issues
search
dfns
/
cggmp21
State-of-art threshold ECDSA in Rust
Apache License 2.0
41
stars
6
forks
source link
Update security level
#54
Closed
survived
closed
11 months ago
github-actions[bot]
commented
11 months ago
Benchmark Result
Benchmarks
```text RUST_TESTS_SEED=a3ec3c1524ec3040eff79a0a98a73e0bbda6e859c2c97c2d73af0ad298acfc8c n = 3 Non-threshold DKG Protocol Performance: - Protocol took 882.77µs to complete In particular: - Setup: 11.30µs - Setup networking: 10.50µs (92.9%) - Unstaged: 800.00ns (7.1%) - Round 1: 262.22µs - Compute execution id: 400.00ns (0.2%) - Sample x_i, rid_i: 116.11µs (44.3%) - Sample schnorr commitment: 104.11µs (39.7%) - Commit to public data: 40.90µs (15.6%) - Unstaged: 700.00ns (0.3%) - Round 2: 6.30µs - Hash received msgs (reliability check): 6.00µs (95.2%) - Unstaged: 300.00ns (4.8%) - Round 3: 500.00ns - Assert other parties hashed messages (reliability check): 300.00ns (60.0%) - Unstaged: 200.00ns (40.0%) - Round 4: 94.41µs - Validate decommitments: 87.41µs (92.6%) - Calculate challege rid: 6.20µs (6.6%) - Prove knowledge of `x_i`: 500.00ns (0.5%) - Unstaged: 300.00ns (0.3%) - Round 5: 508.04µs - Validate schnorr proofs: 507.34µs (99.9%) - Unstaged: 700.00ns (0.1%) Threshold DKG Protocol Performance: - Protocol took 1.77ms to complete In particular: - Setup: 3.10µs - Setup networking: 3.00µs (96.8%) - Unstaged: 100.00ns (3.2%) - Round 1: 285.52µs - Compute execution id: 200.00ns (0.1%) - Sample rid_i, schnorr commitment, polynomial: 250.62µs (87.8%) - Commit to public data: 34.30µs (12.0%) - Unstaged: 400.00ns (0.1%) - Round 2: 5.10µs - Hash received msgs (reliability check): 4.90µs (96.1%) - Unstaged: 200.00ns (3.9%) - Round 3: 500.00ns - Assert other parties hashed messages (reliability check): 200.00ns (40.0%) - Unstaged: 300.00ns (60.0%) - Round 4: 1.09ms - Validate decommitments: 67.31µs (6.2%) - Validate data size: 300.00ns (0.0%) - Validate Feldmann VSS: 497.64µs (45.5%) - Compute rid: 500.00ns (0.0%) - Compute Ys: 504.04µs (46.1%) - Compute sigma: 500.00ns (0.0%) - Calculate challenge: 22.50µs (2.1%) - Prove knowledge of `sigma_i`: 300.00ns (0.0%) - Unstaged: 200.00ns (0.0%) - Round 5: 381.03µs - Validate schnorr proofs: 378.53µs (99.3%) - Derive resulting public key and other data: 2.00µs (0.5%) - Unstaged: 500.00ns (0.1%) Auxiliary data generation protocol Protocol Performance: - Protocol took 20.33s to complete In particular: - Setup: 10.40µs - Retrieve auxiliary data: 300.00ns (2.9%) - Setup networking: 9.20µs (88.5%) - Precompute execution id and shared state: 800.00ns (7.7%) - Unstaged: 100.00ns (1.0%) - Round 1: 2.37s - Retrieve primes (p and q): 200.00ns (0.0%) - Compute paillier decryption key (N): 12.40µs (0.0%) - Generate auxiliary params r, λ, t, s: 18.42ms (0.8%) - Prove Πprm (ψˆ_i): 2.35s (99.2%) - Sample random bytes: 2.30µs (0.0%) - Compute hash commitment and sample decommitment: 1.26ms (0.1%) - Unstaged: 400.00ns (0.0%) - Round 2: 5.30µs - Hash received msgs (reliability check): 4.80µs (90.6%) - Unstaged: 500.00ns (9.4%) - Round 3: 800.00ns - Assert other parties hashed messages (reliability check): 400.00ns (50.0%) - Unstaged: 400.00ns (50.0%) - Round 4: 12.71s - Validate round 1 decommitments: 2.50ms (0.0%) - Validate П_prm (ψ_i): 4.70s (37.0%) - Add together shared random bytes: 4.70µs (0.0%) - Compute П_mod (ψ_i): 7.64s (60.1%) - Assemble security params for П_fac (ф_i): 4.79ms (0.0%) - Compute П_fac (ф_i^j): 358.10ms (2.8%) - Unstaged: 2.40µs (0.0%) - Round 5: 5.25s - Validate ψ_j (П_mod): 4.87s (92.8%) - Validate ф_j (П_fac): 375.95ms (7.2%) - Assemble auxiliary info: 3.90µs (0.0%) - Unstaged: 1.10µs (0.0%) Signing protocol Protocol Performance: - Protocol took 5.86s to complete In particular: - Setup: 86.36ms - Map t-out-of-n protocol to t-out-of-t: 3.60µs (0.0%) - Retrieve auxiliary data: 86.34ms (100.0%) - Precompute execution id and security params: 1.30µs (0.0%) - Setup networking: 6.40µs (0.0%) - Unstaged: 300.00ns (0.0%) - Round 1: 475.48ms - Generate local ephemeral secrets (k_i, y_i, p_i, v_i): 85.31µs (0.0%) - Encrypt G_i and K_i: 155.24ms (32.6%) - Prove ψ0_j: 320.14ms (67.3%) - Unstaged: 11.70µs (0.0%) - Round 2: 98.01µs - Hash received msgs (reliability check): 97.61µs (99.6%) - Unstaged: 400.00ns (0.4%) - Round 3: 2.95s - Assert other parties hashed messages (reliability check): 900.00ns (0.0%) - Verify psi0 proofs: 342.60ms (11.6%) - Sample random r, hat_r, s, hat_s, beta, hat_beta: 76.21µs (0.0%) - Encrypt D_ji: 248.00ms (8.4%) - Encrypt F_ji: 234.71ms (8.0%) - Encrypt hat_D_ji: 198.38ms (6.7%) - Encrypt hat_F_ji: 185.16ms (6.3%) - Prove psi_ji: 709.10ms (24.1%) - Prove psiˆ_ji: 709.21ms (24.1%) - Prove psi_prime_ji : 320.89ms (10.9%) - Unstaged: 2.80µs (0.0%) - Round 4: 2.06s - Retrieve auxiliary data: 13.00µs (0.0%) - Validate psi: 539.32ms (26.2%) - Validate hat_psi: 629.94ms (30.6%) - Validate psi_prime: 343.31ms (16.7%) - Compute Gamma, Delta_i, delta_i, chi_i: 284.54ms (13.8%) - Prove psi_prime_prime: 263.16ms (12.8%) - Unstaged: 1.00µs (0.0%) - Presig output: 285.82ms - Validate psi_prime_prime: 285.63ms (99.9%) - Calculate presignature: 188.11µs (0.1%) - Unstaged: 1.50µs (0.0%) - Partial signing: 13.40µs - Signature reconstruction: 287.82µs ```
Benchmark Result
Benchmarks
```text RUST_TESTS_SEED=a3ec3c1524ec3040eff79a0a98a73e0bbda6e859c2c97c2d73af0ad298acfc8c n = 3 Non-threshold DKG Protocol Performance: - Protocol took 882.77µs to complete In particular: - Setup: 11.30µs - Setup networking: 10.50µs (92.9%) - Unstaged: 800.00ns (7.1%) - Round 1: 262.22µs - Compute execution id: 400.00ns (0.2%) - Sample x_i, rid_i: 116.11µs (44.3%) - Sample schnorr commitment: 104.11µs (39.7%) - Commit to public data: 40.90µs (15.6%) - Unstaged: 700.00ns (0.3%) - Round 2: 6.30µs - Hash received msgs (reliability check): 6.00µs (95.2%) - Unstaged: 300.00ns (4.8%) - Round 3: 500.00ns - Assert other parties hashed messages (reliability check): 300.00ns (60.0%) - Unstaged: 200.00ns (40.0%) - Round 4: 94.41µs - Validate decommitments: 87.41µs (92.6%) - Calculate challege rid: 6.20µs (6.6%) - Prove knowledge of `x_i`: 500.00ns (0.5%) - Unstaged: 300.00ns (0.3%) - Round 5: 508.04µs - Validate schnorr proofs: 507.34µs (99.9%) - Unstaged: 700.00ns (0.1%) Threshold DKG Protocol Performance: - Protocol took 1.77ms to complete In particular: - Setup: 3.10µs - Setup networking: 3.00µs (96.8%) - Unstaged: 100.00ns (3.2%) - Round 1: 285.52µs - Compute execution id: 200.00ns (0.1%) - Sample rid_i, schnorr commitment, polynomial: 250.62µs (87.8%) - Commit to public data: 34.30µs (12.0%) - Unstaged: 400.00ns (0.1%) - Round 2: 5.10µs - Hash received msgs (reliability check): 4.90µs (96.1%) - Unstaged: 200.00ns (3.9%) - Round 3: 500.00ns - Assert other parties hashed messages (reliability check): 200.00ns (40.0%) - Unstaged: 300.00ns (60.0%) - Round 4: 1.09ms - Validate decommitments: 67.31µs (6.2%) - Validate data size: 300.00ns (0.0%) - Validate Feldmann VSS: 497.64µs (45.5%) - Compute rid: 500.00ns (0.0%) - Compute Ys: 504.04µs (46.1%) - Compute sigma: 500.00ns (0.0%) - Calculate challenge: 22.50µs (2.1%) - Prove knowledge of `sigma_i`: 300.00ns (0.0%) - Unstaged: 200.00ns (0.0%) - Round 5: 381.03µs - Validate schnorr proofs: 378.53µs (99.3%) - Derive resulting public key and other data: 2.00µs (0.5%) - Unstaged: 500.00ns (0.1%) Auxiliary data generation protocol Protocol Performance: - Protocol took 20.33s to complete In particular: - Setup: 10.40µs - Retrieve auxiliary data: 300.00ns (2.9%) - Setup networking: 9.20µs (88.5%) - Precompute execution id and shared state: 800.00ns (7.7%) - Unstaged: 100.00ns (1.0%) - Round 1: 2.37s - Retrieve primes (p and q): 200.00ns (0.0%) - Compute paillier decryption key (N): 12.40µs (0.0%) - Generate auxiliary params r, λ, t, s: 18.42ms (0.8%) - Prove Πprm (ψˆ_i): 2.35s (99.2%) - Sample random bytes: 2.30µs (0.0%) - Compute hash commitment and sample decommitment: 1.26ms (0.1%) - Unstaged: 400.00ns (0.0%) - Round 2: 5.30µs - Hash received msgs (reliability check): 4.80µs (90.6%) - Unstaged: 500.00ns (9.4%) - Round 3: 800.00ns - Assert other parties hashed messages (reliability check): 400.00ns (50.0%) - Unstaged: 400.00ns (50.0%) - Round 4: 12.71s - Validate round 1 decommitments: 2.50ms (0.0%) - Validate П_prm (ψ_i): 4.70s (37.0%) - Add together shared random bytes: 4.70µs (0.0%) - Compute П_mod (ψ_i): 7.64s (60.1%) - Assemble security params for П_fac (ф_i): 4.79ms (0.0%) - Compute П_fac (ф_i^j): 358.10ms (2.8%) - Unstaged: 2.40µs (0.0%) - Round 5: 5.25s - Validate ψ_j (П_mod): 4.87s (92.8%) - Validate ф_j (П_fac): 375.95ms (7.2%) - Assemble auxiliary info: 3.90µs (0.0%) - Unstaged: 1.10µs (0.0%) Signing protocol Protocol Performance: - Protocol took 5.86s to complete In particular: - Setup: 86.36ms - Map t-out-of-n protocol to t-out-of-t: 3.60µs (0.0%) - Retrieve auxiliary data: 86.34ms (100.0%) - Precompute execution id and security params: 1.30µs (0.0%) - Setup networking: 6.40µs (0.0%) - Unstaged: 300.00ns (0.0%) - Round 1: 475.48ms - Generate local ephemeral secrets (k_i, y_i, p_i, v_i): 85.31µs (0.0%) - Encrypt G_i and K_i: 155.24ms (32.6%) - Prove ψ0_j: 320.14ms (67.3%) - Unstaged: 11.70µs (0.0%) - Round 2: 98.01µs - Hash received msgs (reliability check): 97.61µs (99.6%) - Unstaged: 400.00ns (0.4%) - Round 3: 2.95s - Assert other parties hashed messages (reliability check): 900.00ns (0.0%) - Verify psi0 proofs: 342.60ms (11.6%) - Sample random r, hat_r, s, hat_s, beta, hat_beta: 76.21µs (0.0%) - Encrypt D_ji: 248.00ms (8.4%) - Encrypt F_ji: 234.71ms (8.0%) - Encrypt hat_D_ji: 198.38ms (6.7%) - Encrypt hat_F_ji: 185.16ms (6.3%) - Prove psi_ji: 709.10ms (24.1%) - Prove psiˆ_ji: 709.21ms (24.1%) - Prove psi_prime_ji : 320.89ms (10.9%) - Unstaged: 2.80µs (0.0%) - Round 4: 2.06s - Retrieve auxiliary data: 13.00µs (0.0%) - Validate psi: 539.32ms (26.2%) - Validate hat_psi: 629.94ms (30.6%) - Validate psi_prime: 343.31ms (16.7%) - Compute Gamma, Delta_i, delta_i, chi_i: 284.54ms (13.8%) - Prove psi_prime_prime: 263.16ms (12.8%) - Unstaged: 1.00µs (0.0%) - Presig output: 285.82ms - Validate psi_prime_prime: 285.63ms (99.9%) - Calculate presignature: 188.11µs (0.1%) - Unstaged: 1.50µs (0.0%) - Partial signing: 13.40µs - Signature reconstruction: 287.82µs ```