• Stars
    star
    185
  • Rank 208,271 (Top 5 %)
  • Language
    Rust
  • License
    Other
  • Created over 6 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A pairing-based threshold cryptosystem for collaborative decryption and signatures used in HoneybadgerBFT implementation

threshold_crypto

crates.io Documentation Build Status

A pairing-based threshold cryptosystem for collaborative decryption and signatures.

The threshold_crypto crate provides cryptographic keys with methods for signing and encrypting messages, as well as key sets for threshold signatures and threshold encryption.

The threshold signature scheme is described in Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme by Alexandra Boldyreva. This paper extends Boneh-Lynn-Shacham signatures to the threshold setting. Message encryption uses the scheme by Baek and Zhang. Our implementation is based on the pairing elliptic curve library.

In a network environment, messages are signed and encrypted, and key and signature shares are distributed to network participants. A message can be decrypted and authenticated only with cooperation from at least threshold + 1 nodes.

Security Audit

An official security audit has been completed on threshold_crypto by Jean-Philippe Aumasson. No exploitable security issues were found, and potential improvements have been addressed. Outdated dependencies mentioned in the audit were updated in commit 54026f5.

Usage

Cargo.toml:

[dependencies]
threshold_crypto = { version = "0.4", git = "https://github.com/poanetwork/threshold_crypto" }

main.rs:

extern crate rand;
extern crate threshold_crypto;

use threshold_crypto::SecretKey;

/// Very basic secret key usage.
fn main() {
    let sk0 = SecretKey::random();
    let sk1 = SecretKey::random();

    let pk0 = sk0.public_key();

    let msg0 = b"Real news";
    let msg1 = b"Fake news";

    assert!(pk0.verify(&sk0.sign(msg0), msg0));
    assert!(!pk0.verify(&sk1.sign(msg0), msg0)); // Wrong key.
    assert!(!pk0.verify(&sk0.sign(msg1), msg0)); // Wrong message.
}

Testing

Run tests with:

$ cargo test

Examples

Run examples from the examples directory using:

$ cargo run --example <example name>

Also see the distributed_key_generation test.

Application Details

The basic usage outline is:

  • choose a threshold value t
  • create a key set
  • distribute N secret key shares among the participants
  • publish the public master key

A third party can now encrypt a message to the public master key and any set of t + 1 participants (but no fewer!) can collaborate to decrypt it. Also, any set of t + 1 participants can collaborate to sign a message, producing a signature that is verifiable with the public master key.

In this system, a signature is unique and independent of the set of participants that produced it. If S1 and S2 are signatures for the same message, produced by two different sets of t + 1 secret key share holders, both signatures will be valid AND equal. This is useful in some applications, for example a message signature can serve as a pseudorandom number unknown to anyone until t + 1 participants agree to reveal it.

In its simplest form, threshold_crypto requires a trusted dealer to produce and distribute the secret key shares. However, keys can be produced so that only the corresponding participant knows their secret in the end. This crate includes the basic tools to implement such a Distributed Key Generation scheme.

A major application for this library is within a distributed network that must tolerate up to t adversarial (malicious or faulty) nodes. Because t + 1 nodes are required to sign or reveal information, messages can be trusted by third-parties as representing the consensus of the network.

Documentation

Performance

Benchmarking functionality is kept in the benches directory. You can run the benchmarks with the following command:

$ RUSTFLAGS="-C target_cpu=native" cargo bench

We use the criterion benchmarking library.

Mock cryptography

To speed up automatic tests of crates depending on threshold_crypto, the use-insecure-test-only-mock-crypto feature is available. Activating this feature will effectively disable encryption and should only be used during tests! Essentially, the underlying elliptic curves will be replaced by small finite fields, yielding a 10-200X speed-up in execution. The resulting ciphers can be trivially broken in a number of ways and should never be used in production.

License

Licensed under either of:

at your option.

Contributing

See the CONTRIBUTING document for contribution, testing and pull request protocol.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

More Repositories

1

token-wizard

(Discontinued) TokenWizard is an DApp to create and manage crowdsale and token contracts using a simple UI
JavaScript
384
star
2

hbbft

An implementation of the paper "Honey Badger of BFT Protocols" in Rust. This is a modular library of consensus.
Rust
356
star
3

solidity-flattener

Utility to combine Solidity project to a flat file
JavaScript
326
star
4

vdf

An implementation of Verifiable Delay Functions in Rust
Rust
170
star
5

posdao-contracts

Smart contracts for POSDAO (Proof of Stake Decentralized Autonomous Organization consensus), a DPOS consensus implemented in Solidity and running within EVM with swappable BFT consensus
JavaScript
105
star
6

wiki

POA Library: wiki, how-to, FAQ. Includes instructions how to set-up a new network, to run a full node, connect wallets,
81
star
7

poa-network-consensus-contracts

Main repository for POADAO consensus. Includes contracts for Initial Ceremony, Governance, Management of Validators
JavaScript
67
star
8

ex_abi

The Ethereum ABI Interface
Elixir
60
star
9

poa-faucet

POA Network faucet
SCSS
57
star
10

proofofphone

KYC oracle to link your phone number and Ethereum wallet in Oracles network
JavaScript
48
star
11

blockscout-terraform

An automation framework for spinning up cloud infrastructure to run BlockScout
HCL
46
star
12

poa-chain-spec

Spec files, bootnodes, governance contracts addresses for POA Network instances: Core (live), Sokol (test), xDai
33
star
13

poa-dapps-voting

POA Network Governance Dapp
JavaScript
26
star
14

deployment-playbooks

Ansible playbooks for deployment POA Network nodes on EC2 or any Linux (Ubuntu 16.04) hosting. Includes master of ceremony, validator, bootnode, explorer, netstat roles
Shell
25
star
15

poa-popa

DApp for proof of physical address (PoPA) attestation for validators of POA Network
JavaScript
24
star
16

hydrabadger

A simple, experimental, peer-to-peer network node using the hbbft consensus algorithm which can be run as a standalone client or used as a library
Rust
22
star
17

poa-dapps-validators

DApp for a list of validators with metadata for POA Network (Core/Sokol). Validators can update metadata using DApp.
JavaScript
13
star
18

chain-explorer

Blockchain explorer
JavaScript
13
star
19

poa-netstats-agent

Netstat agent for EVM based networks
Elixir
11
star
20

poa-devops

POA Network DevOps scripts
Shell
11
star
21

website

website and documentation home of poanetwork.com
11
star
22

parity-bridge-research

Reasarch of https://github.com/paritytech/parity-bridge/
Solidity
9
star
23

poa-test-setup

Deployment of POA network in one click and e2e tests of Ceremony/Governance DApps
JavaScript
9
star
24

deployment-terraform

Ansible and Terraform deployment automation of POA clones
JavaScript
9
star
25

poa-dapps-keys-generation

POA Network keys generation Dapp
JavaScript
9
star
26

hex_fmt

Formatting and shortening byte slices as hexadecimal strings
Rust
8
star
27

poa-ballot-stats

Read POA voting records and rank voters by how many ballots they missed.
Rust
7
star
28

deployment-azure

Azure Templates for deploying POA Network to on Azure Cloud
7
star
29

cross-chain-deploy

JavaScript
6
star
30

eth-netstats

Netstats dashboard
JavaScript
6
star
31

howey-test-wizard

Howey test for blockchain tokens and crypto assets
JavaScript
5
star
32

hydrabadger-android

Mobile messenger based on hbbft consensus
JavaScript
4
star
33

poa-netstats-warehouse

Storage and data-processing companion for the poa-netstats-agent
Elixir
4
star
34

poamania-contracts

Smart contracts for POA Mania
JavaScript
4
star
35

poa-poba

DApp for proof of bank account (PoBA) attestation
JavaScript
3
star
36

poa-scripts-moc

Scripts for Master of Ceremony (MoC) to generate initial keys, distribute tokens, and misc.
JavaScript
3
star
37

eth-net-props

Get properties of EVM compatible networks
JavaScript
3
star
38

RFC

Technical write-ups that describe modifications to the Protocol, DApps, or any significant topic.
3
star
39

tokensale-right

Treasury and token contracts (right side of the bridge)
2
star
40

poa-scripts-validator

Script for validator
JavaScript
2
star
41

auto-updater-setup

How to setup parity auto-updater
2
star
42

ethgasstation-gasPrice-estimate

Python
2
star
43

poa-network-monitor

Scripts for POA network monitoring
JavaScript
2
star
44

poa-governance-notifications

A CLI tool for monitoring a blockchain for POA Network governance ballots.
Rust
2
star
45

e2e-test-token-wizard

A tool for end-to-end test the Token wizard. Based Selenium Webdriver.
JavaScript
2
star
46

e2e-blockscout

End to end tests for BlockScout https://github.com/poanetwork/blockscout
JavaScript
1
star
47

validator-node-dockerized

How to launch validator node with Docker Compose
Shell
1
star
48

poa-contract-metadata

A mapping of POA contract addresses to broadly accepted icons for those addresses.
JavaScript
1
star
49

poamania-subgraph

TypeScript
1
star
50

eth-net-intelligence-api

Netstats service
JavaScript
1
star
51

wallet

MyEtherWallet with POA Network support
JavaScript
1
star