Skip to content
/ synedrion Public

Implementation of Canetti-Gennaro-Goldfeder-Makriyannis-Peled threshold signing scheme

docs.rs/synedrion

License

AGPL-3.0 license
68 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

entropyxyz/synedrion

BranchesTags

Repository files navigation

Synedrion

crate Docs License Build Status Coverage

A threshold signing library based on the CGGMP'24 scheme.

WARNING: the library is a work in progress (see Issues), and has not been audited. Use at your own risk.

This library is an implementation of a scheme described in "UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts" by R. Canetti, R. Gennaro, S. Goldfeder, N. Makriyannis, and U. Peled. Specifically, we are using the scheme as specified in the preprint at https://eprint.iacr.org/2021/060, revision 2024-10-21.

Protocols

The library implements the following protocols from the paper:

  • ECDSA Key-Generation - generates the initial secret key shares and distributes the public counterparts between the nodes;
  • Auxiliary Info. & Key Refresh - generates updates to the secret key shares and auxiliary information required for ZK proofs;
  • Auxiliary Info - the protocol above without the key refresh, only generating the auxiliary info;
  • ECDSA Presigning - performs all the signing calculations that do not depend on the message that is being signed;
  • ECDSA Signing - finalizes signing given a pre-hashed message.
  • ECDSA Interactive Signing - the two protocols above chained one after the other acting as a single protocol. Note that currently Presigning and Signing are not available separately to ensure we can generate provable evidence on Signing faults (which requires transcript from Presigning).
  • Threshold Key Resharing - technically not a part of the CGGMP'24 proper, but needed to enable threshold functionality.

All the protocols support identifiable aborts where specified by the paper, and where possible, a self-contained malicious behavior evidence will be returned, so that it can be published.

The following components are work in progress:

  • Multiple shares per party - see #31;
  • Generic support for arbitrary curves - currently SECP256k1 is hardcoded, see #27 for more details.

High-level API

The library uses manul as a framework for running the protocols. All the protocols expose a type implementing EntryPoint and can be executed via Session.

See manul docs for general information on how to execute protocols in production or development environment, and how to handle errors.

About

Implementation of Canetti-Gennaro-Goldfeder-Makriyannis-Peled threshold signing scheme

docs.rs/synedrion

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

68 stars

Watchers

5 watching

Forks

12 forks
Report repository

Releases

15 tags

Packages

No packages published

Contributors 8

Languages