Skip to content

Commit

Permalink
# This is a combination of 8 commits.
Browse files Browse the repository at this point in the history
# This is the 1st commit message:

Remove requirement that bitcoin key shares need to be normalized

Signed-off-by: Denis Varlakov <denis@dfns.co>

# This is the commit message #2:

Update docs

Signed-off-by: Denis Varlakov <denis@dfns.co>

# This is the commit message #3:

Update docs

Signed-off-by: Denis Varlakov <denis@dfns.co>

# This is the commit message #4:

Update README

Signed-off-by: Denis Varlakov <denis@dfns.co>

# This is the commit message #5:

First attempt to add HD wallets

Signed-off-by: Denis Varlakov <denis@dfns.co>

# This is the commit message #6:

Second attempt to implement HD wallets

Signed-off-by: Denis Varlakov <denis@dfns.co>

# This is the commit message #7:

The final attempt to implement HD wallets

Signed-off-by: Denis Varlakov <denis@dfns.co>

# This is the commit message #8:

Update deps

Signed-off-by: Denis Varlakov <denis@dfns.co>
  • Loading branch information
survived committed Jul 23, 2024
1 parent 88b5b52 commit d320408
Show file tree
Hide file tree
Showing 17 changed files with 638 additions and 71 deletions.
104 changes: 97 additions & 7 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 0 additions & 7 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,3 @@ exclude = [
"wasm/no_std",
]

[patch.crates-io.cggmp21-keygen]
git = "https://github.com/dfnsco/cggmp21-private"
rev = "730e1217443eccac983d0177cab222decf07f139"

[patch.crates-io.key-share]
git = "https://github.com/dfnsco/cggmp21-private"
rev = "730e1217443eccac983d0177cab222decf07f139"
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ signers to commit nonces ahead of time), and identifiable abort.
This crate provides:
* Distributed Key Generation (DKG) \
FROST does not define DKG protocol to be used. We simply re-export DKG based on [CGGMP21] implementation
when `cggmp21-keygen` feature is enabled, which is a fairly reasonalbe choice as it's proven to be UC-secure.
when `cggmp21-keygen` feature is enabled, which is a fairly reasonable choice as it's proven to be UC-secure.
Alternatively, you can use any other UC-secure DKG protocol.
* FROST Signing \
We provide API for both manual signing execution (for better flexibility and efficiency) and interactive protocol
Expand All @@ -23,7 +23,7 @@ The crate is wasm and no_std friendly.

### Distributed Key Generation (DKG)
First of all, you need to generate a key. For that purpose, you can use any secure
(preferrably, UC-secure) DKG protocol. FROST IETF Draft does not define any DKG
(preferably, UC-secure) DKG protocol. FROST IETF Draft does not define any DKG
protocol or requirements it needs to meet, so the choice is up to you. This library
re-exports CGGMP21 DKG from `cggmp21-keygen` crate when `cggmp21-keygen` feature
is enabled which is proven to be UC-secure and should be a reasonable default.
Expand All @@ -39,7 +39,7 @@ let outgoing: impl Sink<Outgoing<Msg>>;

where:
* `Msg` is a protocol message (e.g., `keygen::msg::threshold::Msg`)
* `round_based::Incoming` and `round_based::Outgoing` wrap `Msg` and provide additional data (e.g., sender/recepient)
* `round_based::Incoming` and `round_based::Outgoing` wrap `Msg` and provide additional data (e.g., sender/recipient)
* `futures::Stream` and `futures::Sink` are well-known async primitives.


Expand Down
8 changes: 5 additions & 3 deletions givre/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ edition = "2021"

[dependencies]
cggmp21-keygen = { version = "0.3", optional = true }
key-share = { version = "0.4", default-features = false }
key-share = { version = "0.4.1", default-features = false }

generic-ec = { version = "0.4", default-features = false, features = ["alloc"] }

Expand All @@ -22,6 +22,8 @@ sha2 = { version = "0.10", default-features = false, optional = true }

serde = { version = "1", default-features = false, features = ["derive"], optional = true }

slip-10 = { version = "0.4", default-features = false, optional = true }

[dev-dependencies]
rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
futures = "0.3"
Expand All @@ -43,10 +45,10 @@ spof = ["key-share/spof"]
# it'll fail to compile.
#
# Library doesn't have support of HD signing yet.
hd-wallets = ["key-share/hd-wallets", "cggmp21-keygen?/hd-wallets"]
hd-wallets = ["slip-10", "key-share/hd-wallets", "cggmp21-keygen?/hd-wallets"]

all-ciphersuites = ["ciphersuite-secp256k1", "ciphersuite-ed25519", "ciphersuite-bitcoin"]
ciphersuite-secp256k1 = ["generic-ec/curve-secp256k1", "k256", "sha2", "static_assertions"]
ciphersuite-ed25519 = ["generic-ec/curve-ed25519", "sha2"]
ciphersuite-bitcoin = ["ciphersuite-secp256k1"]
ciphersuite-bitcoin = ["ciphersuite-secp256k1", "sha2"]

17 changes: 5 additions & 12 deletions givre/src/ciphersuite.rs
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,9 @@ pub trait Ciphersuite: Sized + Clone + Copy + core::fmt::Debug {
/// algorithm available in [`generic_ec`] crate.
type MultiscalarMul: generic_ec::multiscalar::MultiscalarMul<Self::Curve>;

/// Indicates that the ciphersuite outputs taproot-compatible signatures
const IS_TAPROOT: bool = false;

/// `H1` hash function as defined in the draft
///
/// Accepts a list of bytestring, that'll be concatenated before hashing.
Expand Down Expand Up @@ -115,8 +118,8 @@ pub trait Ciphersuite: Sized + Clone + Copy + core::fmt::Debug {
/// (aka point at infinity) is always normalized. Note that certain parts of the protocol may enforce this property
/// via debug assertions.
///
/// The protocol always outputs signatures with normalized R-component. We also require that public key is
/// normalized. If it isn't, signing fails. You can use [`normalize_key_share`] function to normalize any key.
/// The protocol always outputs signatures with normalized R-component. If key share has non-normalized public
/// key, it will be normalized at the time of signing.
///
/// If Schnorr scheme doesn't have a notion of normalized points, this function should always return `true`.
fn is_normalized(point: &Point<Self::Curve>) -> bool {
Expand Down Expand Up @@ -307,13 +310,3 @@ where
.map_err(|_| <D::Error as serde::de::Error>::custom("point isn't normalized"))
}
}

/// Checks whether `key_share` is normalized
///
/// `key_share` must be normalized, otherwise the signing will return error. See [`Ciphersuite::is_normalized`]
/// for more details.
pub fn is_key_share_normalized<C: Ciphersuite>(
key_share: &crate::key_share::KeyShare<C::Curve>,
) -> bool {
C::is_normalized(&key_share.shared_public_key)
}
8 changes: 2 additions & 6 deletions givre/src/ciphersuite/bitcoin.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,6 @@ use super::{Ciphersuite, Secp256k1};

/// FROST ciphersuite that outputs [BIP-340] compliant signatures
///
/// # Normalized public keys
/// BIP-340 requires that public keys are normalized, meaning that they must have
/// odd Y coordinate. Generic DKG protocols output public key with both even and odd
/// Y coordinate. You can use [`normalize_key_share`](super::normalize_key_share)
/// to normalize the key share after it's generated.
///
/// [BIP-340]: https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
#[derive(Debug, Clone, Copy)]
pub struct Bitcoin;
Expand All @@ -21,6 +15,8 @@ impl Ciphersuite for Bitcoin {
type Digest = <Secp256k1 as Ciphersuite>::Digest;
type MultiscalarMul = generic_ec::multiscalar::Default;

const IS_TAPROOT: bool = true;

fn h1(msg: &[&[u8]]) -> generic_ec::Scalar<Self::Curve> {
Secp256k1::h1(msg)
}
Expand Down
4 changes: 2 additions & 2 deletions givre/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -189,11 +189,11 @@ mod _unused_deps {

/// Key share
///
/// This module re-exports type definitions from [`key_share`](::key_share) crate.
/// This module re-exports type definitions from [`key_share`] crate.
pub mod key_share {
#[doc(inline)]
pub use key_share::{
CoreKeyShare as KeyShare, DirtyCoreKeyShare as DirtyKeyShare, DirtyKeyInfo,
CoreKeyShare as KeyShare, DirtyCoreKeyShare as DirtyKeyShare, DirtyKeyInfo, HdError,
InvalidCoreShare as InvalidKeyShare, KeyInfo, Validate, VssSetup,
};

Expand Down
1 change: 1 addition & 0 deletions givre/src/signing.rs
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,5 @@ pub mod aggregate;
pub mod full_signing;
pub mod round1;
pub mod round2;
pub mod taproot;
mod utils;
Loading

0 comments on commit d320408

Please sign in to comment.