This project implements the threshold ECDSA protocol by Canetti et al. (2021) that achieves non-interactive signing using 3 preprocessing rounds. It further provides malicious security and identifiable aborts.
We provide an implementation of the protocol in Kotlin using the secp256k1 elliptic curve.
The report on threshold ECDSA signatures for Atala PRISM and the project timeline can be found in the Wiki.
- Threshold ECDSA signing with preprocessing, where subsets of t signers can create signatures in one round.
- Implementation of the Paillier encryption scheme and Pedersen commitments.
- Zero-knowledge proofs to prove the validity of computations along the execution of the protocol.
- The protocol can be integrated to Apollo to be used in crypto services and the threshold Signature can be translated to Apollo's ECDSA Secp256k1 implementation.
The project is structured into several packages:
ecdsa
: Core ECDSA functionalities and mathematical operations.precomp
: Centralized key generation and precomputation.math
: Mathematical operations and utilities used throughout the signing process.paillier
: Implementation of the Paillier cryptosystem for encryption.pedersen
: Pedersen commitment scheme with parameter generation.sign
: Signing process management and partial signature combination.keygen
: 3-round Key generation protocol.aux
: 3-round key refresh/auxiliary-info protocol.presign
: 3-round presigning protocol.
zero_knowledge
: Zero-knowledge proof implementations.
- Kotlin 1.5 or higher
- Java Development Kit (JDK) 11 or higher
- Dependencies for cryptographic operations (included in the project)
-
Clone the Repository:
git clone https://github.com/perun-network/atala-prism-threshold.git
-
Navigate to the Project Directory:
cd atala-prism-threshold
-
Build the Project:
./gradlew build
-
Run the Application:
./gradlew run
The main entry point for the threshold signing process is located in the main
function of the perun_network.ecdsa_threshold
package.
- Modify the
message
variable to sign different messages. - Adjust the number of signers (
n
) and the threshold (t
) as needed.
The application will output the execution time and confirm if the ECDSA signature was generated and verified successfully.
This section describes the testing strategy and tools used to maintain code quality and reliability.
- Framework: The project uses JUnit 5 for unit and integration testing.
- Build Tool Integration: Tests are executed using Gradle's test task.
- Test individual components (e.g., classes, functions) in isolation.
- Validate interactions between components.
- Located in `src/test/kotlin`.
To execute tests locally:
- Run all tests:
./gradlew test
- **Run a specific test class:
./gradlew test --tests <class_name>
The project uses JaCoCo to measure test coverage.
-
Generate Coverage Report: Run the following command to generate the coverage report:
./gradlew jacocoTestReport
-
View the Report: The HTML report is available at:
build/reports/jacoco/test/html/index.html
or online at Test Report
-
Coverage Standards:
- Instruction coverage: 90% or higher.
- Branches coverage: 80% or higher
- Critical areas must be thoroughly covered.
src
: Contains all source code.-
main
: Contains main functionality.ecdsa
: Core functionalities.precomp
: Centralized key generation and precomputation.math
: Mathematical operations and utilities.paillier
: Paillier cryptosystem implementation.pedersen
: Pedersen commitment management.sign
: Signing process management.keygen
: Keygen process management.aux
: Aux-Info process management.presign
: Presigning process management.
zero_knowledge
: Zero-knowledge proof implementations.
-
test
: Contains functionality test.ecdsa
: Contains unit test for the Secp256k1 ECDSA signatures.math
: Contains unit test for themath
classes.paillier
: Contains unit test for the Paillier encryption scheme.precomp
: Contains unit test for theprecomputation
classes.sign
: Contains unit test for the signing of Threshold ECDSA.zk
: Contains unit test for zero-knowledge implementations.
-
The current implementation is currently lacking some intended features:
- Main currently using precomputed secret primes to generate precomputations. This is to speed up the process. It is expected to have an accelerated prime generator incorporated in the precomputation phase.
- Parallelization of Broadcast communication.
Copyright 2024 PolyCrypt GmbH. \
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Use of the source code is governed by the Apache 2.0 license that can be found in the LICENSE file.