search

NillionNetwork / tinysig

Pure-Python implementation of a threshold ecdsa signature scheme based on a secure multi-party computation (MPC) protocol for evaluating arithmetic sum-of-products expressions via a non-interactive computation phase.
https://pypi.org/project/tinysig/
MIT License
25 stars 7 forks source link

Generate shares for an ethereum private key #1

Closed rmurray2 closed 5 months ago

rmurray2 commented 10 months ago

How can this library be used to generate shares for an ethereum private key?

I tried chaning line 34 of tecdsa.py to:

pub_key, priv_key = paillier.generate_paillier_keypair(n_length=512)

then the ecnil object's he_private_key.q and he_private_key.p values are the correct size to create an ethereum wallet. I changed this value because with the default key size of 3072, the private key ints are too big to create an ethereum wallet. (As a side question, which attribute of he_private_key is actually storing the private key? p or q? ) When I do n_length=512, however, I get an OverflowError: Overflow detected in decrypted number when calling ts_online_protocol

Ultimately I'd like to use tinysig to a) generate a valid ethereum private key and b) split that key into shares which can be used in combination to sign transactions.

So my questions are:

1) Which attribute of the ecnil object stores the private key? p or q? 2) How can tinysig be used to generate shares of an ethereum private key? 3) How can the shares from question (2) be combined to sign a transaction?

I posted this question on the ethereum stack exchange as well

manel1874 commented 10 months ago

Hi @rmurray2,

tl:dr: this is not the right library for that.

  1. The shares that this library provides are tied up to the underlying MPC protocol. So, they would only work/be secure in an environment that has the required preprocessing material. Which type of shares do you want? Usually, those are additive shares or shamir shares of the key.

  2. The pub_key and priv_key you mention from the paillier function are NOT the keys for ecdsa (aka Ethereum signature scheme). They are part of the protocol that is described here. So, they are supposed to be big and the size of the keys matter: with small keys the scheme will not work due to overflow inside the homomorphic ecnryption scheme.

Note: tinysig implementation is an emulation of the protocol proposed here. As such, it is supposed to be used as a whole. The shares are given by the protocol distributed_key_generation_protocol and saved within the emulated network. You can print the network at any point in debug mode and I believe you can read the shares from there. Anyway, these shares are very specific to this protocol (you can check their shape in Fig 2 (pag 8)). You can also explore all this through the notebook we put together.

FYI: tinysig implementation is a prototype implementation of the proposed protocol and is only meant for educational purposes. The library is not audited and should be used with cautious.