Vault - MPC - Secure Multiparty Computation / Threshold Signatures

[mrinalwadhwa]

This looks like a useful starting point. https://github.com/ing-bank/threshold-signatures

[L3pereira]

Hello, Can I try solve this issue?

[L3pereira]

This looks like a useful starting point. https://github.com/ing-bank/threshold-signatures

the package you mentioned (ecdsa-mpc) , has some problems, the guys developing zeroize lib, moved all versions bellow 1.0.0. ecdsa-mpc not only uses zeroize 0.10.1, but also uses curv-kzen that in itself uses also zeroize 0.10.

[mrinalwadhwa]

@L3pereira thank you for picking this up!

We now have a BLS implementation in Ockam https://github.com/ockam-network/ockam/tree/develop/implementations/rust/ockam/signature_bls

@mikelodder7 may be able to share some advice on using it in threshold scheme.

[L3pereira]

So, if I understand, what you want is an implementation of Shamir's secret sharing with BLS. For example, you have one node with 3 workers, each worker will sign the message with their private key, then they generate a polynomial where the signature is the free coefficient f(0) and the other points are assigned and sent to the respective workers, once the coefficients are collected (the threshold), the final signature can be reconstructed through Lagrange interpolation.

[mikelodder7]

@L3pereira there's the vsss-rs crate that can be used to do secret sharing with ockam's bls signature crate. I've used it myself for that purpose. If you want to do threshold signing that's a little more work and would be happy to help you with it.

[L3pereira]

@L3pereira there's the vsss-rs crate that can be used to do secret sharing with ockam's bls signature crate. I've used it myself for that purpose. If you want to do threshold signing that's a little more work and would be happy to help you with it.

Ok, I will advance with your crate, thank you for your help

[L3pereira]

@mikelodder7, I'm trying to create shares from a BLS signature, but the signature is a G1Projective and I need a PrimeField for example,

let hash_msg: G1Projective  = G1Projective::hash::<ExpandMsgXmd<sha2::Sha256>>(msg.as_ref(), DST);
let signature : G1Projective = hash_msg * sk.0;
let res = Shamir::<2, 3>::split_secret::<G1Projective , MockRng, 33>(signature , &mut rng);

Is there any way to convert to something that implements PrimeField, like a Scalar?

[mikelodder7]

Why are you trying to split a signature? Are you trying to do threshold signing? If so, the proper thing to do is split the signing key and sign with those then call combine with the resulting partial shares

[L3pereira]

Why are you trying to split a signature? Are you trying to do threshold signing? If so, the proper thing to do is split the signing key and sign with those then call combine with the resulting partial shares

Yes, I'm trying to do threshold signing, what I had in mind was, split the signature and then combine all sigs, but i will do with the signing key.

Thank you

[L3pereira]

Do you want me to create a new vault (secret_share_vault) or should I add some of the functions to existing vaults? for example, I could add the split secret function to the SecretVault trait.

[mrinalwadhwa]

@L3pereira I couldn't come up with a good answer. I'd love to see an example of what you currently have working. I think it'll help us in coming up with a good structure / api. I imagine we also need some kind of communication protocol for this.

Maybe to start just add a prototype that shows something that works? .. we often use this crate to collect prototypes.

[L3pereira]

I made a pull request, unfortunately, I didn't use the #1591 directly, because of the way the vault API is designed, It would make me convert from vault types to bsl_signing types and vice versa, which means some unnecessary loops.

I don't know if the vault API is being used in production, so I tried minimum changes. But in my opinion, I would make the vault more modular and would try to not use 'match' to handle the various types of encryption schemas.

The code has a unit test (but not in ockam_vault_test_suite) simulating a dealer creating and sending secret shares to other vaults, then signing then a verification was done for the normal scenario and for the wrong message and wrong public key.

the error messages also have to be fixed to convert from the vsss_rs library to ockam error

[mrinalwadhwa]

Looking forward to reading the PR! ... the API is not stable yet so we're very open to API improvement suggestions.

[SanjoDeundiak]

I don't think this is relevant in short or medium term future