Documentation
¶
Overview ¶
Package refresh implements the key-share refresh protocol for DKLS19.
The refresh protocol lets Alice and Bob rotate their additive key shares and re-seed the correlated OT material without changing the joint public key.
Protocol outline (mirrors DKLs18 refresh with updated transcript labels):
- Alice samples k_A ← F_q, writes it to the transcript, and sends it to Bob.
- Bob receives k_A, samples k_B ← F_q, writes both to the transcript, reads the common multiplier k = Transcript("refresh_multiplier"), and updates: sk_B ← sk_B · k. Sends k_B to Alice.
- Alice writes k_B, reads k, and updates: sk_A ← sk_A · k^{−1}.
- Both parties redo the seed OT (identical to the DKG seed OT phase).
Invariant: sk_A' · sk_B' = (sk_A · k^{−1}) · (sk_B · k) = sk_A · sk_B, so the joint public key Q = sk_A · sk_B · G is unchanged.
Index ¶
- type Alice
- func (alice *Alice) Output() *dkg.AliceOutput
- func (alice *Alice) Round1AliceMultiplier() (curves.Scalar, error)
- func (alice *Alice) Round3AliceUpdateAndOT(r2 *RefreshRound2Output) ([]simplest.ReceiversMaskedChoices, error)
- func (alice *Alice) Round5OTRound4(challenges []simplest.OtChallenge) ([]simplest.OtChallengeResponse, error)
- func (alice *Alice) Round7OTRound6(openings []simplest.ChallengeOpening) error
- type Bob
- func (bob *Bob) Output() *dkg.BobOutput
- func (bob *Bob) Round2BobMultiplierAndOT(kA curves.Scalar) (*RefreshRound2Output, error)
- func (bob *Bob) Round4OTRound3(maskedChoices []simplest.ReceiversMaskedChoices) ([]simplest.OtChallenge, error)
- func (bob *Bob) Round6OTRound5(responses []simplest.OtChallengeResponse) ([]simplest.ChallengeOpening, error)
- type RefreshRound2Output
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Alice ¶
type Alice struct {
// contains filtered or unexported fields
}
Alice holds Alice's mutable state during one refresh execution.
func NewAlice ¶
func NewAlice(curve *curves.Curve, dkgOutput *dkg.AliceOutput) *Alice
NewAlice creates an Alice refresh instance from existing DKG output. Returns nil if curve or dkgOutput is nil.
func (*Alice) Output ¶
func (alice *Alice) Output() *dkg.AliceOutput
Output returns Alice's refreshed DKG output. Returns nil if the refresh protocol has not yet finished.
func (*Alice) Round1AliceMultiplier ¶
Round1AliceMultiplier is Alice's opening move. She samples k_A ← F_q, appends it to the transcript, and sends it to Bob.
func (*Alice) Round3AliceUpdateAndOT ¶
func (alice *Alice) Round3AliceUpdateAndOT(r2 *RefreshRound2Output) ([]simplest.ReceiversMaskedChoices, error)
Round3AliceUpdateAndOT is Alice's reply. She appends k_B, derives k, updates her key share as sk_A ← sk_A · k^{−1}, and advances the seed OT.
func (*Alice) Round5OTRound4 ¶
func (alice *Alice) Round5OTRound4(challenges []simplest.OtChallenge) ([]simplest.OtChallengeResponse, error)
Round5OTRound4 wraps the fourth round of the seed OT.
func (*Alice) Round7OTRound6 ¶
func (alice *Alice) Round7OTRound6(openings []simplest.ChallengeOpening) error
Round7OTRound6 wraps the sixth (final) round of the seed OT.
type Bob ¶
type Bob struct {
// contains filtered or unexported fields
}
Bob holds Bob's mutable state during one refresh execution.
func NewBob ¶
NewBob creates a Bob refresh instance from existing DKG output. Returns nil if curve or dkgOutput is nil.
func (*Bob) Output ¶
Output returns Bob's refreshed DKG output. Returns nil if the refresh protocol has not yet finished.
func (*Bob) Round2BobMultiplierAndOT ¶
func (bob *Bob) Round2BobMultiplierAndOT(kA curves.Scalar) (*RefreshRound2Output, error)
Round2BobMultiplierAndOT is Bob's response. Bob appends k_A, samples k_B, derives the common multiplier k, updates his key share, and kicks off the new seed OT.
func (*Bob) Round4OTRound3 ¶
func (bob *Bob) Round4OTRound3(maskedChoices []simplest.ReceiversMaskedChoices) ([]simplest.OtChallenge, error)
Round4OTRound3 wraps the third round of the seed OT.
func (*Bob) Round6OTRound5 ¶
func (bob *Bob) Round6OTRound5(responses []simplest.OtChallengeResponse) ([]simplest.ChallengeOpening, error)
Round6OTRound5 wraps the fifth round of the seed OT.
type RefreshRound2Output ¶
type RefreshRound2Output struct {
// SeedOTRound1Output is the Schnorr proof from the sender side of the new seed OT.
SeedOTRound1Output *schnorr.Proof
// BobMultiplier is k_B, Bob's random contribution to the refresh.
BobMultiplier curves.Scalar
}
RefreshRound2Output is Bob's first message to Alice in the refresh protocol.
Source Files