This repo is research-oriented software and should not be considered SAFE to use in production. It has not been audited and/or tested rigorously yet. Please use caution.

This is an implementation of the threshold ECDSA signature multi-party-computation from UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts with slight modifications. We implement this MPC using the key generation protocol originally from GG20 and implemented by Zengo in multi-party-ecdsa.

For the key refresh protocol we opt for a fork of Zengo's fs-dkr maintained by us. Together, these complete the key generation and key refreshing protocol. From here, we implement the pre-signing and signing protocols outlined in the aforementioned CGGMP paper. This implementation leverages the infrastructure built by Zengo, namely round-based-protocol. We detail how this can be used in a blockchain's gossip network environment such as Substrate, as that motivates this work.

Particularly, we have implemented the 4-round $O(n^2)$ identifiable abort version of CGGMP. The remaining work to be done is testing our implementation, particularly the presign and sign.

Implementation checklist

• Key generation multi-party-ecdsa.
• Key generation tests
• Key refresh fs-dkr
• Key refresh tests
• Adding Ring Pedersen parameters to fs-dkr.
• Implementing all ZKPs for 4-round $O(n^2)$ identifiable abort
• Implementing 4-round $O(n^2)$ identifiable abort presign and sign.
  • Properly zeroizing the PresignOutput link to code.
  • Properly implement identifiable abort proof 2c) in both presign and sign link to presign code link to sign code.
• Testing 4-round $O(n^2)$ identifiable abort presign and sign.
• Implementing all ZKPs for 7-round $O(n)$ identifiable abort
  • aff-p
  • enc-elg
  • aff-p
  • elog
  • Nth
  • log
• Implementing 7-round $O(n)$ identifiable abort presign and sign.
  • Entire protocol unimplemented (refer to CGGMP paper for details + taurus-group implementation)taurus group code.
• Testing 7-round $O(n)$ identifiable abort presign and sign.

This guide uses https://rustup.rs installer and the rustup tool to manage the Rust toolchain.

First install and configure rustup:

# Install
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Configure
source ~/.cargo/env

Configure the Rust toolchain to default to the latest stable and nightly versions:

rustup update
rustup update nightly

Great! Now your Rust environment is ready! 🚀🚀

Once the development environment is set up, build the repo. This command will build the MPC protocol:

cargo build --release

NOTE: You do not need to use the release builds! Debug builds can work here as well.

Check out the tests for examples on how to utilise the library!

A main motivation for Webb is integrating this protocol into a blockchain environment such as Substrate. Our intention is to leverage both a blockchain's proof of stake / proof of authority selection mechanism as well as the underlying system's gossip network to bootstrap and execute this multi-party computation offchain. Throughout the lifecycle of the protocol, the participating MPC authorities will post data on-chain to keep the system in sync, such as to select the participating authorities, to govern the thresholds t and n and more.

An example of how this is possible using the same primitives provided in this repo can be found in our dkg-substrate repo. Currently the GG20 protocol is being executed. There are wrappers in place for executing any protocol using the round-based-protocol architecture. Slight modifications might be necessary and we aim to have this repo integrated into Substrate once it is working and tested here.

Not included in this library is a server-oriented execution protocol. There are examples of how this can be done using GG20 in multi-party-ecdas. We welcome contributions to add a similar example here, but at the moment it will not be prioritized.

There are a variety of other external networking options one can choose between such as point-to-point channels, gossip networks, and or gRPC server coordinators. Each has different trade-offs. Point-to-point channels and gRPC server coordination allow one to run this protocol in the most simple manner, since the network topology is effectively decided on startup. In a gossip network environment this isn't always the case, therefore gossiping and re-gossiping messages using a method such as gossipsub from libp2p is recommended.

The following instructions outlines how to run dkg-substrate's base test suite and E2E test suite.

cargo test

Interested in contributing to the Webb's MPC research? Thank you so much for your interest! We are always appreciative for contributions from the open-source community!

If you have a contribution in mind, please check out our Contribution Guide for information on how to do so. We are excited for your first contribution!

Licensed under GNU General Public License v3.0.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this crate by you, as defined in the GNU General Public License v3.0 license, shall be licensed as above, without any additional terms or conditions.