kryptology icon indicating copy to clipboard operation
kryptology copied to clipboard

Published 20 hours ago verified publisher icon coinbase

GG20 DKG Related Issues

Open notbdu opened this issue 3 years ago • 2 comments

Have been trying to integrate the gg20 dkg implementation into a distributed service and wanted to raise a few things.

  • DkgParticipant has no external CTOR a calling lib can use
    • Ended up adding one in our fork
  • DkgRound2P2PSend's xij is private and cannot be serialized
    • Ended up exposing this so it can be serialized but feels like its unsafe to share in unencrypted form
  • Didn't see any usage of the paillier encryption key in the keygen spec. Does xij needed to be encrypted?
    • It looks like the swingby's forked tss-lib implementation encrypts the share: https://github.com/SwingbyProtocol/tss-lib/blob/668d0061fadf08bf2ba9f7e9287516fc173b6b9c/ecdsa/keygen/round_3.go#L127-L133

notbdu avatar Jan 06 '22 06:01 notbdu

Xij can be made public so it can be serialized. You should encrypt everything sent between participants since the paper states its only secure in the presence of a secure channel.

mikelodder7 avatar Jan 10 '22 19:01 mikelodder7

@notbdu Hello! Faced the same problem. Please help, Were you able to make a signer from the DKG result?? In my case, round 3 ends with an error. I will be glad for your help!


func (f *Flow) DKGToSigner(dkg *participant.DkgResult) (*participant.Signer, error) {
	encryptKeys := make(map[uint32]*paillier.PublicKey)
	proofParams := make(map[uint32]*dealer.ProofParams)
	pubShares := make(map[uint32]*dealer.PublicShare)

	cosigners := []uint32{
		f.index,
	}
	// result of 1 round from this player
	r1Bcast := f.R1.GetBcast()

	proofParams[f.index] = &dealer.ProofParams{
		N:  r1Bcast[f.index].Ni,
		H1: r1Bcast[f.index].H1i,
		H2: r1Bcast[f.index].H2i,
	}

	for id, pk := range dkg.ParticipantData {
		encryptKeys[id] = pk.PublicKey
		proofParams[id] = pk.ProofParams

		cosigners = append(cosigners, id)
	}

	for i, point := range dkg.PublicShares {
		pubShares[uint32(i+1)] = &dealer.PublicShare{Point: point}
	}

	field := curves.NewField(f.dkgParticipant.Curve.Params().N)

	share := v1.NewShamirShare(f.index, dkg.SigningKeyShare.Bytes(), field)

	publicShare, err := curves.NewScalarBaseMult(f.dkgParticipant.Curve, share.Value.BigInt())
	if err != nil {
		return nil, err
	}

	return participant.NewSigner(&dealer.ParticipantData{
		Id:         f.index,
		DecryptKey: dkg.EncryptionKey,
		SecretKeyShare: &dealer.Share{
			ShamirShare: share,
			Point:       publicShare,
		},
		EcdsaPublicKey: dkg.VerificationKey,
		KeyGenType:     dealer.DistributedKeyGenType{ProofParams: proofParams},
		PublicShares:   pubShares,
		EncryptKeys:    encryptKeys,
	}, cosigners)
}

mvrshvl avatar Jul 15 '22 11:07 mvrshvl