Thor chain

.github/workflows/gofmt.yml

@@ -0,0 +1,11 @@
+name: Go-fmt
+on: push
+jobs:
+  gofmt:
+    name: Go fmt project
+    runs-on: ubuntu-latest
+    steps:
+      - name: check out
+        uses: actions/checkout@v3
+      - name: go fmt project
+        uses: Jerome1337/[email protected]

.github/workflows/test.yml

@@ -2,30 +2,32 @@ name: Go Test
 on:
   push:
     branches:
-    - master
-    - release/*
+      - master
+      - release/*
   pull_request:
     branches:
-    - master
+      - master
 
 jobs:
   build:
     name: Test
     runs-on: macOS-latest
     steps:
 
-    - name: Set up Go 1.13
-      uses: actions/setup-go@v1
-      with:
-        go-version: 1.13
-      id: go
+      - name: Set up Go 1.20
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.20.3
+        id: go
 
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v1
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
 
-    - name: Get dependencies
-      run: go get -v -t -d ./...
+      - name: Clean dependencies
+        run: go clean --modcache
 
-    - name: Run Tests
-      run: make test_unit_race
+      - name: Get dependencies
+        run: go mod tidy
 
+      - name: Run Tests
+        run: make test_unit_race

Makefile

@@ -1,4 +1,4 @@
-MODULE = github.com/binance-chain/tss-lib
+MODULE = github.com/bnb-chain/tss-lib/v2
 PACKAGES = $(shell go list ./... | grep -v '/vendor/')
 
 all: protob test
@@ -8,7 +8,7 @@ all: protob test
 
 protob:
 	@echo "--> Building Protocol Buffers"
-	@for protocol in message signature ecdsa-keygen ecdsa-signing ecdsa-resharing; do \
+	@for protocol in message signature ecdsa-keygen ecdsa-signing ecdsa-resharing eddsa-keygen eddsa-signing eddsa-resharing; do \
 		echo "Generating $$protocol.pb.go" ; \
 		protoc --go_out=. ./protob/$$protocol.proto ; \
 	done
@@ -22,12 +22,14 @@ build: protob
 test_unit:
 	@echo "--> Running Unit Tests"
 	@echo "!!! WARNING: This will take a long time :)"
-	go test -timeout 20m $(PACKAGES)
+	go clean -testcache
+	go test -timeout 60m $(PACKAGES)
 
 test_unit_race:
 	@echo "--> Running Unit Tests (with Race Detection)"
 	@echo "!!! WARNING: This will take a long time :)"
-	go test -timeout 30m -race $(PACKAGES)
+	go clean -testcache
+	go test -timeout 60m -race $(PACKAGES)
 
 test:
 	make test_unit

README.md

@@ -3,10 +3,10 @@
 
 [1]: https://img.shields.io/badge/license-MIT-blue.svg
 [2]: LICENSE
-[3]: https://godoc.org/github.com/binance-chain/tss-lib?status.svg
-[4]: https://godoc.org/github.com/binance-chain/tss-lib
-[5]: https://goreportcard.com/badge/github.com/binance-chain/tss-lib
-[6]: https://goreportcard.com/report/github.com/binance-chain/tss-lib
+[3]: https://godoc.org/github.com/bnb-chain/tss-lib?status.svg
+[4]: https://godoc.org/github.com/bnb-chain/tss-lib
+[5]: https://goreportcard.com/badge/github.com/bnb-chain/tss-lib
+[6]: https://goreportcard.com/report/github.com/bnb-chain/tss-lib
 
 Permissively MIT Licensed.
 
@@ -43,12 +43,6 @@ The `LocalParty` that you use should be from the `keygen`, `signing` or `reshari
 
 ### Setup
 ```go
-// Set up elliptic curve
-// use ECDSA, which is used by default
-tss.SetCurve(s256k1.S256()) 
-// or use EdDSA
-// tss.SetCurve(edwards.Edwards()) 
-
 // When using the keygen party it is recommended that you pre-compute the "safe primes" and Paillier secret beforehand because this can take some time.
 // This code will generate those parameters using a concurrency limit equal to the number of available CPU cores.
 preParams, _ := keygen.GeneratePreParams(1 * time.Minute)
@@ -62,7 +56,14 @@ parties := tss.SortPartyIDs(getParticipantPartyIDs())
 // The `uniqueKey` is a unique identifying key for this peer (such as its p2p public key) as a big.Int.
 thisParty := tss.NewPartyID(id, moniker, uniqueKey)
 ctx := tss.NewPeerContext(parties)
-params := tss.NewParameters(ctx, thisParty, len(parties), threshold)
+
+// Select an elliptic curve
+// use ECDSA
+curve := tss.S256()
+// or use EdDSA
+// curve := tss.Edwards()
+
+params := tss.NewParameters(curve, ctx, thisParty, len(parties), threshold)
 
 // You should keep a local mapping of `id` strings to `*PartyID` instances so that an incoming message can have its origin party's `*PartyID` recovered for passing to `UpdateFromBytes` (see below)
 partyIDMap := make(map[string]*PartyID)
@@ -135,6 +136,10 @@ In a typical use case, it is expected that a transport implementation will consu
 
 This way there is no need to deal with Marshal/Unmarshalling Protocol Buffers to implement a transport.
 
+## Changes of Preparams of ECDSA in v2.0
+
+Two fields PaillierSK.P and PaillierSK.Q is added in version 2.0. They are used to generate Paillier key proofs. Key valuts generated from versions before 2.0 need to regenerate(resharing) the key valuts to update the praparams with the necessary fileds filled.
+
 ## How to use this securely
 
 ⚠️ This section is important. Be sure to read it!
@@ -150,7 +155,7 @@ Additionally, there should be a mechanism in your transport to allow for "reliab
 Timeouts and errors should be handled by your application. The method `WaitingFor` may be called on a `Party` to get the set of other parties that it is still waiting for messages from. You may also get the set of culprit parties that caused an error from a `*tss.Error`.
 
 ## Security Audit
-A full review of this library was carried out by Kudelski Security and their final report was made available in October, 2019. A copy of this report [`audit-binance-tss-lib-final-20191018.pdf`](https://github.com/binance-chain/tss-lib/releases/download/v1.0.0/audit-binance-tss-lib-final-20191018.pdf) may be found in the v1.0.0 release notes of this repository.
+A full review of this library was carried out by Kudelski Security and their final report was made available in October, 2019. A copy of this report [`audit-binance-tss-lib-final-20191018.pdf`](https://github.com/bnb-chain/tss-lib/releases/download/v1.0.0/audit-binance-tss-lib-final-20191018.pdf) may be found in the v1.0.0 release notes of this repository.
 
 ## References
 \[1\] https://eprint.iacr.org/2019/114.pdf

SECURITY.md

@@ -0,0 +1,11 @@
+# Security Policy
+
+## Reporting a Bug or Vulnerability
+
+For non-security problems please open an issue in this GitHub repository.
+
+If you find any security issues please send a report confidentially to https://bugcrowd.com/binance.
+
+Please include notes about the impact of the issue and a walkthrough on how it can be exploited.
+
+For severe security issues that completely breach the safety of the scheme or leak the secret shares we would be happy to reward you with a bounty based on the security impact and severity. Please include a link to this notice in your email.

common/hash.go

@@ -35,11 +35,16 @@ func SHA512_256(in ...[]byte) []byte {
 	for _, bz := range in {
 		bzSize += len(bz)
 	}
-	data = make([]byte, 0, len(inLenBz)+bzSize+inLen)
+	dataCap := len(inLenBz) + bzSize + inLen + (inLen * 8)
+	data = make([]byte, 0, dataCap)
 	data = append(data, inLenBz...)
 	for _, bz := range in {
 		data = append(data, bz...)
 		data = append(data, hashInputDelimiter) // safety delimiter
+		dataLen := make([]byte, 8)              // 64-bits
+		binary.LittleEndian.PutUint64(dataLen, uint64(len(bz)))
+		data = append(data, dataLen...) // Security audit: length of each byte buffer should be added after
+		// each security delimiters in order to enforce proper domain separation
 	}
 	// n < len(data) or an error will never happen.
 	// see: https://golang.org/pkg/hash/#Hash and https://github.com/golang/go/wiki/Hashing#the-hashhash-interface
@@ -68,11 +73,16 @@ func SHA512_256i(in ...*big.Int) *big.Int {
 		ptrs[i] = n.Bytes()
 		bzSize += len(ptrs[i])
 	}
-	data = make([]byte, 0, len(inLenBz)+bzSize+inLen)
+	dataCap := len(inLenBz) + bzSize + inLen + (inLen * 8)
+	data = make([]byte, 0, dataCap)
 	data = append(data, inLenBz...)
 	for i := range in {
 		data = append(data, ptrs[i]...)
 		data = append(data, hashInputDelimiter) // safety delimiter
+		dataLen := make([]byte, 8)              // 64-bits
+		binary.LittleEndian.PutUint64(dataLen, uint64(len(ptrs[i])))
+		data = append(data, dataLen...) // Security audit: length of each byte buffer should be added after
+		// each security delimiters in order to enforce proper domain separation
 	}
 	// n < len(data) or an error will never happen.
 	// see: https://golang.org/pkg/hash/#Hash and https://github.com/golang/go/wiki/Hashing#the-hashhash-interface
@@ -83,6 +93,52 @@ func SHA512_256i(in ...*big.Int) *big.Int {
 	return new(big.Int).SetBytes(state.Sum(nil))
 }
 
+// SHA512_256i_TAGGED tagged version of SHA512_256i
+func SHA512_256i_TAGGED(tag []byte, in ...*big.Int) *big.Int {
+	tagBz := SHA512_256(tag)
+	var data []byte
+	state := crypto.SHA512_256.New()
+	state.Write(tagBz)
+	state.Write(tagBz)
+	inLen := len(in)
+	if inLen == 0 {
+		return nil
+	}
+	bzSize := 0
+	// prevent hash collisions with this prefix containing the block count
+	inLenBz := make([]byte, 64/8)
+	// converting between int and uint64 doesn't change the sign bit, but it may be interpreted as a larger value.
+	// this prefix is never read/interpreted, so that doesn't matter.
+	binary.LittleEndian.PutUint64(inLenBz, uint64(inLen))
+	ptrs := make([][]byte, inLen)
+	for i, n := range in {
+		if n == nil {
+			ptrs[i] = zero.Bytes()
+		} else {
+			ptrs[i] = n.Bytes()
+		}
+		bzSize += len(ptrs[i])
+	}
+	dataCap := len(inLenBz) + bzSize + inLen + (inLen * 8)
+	data = make([]byte, 0, dataCap)
+	data = append(data, inLenBz...)
+	for i := range in {
+		data = append(data, ptrs[i]...)
+		data = append(data, hashInputDelimiter) // safety delimiter
+		dataLen := make([]byte, 8)              // 64-bits
+		binary.LittleEndian.PutUint64(dataLen, uint64(len(ptrs[i])))
+		data = append(data, dataLen...) // Security audit: length of each byte buffer should be added after
+		// each security delimiters in order to enforce proper domain separation
+	}
+	// n < len(data) or an error will never happen.
+	// see: https://golang.org/pkg/hash/#Hash and https://github.com/golang/go/wiki/Hashing#the-hashhash-interface
+	if _, err := state.Write(data); err != nil {
+		Logger.Error(err)
+		return nil
+	}
+	return new(big.Int).SetBytes(state.Sum(nil))
+}
+
 func SHA512_256iOne(in *big.Int) *big.Int {
 	var data []byte
 	state := crypto.SHA512_256.New()

common/hash_utils_test.go

@@ -11,7 +11,7 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/binance-chain/tss-lib/common"
+	"github.com/bnb-chain/tss-lib/v2/common"
 )
 
 func TestRejectionSample(t *testing.T) {

common/int.go

@@ -58,3 +58,14 @@ func (mi *modInt) ModInverse(g *big.Int) *big.Int {
 func (mi *modInt) i() *big.Int {
 	return (*big.Int)(mi)
 }
+
+func IsInInterval(b *big.Int, bound *big.Int) bool {
+	return b.Cmp(bound) == -1 && b.Cmp(zero) >= 0
+}
+
+func AppendBigIntToBytesSlice(commonBytes []byte, appended *big.Int) []byte {
+	resultBytes := make([]byte, len(commonBytes), len(commonBytes)+len(appended.Bytes()))
+	copy(resultBytes, commonBytes)
+	resultBytes = append(resultBytes, appended.Bytes()...)
+	return resultBytes
+}

common/random.go

@@ -92,11 +92,38 @@ func IsNumberInMultiplicativeGroup(n, v *big.Int) bool {
 		gcd.GCD(nil, nil, v, n).Cmp(one) == 0
 }
 
-//  Return a random generator of RQn with high probability.
-//  THIS METHOD ONLY WORKS IF N IS THE PRODUCT OF TWO SAFE PRIMES!
+//	Return a random generator of RQn with high probability.
+//	THIS METHOD ONLY WORKS IF N IS THE PRODUCT OF TWO SAFE PRIMES!
+//
 // https://github.com/didiercrunch/paillier/blob/d03e8850a8e4c53d04e8016a2ce8762af3278b71/utils.go#L39
 func GetRandomGeneratorOfTheQuadraticResidue(n *big.Int) *big.Int {
 	f := GetRandomPositiveRelativelyPrimeInt(n)
 	fSq := new(big.Int).Mul(f, f)
 	return fSq.Mod(fSq, n)
 }
+
+// GetRandomQuadraticNonResidue returns a quadratic non residue of odd n.
+func GetRandomQuadraticNonResidue(n *big.Int) *big.Int {
+	for {
+		w := GetRandomPositiveInt(n)
+		if big.Jacobi(w, n) == -1 {
+			return w
+		}
+	}
+}
+
+// GetRandomBytes returns random bytes of length.
+func GetRandomBytes(length int) ([]byte, error) {
+	// Per [BIP32], the seed must be in range [MinSeedBytes, MaxSeedBytes].
+	if length <= 0 {
+		return nil, errors.New("invalid length")
+	}
+
+	buf := make([]byte, length)
+	_, err := rand.Read(buf)
+	if err != nil {
+		return nil, err
+	}
+
+	return buf, nil
+}

common/random_test.go

@@ -12,7 +12,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
-	"github.com/binance-chain/tss-lib/common"
+	"github.com/bnb-chain/tss-lib/v2/common"
 )
 
 const (