-
Notifications
You must be signed in to change notification settings - Fork 56
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add refresh shares with dealer functionality (#665)
* Add refresh shares with dealer functionality (#245) * Change refresh share API (#245) Split refresh_shares_with_dealer into calculate_zero_key and refresh_share * Fix serialisation error with refresh share (#245) Add serialisation test * Fix serialisation errors after updates (#245) Fixed some typos * Update refresh_share to accept and return a KeyPackage instead of SecretShare (#245) * Tidy up refresh share functionality (#245) * Add refresh share functionality to Book (#245) Diagram is still to be added * Update book for rereshing shares with trusted dealer (#245) * Add new verifying shares calculation for refresh shares (#245) Add tests for invalid identifiers when refreshing shares * Rename calculate_zero_key to compute_refreshing_shares (#245) * Import Vec from the alloc crate (#245) This is to be compatible with the no_std attribute * Use alloc crate instead of std for refresh shares (#245) * Fix fmt error (#245) * Refactoring refresh shares functionality (#245) * cleanups during review * Update book/src/tutorial/refreshing-shares.md * update docs * always return error in detect_cheater * add changelog entry --------- Co-authored-by: Conrado Gouvea <[email protected]> Co-authored-by: Conrado Gouvea <[email protected]>
- Loading branch information
1 parent
60cc5b9
commit 835a3f0
Showing
26 changed files
with
1,293 additions
and
55 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# Refreshing Shares using a Trusted Dealer | ||
|
||
The diagram below shows the refresh share process. Dashed lines | ||
represent data being sent through an [authenticated and confidential communication | ||
channel](https://frost.zfnd.org/terminology.html#peer-to-peer-channel). | ||
|
||
<!-- ![Diagram of Refreshing shares, illustrating what is explained in the text](refreshing.png) --> | ||
|
||
The Trusted Dealer needs to first run `compute_refreshing_shares()` which | ||
returns SecretShares (the "refreshing shares") and a PublicKeyPackage. Each | ||
`SecretShare` must then be sent along with the `PublicKeyPackage` via an | ||
[**authenticated** and **confidential** channel | ||
](https://frost.zfnd.org/terminology.html#peer-to-peer-channel) for each | ||
participant. | ||
|
||
Each Participant then runs `refresh_share()` to generate a new `KeyPackage` | ||
which will replace their old `KeyPackage`; they must also replace their old | ||
`PublicKeyPackage` with the one sent by the Trusted Dealer. | ||
|
||
```admonish danger | ||
The refreshed `KeyPackage` contents must be stored securely and the original | ||
`KeyPackage` should be deleted. For example: | ||
- Make sure other users in the system can't read it; | ||
- If possible, use the OS secure storage such that the package | ||
contents can only be opened with the user's password or biometrics. | ||
``` | ||
|
||
```admonish danger | ||
Applications should first ensure that all participants who refreshed their | ||
`KeyPackages` were actually able to do so successfully, before deleting their old | ||
`KeyPackages`. How this is done is up to the application; it might require | ||
sucessfully generating a signature with all of those participants. | ||
``` |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,116 @@ | ||
//! Refresh Shares | ||
//! | ||
//! Implements the functionality to refresh a share. This requires the participation | ||
//! of all the remaining signers. This can be done using a Trusted Dealer or | ||
//! DKG (not yet implemented) | ||
|
||
use alloc::collections::BTreeMap; | ||
use alloc::vec::Vec; | ||
|
||
use crate::{ | ||
keys::{ | ||
generate_coefficients, generate_secret_shares, validate_num_of_signers, | ||
CoefficientCommitment, PublicKeyPackage, SigningKey, SigningShare, VerifyingShare, | ||
}, | ||
Ciphersuite, CryptoRng, Error, Field, Group, Identifier, RngCore, | ||
}; | ||
|
||
use super::{KeyPackage, SecretShare, VerifiableSecretSharingCommitment}; | ||
|
||
/// Generates new zero key shares and a public key package using a trusted | ||
/// dealer Building a new public key package is done by taking the verifying | ||
/// shares from the new public key package and adding them to the original | ||
/// verifying shares | ||
pub fn compute_refreshing_shares<C: Ciphersuite, R: RngCore + CryptoRng>( | ||
pub_key_package: PublicKeyPackage<C>, | ||
max_signers: u16, | ||
min_signers: u16, | ||
identifiers: &[Identifier<C>], | ||
rng: &mut R, | ||
) -> Result<(Vec<SecretShare<C>>, PublicKeyPackage<C>), Error<C>> { | ||
// Validate inputs | ||
if identifiers.len() != max_signers as usize { | ||
return Err(Error::IncorrectNumberOfIdentifiers); | ||
} | ||
validate_num_of_signers(min_signers, max_signers)?; | ||
|
||
// Build refreshing shares | ||
let refreshing_key = SigningKey { | ||
scalar: <<C::Group as Group>::Field>::zero(), | ||
}; | ||
|
||
let coefficients = generate_coefficients::<C, R>(min_signers as usize - 1, rng); | ||
let refreshing_shares = generate_secret_shares( | ||
&refreshing_key, | ||
max_signers, | ||
min_signers, | ||
coefficients, | ||
identifiers, | ||
)?; | ||
|
||
let mut refreshed_verifying_shares: BTreeMap<Identifier<C>, VerifyingShare<C>> = | ||
BTreeMap::new(); | ||
let mut refreshing_shares_minus_identity: Vec<SecretShare<C>> = Vec::new(); | ||
|
||
for mut share in refreshing_shares { | ||
let refreshing_verifying_share: VerifyingShare<C> = SigningShare::into(share.signing_share); | ||
|
||
let verifying_share = pub_key_package.verifying_shares.get(&share.identifier); | ||
|
||
match verifying_share { | ||
Some(verifying_share) => { | ||
let refreshed_verifying_share = | ||
refreshing_verifying_share.to_element() + verifying_share.to_element(); | ||
refreshed_verifying_shares.insert( | ||
share.identifier, | ||
VerifyingShare::new(refreshed_verifying_share), | ||
); | ||
} | ||
None => return Err(Error::UnknownIdentifier), | ||
}; | ||
|
||
share.commitment.0.remove(0); | ||
refreshing_shares_minus_identity.push(share); | ||
} | ||
|
||
let refreshed_pub_key_package = PublicKeyPackage::<C> { | ||
header: pub_key_package.header, | ||
verifying_shares: refreshed_verifying_shares, | ||
verifying_key: pub_key_package.verifying_key, | ||
}; | ||
|
||
Ok((refreshing_shares_minus_identity, refreshed_pub_key_package)) | ||
} | ||
|
||
/// Each participant refreshes their shares This is done by taking the | ||
/// `refreshing_share` received from the trusted dealer and adding it to the | ||
/// original share | ||
pub fn refresh_share<C: Ciphersuite>( | ||
mut refreshing_share: SecretShare<C>, | ||
current_key_package: &KeyPackage<C>, | ||
) -> Result<KeyPackage<C>, Error<C>> { | ||
// The identity commitment needs to be added to the VSS commitment | ||
let identity_commitment: Vec<CoefficientCommitment<C>> = | ||
vec![CoefficientCommitment::new(C::Group::identity())]; | ||
|
||
let refreshing_share_commitments: Vec<CoefficientCommitment<C>> = identity_commitment | ||
.into_iter() | ||
.chain(refreshing_share.commitment.0.clone()) | ||
.collect(); | ||
|
||
refreshing_share.commitment = | ||
VerifiableSecretSharingCommitment::<C>::new(refreshing_share_commitments); | ||
|
||
// Verify refreshing_share secret share | ||
let refreshed_share_package = KeyPackage::<C>::try_from(refreshing_share)?; | ||
|
||
let signing_share: SigningShare<C> = SigningShare::new( | ||
refreshed_share_package.signing_share.to_scalar() | ||
+ current_key_package.signing_share.to_scalar(), | ||
); | ||
|
||
let mut new_key_package = current_key_package.clone(); | ||
new_key_package.signing_share = signing_share; | ||
|
||
Ok(new_key_package) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.