README
¶
Kryptology — Keyzon Technologies Fork
Fork of coinbase/kryptology The original library was archived by Coinbase and is no longer maintained. This fork is maintained by Keyzon Technologies with focus on threshold signatures for Bitcoin, EVM, and Solana — without unnecessary dependencies.
Scope
This fork is focused exclusively on cryptography for the following networks:
| Network | Curve | Protocol |
|---|---|---|
| Bitcoin, EVM (Ethereum, Polygon…) | secp256k1 | Threshold ECDSA (DKLS19) |
| Solana, Liquid Network | Ed25519 | Threshold EdDSA (FROST) |
| P-256 | NIST P-256 | Standard ECDSA |
BLS12377, BLS12381, Mina Protocol (Pallas/Pasta), NEM, Gennaro DKG, and all dependent packages have been removed — they are not required by any of the target networks.
What changed in this fork
Go module
- Renamed from
github.com/coinbase/kryptologytogithub.com/keyzon-technologies/kryptology. - All internal imports updated.
Removed
- GG20 protocol (deprecated by Coinbase).
- BLS12377 and BLS12381 curves and all sub-packages (
pkg/core/curves/native/bls12381/). - BLS signatures (
pkg/signatures/bls/) and BBS+ signatures (pkg/signatures/bbs/). - Cryptographic Accumulators (
pkg/accumulator/) — depended on BLS12381. - BLS variants of secret sharing (
pkg/sharing/v1/bls12381*). PairingScalarandPairingPointinterfaces — no remaining implementations.- Mina Protocol Schnorr signatures (
pkg/signatures/schnorr/mina/) and Pallas curve (pkg/core/curves/pallas_curve.go) — not used by BTC, EVM, or Solana. - Pasta field arithmetic (
pkg/core/curves/native/pasta/) — only required by Pallas/Mina. - NEM/XEM Ed25519-Keccak signatures (
pkg/signatures/schnorr/nem/) — irrelevant to target networks. - Gennaro DKG (
pkg/dkg/gennaro/) and Gennaro 2-party DKG (pkg/dkg/gennaro2p/) — not used by DKLS19 or FROST. - Verifiable Encryption (
pkg/verenc/) — Cramer-Shoup and ElGamal schemes not required by threshold signing protocols.
DKLS19 v2 — pkg/tecdsa/dkls/v2
Full implementation of the 2-of-2 threshold signature protocol based on [DKLS19], including DKG, Signing, and Key Refresh. Improvements over DKLs18 (v1):
- Nonce hash-binding:
R = H(R') · D_B + R'for a tighter UC proof. - Fiat–Shamir transcript with domain separator
"DKLS19_*_v2"preventing cross-version replay. - Gadget vector v2 with independent cSHAKE256 domain separator from v1.
- Key Refresh without changing the public key (invariant
sk_A' · sk_B' = sk_A · sk_B).
Security and robustness fixes applied in this fork
| File | Issue | Fix |
|---|---|---|
sign/multiply.go |
Secret index j leaked in error message — side-channel |
Generic error message without j |
refresh/refresh.go |
Division/multiplication by multiplier k=0 would crash or produce null share |
k.IsZero() check before using k in Alice and Bob |
serializers.go |
registerCurveTypes() called on every encode/decode |
Refactored with sync.Once — registers exactly once |
serializers.go |
nil payload passed to decoder produced opaque error |
Explicit nil check with descriptive message |
boilerplate.go |
Result() returned (nil, nil) when protocol incomplete — ambiguous |
Returns explicit error with descriptive message |
dkg/dkg.go |
Output() accessed receiver.Output without nil check → panic |
Nil guard in Output() for Alice and Bob |
refresh/refresh.go |
Output() accessed receiver/sender without nil check → panic |
Nil guard in Output() for Alice and Bob |
dkg/dkg.go, sign/sign.go, refresh/refresh.go |
NewAlice/NewBob constructors did not validate nil parameters → runtime panic |
Nil checks in all constructors |
Quickstart
go get github.com/keyzon-technologies/kryptology
Documentation
godoc -http=:6060
# open: http://localhost:6060/pkg/github.com/keyzon-technologies/kryptology/
Developer Setup
Requirements: golang 1.17+, make
git clone git@github.com:keyzon-technologies/kryptology.git && make
Components
Curves
Abstraction in pkg/core/curves/curve.go.
| Curve | File | Used by |
|---|---|---|
| secp256k1 (K-256) | k256_curve.go | Bitcoin, EVM |
| Ed25519 | ed25519_curve.go | Solana, Liquid Network |
| NIST P-256 | p256_curve.go | Serialization/TECDSA internals |
Protocols
- Oblivious Transfer
- Threshold ECDSA (secp256k1)
- Threshold Schnorr / EdDSA (Ed25519)
- Bulletproof
- Paillier
- Secret Sharing
- ZKP Schnorr
References
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
benchcomp
command
benchcomp implements a command that receives two benchmarks files as input and flags the benchmarks that have degraded by more than a threshold amount.
|
benchcomp implements a command that receives two benchmarks files as input and flags the benchmarks that have degraded by more than a threshold amount. |
|
pkg
|
|
|
bulletproof
Package bulletproof implements the zero knowledge protocol bulletproofs as defined in https://eprint.iacr.org/2017/1066.pdf
|
Package bulletproof implements the zero knowledge protocol bulletproofs as defined in https://eprint.iacr.org/2017/1066.pdf |
|
core
Package core contains a set of primitives, including but not limited to various elliptic curves, hashes, and commitment schemes.
|
Package core contains a set of primitives, including but not limited to various elliptic curves, hashes, and commitment schemes. |
|
core/curves
Package curves: Field implementation IS NOT constant time as it leverages math/big for big number operations.
|
Package curves: Field implementation IS NOT constant time as it leverages math/big for big number operations. |
|
core/curves/native/k256/fp
Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Go --no-wide-int --relax-primitive-carry-to-bitwidth 32,64 --cmovznz-by-mul --internal-static --package-case flatcase --public-function-case UpperCamelCase --private-function-case camelCase --public-type-case UpperCamelCase --private-type-case camelCase --no-prefix-fiat --doc-newline-in-typedef-bounds --doc-prepend-header 'Code generated by Fiat Cryptography.
|
Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Go --no-wide-int --relax-primitive-carry-to-bitwidth 32,64 --cmovznz-by-mul --internal-static --package-case flatcase --public-function-case UpperCamelCase --private-function-case camelCase --public-type-case UpperCamelCase --private-type-case camelCase --no-prefix-fiat --doc-newline-in-typedef-bounds --doc-prepend-header 'Code generated by Fiat Cryptography. |
|
core/curves/native/k256/fq
Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Go --no-wide-int --relax-primitive-carry-to-bitwidth 32,64 --cmovznz-by-mul --internal-static --package-case flatcase --public-function-case UpperCamelCase --private-function-case camelCase --public-type-case UpperCamelCase --private-type-case camelCase --no-prefix-fiat --doc-newline-in-typedef-bounds --doc-prepend-header 'Code generated by Fiat Cryptography.
|
Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Go --no-wide-int --relax-primitive-carry-to-bitwidth 32,64 --cmovznz-by-mul --internal-static --package-case flatcase --public-function-case UpperCamelCase --private-function-case camelCase --public-type-case UpperCamelCase --private-type-case camelCase --no-prefix-fiat --doc-newline-in-typedef-bounds --doc-prepend-header 'Code generated by Fiat Cryptography. |
|
core/curves/native/p256/fp
Code generated by Fiat Cryptography.
|
Code generated by Fiat Cryptography. |
|
core/curves/native/p256/fq
Code generated by Fiat Cryptography.
|
Code generated by Fiat Cryptography. |
|
dkg/frost
Package frost is an implementation of the DKG part of https://eprint.iacr.org/2020/852.pdf
|
Package frost is an implementation of the DKG part of https://eprint.iacr.org/2020/852.pdf |
|
ot/base/silent
Package silent implements a compact "lazy" seed-OT whose stored state is ~129 bytes per pair versus ~24 KB for the Simplest OT it replaces.
|
Package silent implements a compact "lazy" seed-OT whose stored state is ~129 bytes per pair versus ~24 KB for the Simplest OT it replaces. |
|
ot/base/simplest
Package simplest implements the "Verified Simplest OT", as defined in "protocol 7" of [DKLs18](https://eprint.iacr.org/2018/499.pdf).
|
Package simplest implements the "Verified Simplest OT", as defined in "protocol 7" of [DKLs18](https://eprint.iacr.org/2018/499.pdf). |
|
ot/extension/kos
Package kos in an implementation of maliciously secure OT extension protocol defined in "Protocol 9" of [DKLs18](https://eprint.iacr.org/2018/499.pdf).
|
Package kos in an implementation of maliciously secure OT extension protocol defined in "Protocol 9" of [DKLs18](https://eprint.iacr.org/2018/499.pdf). |
|
ot/ottest
Package ottest contains some utilities to test ot functions.
|
Package ottest contains some utilities to test ot functions. |
|
paillier
Package paillier contains Paillier's cryptosystem (1999) [P99].
|
Package paillier contains Paillier's cryptosystem (1999) [P99]. |
|
sharing
Package sharing is an implementation of shamir secret sharing and implements the following papers.
|
Package sharing is an implementation of shamir secret sharing and implements the following papers. |
|
tecdsa/dkls/v0
Package v0 implements the 2-of-2 threshold ECDSA signing algorithm of [Doerner, Kondi, Lee, and shelat](https://eprint.iacr.org/2018/499).
|
Package v0 implements the 2-of-2 threshold ECDSA signing algorithm of [Doerner, Kondi, Lee, and shelat](https://eprint.iacr.org/2018/499). |
|
tecdsa/dkls/v1
Package v1 provides a wrapper around the [DKLs18](https://eprint.iacr.org/2018/499.pdf) sign and dkg and provides serialization, serialization, and versioning for the serialized data.
|
Package v1 provides a wrapper around the [DKLs18](https://eprint.iacr.org/2018/499.pdf) sign and dkg and provides serialization, serialization, and versioning for the serialized data. |
|
tecdsa/dkls/v1/dealer
Package dealer implements key generation via a trusted dealer for the protocol [DKLs18](https://eprint.iacr.org/2018/499.pdf).
|
Package dealer implements key generation via a trusted dealer for the protocol [DKLs18](https://eprint.iacr.org/2018/499.pdf). |
|
tecdsa/dkls/v1/dkg
Package dkg implements the Distributed Key Generation (DKG) protocol of [DKLs18](https://eprint.iacr.org/2018/499.pdf).
|
Package dkg implements the Distributed Key Generation (DKG) protocol of [DKLs18](https://eprint.iacr.org/2018/499.pdf). |
|
tecdsa/dkls/v1/refresh
This file implements the key refresh protocol of [DKLs18](https://eprint.iacr.org/2018/499.pdf).
|
This file implements the key refresh protocol of [DKLs18](https://eprint.iacr.org/2018/499.pdf). |
|
tecdsa/dkls/v1/sign
Package sign implements the 2-2 threshold signature protocol of [DKLs18](https://eprint.iacr.org/2018/499.pdf).
|
Package sign implements the 2-2 threshold signature protocol of [DKLs18](https://eprint.iacr.org/2018/499.pdf). |
|
tecdsa/dkls/v2
Package v2 provides a high-level wrapper around the DKLS19 sign, dkg, and refresh protocols, satisfying the protocol.Iterator interface for use in message-passing pipelines.
|
Package v2 provides a high-level wrapper around the DKLS19 sign, dkg, and refresh protocols, satisfying the protocol.Iterator interface for use in message-passing pipelines. |
|
tecdsa/dkls/v2/dealer
Package dealer implements key generation via a trusted dealer for DKLS19.
|
Package dealer implements key generation via a trusted dealer for DKLS19. |
|
tecdsa/dkls/v2/dkg
Package dkg implements the Distributed Key Generation (DKG) protocol of [DKLS19](https://eprint.iacr.org/2019/523.pdf).
|
Package dkg implements the Distributed Key Generation (DKG) protocol of [DKLS19](https://eprint.iacr.org/2019/523.pdf). |
|
tecdsa/dkls/v2/refresh
Package refresh implements the key-share refresh protocol for DKLS19.
|
Package refresh implements the key-share refresh protocol for DKLS19. |
|
tecdsa/dkls/v2/sign
This file implements the Oblivious Linear Evaluation (OLE / Multiplication) sub-protocol from DKLS19, Protocol 4.
|
This file implements the Oblivious Linear Evaluation (OLE / Multiplication) sub-protocol from DKLS19, Protocol 4. |
|
ted25519/frost
Package frost is an implementation of t-of-n threshold signature of https://eprint.iacr.org/2020/852.pdf
|
Package frost is an implementation of t-of-n threshold signature of https://eprint.iacr.org/2020/852.pdf |
|
ted25519/ted25519
Package ted25519 implements the Ed25519 signature algorithm.
|
Package ted25519 implements the Ed25519 signature algorithm. |
|
zkp/schnorr
Package schnorr implements a Schnorr proof, as described and used in Doerner, et al.
|
Package schnorr implements a Schnorr proof, as described and used in Doerner, et al. |
|
test
|
|
|
frost_dkg/ed25519
command
|
|
|
frost_dkg/frost
command
|
|
|
frost_dkg/k256
command
|
Click to show internal directories.
Click to hide internal directories.