Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crypto part of the Groth's NIDKG #1182

Merged
merged 59 commits into from
Apr 12, 2022
Merged

Crypto part of the Groth's NIDKG #1182

merged 59 commits into from
Apr 12, 2022

Conversation

jstuczyn
Copy link
Contributor

@jstuczyn jstuczyn commented Mar 31, 2022
edited
Loading

Alright, this [draft] pull request includes the first batch of work required for distributed key generation so that we could have our coconut credentials. This part focuses on the crypto-part of the problem. The implementation is based on Non-interactive distributed key generation and key resharing by Jens Groth paper. It is also further supported by the extremely helpful description provided by Ania and Alfredo available on our overleaf: https://www.overleaf.com/project/61fc031513021c2738dee13c.

Unfortunately in order to create this implementation, the bls12-381 curve library had to be forked and we will need to operate on the fork until zkcrypto/bls12_381#10 is resolved as we require being able to serialize curve elements inside Gt so that we could create the lookup table required for the baby-step giant-step algorithm used during chunk decryption. This also means that once DKG is incorporated into the coconut, the underlying curve library used there will need to be switched to the same fork.

The PR also includes couple of benchmarks and those regarding dealing verification and share recovery should be of interest. I've run them on my local machine with ryzen 5900X and the relevant results are as follows:

  • it takes 3.43s to verify a single dealing (and recover associated share) that has been created for 20 party setup. This means that every single party in the system will need to dedicate ~4.35 minutes of compute time for key creation. (each party has to recover shares from 19 other parties and it has to be performed 4 times since we intend to have 4 attributes in each credential and 3.43s * 19 * 4 = 260.7s ~ 4.35 minutes)
  • it takes 16.83s to verify a single dealing (and recover associated share) that has been created for 100 party setup. This implies that every single party in the system will need to dedicate ~2 hours of compute time for key creation (16.83 * 99 * 4 = 111 minutes)

The remaining work before this PR can be moved out of the draft includes:
- serialization implementation of the remaining data structures that are required for end-to-end operation (such as DecryptionKey or Dealing),
- implementation of VKCombine and VKVfy algorithms

However, in its current state, I think all the existing crypto primitives are ready to get reviewed.

@jstuczyn
Work in progress NIDKG
207bf5d
@jstuczyn
Encryption of multiple shares
0e3b8b2
@jstuczyn
Extracted baby-step giant-step lookup table as a separate entity
c615211
@jstuczyn
Merge with develop
f585bc9
@jstuczyn
Proof of discrete log
60181b6
@jstuczyn
Adjusted discrete log domainn
6277333
@jstuczyn
Producing proof of log during keygen
90924fd
@jstuczyn
Zeroize for epoch
b71f5d6
@jstuczyn
Proof of secret sharing
46c4e9e
@jstuczyn
empty main for compiler appeasement
c0abea3
@jstuczyn
Construction of proof of chunking
a1cc415
@jstuczyn
Initial untested verification of proof of chunking
d0fe193
@jstuczyn
Converted chunk responses from Scalar to u64
5ce0514
@jstuczyn
Additional tests for proof of chunking
7f93e65
@jstuczyn
Minor cleanup and reorganisation
da2d258
@jstuczyn
Fixed enc/dec to use f0
5cd596f
@jstuczyn
Deriving node coverage of required tree nodes
ee34742
@jstuczyn
Finally seemingnly working encryption under nonzero epoch
bf08466
@jstuczyn
Branch park
0855da0
@jstuczyn
Decryption key updates to specified epochs
d190564
@jstuczyn
Ciphertext integrity checks
12c0451
@jstuczyn
Progress in integration tests
b8e80db
@jstuczyn
Fixed ciphertext combining and integration test
f9f10d2
@jstuczyn
Dealing type and simplification of the integration test
116355c
@jstuczyn
Benchmark for creation of baby-step-giant-step lookup table
6ca5576
@jstuczyn
Initial import cleanup + broken 2nd integration test
d21ea42
@jstuczyn
Using correct assertions in the integration test (and correctly combi…
9f495a1 
…ning shares)
@jstuczyn
Removed unused modules
ee56047
@jstuczyn
Changed proof of sharing to allow for node indices being different fr…
3143585 
…om [1,2,...n]
@jstuczyn
Reorganised bte module
3fd1e3a
@jstuczyn
Merge with develop
d64984b
@jstuczyn
Removed any changes made in validator-api or smart contracts
6da5e50
@jstuczyn
Made the integration test slightly more concise
9814d9f
@jstuczyn
Further purge of unused modules
f0557c0
@jstuczyn
Fixed combining share to use lagrangian interpolation
77545d5
@jstuczyn
Recovery of verification keys from the dealings
b25aeae
@jstuczyn
Verification key verification + extended integration tests
a8391e2
@jstuczyn
Fixed Tau not being included in digest for producing Tau_h
6a85f44
@jstuczyn
Tau serialization
b8b6480
@jstuczyn
Serialization of a BTE Node
59daba7
@jstuczyn
Serialization of DecryptionKey
c8a478b
@jstuczyn
Serialization of PublicCoefficients
35dabdd
@jstuczyn
Utility method for setting constant coefficient of a polynomial
186588d
@jstuczyn
Serialization of Ciphertexts
0f92cf5
@jstuczyn
Serialization of Proof of Secret Sharing
3d5fcb9
@jstuczyn
Serialization of Proof of Chunking
70c1ddd
@jstuczyn
Serialization of Dealing
f3d619c
@jstuczyn jstuczyn marked this pull request as ready for review April 8, 2022 10:38
aniampio
aniampio reviewed Apr 8, 2022
View reviewed changes
Copy link
Contributor

@aniampio aniampio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The crypto looks good! Left a few minor comments.

common/crypto/dkg/src/dealing.rs Show resolved Hide resolved
common/crypto/dkg/src/dealing.rs Show resolved Hide resolved
common/crypto/dkg/src/bte/proof_chunking.rs Outdated Show resolved Hide resolved
common/crypto/dkg/src/bte/proof_sharing.rs Outdated Show resolved Hide resolved
common/crypto/dkg/src/bte/proof_chunking.rs Outdated Show resolved Hide resolved
@jstuczyn jstuczyn merged commit 37de4bf into develop Apr 12, 2022
@jstuczyn jstuczyn deleted the feature/coconut-dkg branch April 12, 2022 10:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aniampio aniampio aniampio left review comments

@durch durch Awaiting requested review from durch

@futurechimp futurechimp Awaiting requested review from futurechimp

@neacsu neacsu Awaiting requested review from neacsu

@octol octol Awaiting requested review from octol

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jstuczyn @aniampio