Documentation ¶
Overview ¶
Package share implements Shamir secret sharing and polynomial commitments. Shamir's scheme allows you to split a secret value into multiple parts, so called shares, by evaluating a secret sharing polynomial at certain indices. The shared secret can only be reconstructed (via Lagrange interpolation) if a threshold of the participants provide their shares. A polynomial commitment scheme allows a committer to commit to a secret sharing polynomial so that a verifier can check the claimed evaluations of the committed polynomial. Both schemes of this package are core building blocks for more advanced secret sharing techniques.
Index ¶
 func RecoverCommit(g kyber.Group, shares []*PubShare, t, n int) (kyber.Point, error)
 func RecoverSecret(g kyber.Group, shares []*PriShare, t, n int) (kyber.Scalar, error)
 type PriPoly
 func (p *PriPoly) Add(q *PriPoly) (*PriPoly, error)
 func (p *PriPoly) Commit(b kyber.Point) *PubPoly
 func (p *PriPoly) Equal(q *PriPoly) bool
 func (p *PriPoly) Eval(i int) *PriShare
 func (p *PriPoly) Mul(q *PriPoly) *PriPoly
 func (p *PriPoly) Secret() kyber.Scalar
 func (p *PriPoly) Shares(n int) []*PriShare
 func (p *PriPoly) String() string
 func (p *PriPoly) Threshold() int
 type PriShare
 type PubPoly
 func (p *PubPoly) Add(q *PubPoly) (*PubPoly, error)
 func (p *PubPoly) Check(s *PriShare) bool
 func (p *PubPoly) Commit() kyber.Point
 func (p *PubPoly) Equal(q *PubPoly) bool
 func (p *PubPoly) Eval(i int) *PubShare
 func (p *PubPoly) Info() (base kyber.Point, commits []kyber.Point)
 func (p *PubPoly) Shares(n int) []*PubShare
 func (p *PubPoly) Threshold() int
 type PubShare
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RecoverCommit ¶
RecoverCommit reconstructs the secret commitment p(0) from a list of public shares using Lagrange interpolation.
Types ¶
type PriPoly ¶
type PriPoly struct {
// contains filtered or unexported fields
}
PriPoly represents a secret sharing polynomial.
func NewPriPoly ¶
NewPriPoly creates a new secret sharing polynomial using the provided cryptographic group, the secret sharing threshold t, and the secret to be shared s. If s is nil, a new s is chosen using the provided randomness stream rand.
func RecoverPriPoly ¶
RecoverPriPoly takes a list of shares and the parameters t and n to reconstruct the secret polynomial completely, i.e., all private coefficients. It is up to the caller to make sure that there are enough shares to correctly reconstruct the polynomial. There must be at least t shares.
func (*PriPoly) Add ¶
Add computes the componentwise sum of the polynomials p and q and returns it as a new polynomial.
func (*PriPoly) Commit ¶
Commit creates a public commitment polynomial for the given base point b or the standard base if b == nil.
func (*PriPoly) Equal ¶
Equal checks equality of two secret sharing polynomials p and q. If p and q are trivially unequal (e.g., due to mismatching cryptographic groups or polynomial size), this routine returns in variable time. Otherwise it runs in constant time regardless of whether it eventually returns true or false.
func (*PriPoly) Mul ¶
Mul multiples p and q together. The result is a polynomial of the sum of the two degrees of p and q. NOTE: it does not check for null coefficients after the multiplication, so the degree of the polynomial is "always" as described above. This is only for use in secret sharing schemes. It is not a general polynomial multiplication routine.
func (*PriPoly) Secret ¶
Secret returns the shared secret p(0), i.e., the constant term of the polynomial.
type PubPoly ¶
type PubPoly struct {
// contains filtered or unexported fields
}
PubPoly represents a public commitment polynomial to a secret sharing polynomial.
func NewPubPoly ¶
NewPubPoly creates a new public commitment polynomial.
func (*PubPoly) Add ¶
Add computes the componentwise sum of the polynomials p and q and returns it as a new polynomial. NOTE: If the base points p.b and q.b are different then the base point of the resulting PubPoly cannot be computed without knowing the discrete logarithm between p.b and q.b. In this particular case, we are using p.b as a default value which of course does not correspond to the correct base point and thus should not be used in further computations.
func (*PubPoly) Commit ¶
Commit returns the secret commitment p(0), i.e., the constant term of the polynomial.
func (*PubPoly) Equal ¶
Equal checks equality of two public commitment polynomials p and q. If p and q are trivially unequal (e.g., due to mismatching cryptographic groups), this routine returns in variable time. Otherwise it runs in constant time regardless of whether it eventually returns true or false.
func (*PubPoly) Info ¶
Info returns the base point and the commitments to the polynomial coefficients.
Directories ¶
Path  Synopsis 

dkg


pedersen
Package dkg implements the protocol described in "A threshold cryptosystem without a trusted party" by Torben Pryds Pedersen.

Package dkg implements the protocol described in "A threshold cryptosystem without a trusted party" by Torben Pryds Pedersen. 
rabin
Package dkg implements the protocol described in "Secure Distributed Key Generation for DiscreteLog Based Cryptosystems" by R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin.

Package dkg implements the protocol described in "Secure Distributed Key Generation for DiscreteLog Based Cryptosystems" by R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. 
Package dss implements the Distributed Schnorr Signature protocol from the paper "Provably Secure Distributed Schnorr Signatures and a (t, n) Threshold Scheme for Implicit Certificates".

Package dss implements the Distributed Schnorr Signature protocol from the paper "Provably Secure Distributed Schnorr Signatures and a (t, n) Threshold Scheme for Implicit Certificates". 
Package pvss implements public verifiable secret sharing as introduced in "A Simple Publicly Verifiable Secret Sharing Scheme and its Application to Electronic Voting" by Berry Schoenmakers.

Package pvss implements public verifiable secret sharing as introduced in "A Simple Publicly Verifiable Secret Sharing Scheme and its Application to Electronic Voting" by Berry Schoenmakers. 
vss


pedersen
Package vss implements the verifiable secret sharing scheme from "NonInteractive and InformationTheoretic Secure Verifiable Secret Sharing" by Torben Pryds Pedersen.

Package vss implements the verifiable secret sharing scheme from "NonInteractive and InformationTheoretic Secure Verifiable Secret Sharing" by Torben Pryds Pedersen. 
rabin
Package vss implements the verifiable secret sharing scheme from the paper "Provably Secure Distributed Schnorr Signatures and a (t, n) Threshold Scheme for Implicit Certificates".

Package vss implements the verifiable secret sharing scheme from the paper "Provably Secure Distributed Schnorr Signatures and a (t, n) Threshold Scheme for Implicit Certificates". 