmt.Errorf("signer with ID %s is not in active signers group", + message.signerID, + ) + } + } + masterPublicKey := new(bn256.G2) masterPublicKey.Unmarshal( masterPublicKeySharesMessages[0].masterPublicKeyShare, diff --git a/pkg/tecdsa/signer_sign.go b/pkg/tecdsa/signer_sign.go index 1b8c29b4d7..96e3f1c21b 100644 --- a/pkg/tecdsa/signer_sign.go +++ b/pkg/tecdsa/signer_sign.go @@ -196,6 +196,10 @@ func (s *Round2Signer) CombineRound2Messages( if round1Message.signerID == round2Message.signerID { foundMatchingRound2Message = true + if !s.signerGroup.IsActiveSigner(round1Message.signerID) { + return nil, nil, fmt.Errorf("signer with ID %s is not in active signers group", round1Message.signerID) + } + if round2Message.isValid( s.commitmentMasterPublicKey, round1Message.secretKeyFactorShareCommitment, @@ -464,6 +468,10 @@ func (s *Round4Signer) CombineRound4Messages( if round3Message.signerID == round4Message.signerID { foundMatchingRound4Message = true + if !s.signerGroup.IsActiveSigner(round3Message.signerID) { + return nil, nil, fmt.Errorf("signer with ID %s is not in active signers group", round3Message.signerID) + } + if round4Message.isValid( s.commitmentMasterPublicKey, round3Message.signatureFactorShareCommitment, @@ -582,6 +590,10 @@ func (s *Round5Signer) CombineRound5Messages( partialDecryptions := make([]*paillier.PartialDecryption, groupSize) for i, round5Message := range round5Messages { + if !s.signerGroup.IsActiveSigner(round5Message.signerID) { + return nil, fmt.Errorf("signer with ID %s is not in active signers group", round5Message.signerID) + } + partialDecryptions[i] = round5Message.signatureUnmaskPartialDecryption } @@ -659,6 +671,10 @@ func (s *Round5Signer) CombineRound6Messages( partialDecryptions := make([]*paillier.PartialDecryption, groupSize) for i, round6Message := range round6Messages { + if !s.signerGroup.IsActiveSigner(round6Message.signerID) { + return nil, fmt.Errorf("signer with ID %s is not in active signers group", round6Message.signerID) + } + partialDecryptions[i] = round6Message.signaturePartialDecryption } From d31b5d7733f4f4dee66c183db654816cb795f50f Mon Sep 17 00:00:00 2001 From: Jakub Nowakowski Date: Wed, 29 Aug 2018 14:25:16 +0200 Subject: [PATCH 05/12] Remove Signer from the group on failure --- pkg/tecdsa/signer_keygen.go | 2 ++ pkg/tecdsa/signer_sign.go | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/pkg/tecdsa/signer_keygen.go b/pkg/tecdsa/signer_keygen.go index 7b0f3a6605..fdcc2f1191 100644 --- a/pkg/tecdsa/signer_keygen.go +++ b/pkg/tecdsa/signer_keygen.go @@ -251,12 +251,14 @@ func (ls *LocalSigner) CombineDsaKeyShares( secretKeyShares[i] = revealedSharesMsg.secretKeyShare publicKeyShares[i] = revealedSharesMsg.publicKeyShare } else { + ls.signerGroup.RemoveSignerID(commitmentMsg.signerID) return nil, errors.New("KeyShareRevealMessage rejected") } } } if !foundMatchingRevealMessage { + ls.signerGroup.RemoveSignerID(commitmentMsg.signerID) return nil, fmt.Errorf( "no matching share reveal message for signer with ID=%v", commitmentMsg.signerID, diff --git a/pkg/tecdsa/signer_sign.go b/pkg/tecdsa/signer_sign.go index 96e3f1c21b..06db84258f 100644 --- a/pkg/tecdsa/signer_sign.go +++ b/pkg/tecdsa/signer_sign.go @@ -209,12 +209,14 @@ func (s *Round2Signer) CombineRound2Messages( secretKeyFactorShares[i] = round2Message.secretKeyFactorShare secretKeyMultipleShares[i] = round2Message.secretKeyMultipleShare } else { + s.signerGroup.RemoveSignerID(round1Message.signerID) return nil, nil, errors.New("round 2 message rejected") } } } if !foundMatchingRound2Message { + s.signerGroup.RemoveSignerID(round1Message.signerID) return nil, nil, fmt.Errorf( "no matching round 2 message for signer with ID = %v", round1Message.signerID, @@ -481,12 +483,14 @@ func (s *Round4Signer) CombineRound4Messages( signatureFactorPublicShares[i] = round4Message.signatureFactorPublicShare signatureUnmaskShares[i] = round4Message.signatureUnmaskShare } else { + s.signerGroup.RemoveSignerID(round3Message.signerID) return nil, nil, errors.New("round 4 message rejected") } } } if !foundMatchingRound4Message { + s.signerGroup.RemoveSignerID(round3Message.signerID) return nil, nil, fmt.Errorf( "no matching round 4 message for signer with ID = %v", round3Message.signerID, From 78b079a4c584d3dad29457928ac65f3e2c1552b3 Mon Sep 17 00:00:00 2001 From: Jakub Nowakowski Date: Wed, 29 Aug 2018 14:26:48 +0200 Subject: [PATCH 06/12] Get length of a group as group size --- pkg/tecdsa/signer_sign.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/tecdsa/signer_sign.go b/pkg/tecdsa/signer_sign.go index 06db84258f..8d6bb4fc02 100644 --- a/pkg/tecdsa/signer_sign.go +++ b/pkg/tecdsa/signer_sign.go @@ -168,7 +168,7 @@ func (s *Round2Signer) CombineRound2Messages( secretKeyMultiple *paillier.Cypher, err error, ) { - groupSize := s.groupParameters.GroupSize + groupSize := s.signerGroup.Size() if len(round1Messages) != groupSize { return nil, nil, fmt.Errorf( @@ -442,7 +442,7 @@ func (s *Round4Signer) CombineRound4Messages( signatureFactorPublic *curve.Point, // R err error, ) { - groupSize := s.groupParameters.GroupSize + groupSize := s.signerGroup.Size() if len(round3Messages) != groupSize { return nil, nil, fmt.Errorf( @@ -582,7 +582,7 @@ func (s *Round5Signer) CombineRound5Messages( signatureUnmask *big.Int, // TDec(w) err error, ) { - groupSize := s.groupParameters.GroupSize + groupSize := s.signerGroup.Size() if len(round5Messages) != groupSize { return nil, fmt.Errorf( @@ -663,7 +663,7 @@ type Signature struct { func (s *Round5Signer) CombineRound6Messages( round6Messages []*SignRound6Message, ) (*Signature, error) { - groupSize := s.groupParameters.GroupSize + groupSize := s.signerGroup.Size() if len(round6Messages) != groupSize { return nil, fmt.Errorf( From b2759b912eee9ae1a0f665e5afc66f3968bd8d3d Mon Sep 17 00:00:00 2001 From: Jakub Nowakowski Date: Wed, 29 Aug 2018 14:27:47 +0200 Subject: [PATCH 07/12] Validate messages number against threshold --- pkg/tecdsa/signer_sign.go | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/pkg/tecdsa/signer_sign.go b/pkg/tecdsa/signer_sign.go index 8d6bb4fc02..a8f7fb8add 100644 --- a/pkg/tecdsa/signer_sign.go +++ b/pkg/tecdsa/signer_sign.go @@ -170,19 +170,19 @@ func (s *Round2Signer) CombineRound2Messages( ) { groupSize := s.signerGroup.Size() - if len(round1Messages) != groupSize { + if len(round1Messages) < s.groupParameters.Threshold { return nil, nil, fmt.Errorf( - "round 1 messages required from all group members; got %v, expected %v", + "round 1 messages required from at least %v group members but got %v", + s.groupParameters.Threshold, len(round1Messages), - groupSize, ) } - if len(round2Messages) != groupSize { + if len(round2Messages) < s.groupParameters.Threshold { return nil, nil, fmt.Errorf( - "round 2 messages required from all group members; got %v, expected %v", + "round 2 messages required from at least %v group members but got %v", + s.groupParameters.Threshold, len(round2Messages), - groupSize, ) } @@ -444,19 +444,19 @@ func (s *Round4Signer) CombineRound4Messages( ) { groupSize := s.signerGroup.Size() - if len(round3Messages) != groupSize { + if len(round3Messages) < s.groupParameters.Threshold { return nil, nil, fmt.Errorf( - "round 3 messages required from all group members; got %v, expected %v", + "round 3 messages required from at least %v group members but got %v", + s.groupParameters.Threshold, len(round3Messages), - groupSize, ) } - if len(round4Messages) != groupSize { + if len(round4Messages) < s.groupParameters.Threshold { return nil, nil, fmt.Errorf( - "round 4 messages required from all group members; got %v, expected %v", + "round 4 messages required from at least %v group members but got %v", + s.groupParameters.Threshold, len(round4Messages), - groupSize, ) } @@ -584,11 +584,11 @@ func (s *Round5Signer) CombineRound5Messages( ) { groupSize := s.signerGroup.Size() - if len(round5Messages) != groupSize { + if len(round5Messages) < s.groupParameters.Threshold { return nil, fmt.Errorf( - "round 5 messages required from all group members; got %v, expected %v", + "round 5 messages required from at least %v group members but got %v", + s.groupParameters.Threshold, len(round5Messages), - groupSize, ) } @@ -665,11 +665,11 @@ func (s *Round5Signer) CombineRound6Messages( ) (*Signature, error) { groupSize := s.signerGroup.Size() - if len(round6Messages) != groupSize { + if len(round6Messages) < s.groupParameters.Threshold { return nil, fmt.Errorf( - "round 6 messages required from all group members; got %v, expected %v", + "round 6 messages required from at least %v group members but got %v", + s.groupParameters.Threshold, len(round6Messages), - groupSize, ) } From d9552749dbafd130d26666b35bc9ec6667a4b4e4 Mon Sep 17 00:00:00 2001 From: Jakub Nowakowski Date: Wed, 29 Aug 2018 14:28:23 +0200 Subject: [PATCH 08/12] Updated expected errors --- pkg/tecdsa/signer_keygen_test.go | 2 +- pkg/tecdsa/signer_sign_test.go | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/tecdsa/signer_keygen_test.go b/pkg/tecdsa/signer_keygen_test.go index 5088d74ab4..03c300baac 100644 --- a/pkg/tecdsa/signer_keygen_test.go +++ b/pkg/tecdsa/signer_keygen_test.go @@ -132,7 +132,7 @@ func TestCombineWithNotEnoughRevealMessages(t *testing.T) { } expectedError := fmt.Errorf( - "all group members should reveal shares; Got 1, expected 10", + "all group members should reveal shares; got 1, expected 10", ) _, err = group[0].CombineDsaKeyShares( diff --git a/pkg/tecdsa/signer_sign_test.go b/pkg/tecdsa/signer_sign_test.go index a79d67a70c..7380896a61 100644 --- a/pkg/tecdsa/signer_sign_test.go +++ b/pkg/tecdsa/signer_sign_test.go @@ -30,7 +30,7 @@ func TestSignAndCombineRound1And2(t *testing.T) { return []*SignRound1Message{round1Messages[0]} }, expectedError: errors.New( - "round 1 messages required from all group members; got 1, expected 10", + "round 1 messages required from at least 6 group members but got 1", ), }, "negative validation - too few round 2 messages": { @@ -40,7 +40,7 @@ func TestSignAndCombineRound1And2(t *testing.T) { return []*SignRound2Message{round2Messages[0]} }, expectedError: errors.New( - "round 2 messages required from all group members; got 1, expected 10", + "round 2 messages required from at least 6 group members but got 1", ), }, "negative validation - missing round 2 message for signer": { @@ -170,7 +170,7 @@ func TestSignAndCombineRound3And4(t *testing.T) { return []*SignRound3Message{round3Messages[0]} }, expectedError: errors.New( - "round 3 messages required from all group members; got 1, expected 10", + "round 3 messages required from at least 6 group members but got 1", ), }, "negative validation - too few round 4 messages": { @@ -180,7 +180,7 @@ func TestSignAndCombineRound3And4(t *testing.T) { return []*SignRound4Message{round4Messages[0]} }, expectedError: errors.New( - "round 4 messages required from all group members; got 1, expected 10", + "round 4 messages required from at least 6 group members but got 1", ), }, "negative validation - missing round 3 message for signer": { @@ -371,7 +371,7 @@ func TestSignAndCombineRound5(t *testing.T) { return []*SignRound5Message{msgs[0], msgs[1]} }, expectedError: errors.New( - "round 5 messages required from all group members; got 2, expected 10", + "round 5 messages required from at least 6 group members but got 2", ), }, } From f55fb1cadd8cb7115ad4b9ed6c369bbaa4b957a7 Mon Sep 17 00:00:00 2001 From: Jakub Nowakowski Date: Wed, 29 Aug 2018 14:28:51 +0200 Subject: [PATCH 09/12] Return signer ID in round 6 message --- pkg/tecdsa/signer_sign.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/tecdsa/signer_sign.go b/pkg/tecdsa/signer_sign.go index a8f7fb8add..b27edae1a0 100644 --- a/pkg/tecdsa/signer_sign.go +++ b/pkg/tecdsa/signer_sign.go @@ -647,6 +647,7 @@ func (s *Round5Signer) SignRound6( ) return &SignRound6Message{ + signerID: s.ID, signaturePartialDecryption: s.paillierKey.Decrypt(signatureCypher.C), }, nil } From b7d58f610c719acbfb556f081e0eb92120da25a4 Mon Sep 17 00:00:00 2001 From: Jakub Nowakowski Date: Fri, 31 Aug 2018 14:57:33 +0200 Subject: [PATCH 10/12] Fixed error message for signer out of the group --- pkg/tecdsa/signer_keygen.go | 2 +- pkg/tecdsa/signer_setup.go | 2 +- pkg/tecdsa/signer_sign.go | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/tecdsa/signer_keygen.go b/pkg/tecdsa/signer_keygen.go index 745feb5041..a98ff8fdfe 100644 --- a/pkg/tecdsa/signer_keygen.go +++ b/pkg/tecdsa/signer_keygen.go @@ -242,7 +242,7 @@ func (ls *LocalSigner) CombineDsaKeyShares( foundMatchingRevealMessage = true if !ls.signerGroup.Contains(commitmentMsg.signerID) { - return nil, fmt.Errorf("signer with ID %s is not in active signers group", commitmentMsg.signerID) + return nil, fmt.Errorf("signer with ID %s is not in signers group", commitmentMsg.signerID) } if revealedSharesMsg.isValid( diff --git a/pkg/tecdsa/signer_setup.go b/pkg/tecdsa/signer_setup.go index d55c273b17..0b3b4d8864 100644 --- a/pkg/tecdsa/signer_setup.go +++ b/pkg/tecdsa/signer_setup.go @@ -62,7 +62,7 @@ func (sc *signerCore) CombineMasterPublicKeyShares( for _, message := range masterPublicKeySharesMessages[1:] { if !sc.signerGroup.Contains(message.signerID) { - return nil, fmt.Errorf("signer with ID %s is not in active signers group", + return nil, fmt.Errorf("signer with ID %s is not in signers group", message.signerID, ) } diff --git a/pkg/tecdsa/signer_sign.go b/pkg/tecdsa/signer_sign.go index a860b63478..60aaf69921 100644 --- a/pkg/tecdsa/signer_sign.go +++ b/pkg/tecdsa/signer_sign.go @@ -197,7 +197,7 @@ func (s *Round2Signer) CombineRound2Messages( foundMatchingRound2Message = true if !s.signerGroup.Contains(round1Message.signerID) { - return nil, nil, fmt.Errorf("signer with ID %s is not in active signers group", round1Message.signerID) + return nil, nil, fmt.Errorf("signer with ID %s is not in signers group", round1Message.signerID) } if round2Message.isValid( @@ -471,7 +471,7 @@ func (s *Round4Signer) CombineRound4Messages( foundMatchingRound4Message = true if !s.signerGroup.Contains(round3Message.signerID) { - return nil, nil, fmt.Errorf("signer with ID %s is not in active signers group", round3Message.signerID) + return nil, nil, fmt.Errorf("signer with ID %s is not in signers group", round3Message.signerID) } if round4Message.isValid( @@ -595,7 +595,7 @@ func (s *Round5Signer) CombineRound5Messages( partialDecryptions := make([]*paillier.PartialDecryption, groupSize) for i, round5Message := range round5Messages { if !s.signerGroup.Contains(round5Message.signerID) { - return nil, fmt.Errorf("signer with ID %s is not in active signers group", round5Message.signerID) + return nil, fmt.Errorf("signer with ID %s is not in signers group", round5Message.signerID) } partialDecryptions[i] = round5Message.signatureUnmaskPartialDecryption @@ -677,7 +677,7 @@ func (s *Round5Signer) CombineRound6Messages( partialDecryptions := make([]*paillier.PartialDecryption, groupSize) for i, round6Message := range round6Messages { if !s.signerGroup.Contains(round6Message.signerID) { - return nil, fmt.Errorf("signer with ID %s is not in active signers group", round6Message.signerID) + return nil, fmt.Errorf("signer with ID %s is not in signers group", round6Message.signerID) } partialDecryptions[i] = round6Message.signaturePartialDecryption From b570ad25f1f5cf6641d6a73109191ef1d672cc40 Mon Sep 17 00:00:00 2001 From: Jakub Nowakowski Date: Mon, 3 Sep 2018 18:25:44 +0200 Subject: [PATCH 11/12] TECDSA document setup phase --- docs/cryptography/tecdsa.adoc | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 docs/cryptography/tecdsa.adoc diff --git a/docs/cryptography/tecdsa.adoc b/docs/cryptography/tecdsa.adoc new file mode 100644 index 0000000000..5d73d1ba02 --- /dev/null +++ b/docs/cryptography/tecdsa.adoc @@ -0,0 +1,27 @@ +:toc: macro + += T-ECDSA Protocol + +toc::[] + +== Setup + +=== Master Public Key +_Master Publick Key_ is a value needed for commitment generation. This value is generated individually for each signer before each of two phases: key generation and signing. + +. Each signer generates _Master Public Key Share_ and broadcasts it to other signers in _Master Public Key Share Message_. ++ +.Master Public Key Share Message +[halign=center,options="header"] +|=== +^|name ^|type ^|description + +^|`signerID` +^|`string` +^|Signer's ID + +^|`masterPublicKeyShare` +^|`[]byte` +^|Master Public Key Share +|=== +. Each signer combines _Master Public Key Shares_ of all signers to get _Master Public Key_. From 17be68a54012a16197611c47fd4691e9d753b807 Mon Sep 17 00:00:00 2001 From: Jakub Nowakowski Date: Mon, 3 Sep 2018 18:26:32 +0200 Subject: [PATCH 12/12] TECDSA document key-gen phase --- docs/cryptography/tecdsa.adoc | 69 +++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/docs/cryptography/tecdsa.adoc b/docs/cryptography/tecdsa.adoc index 5d73d1ba02..ba25f6bc34 100644 --- a/docs/cryptography/tecdsa.adoc +++ b/docs/cryptography/tecdsa.adoc @@ -25,3 +25,72 @@ _Master Publick Key_ is a value needed for commitment generation. This value is ^|Master Public Key Share |=== . Each signer combines _Master Public Key Shares_ of all signers to get _Master Public Key_. + +== Key Generation + +=== Round #1 + +. Each signer generates _DSA Key Share_ which consists of _Private Key Share_ and _Public Key Share_. ++ +_Private Key Share_ value must be kept secret and never shared. ++ +_Public Key Share_ value cannot be exposed until all signers in the group commit to their values. + +. Each signer calculates a commitment for the _Public Key Share_ value and broadcasts this commitment in + _Public Key Share Commitment Message_. + +.Public Key Share Commitment Message +[halign=center,options="header"] +|=== +^|name ^|type ^|description + +^|`signerID` +^|`string` +^|Signer's ID + +^|`publicKeyShareCommitment` +^|`commitment.MultiTrapdoorCommitment` +^|Commitment to _Public Key Share_ +|=== + +=== Round #2 +After commitments from all signers are gathered the next round starts. + +. Signers reveal their _DSA Key Shares_ and broadcast _Key Share Reveal Message_. ++ +Since _Private Key Share_ should always be kept secret it is first encrypted with Paillier and this encrypted value is broadcasted along with +Zero Knowledge Proof Π~i~ to confirm that _Private Key Share_ value is in [-q^3^, q^3^] range. ++ +_Public Key Share_ is broadcasted with a decommitment key used in a previous round in commitment to _Public Key Share_ value. ++ +.Key Share Reveal Message +[halign=center,options="header"] +|=== +^|name ^|type ^|description + +^|`signerID` +^|`string` +^|Signer's ID + +^|`secretKeyShare` +^|`paillier.Cypher` +^|Encrypted _Private Key Share_ + +^|`publicKeyShare` +^|`curve.Point` +^|_Public Key Share_ + +^|`publicKeyShareDecommitmentKey` +^|`commitment.DecommitmentKey` +^|Decommitment key for _Public Key Share_ + +^|`secretKeyProof` +^|`zkp.DsaPaillierKeyRangeProof` +^|ZKP Π~i~ -- _Private Key Share_ is in range [-q^3^, q^3^] +|=== + +. Each signer validates received _Key Share Reveal Messages_ and combines shares to get encrypted _Private Key_ and _Public Key_ which forms _DSA Key_. + +== Signing + +TBD