threshold

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 21, 2025 License: Apache-2.0 Imports: 9 Imported by: 8

Documentation

Overview

Package ringtail provides post-quantum threshold signatures using Ring-LWE.

Signing is a 2-round protocol:

  • Round 1: Each party broadcasts D matrix + MACs
  • Round 2: Each party broadcasts z share
  • Finalize: Any party aggregates into final signature

Fresh keygen runs each epoch when validator set changes.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidThreshold  = errors.New("threshold must be > 0 and < total parties")
	ErrInvalidPartyCount = errors.New("need at least 2 parties")
	ErrInvalidPartyIndex = errors.New("party index out of range")
	ErrMACVerifyFailed   = errors.New("MAC verification failed")
	ErrFullRankFailed    = errors.New("full rank check failed")
	ErrInsufficientData  = errors.New("insufficient round data")
)

Functions

func GenerateKeys 

func GenerateKeys(t, n int, randSource io.Reader) ([]*KeyShare, *GroupKey, error)

GenerateKeys generates threshold key shares for n parties with threshold t. This runs once per epoch when the validator set changes.

func Verify 

func Verify(groupKey *GroupKey, message string, sig *Signature) bool

Verify checks if a signature is valid for the given message.

Types

type GroupKey 

type GroupKey struct {
	A      structs.Matrix[ring.Poly] // Public matrix
	BTilde structs.Vector[ring.Poly] // Rounded public key
	Params *Params
}

GroupKey holds the public parameters for the threshold group.

func (*GroupKey) Bytes 

func (gk *GroupKey) Bytes() []byte

Bytes returns a serialized representation of the group key. Note: This is a simplified serialization for compatibility.

type KeyShare 

type KeyShare struct {
	Index    int
	SkShare  structs.Vector[ring.Poly]
	Seeds    map[int][][]byte
	MACKeys  map[int][]byte
	Lambda   ring.Poly // Lagrange coefficient
	GroupKey *GroupKey
}

KeyShare holds a party's secret share data.

type Params 

type Params struct {
	R   *ring.Ring // Main ring with prime Q
	RXi *ring.Ring // Rounding ring with QXi
	RNu *ring.Ring // Rounding ring with QNu
}

Params holds ring parameters for the protocol.

func NewParams 

func NewParams() (*Params, error)

NewParams creates ring parameters.

type Round1Data 

type Round1Data struct {
	PartyID int
	D       structs.Matrix[ring.Poly]
	MACs    map[int][]byte
}

Round1Data holds a party's Round 1 output.

type Round2Data 

type Round2Data struct {
	PartyID int
	Z       structs.Vector[ring.Poly]
}

Round2Data holds a party's Round 2 output.

type Signature 

type Signature struct {
	C     ring.Poly
	Z     structs.Vector[ring.Poly]
	Delta structs.Vector[ring.Poly]
}

Signature holds the final threshold signature.

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer handles threshold signing for a single party.

func NewSigner 

func NewSigner(share *KeyShare) *Signer

NewSigner creates a signer from a key share.

func (*Signer) Finalize 

func (s *Signer) Finalize(round2Data map[int]*Round2Data) (*Signature, error)

Finalize aggregates z shares into the final signature. Any party can call this with the collected Round 2 data.

func (*Signer) Round1 

func (s *Signer) Round1(sessionID int, prfKey []byte, signers []int) *Round1Data

Round1 performs signing round 1. Returns D matrix and MACs to broadcast.

func (*Signer) Round2 

func (s *Signer) Round2(sessionID int, message string, prfKey []byte, signers []int, round1Data map[int]*Round1Data) (*Round2Data, error)

Round2 performs signing round 2. Returns z share to broadcast. round1Data is the collected Round 1 data from all signers.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.