issues
search
dfns
/
cggmp21
State-of-art threshold ECDSA in Rust
Apache License 2.0
43
stars
6
forks
source link
Optimize threshold DKG
#47
Closed
survived
closed
1 year ago
github-actions[bot]
commented
1 year ago
Benchmark Result
Benchmarks
```text RUST_TESTS_SEED=4b99b235d2d72f140abf9eca526ec2bd9da6fcb80b0513295e7bd6bb1993944d n = 3 Non-threshold DKG Protocol Performance: - Protocol took 634.31µs to complete In particular: - Setup: 4.40µs - Setup networking: 4.30µs (97.7%) - Unstaged: 100.00ns (2.3%) - Round 1: 164.50µs - Compute execution id: 300.00ns (0.2%) - Sample x_i, rid_i: 74.60µs (45.3%) - Sample schnorr commitment: 65.30µs (39.7%) - Commit to public data: 23.80µs (14.5%) - Unstaged: 500.00ns (0.3%) - Round 2: 4.10µs - Hash received msgs (reliability check): 3.80µs (92.7%) - Unstaged: 300.00ns (7.3%) - Round 3: 500.00ns - Assert other parties hashed messages (reliability check): 200.00ns (40.0%) - Unstaged: 300.00ns (60.0%) - Round 4: 60.10µs - Validate decommitments: 54.60µs (90.8%) - Calculate challege rid: 5.10µs (8.5%) - Prove knowledge of `x_i`: 200.00ns (0.3%) - Unstaged: 200.00ns (0.3%) - Round 5: 400.70µs - Validate schnorr proofs: 400.20µs (99.9%) - Unstaged: 500.00ns (0.1%) Threshold DKG Protocol Performance: - Protocol took 1.40ms to complete In particular: - Setup: 2.50µs - Setup networking: 2.40µs (96.0%) - Unstaged: 100.00ns (4.0%) - Round 1: 226.90µs - Compute execution id: 100.00ns (0.0%) - Sample rid_i, schnorr commitment, polynomial: 198.40µs (87.4%) - Commit to public data: 28.10µs (12.4%) - Unstaged: 300.00ns (0.1%) - Round 2: 4.20µs - Hash received msgs (reliability check): 4.00µs (95.2%) - Unstaged: 200.00ns (4.8%) - Round 3: 300.00ns - Assert other parties hashed messages (reliability check): 100.00ns (33.3%) - Unstaged: 200.00ns (66.7%) - Round 4: 864.71µs - Validate decommitments: 54.10µs (6.3%) - Validate data size: 300.00ns (0.0%) - Validate Feldmann VSS: 392.90µs (45.4%) - Compute rid: 300.00ns (0.0%) - Compute Ys: 398.60µs (46.1%) - Compute sigma: 400.00ns (0.0%) - Calculate challenge: 17.50µs (2.0%) - Prove knowledge of `sigma_i`: 300.00ns (0.0%) - Unstaged: 300.00ns (0.0%) - Round 5: 298.60µs - Validate schnorr proofs: 295.00µs (98.8%) - Derive resulting public key and other data: 1.60µs (0.5%) - Unstaged: 2.00µs (0.7%) Key refresh protocol Protocol Performance: - Protocol took 2.89s to complete In particular: - Setup: 15.40µs - Retrieve auxiliary data: 2.00µs (13.0%) - Setup networking: 11.10µs (72.1%) - Precompute execution id and shared state: 1.90µs (12.3%) - Unstaged: 400.00ns (2.6%) - Round 1: 322.09ms - Retrieve primes (p and q): 300.00ns (0.0%) - Compute paillier decryption key (N): 17.65ms (5.5%) - Generate secret x_i and public X_i: 198.60µs (0.1%) - Generate auxiliary params r, λ, t, s: 4.67ms (1.5%) - Prove Πprm (ψˆ_i): 298.96ms (92.8%) - Compute schnorr commitment τ_j: 205.20µs (0.1%) - Sample random bytes: 200.00ns (0.0%) - Compute hash commitment and sample decommitment: 410.10µs (0.1%) - Unstaged: 400.00ns (0.0%) - Round 2: 4.60µs - Hash received msgs (reliability check): 4.10µs (89.1%) - Unstaged: 500.00ns (10.9%) - Round 3: 500.00ns - Assert other parties hashed messages (reliability check): 400.00ns (80.0%) - Unstaged: 100.00ns (20.0%) - Round 4: 1.77s - Validate round 1 decommitments: 816.41µs (0.0%) - Validate data sizes: 600.00ns (0.0%) - Validate П_prm (ψ_i): 595.34ms (33.7%) - Validate X_i: 5.50µs (0.0%) - Compute paillier encryption keys: 8.30µs (0.0%) - Add together shared random bytes: 1.40µs (0.0%) - Compute П_mod (ψ_i): 1.00s (56.6%) - Assemble security params for П_fac (ф_i): 1.71ms (0.1%) - Compute schnorr proof ψ_i^j: 7.10µs (0.0%) - Prepare auxiliary params and security level for proofs: 300.00ns (0.0%) - Paillier encryption of x_i^j: 40.17ms (2.3%) - Compute П_fac (ф_i^j): 128.05ms (7.2%) - Unstaged: 1.20µs (0.0%) - Round 5: 800.73ms - Paillier decrypt x_j^i from C_j^i: 35.58ms (4.4%) - Validate shares: 133.70µs (0.0%) - Validate schnorr proofs п_j and ψ_j^k: 797.91µs (0.1%) - Validate ψ_j (П_mod): 630.94ms (78.8%) - Validate ф_j (П_fac): 133.27ms (16.6%) - Calculate new x_i: 500.00ns (0.0%) - Calculate new X_i: 5.80µs (0.0%) - Assemble new core share: 300.00ns (0.0%) - Assemble auxiliary info: 1.30µs (0.0%) - Unstaged: 3.00µs (0.0%) Signing protocol Protocol Performance: - Protocol took 1.96s to complete In particular: - Setup: 22.13ms - Map t-out-of-n protocol to t-out-of-t: 6.40µs (0.0%) - Retrieve auxiliary data: 22.11ms (99.9%) - Precompute execution id and security params: 800.00ns (0.0%) - Setup networking: 5.50µs (0.0%) - Unstaged: 200.00ns (0.0%) - Round 1: 140.65ms - Generate local ephemeral secrets (k_i, y_i, p_i, v_i): 42.30µs (0.0%) - Encrypt G_i and K_i: 39.89ms (28.4%) - Prove ψ0_j: 100.72ms (71.6%) - Unstaged: 1.80µs (0.0%) - Round 2: 51.70µs - Hash received msgs (reliability check): 51.50µs (99.6%) - Unstaged: 200.00ns (0.4%) - Round 3: 984.24ms - Assert other parties hashed messages (reliability check): 600.00ns (0.0%) - Verify psi0 proofs: 100.39ms (10.2%) - Sample random r, hat_r, s, hat_s, beta, hat_beta: 63.70µs (0.0%) - Encrypt D_ji: 75.07ms (7.6%) - Encrypt F_ji: 70.33ms (7.1%) - Encrypt hat_D_ji: 75.06ms (7.6%) - Encrypt hat_F_ji: 70.35ms (7.1%) - Prove psi_ji: 241.01ms (24.5%) - Prove psiˆ_ji: 241.90ms (24.6%) - Prove psi_prime_ji : 110.06ms (11.2%) - Unstaged: 1.10µs (0.0%) - Round 4: 720.18ms - Retrieve auxiliary data: 6.40µs (0.0%) - Validate psi: 226.16ms (31.4%) - Validate hat_psi: 226.34ms (31.4%) - Validate psi_prime: 95.63ms (13.3%) - Compute Gamma, Delta_i, delta_i, chi_i: 70.74ms (9.8%) - Prove psi_prime_prime: 101.29ms (14.1%) - Unstaged: 400.00ns (0.0%) - Presig output: 91.63ms - Validate psi_prime_prime: 91.49ms (99.8%) - Calculate presignature: 148.80µs (0.2%) - Unstaged: 700.00ns (0.0%) - Partial signing: 10.30µs - Signature reconstruction: 221.20µs ```
Benchmark Result
Benchmarks
```text RUST_TESTS_SEED=4b99b235d2d72f140abf9eca526ec2bd9da6fcb80b0513295e7bd6bb1993944d n = 3 Non-threshold DKG Protocol Performance: - Protocol took 634.31µs to complete In particular: - Setup: 4.40µs - Setup networking: 4.30µs (97.7%) - Unstaged: 100.00ns (2.3%) - Round 1: 164.50µs - Compute execution id: 300.00ns (0.2%) - Sample x_i, rid_i: 74.60µs (45.3%) - Sample schnorr commitment: 65.30µs (39.7%) - Commit to public data: 23.80µs (14.5%) - Unstaged: 500.00ns (0.3%) - Round 2: 4.10µs - Hash received msgs (reliability check): 3.80µs (92.7%) - Unstaged: 300.00ns (7.3%) - Round 3: 500.00ns - Assert other parties hashed messages (reliability check): 200.00ns (40.0%) - Unstaged: 300.00ns (60.0%) - Round 4: 60.10µs - Validate decommitments: 54.60µs (90.8%) - Calculate challege rid: 5.10µs (8.5%) - Prove knowledge of `x_i`: 200.00ns (0.3%) - Unstaged: 200.00ns (0.3%) - Round 5: 400.70µs - Validate schnorr proofs: 400.20µs (99.9%) - Unstaged: 500.00ns (0.1%) Threshold DKG Protocol Performance: - Protocol took 1.40ms to complete In particular: - Setup: 2.50µs - Setup networking: 2.40µs (96.0%) - Unstaged: 100.00ns (4.0%) - Round 1: 226.90µs - Compute execution id: 100.00ns (0.0%) - Sample rid_i, schnorr commitment, polynomial: 198.40µs (87.4%) - Commit to public data: 28.10µs (12.4%) - Unstaged: 300.00ns (0.1%) - Round 2: 4.20µs - Hash received msgs (reliability check): 4.00µs (95.2%) - Unstaged: 200.00ns (4.8%) - Round 3: 300.00ns - Assert other parties hashed messages (reliability check): 100.00ns (33.3%) - Unstaged: 200.00ns (66.7%) - Round 4: 864.71µs - Validate decommitments: 54.10µs (6.3%) - Validate data size: 300.00ns (0.0%) - Validate Feldmann VSS: 392.90µs (45.4%) - Compute rid: 300.00ns (0.0%) - Compute Ys: 398.60µs (46.1%) - Compute sigma: 400.00ns (0.0%) - Calculate challenge: 17.50µs (2.0%) - Prove knowledge of `sigma_i`: 300.00ns (0.0%) - Unstaged: 300.00ns (0.0%) - Round 5: 298.60µs - Validate schnorr proofs: 295.00µs (98.8%) - Derive resulting public key and other data: 1.60µs (0.5%) - Unstaged: 2.00µs (0.7%) Key refresh protocol Protocol Performance: - Protocol took 2.89s to complete In particular: - Setup: 15.40µs - Retrieve auxiliary data: 2.00µs (13.0%) - Setup networking: 11.10µs (72.1%) - Precompute execution id and shared state: 1.90µs (12.3%) - Unstaged: 400.00ns (2.6%) - Round 1: 322.09ms - Retrieve primes (p and q): 300.00ns (0.0%) - Compute paillier decryption key (N): 17.65ms (5.5%) - Generate secret x_i and public X_i: 198.60µs (0.1%) - Generate auxiliary params r, λ, t, s: 4.67ms (1.5%) - Prove Πprm (ψˆ_i): 298.96ms (92.8%) - Compute schnorr commitment τ_j: 205.20µs (0.1%) - Sample random bytes: 200.00ns (0.0%) - Compute hash commitment and sample decommitment: 410.10µs (0.1%) - Unstaged: 400.00ns (0.0%) - Round 2: 4.60µs - Hash received msgs (reliability check): 4.10µs (89.1%) - Unstaged: 500.00ns (10.9%) - Round 3: 500.00ns - Assert other parties hashed messages (reliability check): 400.00ns (80.0%) - Unstaged: 100.00ns (20.0%) - Round 4: 1.77s - Validate round 1 decommitments: 816.41µs (0.0%) - Validate data sizes: 600.00ns (0.0%) - Validate П_prm (ψ_i): 595.34ms (33.7%) - Validate X_i: 5.50µs (0.0%) - Compute paillier encryption keys: 8.30µs (0.0%) - Add together shared random bytes: 1.40µs (0.0%) - Compute П_mod (ψ_i): 1.00s (56.6%) - Assemble security params for П_fac (ф_i): 1.71ms (0.1%) - Compute schnorr proof ψ_i^j: 7.10µs (0.0%) - Prepare auxiliary params and security level for proofs: 300.00ns (0.0%) - Paillier encryption of x_i^j: 40.17ms (2.3%) - Compute П_fac (ф_i^j): 128.05ms (7.2%) - Unstaged: 1.20µs (0.0%) - Round 5: 800.73ms - Paillier decrypt x_j^i from C_j^i: 35.58ms (4.4%) - Validate shares: 133.70µs (0.0%) - Validate schnorr proofs п_j and ψ_j^k: 797.91µs (0.1%) - Validate ψ_j (П_mod): 630.94ms (78.8%) - Validate ф_j (П_fac): 133.27ms (16.6%) - Calculate new x_i: 500.00ns (0.0%) - Calculate new X_i: 5.80µs (0.0%) - Assemble new core share: 300.00ns (0.0%) - Assemble auxiliary info: 1.30µs (0.0%) - Unstaged: 3.00µs (0.0%) Signing protocol Protocol Performance: - Protocol took 1.96s to complete In particular: - Setup: 22.13ms - Map t-out-of-n protocol to t-out-of-t: 6.40µs (0.0%) - Retrieve auxiliary data: 22.11ms (99.9%) - Precompute execution id and security params: 800.00ns (0.0%) - Setup networking: 5.50µs (0.0%) - Unstaged: 200.00ns (0.0%) - Round 1: 140.65ms - Generate local ephemeral secrets (k_i, y_i, p_i, v_i): 42.30µs (0.0%) - Encrypt G_i and K_i: 39.89ms (28.4%) - Prove ψ0_j: 100.72ms (71.6%) - Unstaged: 1.80µs (0.0%) - Round 2: 51.70µs - Hash received msgs (reliability check): 51.50µs (99.6%) - Unstaged: 200.00ns (0.4%) - Round 3: 984.24ms - Assert other parties hashed messages (reliability check): 600.00ns (0.0%) - Verify psi0 proofs: 100.39ms (10.2%) - Sample random r, hat_r, s, hat_s, beta, hat_beta: 63.70µs (0.0%) - Encrypt D_ji: 75.07ms (7.6%) - Encrypt F_ji: 70.33ms (7.1%) - Encrypt hat_D_ji: 75.06ms (7.6%) - Encrypt hat_F_ji: 70.35ms (7.1%) - Prove psi_ji: 241.01ms (24.5%) - Prove psiˆ_ji: 241.90ms (24.6%) - Prove psi_prime_ji : 110.06ms (11.2%) - Unstaged: 1.10µs (0.0%) - Round 4: 720.18ms - Retrieve auxiliary data: 6.40µs (0.0%) - Validate psi: 226.16ms (31.4%) - Validate hat_psi: 226.34ms (31.4%) - Validate psi_prime: 95.63ms (13.3%) - Compute Gamma, Delta_i, delta_i, chi_i: 70.74ms (9.8%) - Prove psi_prime_prime: 101.29ms (14.1%) - Unstaged: 400.00ns (0.0%) - Presig output: 91.63ms - Validate psi_prime_prime: 91.49ms (99.8%) - Calculate presignature: 148.80µs (0.2%) - Unstaged: 700.00ns (0.0%) - Partial signing: 10.30µs - Signature reconstruction: 221.20µs ```