Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add a readme file #3

Merged
merged 9 commits into from
Oct 8, 2024
Merged

add a readme file #3

Changes from 2 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
bb4a6f8
add readme
Aug 8, 2024
0e504de
update readme with more details
Aug 9, 2024
f907081
add further descriptions for validation criteria and usage of proof
Aug 16, 2024
5c7d9be
add sentence in reademe validation
Aug 16, 2024
e6088f6
provide more details about Proof struct
alan-ssvlabs Sep 7, 2024
65345d4
add security assumptions
alan-ssvlabs Sep 25, 2024
42f648a
update security assumptions
alan-ssvlabs Sep 30, 2024
cb85aca
explain how owner's private key is used
alan-ssvlabs Sep 30, 2024
e01817b
explain the role of owner
alan-ssvlabs Oct 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 64 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
# SSV Distributed Key Generation Spec

## Introduction
This repository contains spec of distributed key generation (DKG) used in SSV. Based on verifiable secret sharing, DKG allows a set of *n* operators to generate a **BLS** key share for each operator, such that a BLS private key can only be used when threshold *t* out of *n* operators agree.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

provide a formula for "t out of n"?

where t is defined by the number of faults admissible: n = 3 * f + 1


---

## Functionalities
Operations are initiated by an initiator, and executed by operators. An initiator can initiate:

### Init
When a init message is sent to the operators, all operators participate and run a DKG ceremony to create key shares. Each operator generates a result with a **proof** (see below) to show the correctness of execution. Proofs are referred to when an initiator asks for re-sign or reshare.

### Re-sign
In the case where the nonces of a DKG ceremony is not correct, to prevent replay attack, the initiator sends re-sign messages for operators to create new signatures with correct nonces without generating new key shares.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is creating new key-shares, though. The procedure only changes the signature part of the shares...but it does change the overall sharesData.
Re-phrase to "without generating a new validator key"? 🤔

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, the signature part is owner-nonce, so it could be that both were wrong...for whatever reason. Might be just more "complete" to clarify that both can be changed.


### Reshare
When the set of operators changed (including change of size and change of operators), a reshare is initiated to generate new key shares among the new operators. This process requires participation from *t* old operators and all new operators.

---
Copy link

@GalRogozinski GalRogozinski Sep 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add the following here (or wherever you see fit)

Security Assumptions

All messages are authenticated using the initiator's and operators' public key.

Init

The initiator is fully trusted. Meaning it won't deviate from protocol. But it can have faults (go, up and down).

Re-sign

The initiator is not trusted. It may try to fool the operators into resigning with the wrong secret shares, owner and nonce. Also since in the resign operation the owner may change, and owner is used in the Proof, all $n$ operators need to participate in the ceremony.

Reshare

The initiator is not trusted. It may try to fool the operators into resharing with the wrong secret shares. Or resharing without permission.


## Result and Proof struct
After execution of init, re-sign and reshare, a **result** is returned by the operators for validation and verification.
```go
type Result struct {
// Operator ID
OperatorID uint64
// RequestID for the DKG instance (not used for signing)
RequestID [24]byte `ssz-size:"24"`
// Partial Operator Signature of Deposit data
DepositPartialSignature []byte `ssz-size:"96"`
// SSV owner + nonce signature
OwnerNoncePartialSignature []byte `ssz-size:"96"`
// Signed proof for the ceremony
SignedProof SignedProof
}
```

In a **result**, the **SignedProof** is a **Proof** with a signature. A **Proof** contains:
```go
type Proof struct {
// the resulting public key corresponding to the shared private key
ValidatorPubKey []byte `ssz-size:"48"`
// standard SSV encrypted share
EncryptedShare []byte `ssz-max:"512"`
// the share's BLS pubkey
SharePubKey []byte `ssz-size:"48"`
// owner address
Owner [20]byte `ssz-size:"20"`
}
```
*ValidatorPubKey*, *EncryptedShare*, and *Owner* are to identify information of the validator and the operator in SSV netwwork, the *SharePubKey* is computed by the operator after the DKG ceremony using the obtained secret share as the private key.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo on netwwork

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

More information about proof and validation criteria is added. However, how proof helps to protect against attack is I think subject to more discussion and we may update the proof struct as well.


---

## Testing
The tests are located in the `testing/` folder. To run tests, use:
```shell
go generate ./...
```
then:
```shell
go test testing
```