search

dfns / cggmp21

State-of-art threshold ECDSA in Rust
Apache License 2.0
41 stars 6 forks source link

Add audit report #85

Closed survived closed 3 months ago

github-actions[bot] commented 3 months ago

Benchmark Result

Benchmarks ```text RUST_TESTS_SEED=5fb0162cf61084bc649f476f81b01fd804782aace97bf1d9f88a84755a2b60b9 n = 3 Non-threshold DKG Protocol Performance: - Protocol took 435.93µs to complete In particular: - Stage: 9.00µs - Setup networking: 8.82µs (98.0%) - Unstaged: 180.00ns (2.0%) - Round 1: 147.28µs - Compute execution id: 4.47µs (3.0%) - Sample x_i, rid_i, chain_code: 63.46µs (43.1%) - Sample schnorr commitment: 59.15µs (40.2%) - Commit to public data: 19.89µs (13.5%) - Unstaged: 321.00ns (0.2%) - Round 2: 2.71µs - Hash received msgs (reliability check): 2.50µs (92.2%) - Unstaged: 210.00ns (7.8%) - Round 3: 301.00ns - Assert other parties hashed messages (reliability check): 160.00ns (53.2%) - Unstaged: 141.00ns (46.8%) - Round 4: 39.57µs - Validate decommitments: 33.87µs (85.6%) - Calculate chain_code: 722.00ns (1.8%) - Calculate challege rid: 4.41µs (11.1%) - Prove knowledge of `x_i`: 431.00ns (1.1%) - Unstaged: 141.00ns (0.4%) - Round 5: 237.07µs - Validate schnorr proofs: 236.72µs (99.9%) - Unstaged: 351.00ns (0.1%) Threshold DKG Protocol Performance: - Protocol took 1.24ms to complete In particular: - Stage: 1.63µs - Setup networking: 1.57µs (96.3%) - Unstaged: 60.00ns (3.7%) - Round 1: 202.70µs - Compute execution id: 1.37µs (0.7%) - Sample rid_i, schnorr commitment, polynomial, chain_code: 178.39µs (88.0%) - Commit to public data: 22.70µs (11.2%) - Unstaged: 230.00ns (0.1%) - Round 2: 1.10µs - Hash received msgs (reliability check): 951.00ns (86.3%) - Unstaged: 151.00ns (13.7%) - Round 3: 330.00ns - Assert other parties hashed messages (reliability check): 190.00ns (57.6%) - Unstaged: 140.00ns (42.4%) - Round 4: 772.14µs - Validate decommitments: 44.34µs (5.7%) - Validate data size: 290.00ns (0.0%) - Validate Feldmann VSS: 354.32µs (45.9%) - Compute rid: 331.00ns (0.0%) - Compute chain_code: 911.00ns (0.1%) - Compute Ys: 356.67µs (46.2%) - Compute sigma: 411.00ns (0.1%) - Calculate challenge: 14.45µs (1.9%) - Prove knowledge of `sigma_i`: 280.00ns (0.0%) - Unstaged: 140.00ns (0.0%) - Round 5: 266.11µs - Validate schnorr proofs: 264.62µs (99.4%) - Derive resulting public key and other data: 1.31µs (0.5%) - Unstaged: 180.00ns (0.1%) Auxiliary data generation protocol Protocol Performance: - Protocol took 9.54s to complete In particular: - Stage: 11.23µs - Retrieve auxiliary data: 151.00ns (1.3%) - Setup networking: 9.79µs (87.2%) - Precompute execution id and shared state: 1.21µs (10.8%) - Unstaged: 80.00ns (0.7%) - Round 1: 1.18s - Retrieve primes (p and q): 70.00ns (0.0%) - Compute paillier decryption key (N): 3.09µs (0.0%) - Generate auxiliary params r, λ, t, s: 9.08ms (0.8%) - Prove Πprm (ψˆ_i): 1.17s (99.2%) - Sample random bytes: 2.60µs (0.0%) - Compute hash commitment and sample decommitment: 297.54µs (0.0%) - Unstaged: 250.00ns (0.0%) - Round 2: 1.36µs - Hash received msgs (reliability check): 1.06µs (78.0%) - Unstaged: 300.00ns (22.0%) - Round 3: 322.00ns - Assert other parties hashed messages (reliability check): 180.00ns (55.9%) - Unstaged: 142.00ns (44.1%) - Round 4: 5.89s - Validate round 1 decommitments: 536.47µs (0.0%) - Validate П_prm (ψ_i): 2.28s (38.7%) - Add together shared random bytes: 2.92µs (0.0%) - Compute П_mod (ψ_i): 3.44s (58.4%) - Assemble security params for П_fac (ф_i): 5.42µs (0.0%) - Compute П_fac (ф_i^j): 171.39ms (2.9%) - Unstaged: 1.00µs (0.0%) - Round 5: 2.48s - Validate ψ_j (П_mod): 2.30s (93.0%) - Validate ф_j (П_fac): 172.87ms (7.0%) - Assemble auxiliary info: 145.69µs (0.0%) - Unstaged: 2.22µs (0.0%) Signing protocol Protocol Performance: - Protocol took 4.16s to complete In particular: - Stage: 141.08µs - Map t-out-of-n protocol to t-out-of-t: 70.03µs (49.6%) - Retrieve auxiliary data: 67.27µs (47.7%) - Precompute execution id and security params: 441.00ns (0.3%) - Setup networking: 3.26µs (2.3%) - Unstaged: 91.00ns (0.1%) - Round 1: 188.56ms - Generate local ephemeral secrets (k_i, y_i, p_i, v_i): 48.47µs (0.0%) - Encrypt G_i and K_i: 107.48ms (57.0%) - Prove ψ0_j: 81.03ms (43.0%) - Unstaged: 952.00ns (0.0%) - Round 2: 13.43µs - Hash received msgs (reliability check): 13.26µs (98.7%) - Unstaged: 170.00ns (1.3%) - Round 3: 2.23s - Assert other parties hashed messages (reliability check): 521.00ns (0.0%) - Verify psi0 proofs: 268.74ms (12.1%) - Sample random r, hat_r, s, hat_s, beta, hat_beta: 49.35µs (0.0%) - Encrypt D_ji: 70.41ms (3.2%) - Encrypt F_ji: 35.72ms (1.6%) - Encrypt hat_D_ji: 559.30ms (25.1%) - Encrypt hat_F_ji: 35.75ms (1.6%) - Prove psi_ji: 789.28ms (35.5%) - Prove psiˆ_ji: 208.80ms (9.4%) - Prove psi_prime_ji : 257.55ms (11.6%) - Unstaged: 1.16µs (0.0%) - Round 4: 1.56s - Retrieve auxiliary data: 4.88µs (0.0%) - Validate psi: 164.53ms (10.6%) - Validate hat_psi: 164.34ms (10.5%) - Validate psi_prime: 934.15ms (59.9%) - Compute Gamma, Delta_i, delta_i, chi_i: 215.04ms (13.8%) - Prove psi_prime_prime: 81.15ms (5.2%) - Unstaged: 631.00ns (0.0%) - Presig output: 185.25ms - Validate psi_prime_prime: 185.11ms (99.9%) - Calculate presignature: 134.32µs (0.1%) - Unstaged: 552.00ns (0.0%) - Partial signing: 9.78µs - Signature reconstruction: 201.65µs ```
github-actions[bot] commented 3 months ago

The spec was successfully compiled. PDF is available here.