absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-08 20:29:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
138a0e9b4092a970746dd73f39c411dba1489461
serai/crypto/dkg/evrf
History
Luke Parker cc5d38f1ce dkg-evrf Security Proofs (#681) 
* Add audit statement for `dkg-evrf`

This doesn't cover the implementation, solely the academia and background.

Also moves the existing audit of the `crypto` folder for organizational
reasons.

* Add files via upload
2025-09-26 11:20:48 -04:00
..
src
Smash the singular Ciphersuite trait into multiple
2025-09-03 13:50:20 -04:00
Cargo.toml
Misc updates
2025-09-18 17:41:25 -04:00
LICENSE
Update licenses
2025-08-25 10:06:35 -04:00
README.md
dkg-evrf Security Proofs (#681)
2025-09-26 11:20:48 -04:00

README.md

eVRF DKG

The DKG from the eVRF paper, extended with Verifiable Encryption premised on the same methodology present in the eVRF paper.

The DDH-premised VRF is used, yet the different instantiation presented in section 6.4 premised on elliptic curve divisors. The one-round threshold DKG presented in section 4.2 is extended, with the following changes:

  • Any threshold of t participants may complete the DKG. This allows an adversary to bias the resulting key by choosing the set of participants, yet offers a robust protocol. The caller is able to choose between robustness and a lack of bias by completing the DKG with just t messages or by waiting for all n. If the caller does opt for robustness, the caller must ensure participants agree on the subset of participants who actually participated.

  • Communication of shares was prior defined as simply sending the share to the relevant participant, with no description of the channel. Now, a pair of ECDHs are performed on the embedded curve occurs (between the sender and the recipient's public key), whose x coordinates are summed for a random, uniform value (as an eVRF would). This value is used as a mask to encrypt the communicated secret share, with the zero-knowledge proof proving it's well-formed. This removes the need for a complaint round from the protocol, allowing it to truly complete (with all recipients holding valid shares) in just one round.

For a gist of the verifiable encryption scheme, please see https://gist.github.com/kayabaNerve/cfbde74b0660dfdf8dd55326d6ec33d7. For security proofs and audit information, please see here.

This library supports being run in no-std contexts with alloc when the std feature (on by default) is disabled. Due to the intensity of the ZK proofs, this isn't recommended, yet may be justified when verifying posted proofs are correct.

Reference in New Issue View Git Blame Copy Permalink