Skip to content

Latest commit

 

History

History
137 lines (98 loc) · 8.54 KB

README.md

File metadata and controls

137 lines (98 loc) · 8.54 KB

🚀 CGGMP Threshold ECDSA Distributed Key Generation Protocol 🔑

GitHub Workflow Status Codecov License: GPL v3 Twitter Telegram Discord

📖 Table of Contents

Table of Contents

Getting Started 🎉

This repo is research-oriented software and should not be considered SAFE to use in production. It has not been audited and/or tested rigorously yet. Please use caution.

This is an implementation of the threshold ECDSA signature multi-party-computation from UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts with slight modifications. We implement this MPC using the key generation protocol originally from GG20 and implemented by Zengo in multi-party-ecdsa.

For the key refresh protocol we opt for a fork of Zengo's fs-dkr maintained by us. Together, these complete the key generation and key refreshing protocol. From here, we implement the pre-signing and signing protocols outlined in the aforementioned CGGMP paper. This implementation leverages the infrastructure built by Zengo, namely round-based-protocol. We detail how this can be used in a blockchain's gossip network environment such as Substrate, as that motivates this work.

Particularly, we have implemented the 4-round $O(n^2)$ identifiable abort version of CGGMP. The remaining work to be done is testing our implementation, particularly the presign and sign.

Implementation checklist

  • Key generation multi-party-ecdsa.
  • Key generation tests
  • Key refresh fs-dkr
  • Key refresh tests
  • Adding Ring Pedersen parameters to fs-dkr.
  • Implementing all ZKPs for 4-round $O(n^2)$ identifiable abort
  • Implementing 4-round $O(n^2)$ identifiable abort presign and sign.
  • Testing 4-round $O(n^2)$ identifiable abort presign and sign.
  • Implementing all ZKPs for 7-round $O(n)$ identifiable abort
    • aff-p
    • enc-elg
    • aff-p
    • elog
    • Nth
    • log
  • Implementing 7-round $O(n)$ identifiable abort presign and sign.
    • Entire protocol unimplemented (refer to CGGMP paper for details + taurus-group implementation)taurus group code.
  • Testing 7-round $O(n)$ identifiable abort presign and sign.

Prerequisites

This guide uses https://rustup.rs installer and the rustup tool to manage the Rust toolchain.

First install and configure rustup:

# Install
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Configure
source ~/.cargo/env

Configure the Rust toolchain to default to the latest stable and nightly versions:

rustup update
rustup update nightly

Great! Now your Rust environment is ready! 🚀🚀

Installation 💻

Once the development environment is set up, build the repo. This command will build the MPC protocol:

cargo build --release

NOTE: You do not need to use the release builds! Debug builds can work here as well.

Usage

Quick Start ⚡

Check out the tests for examples on how to utilise the library!

Integration into Substrate

A main motivation for Webb is integrating this protocol into a blockchain environment such as Substrate. Our intention is to leverage both a blockchain's proof of stake / proof of authority selection mechanism as well as the underlying system's gossip network to bootstrap and execute this multi-party computation offchain. Throughout the lifecycle of the protocol, the participating MPC authorities will post data on-chain to keep the system in sync, such as to select the participating authorities, to govern the thresholds t and n and more.

An example of how this is possible using the same primitives provided in this repo can be found in our dkg-substrate repo. Currently the GG20 protocol is being executed. There are wrappers in place for executing any protocol using the round-based-protocol architecture. Slight modifications might be necessary and we aim to have this repo integrated into Substrate once it is working and tested here.

External Networking

Not included in this library is a server-oriented execution protocol. There are examples of how this can be done using GG20 in multi-party-ecdas. We welcome contributions to add a similar example here, but at the moment it will not be prioritized.

There are a variety of other external networking options one can choose between such as point-to-point channels, gossip networks, and or gRPC server coordinators. Each has different trade-offs. Point-to-point channels and gRPC server coordination allow one to run this protocol in the most simple manner, since the network topology is effectively decided on startup. In a gossip network environment this isn't always the case, therefore gossiping and re-gossiping messages using a method such as gossipsub from libp2p is recommended.

Testing 🧪

The following instructions outlines how to run dkg-substrate's base test suite and E2E test suite.

To run base tests

cargo test

Contributing

Interested in contributing to the Webb's MPC research? Thank you so much for your interest! We are always appreciative for contributions from the open-source community!

If you have a contribution in mind, please check out our Contribution Guide for information on how to do so. We are excited for your first contribution!

License

Licensed under GNU General Public License v3.0.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this crate by you, as defined in the GNU General Public License v3.0 license, shall be licensed as above, without any additional terms or conditions.