search

dfns / cggmp21

State-of-art threshold ECDSA in Rust
Apache License 2.0
41 stars 6 forks source link

Take advantage of CRT in ZK validation #61

Closed survived closed 9 months ago

github-actions[bot] commented 9 months ago

Crate direct deps

Direct deps ```text digest v0.10.6 futures v0.3.24 generic-ec v0.0.0 (https://github.com/dfns-labs/generic-ec?branch=m#8ada3181) generic-ec-zkp v0.1.0 (https://github.com/dfns-labs/generic-ec?branch=m#8ada3181) hex v0.4.3 paillier-zk v0.1.0 (https://github.com/dfns-labs/paillier-zk?branch=m#17212a3b) rand_chacha v0.3.1 rand_core v0.6.4 round-based v0.2.0 (https://github.com/Zengo-X/round-based-protocol?branch=round-based2#f626f96e) serde v1.0.188 serde_json v1.0.107 serde_with v2.3.3 sha2 v0.10.6 thiserror v1.0.48 ```

Compared to base branch

Diff ```text --- direct-deps-base 2023-10-04 14:39:17.811480925 +0000 +++ direct-deps-pr 2023-10-04 14:39:18.199488901 +0000 @@ -3,2 +3,2 @@ -generic-ec v0.0.0 (https://github.com/dfns-labs/generic-ec?branch=m#bb2e7109) -generic-ec-zkp v0.1.0 (https://github.com/dfns-labs/generic-ec?branch=m#bb2e7109) +generic-ec v0.0.0 (https://github.com/dfns-labs/generic-ec?branch=m#8ada3181) +generic-ec-zkp v0.1.0 (https://github.com/dfns-labs/generic-ec?branch=m#8ada3181) @@ -6 +6 @@ -paillier-zk v0.1.0 (https://github.com/dfns-labs/paillier-zk?branch=m#ffdddb74) +paillier-zk v0.1.0 (https://github.com/dfns-labs/paillier-zk?branch=m#17212a3b) ```

All deps

cargo tree ```text cggmp21 v0.0.0 (/home/runner/work/cggmp21/cggmp21/pr_branch/cggmp21) ├── digest v0.10.6 │ ├── block-buffer v0.10.3 │ │ └── generic-array v0.14.6 │ │ ├── serde v1.0.188 │ │ │ └── serde_derive v1.0.188 (proc-macro) │ │ │ ├── proc-macro2 v1.0.66 │ │ │ │ └── unicode-ident v1.0.4 │ │ │ ├── quote v1.0.33 │ │ │ │ └── proc-macro2 v1.0.66 (*) │ │ │ └── syn v2.0.32 │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ ├── quote v1.0.33 (*) │ │ │ └── unicode-ident v1.0.4 │ │ └── typenum v1.15.0 │ └── crypto-common v0.1.6 │ ├── generic-array v0.14.6 (*) │ └── typenum v1.15.0 ├── futures v0.3.24 │ ├── futures-channel v0.3.24 │ │ ├── futures-core v0.3.24 │ │ └── futures-sink v0.3.24 │ ├── futures-core v0.3.24 │ ├── futures-executor v0.3.24 │ │ ├── futures-core v0.3.24 │ │ ├── futures-task v0.3.24 │ │ └── futures-util v0.3.24 │ │ ├── futures-channel v0.3.24 (*) │ │ ├── futures-core v0.3.24 │ │ ├── futures-io v0.3.24 │ │ ├── futures-macro v0.3.24 (proc-macro) │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ ├── quote v1.0.33 (*) │ │ │ └── syn v1.0.101 │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ ├── quote v1.0.33 (*) │ │ │ └── unicode-ident v1.0.4 │ │ ├── futures-sink v0.3.24 │ │ ├── futures-task v0.3.24 │ │ ├── memchr v2.5.0 │ │ ├── pin-project-lite v0.2.9 │ │ ├── pin-utils v0.1.0 │ │ └── slab v0.4.7 │ ├── futures-io v0.3.24 │ ├── futures-sink v0.3.24 │ ├── futures-task v0.3.24 │ └── futures-util v0.3.24 (*) ├── generic-ec v0.0.0 (https://github.com/dfns-labs/generic-ec?branch=m#8ada3181) │ ├── generic-ec-core v0.1.0 (https://github.com/dfns-labs/generic-ec?branch=m#8ada3181) │ │ ├── generic-array v0.14.6 (*) │ │ ├── rand_core v0.6.4 │ │ ├── serde v1.0.188 (*) │ │ ├── subtle v2.4.1 │ │ └── zeroize v1.6.0 │ │ └── zeroize_derive v1.3.2 (proc-macro) │ │ ├── proc-macro2 v1.0.66 (*) │ │ ├── quote v1.0.33 (*) │ │ ├── syn v1.0.101 (*) │ │ └── synstructure v0.12.6 │ │ ├── proc-macro2 v1.0.66 (*) │ │ ├── quote v1.0.33 (*) │ │ ├── syn v1.0.101 (*) │ │ └── unicode-xid v0.2.4 │ ├── getrandom v0.2.10 │ │ ├── cfg-if v1.0.0 │ │ └── libc v0.2.148 │ ├── hex v0.4.3 │ │ └── serde v1.0.188 (*) │ ├── phantom-type v0.4.2 │ │ └── educe v0.4.19 (proc-macro) │ │ ├── enum-ordinalize v3.1.11 (proc-macro) │ │ │ ├── num-bigint v0.4.3 │ │ │ │ ├── num-integer v0.1.45 │ │ │ │ │ └── num-traits v0.2.15 │ │ │ │ └── num-traits v0.2.15 │ │ │ ├── num-traits v0.2.15 │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ ├── quote v1.0.33 (*) │ │ │ └── syn v1.0.101 (*) │ │ ├── proc-macro2 v1.0.66 (*) │ │ ├── quote v1.0.33 (*) │ │ └── syn v1.0.101 (*) │ ├── rand_core v0.6.4 │ ├── serde v1.0.188 (*) │ ├── serde_with v2.3.3 │ │ ├── serde v1.0.188 (*) │ │ └── serde_with_macros v2.3.3 (proc-macro) │ │ ├── darling v0.20.1 │ │ │ ├── darling_core v0.20.1 │ │ │ │ ├── fnv v1.0.7 │ │ │ │ ├── ident_case v1.0.1 │ │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ │ ├── quote v1.0.33 (*) │ │ │ │ ├── strsim v0.10.0 │ │ │ │ └── syn v2.0.32 (*) │ │ │ └── darling_macro v0.20.1 (proc-macro) │ │ │ ├── darling_core v0.20.1 (*) │ │ │ ├── quote v1.0.33 (*) │ │ │ └── syn v2.0.32 (*) │ │ ├── proc-macro2 v1.0.66 (*) │ │ ├── quote v1.0.33 (*) │ │ └── syn v2.0.32 (*) │ ├── subtle v2.4.1 │ └── zeroize v1.6.0 (*) ├── generic-ec-zkp v0.1.0 (https://github.com/dfns-labs/generic-ec?branch=m#8ada3181) │ ├── digest v0.10.6 (*) │ ├── generic-array v0.14.6 (*) │ ├── generic-ec v0.0.0 (https://github.com/dfns-labs/generic-ec?branch=m#8ada3181) (*) │ ├── rand_core v0.6.4 │ ├── serde v1.0.188 (*) │ └── subtle v2.4.1 ├── hex v0.4.3 (*) ├── paillier-zk v0.1.0 (https://github.com/dfns-labs/paillier-zk?branch=m#17212a3b) │ ├── digest v0.10.6 (*) │ ├── fast-paillier v0.1.0 (https://github.com/dfns-labs/fast-paillier?branch=m#b44b00a0) │ │ ├── bytemuck v1.13.1 │ │ │ └── bytemuck_derive v1.4.1 (proc-macro) │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ ├── quote v1.0.33 (*) │ │ │ └── syn v2.0.32 (*) │ │ ├── rand_core v0.6.4 │ │ ├── rug v1.21.0 │ │ │ ├── az v1.2.1 │ │ │ ├── gmp-mpfr-sys v1.6.1 │ │ │ │ └── libc v0.2.148 │ │ │ ├── libc v0.2.148 │ │ │ └── serde v1.0.188 (*) │ │ ├── serde v1.0.188 (*) │ │ └── thiserror v1.0.48 │ │ └── thiserror-impl v1.0.48 (proc-macro) │ │ ├── proc-macro2 v1.0.66 (*) │ │ ├── quote v1.0.33 (*) │ │ └── syn v2.0.32 (*) │ ├── generic-ec v0.0.0 (https://github.com/dfns-labs/generic-ec?branch=m#8ada3181) (*) │ ├── rand_core v0.6.4 │ ├── rug v1.21.0 (*) │ ├── serde v1.0.188 (*) │ ├── serde_with v3.0.0 │ │ ├── serde v1.0.188 (*) │ │ └── serde_with_macros v3.0.0 (proc-macro) │ │ ├── darling v0.20.1 (*) │ │ ├── proc-macro2 v1.0.66 (*) │ │ ├── quote v1.0.33 (*) │ │ └── syn v2.0.32 (*) │ └── thiserror v1.0.48 (*) ├── rand_chacha v0.3.1 │ ├── ppv-lite86 v0.2.17 │ └── rand_core v0.6.4 ├── rand_core v0.6.4 ├── round-based v0.2.0 (https://github.com/Zengo-X/round-based-protocol?branch=round-based2#f626f96e) │ ├── async-stream v0.3.3 │ │ ├── async-stream-impl v0.3.3 (proc-macro) │ │ │ ├── proc-macro2 v1.0.66 (*) │ │ │ ├── quote v1.0.33 (*) │ │ │ └── syn v1.0.101 (*) │ │ └── futures-core v0.3.24 │ ├── bincode v1.3.3 │ │ └── serde v1.0.188 (*) │ ├── futures v0.3.24 (*) │ ├── never v0.1.0 │ ├── phantom-type v0.3.1 │ │ └── educe v0.4.19 (proc-macro) (*) │ ├── round-based-derive v0.1.0 (proc-macro) (https://github.com/Zengo-X/round-based-protocol?branch=round-based2#f626f96e) │ │ ├── proc-macro2 v1.0.66 (*) │ │ ├── quote v1.0.33 (*) │ │ └── syn v1.0.101 (*) │ ├── serde v1.0.188 (*) │ ├── thiserror v1.0.48 (*) │ ├── tokio v1.21.2 │ │ └── pin-project-lite v0.2.9 │ ├── tokio-stream v0.1.10 │ │ ├── futures-core v0.3.24 │ │ ├── pin-project-lite v0.2.9 │ │ ├── tokio v1.21.2 (*) │ │ └── tokio-util v0.7.4 │ │ ├── bytes v1.2.1 │ │ ├── futures-core v0.3.24 │ │ ├── futures-sink v0.3.24 │ │ ├── pin-project-lite v0.2.9 │ │ └── tokio v1.21.2 (*) │ └── tracing v0.1.36 │ ├── cfg-if v1.0.0 │ ├── pin-project-lite v0.2.9 │ ├── tracing-attributes v0.1.22 (proc-macro) │ │ ├── proc-macro2 v1.0.66 (*) │ │ ├── quote v1.0.33 (*) │ │ └── syn v1.0.101 (*) │ └── tracing-core v0.1.29 │ └── once_cell v1.17.0 ├── serde v1.0.188 (*) ├── serde_json v1.0.107 │ ├── itoa v1.0.4 │ ├── ryu v1.0.11 │ └── serde v1.0.188 (*) ├── serde_with v2.3.3 (*) ├── sha2 v0.10.6 │ ├── cfg-if v1.0.0 │ ├── cpufeatures v0.2.5 │ └── digest v0.10.6 (*) └── thiserror v1.0.48 (*) ```

Compared to base branch

Diff ```text --- all-deps-base 2023-10-04 14:39:17.979484378 +0000 +++ all-deps-pr 2023-10-04 14:39:18.375492519 +0000 @@ -18 +18 @@ -fast-paillier v0.1.0 (https://github.com/dfns-labs/fast-paillier?branch=m#2fcc3135) +fast-paillier v0.1.0 (https://github.com/dfns-labs/fast-paillier?branch=m#b44b00a0) @@ -30,3 +30,3 @@ -generic-ec v0.0.0 (https://github.com/dfns-labs/generic-ec?branch=m#bb2e7109) -generic-ec-core v0.1.0 (https://github.com/dfns-labs/generic-ec?branch=m#bb2e7109) -generic-ec-zkp v0.1.0 (https://github.com/dfns-labs/generic-ec?branch=m#bb2e7109) +generic-ec v0.0.0 (https://github.com/dfns-labs/generic-ec?branch=m#8ada3181) +generic-ec-core v0.1.0 (https://github.com/dfns-labs/generic-ec?branch=m#8ada3181) +generic-ec-zkp v0.1.0 (https://github.com/dfns-labs/generic-ec?branch=m#8ada3181) @@ -45 +45 @@ -paillier-zk v0.1.0 (https://github.com/dfns-labs/paillier-zk?branch=m#ffdddb74) +paillier-zk v0.1.0 (https://github.com/dfns-labs/paillier-zk?branch=m#17212a3b) ```
github-actions[bot] commented 9 months ago

Benchmark Result

Benchmarks ```text RUST_TESTS_SEED=38158d0ffa9d169e1d229f9fd4f63a4891f92d8db2eb1b05a5c8309bb3837797 n = 3 Non-threshold DKG Protocol Performance: - Protocol took 675.71µs to complete In particular: - Setup: 4.30µs - Setup networking: 4.20µs (97.7%) - Unstaged: 100.00ns (2.3%) - Round 1: 173.50µs - Compute execution id: 400.00ns (0.2%) - Sample x_i, rid_i: 75.10µs (43.3%) - Sample schnorr commitment: 69.50µs (40.1%) - Commit to public data: 28.00µs (16.1%) - Unstaged: 500.00ns (0.3%) - Round 2: 4.40µs - Hash received msgs (reliability check): 4.00µs (90.9%) - Unstaged: 400.00ns (9.1%) - Round 3: 400.00ns - Assert other parties hashed messages (reliability check): 300.00ns (75.0%) - Unstaged: 100.00ns (25.0%) - Round 4: 71.10µs - Validate decommitments: 68.20µs (95.9%) - Calculate challege rid: 2.40µs (3.4%) - Prove knowledge of `x_i`: 300.00ns (0.4%) - Unstaged: 200.00ns (0.3%) - Round 5: 422.01µs - Validate schnorr proofs: 421.51µs (99.9%) - Unstaged: 500.00ns (0.1%) Threshold DKG Protocol Performance: - Protocol took 1.54ms to complete In particular: - Setup: 2.90µs - Setup networking: 2.80µs (96.6%) - Unstaged: 100.00ns (3.4%) - Round 1: 246.70µs - Compute execution id: 100.00ns (0.0%) - Sample rid_i, schnorr commitment, polynomial: 211.60µs (85.8%) - Commit to public data: 34.60µs (14.0%) - Unstaged: 400.00ns (0.2%) - Round 2: 4.40µs - Hash received msgs (reliability check): 4.30µs (97.7%) - Unstaged: 100.00ns (2.3%) - Round 3: 500.00ns - Assert other parties hashed messages (reliability check): 200.00ns (40.0%) - Unstaged: 300.00ns (60.0%) - Round 4: 959.01µs - Validate decommitments: 66.40µs (6.9%) - Validate data size: 500.00ns (0.1%) - Validate Feldmann VSS: 449.01µs (46.8%) - Compute rid: 400.00ns (0.0%) - Compute Ys: 421.41µs (43.9%) - Compute sigma: 400.00ns (0.0%) - Calculate challenge: 20.40µs (2.1%) - Prove knowledge of `sigma_i`: 300.00ns (0.0%) - Unstaged: 200.00ns (0.0%) - Round 5: 323.40µs - Validate schnorr proofs: 319.20µs (98.7%) - Derive resulting public key and other data: 1.60µs (0.5%) - Unstaged: 2.60µs (0.8%) Auxiliary data generation protocol Protocol Performance: - Protocol took 14.69s to complete In particular: - Setup: 7.60µs - Retrieve auxiliary data: 300.00ns (3.9%) - Setup networking: 6.30µs (82.9%) - Precompute execution id and shared state: 800.00ns (10.5%) - Unstaged: 200.00ns (2.6%) - Round 1: 1.78s - Retrieve primes (p and q): 200.00ns (0.0%) - Compute paillier decryption key (N): 4.00µs (0.0%) - Generate auxiliary params r, λ, t, s: 14.41ms (0.8%) - Prove Πprm (ψˆ_i): 1.77s (99.1%) - Sample random bytes: 2.30µs (0.0%) - Compute hash commitment and sample decommitment: 1.11ms (0.1%) - Unstaged: 400.00ns (0.0%) - Round 2: 5.10µs - Hash received msgs (reliability check): 4.60µs (90.2%) - Unstaged: 500.00ns (9.8%) - Round 3: 700.00ns - Assert other parties hashed messages (reliability check): 200.00ns (28.6%) - Unstaged: 500.00ns (71.4%) - Round 4: 9.02s - Validate round 1 decommitments: 2.21ms (0.0%) - Validate П_prm (ψ_i): 3.51s (39.0%) - Add together shared random bytes: 3.10µs (0.0%) - Compute П_mod (ψ_i): 5.24s (58.1%) - Assemble security params for П_fac (ф_i): 7.90µs (0.0%) - Compute П_fac (ф_i^j): 261.48ms (2.9%) - Unstaged: 1.40µs (0.0%) - Round 5: 3.89s - Validate ψ_j (П_mod): 3.63s (93.2%) - Validate ф_j (П_fac): 263.73ms (6.8%) - Assemble auxiliary info: 199.30µs (0.0%) - Unstaged: 800.00ns (0.0%) Signing protocol Protocol Performance: - Protocol took 2.45s to complete In particular: - Setup: 107.90µs - Map t-out-of-n protocol to t-out-of-t: 8.20µs (7.6%) - Retrieve auxiliary data: 94.50µs (87.6%) - Precompute execution id and security params: 700.00ns (0.6%) - Setup networking: 4.30µs (4.0%) - Unstaged: 200.00ns (0.2%) - Round 1: 181.31ms - Generate local ephemeral secrets (k_i, y_i, p_i, v_i): 67.90µs (0.0%) - Encrypt G_i and K_i: 55.98ms (30.9%) - Prove ψ0_j: 125.26ms (69.1%) - Unstaged: 1.50µs (0.0%) - Round 2: 87.20µs - Hash received msgs (reliability check): 86.80µs (99.5%) - Unstaged: 400.00ns (0.5%) - Round 3: 1.24s - Assert other parties hashed messages (reliability check): 800.00ns (0.0%) - Verify psi0 proofs: 144.45ms (11.6%) - Sample random r, hat_r, s, hat_s, beta, hat_beta: 71.70µs (0.0%) - Encrypt D_ji: 108.84ms (8.8%) - Encrypt F_ji: 55.94ms (4.5%) - Encrypt hat_D_ji: 108.99ms (8.8%) - Encrypt hat_F_ji: 55.95ms (4.5%) - Prove psi_ji: 324.86ms (26.1%) - Prove psiˆ_ji: 320.99ms (25.8%) - Prove psi_prime_ji : 123.70ms (9.9%) - Unstaged: 1.90µs (0.0%) - Round 4: 883.42ms - Retrieve auxiliary data: 5.80µs (0.0%) - Validate psi: 252.15ms (28.5%) - Validate hat_psi: 254.75ms (28.8%) - Validate psi_prime: 142.35ms (16.1%) - Compute Gamma, Delta_i, delta_i, chi_i: 110.47ms (12.5%) - Prove psi_prime_prime: 123.70ms (14.0%) - Unstaged: 600.00ns (0.0%) - Presig output: 142.90ms - Validate psi_prime_prime: 142.74ms (99.9%) - Calculate presignature: 160.10µs (0.1%) - Unstaged: 1.00µs (0.0%) - Partial signing: 12.80µs - Signature reconstruction: 241.20µs ```