v2

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 24, 2026 License: Apache-2.0 Imports: 12 Imported by: 1

Documentation

Overview

Package v2 provides a high-level wrapper around the DKLS19 sign, dkg, and refresh protocols, satisfying the protocol.Iterator interface for use in message-passing pipelines. Serialization, versioning, and step routing are handled here.

Index

Constants

View Source 
const (
	// Dkls19Dkg is the protocol identifier for the DKLS19 DKG.
	Dkls19Dkg = "DKLs19-DKG"

	// Dkls19Sign is the protocol identifier for the DKLS19 signing protocol.
	Dkls19Sign = "DKLs19-Sign"

	// Dkls19Refresh is the protocol identifier for the DKLS19 key-refresh protocol.
	Dkls19Refresh = "DKLs19-Refresh"

	// Version2 is the protocol version tag for all DKLS19 (v2) messages.
	Version2 = 300
)

Variables

This section is empty.

Functions

func DecodeAliceDkgResult 

func DecodeAliceDkgResult(m *protocol.Message) (*dkg.AliceOutput, error)

DecodeAliceDkgResult decodes Alice's DKG output from a protocol.Message.

func DecodeBobDkgResult 

func DecodeBobDkgResult(m *protocol.Message) (*dkg.BobOutput, error)

DecodeBobDkgResult decodes Bob's DKG output from a protocol.Message.

func DecodeSignature 

func DecodeSignature(m *protocol.Message) (*curves.EcdsaSignature, error)

DecodeSignature decodes the ECDSA signature produced by Bob at the end of signing.

func EncodeAliceDkgOutput 

func EncodeAliceDkgOutput(out *dkg.AliceOutput, version uint) (*protocol.Message, error)

EncodeAliceDkgOutput serialises Alice's DKG output into a protocol.Message.

func EncodeBobDkgOutput 

func EncodeBobDkgOutput(out *dkg.BobOutput, version uint) (*protocol.Message, error)

EncodeBobDkgOutput serialises Bob's DKG output into a protocol.Message.

Types

type AliceDkg 

type AliceDkg struct {
	*dkg.Alice
	// contains filtered or unexported fields
}

AliceDkg wraps dkg.Alice and satisfies protocol.Iterator.

func NewAliceDkg 

func NewAliceDkg(curve *curves.Curve, version uint) *AliceDkg

NewAliceDkg creates a DKLS19 DKG iterator for Alice. Alice is the responder; she waits for Bob's seed before acting.

func NewAliceDkgWithSecret added in v1.0.1 

func NewAliceDkgWithSecret(curve *curves.Curve, secretShare curves.Scalar, version uint) *AliceDkg

NewAliceDkgWithSecret creates a DKLS19 DKG iterator for Alice using a pre-existing secret key share instead of generating a fresh random one.

This is designed for the Shamir+DKLS19 2-of-n hybrid: after a group DKG (e.g. FROST) produces Shamir shares, the caller computes the Lagrange-weighted share for this pair and passes it here. The DKLS19 DKG then establishes the OT correlations required for future signing sessions, while the resulting public key matches the group public key.

secretShare must equal λ_alice · s_alice for the signing pair {alice, bob}, where λ_alice is Alice's Lagrange coefficient and s_alice is her Shamir share.

func (*AliceDkg) Next 

func (p *AliceDkg) Next(input *protocol.Message) (*protocol.Message, error)

Next executes the current step and advances the step counter. Returns protocol.ErrProtocolFinished when all steps are done.

func (*AliceDkg) Result 

func (a *AliceDkg) Result(version uint) (*protocol.Message, error)

Result encodes Alice's DKG output for use in subsequent signing sessions.

type AliceRefresh 

type AliceRefresh struct {
	*refresh.Alice
	// contains filtered or unexported fields
}

AliceRefresh wraps refresh.Alice and satisfies protocol.Iterator.

func NewAliceRefresh 

func NewAliceRefresh(curve *curves.Curve, dkgResult *protocol.Message, version uint) (*AliceRefresh, error)

NewAliceRefresh creates a DKLS19 key-refresh iterator for Alice.

func (*AliceRefresh) Next 

func (p *AliceRefresh) Next(input *protocol.Message) (*protocol.Message, error)

Next executes the current step and advances the step counter. Returns protocol.ErrProtocolFinished when all steps are done.

func (*AliceRefresh) Result 

func (a *AliceRefresh) Result(version uint) (*protocol.Message, error)

Result encodes Alice's refreshed DKG output.

type AliceSign 

type AliceSign struct {
	*sign.Alice
	// contains filtered or unexported fields
}

AliceSign wraps sign.Alice and satisfies protocol.Iterator.

func NewAliceSign 

func NewAliceSign(curve *curves.Curve, hash hash.Hash, message []byte, dkgResult *protocol.Message, version uint) (*AliceSign, error)

NewAliceSign creates a DKLS19 signing iterator for Alice.

func NewAliceSignWithTweak added in v1.0.1 

func NewAliceSignWithTweak(
	curve *curves.Curve,
	hash hash.Hash,
	message []byte,
	dkgResult *protocol.Message,
	tweak curves.Scalar,
	childPublicKey curves.Point,
	version uint,
) (*AliceSign, error)

NewAliceSignWithTweak creates a DKLS19 signing iterator for Alice with a BIP32 scalar tweak applied to her secret key share before signing.

The tweak implements BIP32 child-key derivation at the MPC layer without requiring a new DKG session: Alice's effective share becomes sk_A' = sk_A + tweak. The caller must also pass childPublicKey — the BIP32-derived child public key — so that the signing protocol's internal ECDSA verification uses the correct public key.

Intended usage: 

tweak, childPubKey, err := bip32.DeriveChildKey(aggregatedPubKey, path)
aliceSign, err := NewAliceSignWithTweak(curve, hash, msg, dkgResult, tweak, childPubKey, version)

func (*AliceSign) Next 

func (p *AliceSign) Next(input *protocol.Message) (*protocol.Message, error)

Next executes the current step and advances the step counter. Returns protocol.ErrProtocolFinished when all steps are done.

func (*AliceSign) Result 

func (a *AliceSign) Result(_ uint) (*protocol.Message, error)

Result always returns an error: Alice does not compute a signature.

type BobDkg 

type BobDkg struct {
	*dkg.Bob
	// contains filtered or unexported fields
}

BobDkg wraps dkg.Bob and satisfies protocol.Iterator.

func NewBobDkg 

func NewBobDkg(curve *curves.Curve, version uint) *BobDkg

NewBobDkg creates a DKLS19 DKG iterator for Bob. Bob is the initiator; his first step requires no input.

func NewBobDkgWithSecret added in v1.0.1 

func NewBobDkgWithSecret(curve *curves.Curve, secretShare curves.Scalar, version uint) *BobDkg

NewBobDkgWithSecret creates a DKLS19 DKG iterator for Bob using a pre-existing secret key share instead of generating a fresh random one.

This is the Bob-side counterpart of NewAliceDkgWithSecret; see that function's documentation for the intended use case.

secretShare must equal λ_bob · s_bob for the signing pair {alice, bob}.

func (*BobDkg) Next 

func (p *BobDkg) Next(input *protocol.Message) (*protocol.Message, error)

Next executes the current step and advances the step counter. Returns protocol.ErrProtocolFinished when all steps are done.

func (*BobDkg) Result 

func (b *BobDkg) Result(version uint) (*protocol.Message, error)

Result encodes Bob's DKG output for use in subsequent signing sessions.

type BobRefresh 

type BobRefresh struct {
	*refresh.Bob
	// contains filtered or unexported fields
}

BobRefresh wraps refresh.Bob and satisfies protocol.Iterator.

func NewBobRefresh 

func NewBobRefresh(curve *curves.Curve, dkgResult *protocol.Message, version uint) (*BobRefresh, error)

NewBobRefresh creates a DKLS19 key-refresh iterator for Bob.

func (*BobRefresh) Next 

func (p *BobRefresh) Next(input *protocol.Message) (*protocol.Message, error)

Next executes the current step and advances the step counter. Returns protocol.ErrProtocolFinished when all steps are done.

func (*BobRefresh) Result 

func (b *BobRefresh) Result(version uint) (*protocol.Message, error)

Result encodes Bob's refreshed DKG output.

type BobSign 

type BobSign struct {
	*sign.Bob
	// contains filtered or unexported fields
}

BobSign wraps sign.Bob and satisfies protocol.Iterator.

func NewBobSign 

func NewBobSign(curve *curves.Curve, hash hash.Hash, message []byte, dkgResult *protocol.Message, version uint) (*BobSign, error)

NewBobSign creates a DKLS19 signing iterator for Bob.

func NewBobSignWithTweak added in v1.0.1 

func NewBobSignWithTweak(
	curve *curves.Curve,
	hash hash.Hash,
	message []byte,
	dkgResult *protocol.Message,
	tweak curves.Scalar,
	childPublicKey curves.Point,
	version uint,
) (*BobSign, error)

NewBobSignWithTweak creates a DKLS19 signing iterator for Bob with a BIP32 child public key override.

In the additive secret-sharing scheme (x = sk_A + sk_B), only Alice adds the scalar tweak to her share (sk_A' = sk_A + tweak). Bob's share remains unchanged. The joint child key is then x' = sk_A' + sk_B = x + tweak, as required by BIP32.

The caller must pass the correct childPublicKey (= x'·G) so that Bob's internal ECDSA verification uses the derived child key and not the master key.

func (*BobSign) Next 

func (p *BobSign) Next(input *protocol.Message) (*protocol.Message, error)

Next executes the current step and advances the step counter. Returns protocol.ErrProtocolFinished when all steps are done.

func (*BobSign) Result 

func (b *BobSign) Result(version uint) (*protocol.Message, error)

Result returns the completed ECDSA signature produced by Bob.

Source Files

View all Source files

Directories

Path Synopsis
Package dealer implements key generation via a trusted dealer for DKLS19.
 Package dealer implements key generation via a trusted dealer for DKLS19.
Package dkg implements the Distributed Key Generation (DKG) protocol of [DKLS19](https://eprint.iacr.org/2019/523.pdf).
 Package dkg implements the Distributed Key Generation (DKG) protocol of [DKLS19](https://eprint.iacr.org/2019/523.pdf).
Package refresh implements the key-share refresh protocol for DKLS19.
 Package refresh implements the key-share refresh protocol for DKLS19.
This file implements the Oblivious Linear Evaluation (OLE / Multiplication) sub-protocol from DKLS19, Protocol 4.
 This file implements the Oblivious Linear Evaluation (OLE / Multiplication) sub-protocol from DKLS19, Protocol 4.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.