search

dfns / cggmp21

State-of-art threshold ECDSA in Rust
Apache License 2.0
41 stars 6 forks source link

Update `round-based` dep #100

Closed survived closed 1 month ago

survived commented 1 month ago

New round-based release has new exciting features. This PR updates dependency to the latest version and takes advantage of new features which allows us:

  1. Make cggmp21-keygen fully no_std compatible
  2. Provide sync API to carry out the protocols
github-actions[bot] commented 1 month ago

Crate direct deps

Direct deps ```text cggmp21-keygen v0.2.0 (/home/runner/work/cggmp21/cggmp21/pr_branch/cggmp21-keygen) digest v0.10.6 futures v0.3.24 generic-ec v0.2.3 generic-ec-zkp v0.2.0 hex v0.4.3 key-share v0.2.3 (/home/runner/work/cggmp21/cggmp21/pr_branch/key-share) paillier-zk v0.2.0 rand_chacha v0.3.1 rand_core v0.6.4 round-based v0.3.0 serde v1.0.193 serde_with v2.3.3 sha2 v0.10.6 thiserror v1.0.48 udigest v0.1.0 ```

Compared to base branch

Diff ```text --- direct-deps-base 2024-05-23 06:58:11.633798604 +0000 +++ direct-deps-pr 2024-05-23 06:58:11.949801076 +0000 @@ -1 +1 @@ -cggmp21-keygen v0.1.0 (/home/runner/work/cggmp21/cggmp21/base_branch/cggmp21-keygen) +cggmp21-keygen v0.2.0 (/home/runner/work/cggmp21/cggmp21/pr_branch/cggmp21-keygen) @@ -7 +7 @@ -key-share v0.2.3 (/home/runner/work/cggmp21/cggmp21/base_branch/key-share) +key-share v0.2.3 (/home/runner/work/cggmp21/cggmp21/pr_branch/key-share) @@ -11 +11 @@ -round-based v0.2.0 +round-based v0.3.0 ```

All deps

cargo tree ```text cggmp21 v0.3.0 (/home/runner/work/cggmp21/cggmp21/pr_branch/cggmp21) ├── cggmp21-keygen v0.2.0 (/home/runner/work/cggmp21/cggmp21/pr_branch/cggmp21-keygen) │ ├── digest v0.10.6 │ │ ├── block-buffer v0.10.3 │ │ │ └── generic-array v0.14.6 │ │ │ ├── serde v1.0.193 │ │ │ │ └── serde_derive v1.0.193 (proc-macro) │ │ │ │ ├── proc-macro2 v1.0.66 │ │ │ │ │ └── unicode-ident v1.0.4 │ │ │ │ ├── quote v1.0.33 │ │ │ │ │ └── proc-macro2 v1.0.66 (*) │ │ │ │ └── syn v2.0.32 │ │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ │ ├── quote v1.0.33 (*) │ │ │ │ └── unicode-ident v1.0.4 │ │ │ └── typenum v1.15.0 │ │ └── crypto-common v0.1.6 │ │ ├── generic-array v0.14.6 (*) │ │ └── typenum v1.15.0 │ ├── displaydoc v0.2.4 (proc-macro) │ │ ├── proc-macro2 v1.0.66 (*) │ │ ├── quote v1.0.33 (*) │ │ └── syn v2.0.32 (*) │ ├── generic-ec v0.2.3 │ │ ├── generic-ec-core v0.1.3 │ │ │ ├── generic-array v0.14.6 (*) │ │ │ ├── rand_core v0.6.4 │ │ │ ├── serde v1.0.193 (*) │ │ │ ├── subtle v2.4.1 │ │ │ └── zeroize v1.6.0 │ │ │ └── zeroize_derive v1.3.2 (proc-macro) │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ ├── quote v1.0.33 (*) │ │ │ ├── syn v1.0.101 │ │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ │ ├── quote v1.0.33 (*) │ │ │ │ └── unicode-ident v1.0.4 │ │ │ └── synstructure v0.12.6 │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ ├── quote v1.0.33 (*) │ │ │ ├── syn v1.0.101 (*) │ │ │ └── unicode-xid v0.2.4 │ │ ├── hex v0.4.3 │ │ │ └── serde v1.0.193 (*) │ │ ├── phantom-type v0.4.2 │ │ │ └── educe v0.4.19 (proc-macro) │ │ │ ├── enum-ordinalize v3.1.11 (proc-macro) │ │ │ │ ├── num-bigint v0.4.3 │ │ │ │ │ ├── num-integer v0.1.45 │ │ │ │ │ │ └── num-traits v0.2.15 │ │ │ │ │ └── num-traits v0.2.15 │ │ │ │ ├── num-traits v0.2.15 │ │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ │ ├── quote v1.0.33 (*) │ │ │ │ └── syn v1.0.101 (*) │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ ├── quote v1.0.33 (*) │ │ │ └── syn v1.0.101 (*) │ │ ├── rand_core v0.6.4 │ │ ├── serde v1.0.193 (*) │ │ ├── serde_with v2.3.3 │ │ │ ├── serde v1.0.193 (*) │ │ │ └── serde_with_macros v2.3.3 (proc-macro) │ │ │ ├── darling v0.20.1 │ │ │ │ ├── darling_core v0.20.1 │ │ │ │ │ ├── fnv v1.0.7 │ │ │ │ │ ├── ident_case v1.0.1 │ │ │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ │ │ ├── quote v1.0.33 (*) │ │ │ │ │ ├── strsim v0.10.0 │ │ │ │ │ └── syn v2.0.32 (*) │ │ │ │ └── darling_macro v0.20.1 (proc-macro) │ │ │ │ ├── darling_core v0.20.1 (*) │ │ │ │ ├── quote v1.0.33 (*) │ │ │ │ └── syn v2.0.32 (*) │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ ├── quote v1.0.33 (*) │ │ │ └── syn v2.0.32 (*) │ │ ├── subtle v2.4.1 │ │ ├── udigest v0.1.0 │ │ │ ├── digest v0.10.6 (*) │ │ │ └── udigest-derive v0.1.0 (proc-macro) │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ ├── quote v1.0.33 (*) │ │ │ └── syn v2.0.32 (*) │ │ └── zeroize v1.6.0 (*) │ ├── generic-ec-zkp v0.2.0 │ │ ├── generic-array v0.14.6 (*) │ │ ├── generic-ec v0.2.3 (*) │ │ ├── rand_core v0.6.4 │ │ ├── serde v1.0.193 (*) │ │ ├── subtle v2.4.1 │ │ └── udigest v0.1.0 (*) │ ├── hex v0.4.3 (*) │ ├── key-share v0.2.3 (/home/runner/work/cggmp21/cggmp21/pr_branch/key-share) │ │ ├── displaydoc v0.2.4 (proc-macro) (*) │ │ ├── generic-ec v0.2.3 (*) │ │ ├── generic-ec-zkp v0.2.0 (*) │ │ ├── hex v0.4.3 (*) │ │ ├── serde v1.0.193 (*) │ │ ├── serde_with v2.3.3 (*) │ │ └── thiserror v1.0.48 │ │ └── thiserror-impl v1.0.48 (proc-macro) │ │ ├── proc-macro2 v1.0.66 (*) │ │ ├── quote v1.0.33 (*) │ │ └── syn v2.0.32 (*) │ ├── rand_core v0.6.4 │ ├── round-based v0.3.0 │ │ ├── displaydoc v0.2.4 (proc-macro) (*) │ │ ├── futures-util v0.3.24 │ │ │ ├── futures-channel v0.3.24 │ │ │ │ ├── futures-core v0.3.24 │ │ │ │ └── futures-sink v0.3.24 │ │ │ ├── futures-core v0.3.24 │ │ │ ├── futures-io v0.3.24 │ │ │ ├── futures-macro v0.3.24 (proc-macro) │ │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ │ ├── quote v1.0.33 (*) │ │ │ │ └── syn v1.0.101 (*) │ │ │ ├── futures-sink v0.3.24 │ │ │ ├── futures-task v0.3.24 │ │ │ ├── memchr v2.5.0 │ │ │ ├── pin-project-lite v0.2.9 │ │ │ ├── pin-utils v0.1.0 │ │ │ └── slab v0.4.7 │ │ ├── phantom-type v0.3.1 │ │ │ └── educe v0.4.19 (proc-macro) (*) │ │ ├── round-based-derive v0.2.1 (proc-macro) │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ ├── quote v1.0.33 (*) │ │ │ └── syn v1.0.101 (*) │ │ ├── thiserror v1.0.48 (*) │ │ └── tracing v0.1.36 │ │ ├── cfg-if v1.0.0 │ │ ├── pin-project-lite v0.2.9 │ │ └── tracing-core v0.1.29 │ ├── serde v1.0.193 (*) │ ├── serde_with v2.3.3 (*) │ ├── sha2 v0.10.6 │ │ ├── cfg-if v1.0.0 │ │ ├── cpufeatures v0.2.12 │ │ └── digest v0.10.6 (*) │ ├── thiserror v1.0.48 (*) │ └── udigest v0.1.0 (*) ├── digest v0.10.6 (*) ├── futures v0.3.24 │ ├── futures-channel v0.3.24 (*) │ ├── futures-core v0.3.24 │ ├── futures-executor v0.3.24 │ │ ├── futures-core v0.3.24 │ │ ├── futures-task v0.3.24 │ │ └── futures-util v0.3.24 (*) │ ├── futures-io v0.3.24 │ ├── futures-sink v0.3.24 │ ├── futures-task v0.3.24 │ └── futures-util v0.3.24 (*) ├── generic-ec v0.2.3 (*) ├── generic-ec-zkp v0.2.0 (*) ├── hex v0.4.3 (*) ├── key-share v0.2.3 (/home/runner/work/cggmp21/cggmp21/pr_branch/key-share) (*) ├── paillier-zk v0.2.0 │ ├── digest v0.10.6 (*) │ ├── fast-paillier v0.1.0 │ │ ├── bytemuck v1.13.1 │ │ │ └── bytemuck_derive v1.4.1 (proc-macro) │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ ├── quote v1.0.33 (*) │ │ │ └── syn v2.0.32 (*) │ │ ├── rand_core v0.6.4 │ │ ├── rug v1.21.0 │ │ │ ├── az v1.2.1 │ │ │ ├── gmp-mpfr-sys v1.6.1 │ │ │ │ └── libc v0.2.153 │ │ │ ├── libc v0.2.153 │ │ │ └── serde v1.0.193 (*) │ │ ├── serde v1.0.193 (*) │ │ └── thiserror v1.0.48 (*) │ ├── generic-ec v0.2.3 (*) │ ├── rand_core v0.6.4 │ ├── rug v1.21.0 (*) │ ├── serde v1.0.193 (*) │ ├── serde_with v3.0.0 │ │ ├── serde v1.0.193 (*) │ │ └── serde_with_macros v3.0.0 (proc-macro) │ │ ├── darling v0.20.1 (*) │ │ ├── proc-macro2 v1.0.66 (*) │ │ ├── quote v1.0.33 (*) │ │ └── syn v2.0.32 (*) │ └── thiserror v1.0.48 (*) ├── rand_chacha v0.3.1 │ ├── ppv-lite86 v0.2.17 │ └── rand_core v0.6.4 ├── rand_core v0.6.4 ├── round-based v0.3.0 (*) ├── serde v1.0.193 (*) ├── serde_with v2.3.3 (*) ├── sha2 v0.10.6 (*) ├── thiserror v1.0.48 (*) └── udigest v0.1.0 (*) ```

Compared to base branch

Diff ```text --- all-deps-base 2024-05-23 06:58:11.765799637 +0000 +++ all-deps-pr 2024-05-23 06:58:12.081802108 +0000 @@ -6 +6 @@ -cggmp21-keygen v0.1.0 (/home/runner/work/cggmp21/cggmp21/base_branch/cggmp21-keygen) +cggmp21-keygen v0.2.0 (/home/runner/work/cggmp21/cggmp21/pr_branch/cggmp21-keygen) @@ -34 +34 @@ -key-share v0.2.3 (/home/runner/work/cggmp21/cggmp21/base_branch/key-share) +key-share v0.2.3 (/home/runner/work/cggmp21/cggmp21/pr_branch/key-share) @@ -40 +39,0 @@ -once_cell v1.17.0 @@ -51,2 +50,2 @@ -round-based v0.2.0 -round-based-derive v0.2.0 (proc-macro) +round-based v0.3.0 +round-based-derive v0.2.1 (proc-macro) @@ -70 +68,0 @@ -tracing-attributes v0.1.22 (proc-macro) ```
github-actions[bot] commented 1 month ago

The spec was successfully compiled. PDF is available here.

github-actions[bot] commented 1 month ago

Benchmark Result

Benchmarks ```text RUST_TESTS_SEED=1ba1cc006dad3c8f21436f0660d5fe003c659a35efddaf5ff83dd922e6a26d9f n = 3 Non-threshold DKG Protocol Performance: - Protocol took 433.06µs to complete In particular: - Stage: 12.21µs - Setup networking: 12.03µs (98.5%) - Unstaged: 180.00ns (1.5%) - Round 1: 145.81µs - Compute execution id: 4.35µs (3.0%) - Sample x_i, rid_i, chain_code: 63.15µs (43.3%) - Sample schnorr commitment: 59.21µs (40.6%) - Commit to public data: 18.79µs (12.9%) - Unstaged: 320.00ns (0.2%) - Round 2: 1.10µs - Hash received msgs (reliability check): 922.00ns (83.7%) - Unstaged: 180.00ns (16.3%) - Round 3: 291.00ns - Assert other parties hashed messages (reliability check): 171.00ns (58.8%) - Unstaged: 120.00ns (41.2%) - Round 4: 35.85µs - Validate decommitments: 33.12µs (92.4%) - Calculate chain_code: 762.00ns (2.1%) - Calculate challege rid: 1.51µs (4.2%) - Prove knowledge of `x_i`: 321.00ns (0.9%) - Unstaged: 130.00ns (0.4%) - Round 5: 237.79µs - Validate schnorr proofs: 237.52µs (99.9%) - Unstaged: 269.00ns (0.1%) Threshold DKG Protocol Performance: - Protocol took 1.25ms to complete In particular: - Stage: 1.84µs - Setup networking: 1.76µs (95.6%) - Unstaged: 81.00ns (4.4%) - Round 1: 201.96µs - Compute execution id: 911.00ns (0.5%) - Sample rid_i, schnorr commitment, polynomial, chain_code: 178.53µs (88.4%) - Commit to public data: 22.24µs (11.0%) - Unstaged: 271.00ns (0.1%) - Round 2: 1.10µs - Hash received msgs (reliability check): 951.00ns (86.4%) - Unstaged: 150.00ns (13.6%) - Round 3: 380.00ns - Assert other parties hashed messages (reliability check): 250.00ns (65.8%) - Unstaged: 130.00ns (34.2%) - Round 4: 774.81µs - Validate decommitments: 43.25µs (5.6%) - Validate data size: 311.00ns (0.0%) - Validate Feldmann VSS: 356.11µs (46.0%) - Compute rid: 170.00ns (0.0%) - Compute chain_code: 762.00ns (0.1%) - Compute Ys: 359.04µs (46.3%) - Compute sigma: 421.00ns (0.1%) - Calculate challenge: 14.33µs (1.8%) - Prove knowledge of `sigma_i`: 291.00ns (0.0%) - Unstaged: 130.00ns (0.0%) - Round 5: 265.86µs - Validate schnorr proofs: 264.41µs (99.5%) - Derive resulting public key and other data: 1.28µs (0.5%) - Unstaged: 161.00ns (0.1%) Auxiliary data generation protocol Protocol Performance: - Protocol took 9.48s to complete In particular: - Stage: 14.11µs - Retrieve auxiliary data: 161.00ns (1.1%) - Setup networking: 12.77µs (90.5%) - Precompute execution id and shared state: 1.09µs (7.7%) - Unstaged: 80.00ns (0.6%) - Round 1: 1.16s - Retrieve primes (p and q): 100.00ns (0.0%) - Compute paillier decryption key (N): 3.32µs (0.0%) - Generate auxiliary params r, λ, t, s: 9.03ms (0.8%) - Prove Πprm (ψˆ_i): 1.15s (99.2%) - Sample random bytes: 1.24µs (0.0%) - Compute hash commitment and sample decommitment: 299.65µs (0.0%) - Unstaged: 240.00ns (0.0%) - Round 2: 1.20µs - Hash received msgs (reliability check): 962.00ns (80.1%) - Unstaged: 239.00ns (19.9%) - Round 3: 361.00ns - Assert other parties hashed messages (reliability check): 220.00ns (60.9%) - Unstaged: 141.00ns (39.1%) - Round 4: 5.86s - Validate round 1 decommitments: 615.99µs (0.0%) - Validate П_prm (ψ_i): 2.27s (38.7%) - Add together shared random bytes: 902.00ns (0.0%) - Compute П_mod (ψ_i): 3.42s (58.3%) - Assemble security params for П_fac (ф_i): 5.19µs (0.0%) - Compute П_fac (ф_i^j): 171.14ms (2.9%) - Unstaged: 982.00ns (0.0%) - Round 5: 2.46s - Validate ψ_j (П_mod): 2.28s (93.0%) - Validate ф_j (П_fac): 171.22ms (7.0%) - Assemble auxiliary info: 145.42µs (0.0%) - Unstaged: 612.00ns (0.0%) Signing protocol Protocol Performance: - Protocol took 4.12s to complete In particular: - Stage: 128.41µs - Map t-out-of-n protocol to t-out-of-t: 64.10µs (49.9%) - Retrieve auxiliary data: 60.78µs (47.3%) - Precompute execution id and security params: 421.00ns (0.3%) - Setup networking: 2.98µs (2.3%) - Unstaged: 130.00ns (0.1%) - Round 1: 188.00ms - Generate local ephemeral secrets (k_i, y_i, p_i, v_i): 45.19µs (0.0%) - Encrypt G_i and K_i: 106.91ms (56.9%) - Prove ψ0_j: 81.05ms (43.1%) - Unstaged: 862.00ns (0.0%) - Round 2: 15.12µs - Hash received msgs (reliability check): 14.91µs (98.6%) - Unstaged: 212.00ns (1.4%) - Round 3: 2.22s - Assert other parties hashed messages (reliability check): 552.00ns (0.0%) - Verify psi0 proofs: 266.78ms (12.0%) - Sample random r, hat_r, s, hat_s, beta, hat_beta: 41.63µs (0.0%) - Encrypt D_ji: 70.04ms (3.2%) - Encrypt F_ji: 35.71ms (1.6%) - Encrypt hat_D_ji: 558.60ms (25.2%) - Encrypt hat_F_ji: 35.79ms (1.6%) - Prove psi_ji: 785.56ms (35.4%) - Prove psiˆ_ji: 208.56ms (9.4%) - Prove psi_prime_ji : 257.28ms (11.6%) - Unstaged: 971.00ns (0.0%) - Round 4: 1.53s - Retrieve auxiliary data: 4.20µs (0.0%) - Validate psi: 159.70ms (10.4%) - Validate hat_psi: 161.14ms (10.5%) - Validate psi_prime: 915.77ms (59.9%) - Compute Gamma, Delta_i, delta_i, chi_i: 212.21ms (13.9%) - Prove psi_prime_prime: 81.12ms (5.3%) - Unstaged: 481.00ns (0.0%) - Presig output: 184.85ms - Validate psi_prime_prime: 184.71ms (99.9%) - Calculate presignature: 134.92µs (0.1%) - Unstaged: 621.00ns (0.0%) - Partial signing: 8.90µs - Signature reconstruction: 201.37µs ```
survived commented 1 month ago

@maurges this uses the latest version of round-based from m

maurges commented 1 month ago

Hm, check-readme is failing now

maurges commented 1 month ago

Looks good. Remind me, do we wait until publishing round-based first for this repo?

survived commented 1 month ago

I wanted to delay round-based release, but now I'm thinking that it should be fine, so I'll release it now

survived commented 1 month ago

@maurges done