-
Notifications
You must be signed in to change notification settings - Fork 96
/
key_ceremony_mediator.py
291 lines (255 loc) · 10.5 KB
/
key_ceremony_mediator.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
from dataclasses import dataclass, field
from typing import Dict, Iterable, List, Optional
from .key_ceremony import (
CeremonyDetails,
ElectionJointKey,
ElectionPartialKeyBackup,
ElectionPartialKeyChallenge,
ElectionPartialKeyVerification,
ElectionPublicKey,
combine_election_public_keys,
verify_election_partial_key_challenge,
)
from .type import GuardianId, MediatorId
@dataclass(unsafe_hash=True)
class GuardianPair:
"""Pair of guardians involved in sharing"""
owner_id: GuardianId
designated_id: GuardianId
@dataclass
class BackupVerificationState:
"""The state of the verifications of all guardian election partial key backups"""
all_sent: bool = field(default=False)
all_verified: bool = field(default=False)
failed_verifications: List[GuardianPair] = field(default_factory=list)
class KeyCeremonyMediator:
"""
KeyCeremonyMediator for assisting communication between guardians
"""
id: MediatorId
ceremony_details: CeremonyDetails
# From Guardians
# Round 1
_election_public_keys: Dict[GuardianId, ElectionPublicKey]
# Round 2
_election_partial_key_backups: Dict[GuardianPair, ElectionPartialKeyBackup]
# Round 3
_election_partial_key_verifications: Dict[
GuardianPair, ElectionPartialKeyVerification
]
def __init__(self, id: MediatorId, ceremony_details: CeremonyDetails):
self.id = id
self.ceremony_details = ceremony_details
self._election_public_keys: Dict[GuardianId, ElectionPublicKey] = {}
self._election_partial_key_backups: Dict[
GuardianPair, ElectionPartialKeyBackup
] = {}
self._election_partial_key_verifications: Dict[
GuardianPair, ElectionPartialKeyVerification
] = {}
self._election_partial_key_challenges: Dict[
GuardianPair, ElectionPartialKeyChallenge
] = {}
# ROUND 1: Announce guardians with public keys
def announce(self, key: ElectionPublicKey) -> None:
"""
Announce the guardian as present and participating the Key Ceremony
:param key: Guardian's election public key
"""
self._receive_election_public_key(key)
def all_guardians_announced(self) -> bool:
"""
Check the annoucement of all the guardians expected
:return: True if all guardians in attendance are announced
"""
return (
len(self._election_public_keys) == self.ceremony_details.number_of_guardians
)
def share_announced(
self, requesting_guardian_id: Optional[GuardianId] = None
) -> Optional[List[ElectionPublicKey]]:
"""
When all guardians have announced, share their public keys indicating their announcement
"""
if not self.all_guardians_announced():
return None
guardian_keys: List[ElectionPublicKey] = []
for guardian_id in self._get_announced_guardians():
if guardian_id != requesting_guardian_id:
guardian_keys.append(self._election_public_keys[guardian_id])
return guardian_keys
# ROUND 2: Share Election Partial Key Backups for compensating
def receive_backups(self, backups: List[ElectionPartialKeyBackup]) -> None:
"""
Receive all the election partial key backups generated by a guardian
"""
if not self.all_guardians_announced():
return
for backup in backups:
self._receive_election_partial_key_backup(backup)
def all_backups_available(self) -> bool:
"""
Check the availability of all the guardians backups
:return: True if all guardians have sent backups
"""
return (
self.all_guardians_announced()
and self._all_election_partial_key_backups_available()
)
def share_backups(
self, requesting_guardian_id: Optional[GuardianId] = None
) -> Optional[List[ElectionPartialKeyBackup]]:
"""
Share all backups designated for a specific guardian
"""
if not self.all_guardians_announced() or not self.all_backups_available:
return None
if not requesting_guardian_id:
return list(self._election_partial_key_backups.values())
return self._share_election_partial_key_backups_to_guardian(
requesting_guardian_id
)
# ROUND 3: Share verifications of backups
def receive_backup_verifications(
self, verifications: List[ElectionPartialKeyVerification]
) -> None:
"""
Receive all the election partial key verifications performed by a guardian
"""
if not self.all_backups_available():
return
for verification in verifications:
self._receive_election_partial_key_verification(verification)
def get_verification_state(self) -> BackupVerificationState:
if (
not self.all_backups_available()
or not self._all_election_partial_key_verifications_received()
):
return BackupVerificationState()
return self._check_verification_of_election_partial_key_backups()
def all_backups_verified(self) -> bool:
return self.get_verification_state().all_verified
# ROUND 4 (Optional): If a verification fails, guardian must issue challenge
def verify_challenge(
self, challenge: ElectionPartialKeyChallenge
) -> ElectionPartialKeyVerification:
"""
Mediator receives challenge and will act to mediate and verify
"""
verification = verify_election_partial_key_challenge(self.id, challenge)
if verification.verified:
self._receive_election_partial_key_verification(verification)
return verification
# FINAL: Publish joint public election key
def publish_joint_key(self) -> Optional[ElectionJointKey]:
"""
Publish joint election key from the public keys of all guardians
:return: Joint key for election
"""
if not self.all_backups_verified():
return None
return combine_election_public_keys(list(self._election_public_keys.values()))
def reset(self, ceremony_details: CeremonyDetails) -> None:
"""
Reset mediator to initial state
:param ceremony_details: Ceremony details of election
"""
self.ceremony_details = ceremony_details
self._election_public_keys = {}
self._election_partial_key_backups = {}
self._election_partial_key_challenges = {}
self._election_partial_key_verifications = {}
# Election Public Keys
def _receive_election_public_key(self, public_key: ElectionPublicKey) -> None:
"""
Receive election public key from guardian
:param public_key: election public key
"""
self._election_public_keys[public_key.owner_id] = public_key
def _get_announced_guardians(self) -> Iterable[GuardianId]:
return self._election_public_keys.keys()
# Election Partial Key Backups
def _receive_election_partial_key_backup(
self, backup: ElectionPartialKeyBackup
) -> None:
"""
Receive election partial key backup from guardian
:param backup: Election partial key backup
:return: boolean indicating success or failure
"""
if backup.owner_id == backup.designated_id:
return
self._election_partial_key_backups[
GuardianPair(backup.owner_id, backup.designated_id)
] = backup
def _all_election_partial_key_backups_available(self) -> bool:
"""
True if all election partial key backups for all guardians available
:return: All election partial key backups for all guardians available
"""
required_backups_per_guardian = self.ceremony_details.number_of_guardians - 1
return (
len(self._election_partial_key_backups)
== required_backups_per_guardian * self.ceremony_details.number_of_guardians
)
def _share_election_partial_key_backups_to_guardian(
self, guardian_id: GuardianId
) -> List[ElectionPartialKeyBackup]:
"""
Share all election partial key backups for designated guardian
:param guardian_id: Recipients guardian id
:return: List of guardians designated backups
"""
backups: List[ElectionPartialKeyBackup] = []
for current_guardian_id in self._get_announced_guardians():
if guardian_id != current_guardian_id:
backup = self._election_partial_key_backups[
GuardianPair(current_guardian_id, guardian_id)
]
if backup is not None:
backups.append(backup)
return backups
# Partial Key Verifications
def _receive_election_partial_key_verification(
self, verification: ElectionPartialKeyVerification
) -> None:
"""
Receive election partial key verification from guardian
:param verification: Election partial key verification
"""
if verification.owner_id == verification.designated_id:
return
self._election_partial_key_verifications[
GuardianPair(verification.owner_id, verification.designated_id)
] = verification
def _all_election_partial_key_verifications_received(self) -> bool:
"""
True if all election partial key verifications recieved
:return: All election partial key verifications received
"""
required_verifications_per_guardian = (
self.ceremony_details.number_of_guardians - 1
)
return (
len(self._election_partial_key_verifications)
== required_verifications_per_guardian
* self.ceremony_details.number_of_guardians
)
def _check_verification_of_election_partial_key_backups(
self,
) -> BackupVerificationState:
"""
True if all election partial key backups verified
:return: All election partial key backups verified
"""
if not self._all_election_partial_key_verifications_received():
return BackupVerificationState()
failed_verifications: List[GuardianPair] = []
for verification in self._election_partial_key_verifications.values():
if not verification.verified:
failed_verifications.append(
GuardianPair(verification.owner_id, verification.designated_id)
)
return BackupVerificationState(
True, len(failed_verifications) == 0, failed_verifications
)